forgotten file (a lot of them)
This commit is contained in:
parent
e69f1207a9
commit
2a4779378a
|
@ -0,0 +1,37 @@
|
||||||
|
/* camellia.h */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
#ifndef CAMELLIA_H_
|
||||||
|
#define CAMELLIA_H_
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
|
typedef struct camellia128_ctx_s{
|
||||||
|
uint64_t klr;
|
||||||
|
uint64_t kll;
|
||||||
|
uint64_t kar;
|
||||||
|
uint64_t kal;
|
||||||
|
}camellia128_ctx_t;
|
||||||
|
|
||||||
|
|
||||||
|
void camellia128_init(const void* key, camellia128_ctx_t* s);
|
||||||
|
void camellia128_enc(void* block, const camellia128_ctx_t* s);
|
||||||
|
void camellia128_dec(void* block, const camellia128_ctx_t* s);
|
||||||
|
|
||||||
|
|
||||||
|
#endif /*CAMELLIA_H_*/
|
|
@ -0,0 +1,494 @@
|
||||||
|
/* camellia_C.c */
|
||||||
|
/*
|
||||||
|
This file is part of the AVR-Crypto-Lib.
|
||||||
|
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
*
|
||||||
|
*
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include "camellia.h"
|
||||||
|
#if 0
|
||||||
|
#include "cli.h"
|
||||||
|
#include "debug.h"
|
||||||
|
#include <util/delay.h>
|
||||||
|
#endif
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
uint8_t rol(uint8_t a, uint8_t n){
|
||||||
|
return ((a<<n) | (a>>(8-n)));
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
uint8_t ror(uint8_t a, uint8_t n){
|
||||||
|
return ((a<<(8-n)) | (a>>n));
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
uint32_t rol32(uint32_t a, uint8_t n){
|
||||||
|
return ((a<<n)|(a>>(32-n)));
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
/*
|
||||||
|
static
|
||||||
|
uint64_t rol64(uint64_t a, uint8_t n){
|
||||||
|
return ((a<<n)|(a>>(64-n)));
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
const uint8_t camellia_s1_table[256] = {
|
||||||
|
112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
|
||||||
|
35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
|
||||||
|
134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
|
||||||
|
166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
|
||||||
|
139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
|
||||||
|
223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
|
||||||
|
20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
|
||||||
|
254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
|
||||||
|
170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
|
||||||
|
16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
|
||||||
|
135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
|
||||||
|
82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
|
||||||
|
233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
|
||||||
|
120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
|
||||||
|
114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
|
||||||
|
64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
|
||||||
|
};
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
uint8_t camellia_s1(uint8_t b){
|
||||||
|
return camellia_s1_table[b];
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
uint8_t camellia_s2(uint8_t b){
|
||||||
|
return rol(camellia_s1_table[b], 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
uint8_t camellia_s3(uint8_t b){
|
||||||
|
return ror(camellia_s1_table[b], 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
uint8_t camellia_s4(uint8_t b){
|
||||||
|
return camellia_s1_table[rol(b, 1)];
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
uint64_t camellia_s(uint64_t d){
|
||||||
|
// cli_putstr("\n\r S von "); cli_hexdump(&(d), 8);
|
||||||
|
#define D ((uint8_t*)(&d))
|
||||||
|
D[7] = camellia_s1(D[7]);
|
||||||
|
D[6] = camellia_s2(D[6]);
|
||||||
|
D[5] = camellia_s3(D[5]);
|
||||||
|
D[4] = camellia_s4(D[4]);
|
||||||
|
|
||||||
|
D[3] = camellia_s2(D[3]);
|
||||||
|
D[2] = camellia_s3(D[2]);
|
||||||
|
D[1] = camellia_s4(D[1]);
|
||||||
|
D[0] = camellia_s1(D[0]);
|
||||||
|
#undef D
|
||||||
|
// cli_putstr(" ist "); cli_hexdump(&(d), 8);
|
||||||
|
return d;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
uint64_t camellia_p(uint64_t d){
|
||||||
|
uint64_t z=0;
|
||||||
|
#define D ((uint8_t*)(&d))
|
||||||
|
#define Z ((uint8_t*)(&z))
|
||||||
|
/*
|
||||||
|
Z[0] = D[4] ^ D[3] ^ D[1];
|
||||||
|
Z[1] = D[5] ^ D[0] ^ D[2];
|
||||||
|
Z[2] = D[6] ^ D[1] ^ D[3];
|
||||||
|
Z[3] = D[7] ^ D[2] ^ D[0];
|
||||||
|
Z[4] = D[0] ^ D[6] ^ D[5];
|
||||||
|
Z[5] = D[1] ^ D[7] ^ D[6];
|
||||||
|
Z[6] = D[2] ^ D[4] ^ D[7];
|
||||||
|
Z[7] = D[3] ^ D[5] ^ D[4];
|
||||||
|
*/
|
||||||
|
// Z[7] = z1 z3 z4 z6 z7 z8
|
||||||
|
// cli_putstr("\n\r P von "); cli_hexdump(&(d), 8);
|
||||||
|
|
||||||
|
Z[7] = D[7] ^ D[5] ^ D[4] ^ D[2] ^ D[1] ^ D[0];
|
||||||
|
Z[6] = D[7] ^ D[6] ^ D[4] ^ D[3] ^ D[1] ^ D[0];
|
||||||
|
Z[5] = D[7] ^ D[6] ^ D[5] ^ D[3] ^ D[2] ^ D[0];
|
||||||
|
Z[4] = D[6] ^ D[5] ^ D[4] ^ D[3] ^ D[2] ^ D[1] ;
|
||||||
|
Z[3] = D[7] ^ D[6] ^ D[2] ^ D[1] ^ D[0];
|
||||||
|
Z[2] = D[6] ^ D[5] ^ D[3] ^ D[1] ^ D[0];
|
||||||
|
Z[1] = D[5] ^ D[4] ^ D[3] ^ D[2] ^ D[0];
|
||||||
|
Z[0] = D[7] ^ D[4] ^ D[3] ^ D[2] ^ D[1] ;
|
||||||
|
|
||||||
|
// cli_putstr(" ist "); cli_hexdump(&(z), 8);
|
||||||
|
|
||||||
|
#undef Z
|
||||||
|
#undef D
|
||||||
|
return z;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
uint64_t camellia_f(uint64_t x, uint64_t k){
|
||||||
|
uint64_t y;
|
||||||
|
y = camellia_p(camellia_s(x ^ k));
|
||||||
|
return y;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
uint64_t camellia_fl(uint64_t x, uint64_t k){
|
||||||
|
// uint64_t lx, lk, y;
|
||||||
|
uint32_t lx[2], lk[2], yr, yl;
|
||||||
|
lx[0]=(uint32_t)x;
|
||||||
|
lx[1]=(uint32_t)(x>>32);
|
||||||
|
lk[0]=(uint32_t)k;
|
||||||
|
lk[1]=(uint32_t)(k>>32);
|
||||||
|
#define Y ((uint32_t*)y)
|
||||||
|
#define X ((uint32_t*)lx)
|
||||||
|
#define K ((uint32_t*)lk)
|
||||||
|
|
||||||
|
yr = rol32((X[1]) & (K[1]) ,1) ^ (X[0]); /* Yr */
|
||||||
|
yl = (yr | K[0]) ^ (X[1]); /* Yl */
|
||||||
|
|
||||||
|
/*
|
||||||
|
cli_putstr("\r\nFL(");
|
||||||
|
cli_hexdump(&(x), 8);
|
||||||
|
cli_putstr(", ");
|
||||||
|
cli_hexdump(&(k), 8);
|
||||||
|
cli_putstr(") = ");
|
||||||
|
cli_hexdump(y, 8);
|
||||||
|
*/
|
||||||
|
#undef K
|
||||||
|
#undef X
|
||||||
|
#undef Y
|
||||||
|
return (((uint64_t)yl)<<32 | yr);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
uint64_t camellia_fl_inv(uint64_t y, uint64_t k){
|
||||||
|
//volatile uint32_t xl, xr;
|
||||||
|
uint32_t ly[2], lk[2], x[2];
|
||||||
|
ly[0]=(uint32_t)y;
|
||||||
|
ly[1]=(uint32_t)(y>>32);
|
||||||
|
lk[0]=(uint32_t)k;
|
||||||
|
lk[1]=(uint32_t)(k>>32);
|
||||||
|
#define Y ((uint32_t*)ly)
|
||||||
|
#define X ((uint32_t*)x)
|
||||||
|
#define K ((uint32_t*)lk)
|
||||||
|
|
||||||
|
X[1]=(Y[0] | K[0]) ^ Y[1];
|
||||||
|
X[0]=rol32((X[1] & K[1]),1) ^ Y[0];
|
||||||
|
|
||||||
|
/*
|
||||||
|
cli_putstr("\r\nFL_inv(");
|
||||||
|
cli_hexdump(&(y), 8);
|
||||||
|
cli_putstr(", ");
|
||||||
|
cli_hexdump(&(k), 8);
|
||||||
|
cli_putstr(") = ");
|
||||||
|
*/
|
||||||
|
#undef K
|
||||||
|
#undef X
|
||||||
|
#undef Y
|
||||||
|
return ((uint64_t)(x[1]))<<32 | x[0];
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
const uint64_t camellia_sigma_table[6] = {
|
||||||
|
0xA09E667F3BCC908BLL,
|
||||||
|
0xB67AE8584CAA73B2LL,
|
||||||
|
0xC6EF372FE94F82BELL,
|
||||||
|
0x54FF53A5F1D36F1CLL,
|
||||||
|
0x10E527FADE682D1DLL,
|
||||||
|
0xB05688C2B3E6C1FDLL
|
||||||
|
};
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
#if 0
|
||||||
|
void camellia128_ctx_dump(camellia128_ctx_t *s){
|
||||||
|
cli_putstr("\r\n==State Dump==");
|
||||||
|
cli_putstr("\n\rKAl: "); cli_hexdump(&(s->kal), 8);
|
||||||
|
cli_putstr("\n\rKAr: "); cli_hexdump(&(s->kar), 8);
|
||||||
|
cli_putstr("\n\rKLl: "); cli_hexdump(&(s->kll), 8);
|
||||||
|
cli_putstr("\n\rKLr: "); cli_hexdump(&(s->klr), 8);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
void camellia128_init(const void* key, camellia128_ctx_t* s){
|
||||||
|
uint8_t i;
|
||||||
|
s->kll = 0; //((uint64_t*)key)[0];
|
||||||
|
|
||||||
|
/* load the key, endian-adjusted, to kll,klr */
|
||||||
|
for(i=0; i<8; ++i){
|
||||||
|
s->kll <<= 8;
|
||||||
|
s->kll |= *((uint8_t*)key);
|
||||||
|
key = (uint8_t*)key+1;
|
||||||
|
}
|
||||||
|
for(i=0; i<8; ++i){
|
||||||
|
s->klr <<= 8;
|
||||||
|
s->klr |= *((uint8_t*)key);
|
||||||
|
key = (uint8_t*)key+1;
|
||||||
|
}
|
||||||
|
|
||||||
|
s->kal = s->kll;
|
||||||
|
s->kar = s->klr;
|
||||||
|
|
||||||
|
s->kar ^= camellia_f(s->kal, camellia_sigma_table[0]);
|
||||||
|
s->kal ^= camellia_f(s->kar, camellia_sigma_table[1]);
|
||||||
|
|
||||||
|
s->kal ^= s->kll;
|
||||||
|
s->kar ^= s->klr;
|
||||||
|
|
||||||
|
s->kar ^= camellia_f(s->kal, camellia_sigma_table[2]);
|
||||||
|
s->kal ^= camellia_f(s->kar, camellia_sigma_table[3]);
|
||||||
|
/**/
|
||||||
|
// cli_putstr("\n\r----------------init finished--------------------");
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
void camellia128_keyop(camellia128_ctx_t* s, int8_t q){
|
||||||
|
/* first we do 16 bit left-rols for kl and ka (128bit each) */
|
||||||
|
uint32_t temp;
|
||||||
|
|
||||||
|
temp = (s->kal)>>(64-16-q);
|
||||||
|
s->kal = s->kal<<(16+q) | s->kar>>(64-16-q);
|
||||||
|
s->kar = s->kar<<(16+q) | temp;
|
||||||
|
|
||||||
|
temp = (s->kll)>>(64-16-q);
|
||||||
|
s->kll = s->kll<<(16+q) | s->klr>>(64-16-q);
|
||||||
|
s->klr = s->klr<<(16+q) | temp;
|
||||||
|
/* after doing the 16-bit rol we have to rol 1 bit left or rigth depending on q */
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
void camellia128_keyop_inv(camellia128_ctx_t* s, int8_t q){
|
||||||
|
/* first we do 16 bit right-rols for kl and ka (128bit each) */
|
||||||
|
uint32_t temp;
|
||||||
|
|
||||||
|
temp = (s->kar)&(0xffffff>>(24-16-q));
|
||||||
|
s->kar = s->kar>>(16+q) | s->kal<<(64-16-q);
|
||||||
|
s->kal = s->kal>>(16+q) | ((uint64_t)temp)<<(64-16-q);
|
||||||
|
|
||||||
|
temp = (s->klr)&(0xffffff>>(24-16-q));
|
||||||
|
s->klr = s->klr>>(16+q) | s->kll<<(64-16-q);
|
||||||
|
s->kll = s->kll>>(16+q) | ((uint64_t)temp)<<(64-16-q);
|
||||||
|
/* after doing the 16-bit rol we have to rol 1 bit left or rigth depending on q */
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
#define SEL_KA 1
|
||||||
|
#define SEL_KL 0
|
||||||
|
|
||||||
|
#define KEY_POSTC1 0x00
|
||||||
|
#define KEY_POSTC2 0x01
|
||||||
|
#define KEY_INC2 0x02
|
||||||
|
|
||||||
|
#define KEY_DIR 0x04
|
||||||
|
#define KEY_DIR_NORM 0x00
|
||||||
|
#define KEY_DIR_INV 0x04
|
||||||
|
|
||||||
|
#define KEY_AMMOUNT 0x08
|
||||||
|
#define KEY_ROL17 0x08
|
||||||
|
#define KEY_ROL15 0x00
|
||||||
|
|
||||||
|
static
|
||||||
|
void camellia_6rounds(const camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, uint8_t roundop, uint8_t keychoice){
|
||||||
|
uint8_t i;
|
||||||
|
uint64_t* k[4];
|
||||||
|
k[0] = &(((camellia128_ctx_t*)s)->kll);
|
||||||
|
k[1] = &(((camellia128_ctx_t*)s)->klr);
|
||||||
|
k[2] = &(((camellia128_ctx_t*)s)->kal);
|
||||||
|
k[3] = &(((camellia128_ctx_t*)s)->kar);
|
||||||
|
for(i=0; i<3; ++i){ /* each cycle */
|
||||||
|
br[0] ^= camellia_f(bl[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?1:0)]));
|
||||||
|
keychoice >>= 1;
|
||||||
|
|
||||||
|
if((i == 1) && (roundop&KEY_INC2)){
|
||||||
|
((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(((camellia128_ctx_t*)s),(roundop&KEY_AMMOUNT)?1:-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
bl[0] ^= camellia_f(br[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?0:1)]));
|
||||||
|
keychoice >>= 1;
|
||||||
|
|
||||||
|
/* check if we should do some keyop */
|
||||||
|
if((i == (roundop&1)) && (!(roundop&KEY_INC2)) ){
|
||||||
|
((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(((camellia128_ctx_t*)s),(roundop&KEY_AMMOUNT)?1:-1);
|
||||||
|
/* isn't it fuckin nice what we can do in C?! */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
static
|
||||||
|
void change_endian(void* data, uint8_t length){
|
||||||
|
uint8_t i,a;
|
||||||
|
for(i=0; i<length/2; ++i){
|
||||||
|
a = ((uint8_t*)data)[i];
|
||||||
|
((uint8_t*)data)[i] = ((uint8_t*)data)[length-i-1];
|
||||||
|
((uint8_t*)data)[length-i-1] = a;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
void camellia128_enc(void* block, const camellia128_ctx_t* s){
|
||||||
|
|
||||||
|
#define BL (((uint64_t*)block)[0])
|
||||||
|
#define BR (((uint64_t*)block)[1])
|
||||||
|
/* endian adjustment */
|
||||||
|
/*BL*/
|
||||||
|
/* 1 2 3 4 5 6 7 8
|
||||||
|
* 8 7 6 5 4 3 2 1
|
||||||
|
*/
|
||||||
|
|
||||||
|
uint64_t temp64;
|
||||||
|
|
||||||
|
change_endian(&BL, 64/8);
|
||||||
|
change_endian(&BR, 64/8);
|
||||||
|
|
||||||
|
/* Prewhitening */
|
||||||
|
BL ^= s->kll;
|
||||||
|
BR ^= s->klr;
|
||||||
|
|
||||||
|
/* the first 6 */
|
||||||
|
camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_POSTC1 , 0x33);
|
||||||
|
/* FL injection */
|
||||||
|
camellia128_keyop((camellia128_ctx_t*)s, -1);
|
||||||
|
BL = camellia_fl(BL, s->kal);
|
||||||
|
BR = camellia_fl_inv(BR, s->kar);
|
||||||
|
camellia128_keyop((camellia128_ctx_t*)s, -1);
|
||||||
|
/* middle 6 */
|
||||||
|
camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_INC2 , 0x34);
|
||||||
|
/* FL injection */
|
||||||
|
camellia128_keyop((camellia128_ctx_t*)s, 1);
|
||||||
|
BL = camellia_fl(BL, s->kll);
|
||||||
|
BR = camellia_fl_inv(BR, s->klr);
|
||||||
|
camellia128_keyop((camellia128_ctx_t*)s, 1);
|
||||||
|
/* last 6 */
|
||||||
|
camellia_6rounds(s, &BL, &BR, KEY_ROL17 | KEY_DIR_NORM | KEY_POSTC2 , 0x0C);
|
||||||
|
/* Postwhitening */
|
||||||
|
BR ^= s->kal;
|
||||||
|
BL ^= s->kar;
|
||||||
|
|
||||||
|
temp64 = BR;
|
||||||
|
BR = BL;
|
||||||
|
BL = temp64;
|
||||||
|
|
||||||
|
camellia128_keyop((camellia128_ctx_t*)s,1);
|
||||||
|
|
||||||
|
change_endian(&BL, 64/8);
|
||||||
|
change_endian(&BR, 64/8);
|
||||||
|
|
||||||
|
#undef BL
|
||||||
|
#undef BR
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
void camellia128_dec(void* block, const camellia128_ctx_t* s){
|
||||||
|
|
||||||
|
#define BL (((uint64_t*)block)[1])
|
||||||
|
#define BR (((uint64_t*)block)[0])
|
||||||
|
/* endian adjustment */
|
||||||
|
/*BL*/
|
||||||
|
/* 1 2 3 4 5 6 7 8
|
||||||
|
* 8 7 6 5 4 3 2 1
|
||||||
|
*/
|
||||||
|
|
||||||
|
uint64_t temp64;
|
||||||
|
change_endian(&BL, 64/8);
|
||||||
|
change_endian(&BR, 64/8);
|
||||||
|
|
||||||
|
camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
|
||||||
|
/* Prewhitening */
|
||||||
|
BR ^= s->kal; /* kw3 */
|
||||||
|
BL ^= s->kar; /* kw4 */
|
||||||
|
/* the first 6 */
|
||||||
|
camellia_6rounds(s, &BR, &BL, KEY_ROL17 | KEY_DIR_INV | KEY_POSTC1 , 0x0C);
|
||||||
|
/* FL injection */
|
||||||
|
camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
|
||||||
|
BR = camellia_fl(BR, s->klr);
|
||||||
|
BL = camellia_fl_inv(BL, s->kll);
|
||||||
|
camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
|
||||||
|
/* middle 6 */
|
||||||
|
camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_INC2 , 0x0B);
|
||||||
|
/* FL injection */
|
||||||
|
camellia128_keyop_inv((camellia128_ctx_t*)s, -1);
|
||||||
|
BR = camellia_fl(BR, s->kar);
|
||||||
|
BL = camellia_fl_inv(BL, s->kal);
|
||||||
|
camellia128_keyop_inv((camellia128_ctx_t*)s, -1);
|
||||||
|
/* last 6 */
|
||||||
|
camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_POSTC2 , 0x33);
|
||||||
|
|
||||||
|
/* Postwhitening */
|
||||||
|
BL ^= s->kll; /* kw1 */
|
||||||
|
BR ^= s->klr; /* kw2 */
|
||||||
|
|
||||||
|
temp64 = BR;
|
||||||
|
BR = BL;
|
||||||
|
BL = temp64;
|
||||||
|
|
||||||
|
change_endian(&BL, 64/8);
|
||||||
|
change_endian(&BR, 64/8);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/* EOF */
|
|
@ -0,0 +1,59 @@
|
||||||
|
/* dsa.h */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef DSA_H_
|
||||||
|
#define DSA_H_
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include "hfal-basic.h"
|
||||||
|
#include "bigint.h"
|
||||||
|
|
||||||
|
typedef struct{
|
||||||
|
bigint_t p;
|
||||||
|
bigint_t q;
|
||||||
|
bigint_t g;
|
||||||
|
} dsa_domainparameters_t;
|
||||||
|
|
||||||
|
typedef bigint_t dsa_pubkey_t;
|
||||||
|
typedef bigint_t dsa_privkey_t;
|
||||||
|
typedef struct{
|
||||||
|
bigint_t r;
|
||||||
|
bigint_t s;
|
||||||
|
} dsa_signature_t;
|
||||||
|
|
||||||
|
typedef struct{
|
||||||
|
dsa_privkey_t priv;
|
||||||
|
dsa_pubkey_t pub;
|
||||||
|
dsa_domainparameters_t domain;
|
||||||
|
} dsa_ctx_t;
|
||||||
|
|
||||||
|
#define DSA_SIGNATURE_OK 1
|
||||||
|
#define DSA_SIGNATURE_FAIL 0
|
||||||
|
|
||||||
|
uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m,
|
||||||
|
const dsa_ctx_t* ctx, const bigint_t* k);
|
||||||
|
uint8_t dsa_sign_message(dsa_signature_t* s, const void* m, uint16_t m_len_b,
|
||||||
|
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx,
|
||||||
|
uint8_t(*rand_in)(void));
|
||||||
|
uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m,
|
||||||
|
const dsa_ctx_t* ctx);
|
||||||
|
uint8_t dsa_verify_message(const dsa_signature_t* s, const void* m, uint16_t m_len_b,
|
||||||
|
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx);
|
||||||
|
|
||||||
|
#endif /* DSA_H_ */
|
|
@ -0,0 +1,306 @@
|
||||||
|
/* dsa_key_blob.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "cli.h"
|
||||||
|
#include "dsa.h"
|
||||||
|
#include "bigint.h"
|
||||||
|
|
||||||
|
|
||||||
|
#define DSA_KEY_BLOB_SIZE 1024
|
||||||
|
|
||||||
|
#if DSA_KEY_BLOB_SIZE == 512
|
||||||
|
|
||||||
|
#define PRIV_LEN_B (20)
|
||||||
|
#define PUB_LEN_B (8*8)
|
||||||
|
#define P_LEN_B (8*8)
|
||||||
|
#define Q_LEN_B (20)
|
||||||
|
#define G_LEN_B (8*8)
|
||||||
|
#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B)
|
||||||
|
|
||||||
|
|
||||||
|
static const uint8_t dsa_key_blob[] = {
|
||||||
|
|
||||||
|
// priv:
|
||||||
|
0xac, 0xe6, 0xef, 0x99, 0x08, 0xe8, 0x5f, 0xc8,
|
||||||
|
0xc7, 0x51, 0x97, 0x99, 0xf4, 0xd3, 0x00, 0x0f,
|
||||||
|
0x49, 0x72, 0xee, 0x46,
|
||||||
|
// pub:
|
||||||
|
0x18, 0x02, 0x53, 0x09, 0x61, 0xad, 0x0b, 0x9d,
|
||||||
|
0x44, 0x80, 0x8d, 0xb4, 0x52, 0xdc, 0xb5, 0xf2,
|
||||||
|
0x11, 0x20, 0x41, 0xc7, 0xd9, 0x7c, 0x7c, 0x6c,
|
||||||
|
0xa0, 0x9e, 0xca, 0x0d, 0xff, 0x28, 0x3c, 0x64,
|
||||||
|
0xfa, 0x92, 0xbb, 0x2c, 0xe9, 0x9b, 0x10, 0x94,
|
||||||
|
0xa5, 0x8d, 0x03, 0x50, 0xa5, 0x59, 0xd4, 0x3f,
|
||||||
|
0x57, 0x78, 0x8d, 0xcf, 0x0a, 0x99, 0x5d, 0xa3,
|
||||||
|
0x2e, 0x80, 0xfa, 0x99, 0x44, 0x73, 0x6d, 0x9a,
|
||||||
|
// P:
|
||||||
|
0x9f, 0x2d, 0xc8, 0x3c, 0x34, 0xf9, 0xa1, 0xbc,
|
||||||
|
0x6a, 0xa7, 0x49, 0x17, 0xd3, 0x82, 0xa2, 0xe2,
|
||||||
|
0x25, 0x31, 0xc4, 0x3d, 0x1a, 0x3f, 0x0f, 0x8a,
|
||||||
|
0x8b, 0x84, 0x3c, 0x6c, 0x9c, 0xdd, 0x42, 0xd9,
|
||||||
|
0x1a, 0x22, 0xf2, 0x55, 0x98, 0xee, 0x7d, 0x98,
|
||||||
|
0x9c, 0x9a, 0x91, 0x42, 0x5f, 0x4f, 0xa8, 0x32,
|
||||||
|
0xa0, 0xb0, 0x0f, 0x79, 0xe2, 0x76, 0x08, 0x78,
|
||||||
|
0x6e, 0xba, 0xf7, 0x74, 0x43, 0x4a, 0xf2, 0xdf,
|
||||||
|
// Q:
|
||||||
|
0xdb, 0x30, 0x69, 0xe6, 0x59, 0x77, 0xee, 0x38,
|
||||||
|
0xea, 0xf7, 0xcc, 0x18, 0x83, 0xcf, 0xb4, 0x21,
|
||||||
|
0xbc, 0xcf, 0x9a, 0x77,
|
||||||
|
// G:
|
||||||
|
0x73, 0x90, 0x27, 0x68, 0xe7, 0xe9, 0x3a, 0x45,
|
||||||
|
0x6f, 0x7f, 0x95, 0xca, 0x9b, 0xfd, 0x33, 0x75,
|
||||||
|
0x75, 0xff, 0x0f, 0xe7, 0x69, 0xfd, 0xb7, 0x07,
|
||||||
|
0x0f, 0x6c, 0x3a, 0xec, 0x47, 0x82, 0x78, 0xb2,
|
||||||
|
0xb3, 0x0b, 0x7f, 0x11, 0x9d, 0x34, 0x3e, 0xff,
|
||||||
|
0xb8, 0x09, 0x42, 0x82, 0x81, 0x21, 0xad, 0x2b,
|
||||||
|
0x51, 0x20, 0xec, 0x9e, 0xf8, 0x15, 0xaa, 0x3d,
|
||||||
|
0x5f, 0x29, 0x2d, 0xb5, 0xc5, 0x64, 0x53, 0x2d
|
||||||
|
};
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if DSA_KEY_BLOB_SIZE == 1024
|
||||||
|
|
||||||
|
#define PRIV_LEN_B (20)
|
||||||
|
#define PUB_LEN_B (16*8)
|
||||||
|
#define P_LEN_B (16*8)
|
||||||
|
#define Q_LEN_B (20)
|
||||||
|
#define G_LEN_B (16*8)
|
||||||
|
#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B)
|
||||||
|
|
||||||
|
static const uint8_t dsa_key_blob[] = {
|
||||||
|
// priv:
|
||||||
|
// 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x03, 0xad, 0x17, 0x81, 0x0f, 0x70, 0x7f, 0x89,
|
||||||
|
0xa2, 0x0a, 0x70, 0x1c, 0x3b, 0x24, 0xff, 0xd2,
|
||||||
|
0x39, 0x93, 0xd7, 0x8d,
|
||||||
|
// pub:
|
||||||
|
0x42, 0x1c, 0xb2, 0x03, 0xe5, 0xc6, 0x69, 0x81,
|
||||||
|
0x1e, 0x35, 0x85, 0x86, 0xd7, 0x94, 0xd2, 0x1f,
|
||||||
|
0x77, 0x05, 0x2f, 0xcc, 0xa5, 0x69, 0x46, 0x8f,
|
||||||
|
0xe1, 0x9f, 0x82, 0xf6, 0x24, 0x2c, 0x64, 0x1b,
|
||||||
|
0x29, 0x63, 0xd5, 0xb3, 0x32, 0xdc, 0xd9, 0x5a,
|
||||||
|
0x4e, 0x92, 0xd9, 0x69, 0xcc, 0x51, 0x81, 0xc2,
|
||||||
|
0xa3, 0x7e, 0xd7, 0xf8, 0x72, 0x1f, 0x8d, 0xd4,
|
||||||
|
0xe8, 0x59, 0xb0, 0xaa, 0xdd, 0xa0, 0x73, 0xe6,
|
||||||
|
0xc4, 0x50, 0x7f, 0x4c, 0x7c, 0xde, 0x35, 0x27,
|
||||||
|
0x49, 0x36, 0x23, 0x36, 0xe4, 0x90, 0x54, 0x24,
|
||||||
|
0x45, 0x99, 0xa3, 0x10, 0xc3, 0x59, 0x2f, 0x61,
|
||||||
|
0xff, 0x75, 0xf0, 0x51, 0x1d, 0xa0, 0x8f, 0x69,
|
||||||
|
0xc1, 0x1e, 0x3e, 0x65, 0xaf, 0x82, 0x9e, 0xa9,
|
||||||
|
0x91, 0x17, 0x04, 0x7c, 0x56, 0xd1, 0x68, 0x8a,
|
||||||
|
0x4b, 0xc9, 0x48, 0x92, 0xaf, 0x72, 0xca, 0xbf,
|
||||||
|
0xf2, 0x2b, 0x9e, 0x42, 0x92, 0x46, 0x19, 0x64,
|
||||||
|
// P:
|
||||||
|
0x97, 0x40, 0xda, 0x05, 0x19, 0x77, 0xb7, 0x17,
|
||||||
|
0x4b, 0x7d, 0xc0, 0x5b, 0x81, 0xdd, 0xcc, 0x0b,
|
||||||
|
0x86, 0xe0, 0x3c, 0x4d, 0xab, 0x3d, 0x43, 0xe4,
|
||||||
|
0xe3, 0x5f, 0xf3, 0x56, 0xcd, 0x5c, 0xf2, 0x85,
|
||||||
|
0x00, 0x45, 0x3c, 0xba, 0xf0, 0x56, 0xb3, 0x8b,
|
||||||
|
0x29, 0xc3, 0x55, 0x7b, 0xb6, 0xfb, 0x68, 0xca,
|
||||||
|
0x35, 0xe5, 0x0e, 0x46, 0xd6, 0xff, 0xc9, 0xbd,
|
||||||
|
0x08, 0x71, 0x65, 0x3b, 0xf7, 0xab, 0xb1, 0x96,
|
||||||
|
0x9b, 0x70, 0xdc, 0x8e, 0xf3, 0x02, 0xa4, 0x0f,
|
||||||
|
0xc6, 0xcd, 0x70, 0xe5, 0xeb, 0xd3, 0x07, 0xb5,
|
||||||
|
0x7d, 0x40, 0x8c, 0xfd, 0x33, 0x45, 0x8f, 0x9c,
|
||||||
|
0x7f, 0xa1, 0x69, 0xcb, 0xe6, 0x73, 0x1d, 0x37,
|
||||||
|
0xc7, 0x5f, 0x18, 0x57, 0x38, 0x96, 0x46, 0x24,
|
||||||
|
0xad, 0xa6, 0x59, 0x3d, 0x7a, 0x74, 0x6e, 0x88,
|
||||||
|
0x57, 0x18, 0x86, 0x7b, 0x07, 0x79, 0x52, 0xdd,
|
||||||
|
0xbc, 0xa7, 0x40, 0x88, 0xa6, 0x66, 0x50, 0x49,
|
||||||
|
// Q:
|
||||||
|
// 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0xb4, 0x6d, 0x89, 0x7a, 0x72, 0xdb, 0x8c, 0x92,
|
||||||
|
0x60, 0xf9, 0x95, 0x47, 0x81, 0x57, 0xe8, 0x6b,
|
||||||
|
0xb4, 0xf9, 0xde, 0x51,
|
||||||
|
// G:
|
||||||
|
0x76, 0x1e, 0x1b, 0xd2, 0x5c, 0x5f, 0x92, 0x96,
|
||||||
|
0x42, 0x18, 0xba, 0x8d, 0xe1, 0x24, 0x12, 0x24,
|
||||||
|
0x6f, 0x3f, 0xb8, 0x05, 0xf9, 0x72, 0x74, 0xfa,
|
||||||
|
0xef, 0xc3, 0x1e, 0xd5, 0xa5, 0x93, 0x28, 0x07,
|
||||||
|
0xc0, 0x7b, 0x47, 0xef, 0x15, 0x13, 0x68, 0x18,
|
||||||
|
0xfb, 0x0d, 0x69, 0xea, 0xcc, 0x5a, 0x43, 0x08,
|
||||||
|
0x75, 0xec, 0xe4, 0x5e, 0x8e, 0xa9, 0x61, 0xe1,
|
||||||
|
0xcd, 0x27, 0x8c, 0x55, 0xc9, 0x42, 0x11, 0x11,
|
||||||
|
0x7f, 0x20, 0x4d, 0x70, 0x34, 0x49, 0x00, 0x8c,
|
||||||
|
0x79, 0x95, 0x79, 0x0b, 0xfd, 0x8d, 0xda, 0xe3,
|
||||||
|
0x0c, 0x27, 0x7a, 0x35, 0xe5, 0x35, 0xc9, 0x73,
|
||||||
|
0x31, 0xaa, 0xed, 0xbe, 0x81, 0x89, 0x67, 0x06,
|
||||||
|
0xf6, 0x97, 0x0d, 0x44, 0x07, 0xac, 0x09, 0xac,
|
||||||
|
0x44, 0xf3, 0xc6, 0x8b, 0x30, 0x4c, 0x76, 0x0b,
|
||||||
|
0x55, 0x74, 0x10, 0x06, 0xda, 0xd4, 0x3d, 0x96,
|
||||||
|
0x7e, 0xc3, 0xf8, 0x22, 0x9c, 0x71, 0x1d, 0x9c
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if DSA_KEY_BLOB_2048
|
||||||
|
|
||||||
|
#define PRIV_LEN_B (20)
|
||||||
|
#define PUB_LEN_B (32*8)
|
||||||
|
#define P_LEN_B (32*8)
|
||||||
|
#define Q_LEN_B (20)
|
||||||
|
#define G_LEN_B (32*8)
|
||||||
|
#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B)
|
||||||
|
|
||||||
|
static const uint8_t dsa_key_blob[] = {
|
||||||
|
/* priv: */
|
||||||
|
0x1d, 0xe4, 0x81, 0x02, 0x52, 0x6b, 0x2b, 0x0e,
|
||||||
|
0x98, 0x08, 0xc8, 0xb9, 0x81, 0x40, 0xd1, 0x1e,
|
||||||
|
0x86, 0x69, 0x0d, 0xa9,
|
||||||
|
/* pub: */
|
||||||
|
0x70, 0xc4, 0x44, 0x28, 0x91, 0x77, 0x2b, 0x09,
|
||||||
|
0xde, 0xe8, 0x66, 0x0b, 0xa5, 0xc8, 0x05, 0xb4,
|
||||||
|
0x0a, 0x2d, 0x4f, 0x45, 0x8e, 0x0c, 0x8c, 0x38,
|
||||||
|
0x61, 0xf3, 0x77, 0x05, 0x64, 0xf7, 0xe6, 0xe9,
|
||||||
|
0x0b, 0x1f, 0x9b, 0x9f, 0x1f, 0xa1, 0x7e, 0x8f,
|
||||||
|
0x5b, 0x14, 0x70, 0x1d, 0x4d, 0x1c, 0xdc, 0x9d,
|
||||||
|
0xe0, 0x0a, 0xc4, 0x7b, 0x70, 0xfd, 0xef, 0xe6,
|
||||||
|
0x20, 0x2d, 0x17, 0x13, 0xd7, 0x1c, 0xc0, 0xbb,
|
||||||
|
0x5b, 0xce, 0x84, 0x6a, 0xa5, 0x4e, 0x27, 0x1c,
|
||||||
|
0x9e, 0xaa, 0xb2, 0xdc, 0xc1, 0xec, 0x74, 0x93,
|
||||||
|
0x67, 0xdb, 0xe1, 0xaa, 0x5a, 0x86, 0x1d, 0x8a,
|
||||||
|
0xa9, 0x28, 0x7e, 0xfc, 0xd5, 0x72, 0x94, 0x6c,
|
||||||
|
0x1d, 0x71, 0x85, 0x92, 0xa7, 0x6e, 0x84, 0x4f,
|
||||||
|
0x27, 0xf3, 0x7e, 0x04, 0x7d, 0xf2, 0x7c, 0x07,
|
||||||
|
0xa0, 0x7d, 0x02, 0x7c, 0x30, 0x70, 0xb5, 0x87,
|
||||||
|
0xc3, 0xf0, 0xc2, 0x0c, 0xdb, 0x26, 0x72, 0x33,
|
||||||
|
0x20, 0xca, 0xf0, 0x8b, 0x05, 0x20, 0x70, 0x98,
|
||||||
|
0x65, 0x03, 0xd7, 0xd4, 0x47, 0xf0, 0xb2, 0x6e,
|
||||||
|
0x2a, 0xbe, 0xcc, 0x83, 0x0d, 0xab, 0x60, 0x61,
|
||||||
|
0x26, 0x7b, 0xaf, 0xae, 0x18, 0x9e, 0x20, 0xeb,
|
||||||
|
0x12, 0x31, 0x18, 0x2e, 0x73, 0xca, 0xd4, 0x5e,
|
||||||
|
0x66, 0x74, 0x61, 0x07, 0x9b, 0x20, 0x68, 0x12,
|
||||||
|
0x88, 0xb1, 0xc5, 0x0f, 0x85, 0x9b, 0x45, 0x40,
|
||||||
|
0x7d, 0x76, 0x62, 0x73, 0xba, 0x41, 0x7b, 0xaf,
|
||||||
|
0xc7, 0xb9, 0x19, 0x7a, 0xd0, 0x55, 0xe6, 0xfd,
|
||||||
|
0xb5, 0xb9, 0xc4, 0x1b, 0x22, 0x47, 0x8f, 0x7b,
|
||||||
|
0xd7, 0x75, 0xe8, 0x7f, 0x01, 0xa2, 0x9b, 0x79,
|
||||||
|
0xde, 0xea, 0x55, 0x3c, 0x61, 0x4d, 0xcd, 0xce,
|
||||||
|
0x89, 0x8c, 0x76, 0x62, 0x12, 0x4d, 0xd4, 0x47,
|
||||||
|
0x03, 0x0e, 0xe8, 0xe2, 0xb8, 0xda, 0xca, 0x20,
|
||||||
|
0xb3, 0x64, 0xb6, 0x07, 0x06, 0x1b, 0xcb, 0x91,
|
||||||
|
0x51, 0x2c, 0x2e, 0xfa, 0xe1, 0xee, 0x1e, 0x78,
|
||||||
|
/* P: */
|
||||||
|
0x8d, 0x09, 0x00, 0x56, 0x63, 0x39, 0x42, 0x8d,
|
||||||
|
0x15, 0xd5, 0x1d, 0x86, 0x10, 0xde, 0xc7, 0xf4,
|
||||||
|
0x07, 0xe5, 0x81, 0xbe, 0x67, 0xee, 0xc5, 0x33,
|
||||||
|
0xd3, 0x41, 0x1b, 0xba, 0xd8, 0xa6, 0x61, 0x49,
|
||||||
|
0x2d, 0x66, 0xcf, 0x60, 0x9f, 0x52, 0x60, 0x6e,
|
||||||
|
0x0a, 0x16, 0xdc, 0x0b, 0x24, 0x1b, 0x62, 0x32,
|
||||||
|
0xc4, 0xab, 0x52, 0x17, 0xbf, 0xc5, 0xa2, 0x2a,
|
||||||
|
0xa4, 0x5e, 0x8c, 0xff, 0x97, 0x45, 0x51, 0xd9,
|
||||||
|
0xc3, 0xf2, 0x32, 0x4a, 0xb9, 0x08, 0xc1, 0x6a,
|
||||||
|
0x7b, 0x82, 0x93, 0x2a, 0x60, 0x29, 0x55, 0x1a,
|
||||||
|
0x36, 0x1f, 0x05, 0x4f, 0xf1, 0x43, 0x12, 0xb2,
|
||||||
|
0x73, 0x4e, 0xf6, 0x37, 0x65, 0x3d, 0x0b, 0x70,
|
||||||
|
0x08, 0xc7, 0x34, 0x0b, 0x4d, 0xc9, 0x08, 0x70,
|
||||||
|
0xaf, 0x4b, 0x95, 0x0b, 0x7c, 0x9f, 0xcf, 0xfc,
|
||||||
|
0x57, 0x94, 0x47, 0x6d, 0xd1, 0xaf, 0xc6, 0x52,
|
||||||
|
0xd9, 0xe2, 0x05, 0xce, 0xb2, 0xb8, 0x91, 0x6f,
|
||||||
|
0x5a, 0x77, 0x6b, 0x1b, 0xff, 0x97, 0x8c, 0x5e,
|
||||||
|
0x33, 0xfc, 0x80, 0x29, 0xdf, 0x83, 0x91, 0x0c,
|
||||||
|
0x28, 0x1b, 0x00, 0xb4, 0xc9, 0x3e, 0xb7, 0x67,
|
||||||
|
0xca, 0xab, 0x63, 0xd4, 0x48, 0xfe, 0xd2, 0xfd,
|
||||||
|
0x65, 0x57, 0x33, 0x25, 0xbd, 0xf1, 0xa5, 0x51,
|
||||||
|
0x51, 0x50, 0xf6, 0xcf, 0xfa, 0x0d, 0x67, 0x4e,
|
||||||
|
0x90, 0x08, 0x87, 0x34, 0xf6, 0x33, 0xc9, 0x58,
|
||||||
|
0xb1, 0x87, 0xf8, 0x5d, 0x73, 0x80, 0xde, 0x51,
|
||||||
|
0xcd, 0x17, 0x70, 0x3e, 0xa4, 0xa8, 0x4f, 0xda,
|
||||||
|
0xcd, 0xa2, 0x66, 0x0f, 0x95, 0xa7, 0xc6, 0xf7,
|
||||||
|
0x12, 0x2e, 0x27, 0x94, 0xa9, 0x26, 0x1b, 0x25,
|
||||||
|
0x16, 0x18, 0x99, 0x3b, 0x32, 0xaf, 0x71, 0x13,
|
||||||
|
0x35, 0xda, 0xb8, 0x71, 0x5b, 0x50, 0x7c, 0x7a,
|
||||||
|
0x9d, 0xcc, 0x0d, 0x95, 0xef, 0x6f, 0x64, 0x3c,
|
||||||
|
0x28, 0x4b, 0x15, 0xe9, 0xd4, 0xad, 0xcc, 0x56,
|
||||||
|
0xcb, 0x24, 0xf9, 0x61, 0x79, 0xd7, 0x56, 0xd3,
|
||||||
|
/* Q: */
|
||||||
|
0xf7, 0xdf, 0x85, 0xf5, 0x63, 0x36, 0x63, 0x71,
|
||||||
|
0x74, 0x34, 0x98, 0x19, 0xff, 0x79, 0xf2, 0xe2,
|
||||||
|
0x15, 0x75, 0x3c, 0x95,
|
||||||
|
/* G: */
|
||||||
|
0x0c, 0xf6, 0x8b, 0x1a, 0xbe, 0x66, 0x84, 0x98,
|
||||||
|
0xae, 0xcb, 0xb0, 0xd9, 0x75, 0x75, 0x32, 0x4b,
|
||||||
|
0xa3, 0xf2, 0x28, 0xa6, 0x6d, 0x13, 0xf2, 0xf3,
|
||||||
|
0xfd, 0x93, 0x91, 0xb1, 0x21, 0x1e, 0xcc, 0x08,
|
||||||
|
0x87, 0xce, 0x74, 0xb1, 0xd0, 0x19, 0x50, 0xff,
|
||||||
|
0xac, 0xef, 0x9f, 0x82, 0xda, 0x75, 0xda, 0x6d,
|
||||||
|
0x89, 0xf3, 0x0b, 0xdc, 0x27, 0x98, 0x85, 0x01,
|
||||||
|
0x68, 0xb7, 0xbd, 0x98, 0x83, 0xb1, 0xb0, 0x65,
|
||||||
|
0x31, 0x71, 0x43, 0x05, 0xa7, 0x76, 0x63, 0xe4,
|
||||||
|
0x7d, 0x61, 0x53, 0xc7, 0x3e, 0x3b, 0x82, 0x28,
|
||||||
|
0x65, 0x07, 0xfe, 0x9e, 0xa3, 0x35, 0x2c, 0xdc,
|
||||||
|
0x9e, 0x05, 0x7c, 0x9a, 0x69, 0xc6, 0x9f, 0xc2,
|
||||||
|
0x3f, 0x94, 0x6b, 0xad, 0xa4, 0x2b, 0x5d, 0x48,
|
||||||
|
0x9e, 0x2c, 0xad, 0xd2, 0x89, 0x49, 0xdc, 0xdb,
|
||||||
|
0x55, 0x49, 0x56, 0xaf, 0xe9, 0x0e, 0x37, 0xe7,
|
||||||
|
0x1f, 0x42, 0x6a, 0x7c, 0xac, 0xe8, 0x1b, 0xbb,
|
||||||
|
0x21, 0x82, 0x14, 0x72, 0x17, 0x64, 0xf0, 0x3c,
|
||||||
|
0x3d, 0xc1, 0x43, 0x27, 0x27, 0x9f, 0xe9, 0x21,
|
||||||
|
0xf2, 0x2f, 0xf7, 0xfa, 0x3c, 0xed, 0xbf, 0xab,
|
||||||
|
0xab, 0xb7, 0x3c, 0x6d, 0x1e, 0x85, 0x9f, 0x77,
|
||||||
|
0x4f, 0x69, 0x09, 0x4e, 0xed, 0x13, 0x84, 0x40,
|
||||||
|
0x1a, 0xc6, 0xa1, 0xd9, 0x68, 0xb6, 0x18, 0x32,
|
||||||
|
0x79, 0x25, 0x9e, 0xa6, 0x41, 0x30, 0xd1, 0xc2,
|
||||||
|
0x7a, 0x8f, 0x0d, 0x46, 0xee, 0xda, 0xb0, 0xbf,
|
||||||
|
0x64, 0x42, 0x59, 0x7e, 0x22, 0x88, 0xd6, 0x52,
|
||||||
|
0xec, 0xed, 0xc4, 0x13, 0xb1, 0x7f, 0x5c, 0x77,
|
||||||
|
0x4c, 0xfd, 0x22, 0x90, 0xd3, 0xe3, 0xa9, 0xc1,
|
||||||
|
0x0f, 0x25, 0xac, 0xd5, 0x04, 0x84, 0xe6, 0xa8,
|
||||||
|
0xc7, 0xb4, 0x4f, 0xa2, 0x67, 0xae, 0xaa, 0x92,
|
||||||
|
0xe9, 0x0a, 0xed, 0x45, 0x5b, 0xf0, 0x1b, 0x69,
|
||||||
|
0xec, 0xaf, 0x7d, 0xf2, 0x71, 0x25, 0xbf, 0x92,
|
||||||
|
0xd4, 0xd0, 0x5b, 0xde, 0x5a, 0x2d, 0x18, 0x8e
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
|
void load_dsa_key_blob(dsa_ctx_t* ctx){
|
||||||
|
if(ctx->priv.wordv){
|
||||||
|
free(ctx->priv.wordv);
|
||||||
|
}
|
||||||
|
ctx->priv.wordv = malloc(ALL_LEN_B);
|
||||||
|
if(ctx->priv.wordv==NULL){
|
||||||
|
cli_putstr("\r\nERROR: OUT OF MEMORY!!!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
memcpy(ctx->priv.wordv, dsa_key_blob, ALL_LEN_B);
|
||||||
|
ctx->priv.length_W=(PRIV_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
|
||||||
|
ctx->pub.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B);
|
||||||
|
ctx->pub.length_W = (PUB_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
|
||||||
|
ctx->domain.p.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B);
|
||||||
|
ctx->domain.p.length_W = (P_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
|
||||||
|
ctx->domain.q.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B+P_LEN_B);
|
||||||
|
ctx->domain.q.length_W = (Q_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
|
||||||
|
ctx->domain.g.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B);
|
||||||
|
ctx->domain.g.length_W = (G_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
|
||||||
|
|
||||||
|
bigint_changeendianess(&(ctx->priv));
|
||||||
|
bigint_changeendianess(&(ctx->pub));
|
||||||
|
bigint_changeendianess(&(ctx->domain.p));
|
||||||
|
bigint_changeendianess(&(ctx->domain.q));
|
||||||
|
bigint_changeendianess(&(ctx->domain.g));
|
||||||
|
|
||||||
|
bigint_adjust(&(ctx->priv));
|
||||||
|
bigint_adjust(&(ctx->pub));
|
||||||
|
bigint_adjust(&(ctx->domain.p));
|
||||||
|
bigint_adjust(&(ctx->domain.q));
|
||||||
|
bigint_adjust(&(ctx->domain.g));
|
||||||
|
}
|
|
@ -0,0 +1,25 @@
|
||||||
|
/* dsa_key_blob.h */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef DSA_KEY_BLOB_H_
|
||||||
|
#define DSA_KEY_BLOB_H_
|
||||||
|
|
||||||
|
void load_dsa_key_blob(dsa_ctx_t* ctx);
|
||||||
|
|
||||||
|
#endif /* DSA_KEY_BLOB_H_ */
|
|
@ -0,0 +1,76 @@
|
||||||
|
/* dsa_sign.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "bigint.h"
|
||||||
|
#include "dsa.h"
|
||||||
|
#include "hashfunction_descriptor.h"
|
||||||
|
#include "hfal-basic.h"
|
||||||
|
|
||||||
|
#define MAX(a,b) (((a)>(b))?(a):(b))
|
||||||
|
|
||||||
|
uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m,
|
||||||
|
const dsa_ctx_t* ctx, const bigint_t* k){
|
||||||
|
bigint_t tmp, tmp2;
|
||||||
|
bigint_word_t tmp_b[ctx->domain.p.length_W+5], tmp2_b[ctx->domain.q.length_W+5];
|
||||||
|
tmp.wordv= tmp_b;
|
||||||
|
tmp2.wordv = tmp2_b;
|
||||||
|
bigint_expmod_u(&tmp, &(ctx->domain.g), k, &(ctx->domain.p));
|
||||||
|
bigint_reduce(&tmp, &(ctx->domain.q));
|
||||||
|
bigint_copy(&(s->r), &tmp);
|
||||||
|
bigint_mul_u(&tmp, &tmp, &(ctx->priv));
|
||||||
|
bigint_add_u(&tmp, &tmp, m);
|
||||||
|
bigint_inverse(&tmp2, k, &(ctx->domain.q));
|
||||||
|
bigint_mul_u(&tmp, &tmp, &tmp2);
|
||||||
|
bigint_reduce(&tmp, &(ctx->domain.q));
|
||||||
|
bigint_copy(&(s->s), &tmp);
|
||||||
|
|
||||||
|
if(s->s.length_W==0 || s->r.length_W==0){
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t dsa_sign_message(dsa_signature_t* s, const void* m, uint16_t m_len_b,
|
||||||
|
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx,
|
||||||
|
uint8_t(*rand_in)(void)){
|
||||||
|
bigint_t z, k;
|
||||||
|
uint16_t i, n_B = ctx->domain.q.length_W;
|
||||||
|
unsigned hash_length = MAX(n_B,(hfal_hash_getHashsize(hash_desc)+sizeof(bigint_word_t)*8-1)/(sizeof(bigint_word_t)*8));
|
||||||
|
bigint_word_t hash_value[hash_length];
|
||||||
|
bigint_word_t k_b[n_B];
|
||||||
|
memset(hash_value, 0, hash_length*sizeof(bigint_word_t));
|
||||||
|
hfal_hash_mem(hash_desc, hash_value, m, m_len_b);
|
||||||
|
z.wordv = hash_value;
|
||||||
|
z.length_W = n_B;
|
||||||
|
bigint_changeendianess(&z);
|
||||||
|
k.wordv = k_b;
|
||||||
|
k.length_W = n_B;
|
||||||
|
do{
|
||||||
|
for(i=0; i<n_B*sizeof(bigint_word_t); ++i){
|
||||||
|
((uint8_t*)k_b)[i] = rand_in();
|
||||||
|
}
|
||||||
|
k.length_W = n_B;
|
||||||
|
bigint_adjust(&k);
|
||||||
|
}while(dsa_sign_bigint(s, &z, ctx, &k));
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,78 @@
|
||||||
|
/* dsa_verify.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "bigint.h"
|
||||||
|
#include "dsa.h"
|
||||||
|
#include "hfal-basic.h"
|
||||||
|
|
||||||
|
uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m,
|
||||||
|
const dsa_ctx_t* ctx){
|
||||||
|
if(s->r.length_W==0 || s->s.length_W==0){
|
||||||
|
return DSA_SIGNATURE_FAIL;
|
||||||
|
}
|
||||||
|
if(bigint_cmp_u(&(s->r), &(ctx->domain.q))>=0 || bigint_cmp_u(&(s->s), &(ctx->domain.q))>=0){
|
||||||
|
return DSA_SIGNATURE_FAIL;
|
||||||
|
}
|
||||||
|
bigint_t w, u1, u2, v1, v2;
|
||||||
|
bigint_word_t w_b[ctx->domain.q.length_W], u1_b[ctx->domain.q.length_W*2], u2_b[ctx->domain.q.length_W*2];
|
||||||
|
bigint_word_t v1_b[ctx->domain.p.length_W*2], v2_b[ctx->domain.p.length_W];
|
||||||
|
w.wordv = w_b;
|
||||||
|
u1.wordv = u1_b;
|
||||||
|
u2.wordv = u2_b;
|
||||||
|
v1.wordv = v1_b;
|
||||||
|
v2.wordv = v2_b;
|
||||||
|
bigint_inverse(&w, &(s->s), &(ctx->domain.q));
|
||||||
|
bigint_mul_u(&u1, &w, m);
|
||||||
|
bigint_reduce(&u1, &(ctx->domain.q));
|
||||||
|
bigint_mul_u(&u2, &w, &(s->r));
|
||||||
|
bigint_reduce(&u2, &(ctx->domain.q));
|
||||||
|
bigint_expmod_u(&v1, &(ctx->domain.g), &u1, &(ctx->domain.p));
|
||||||
|
bigint_expmod_u(&v2, &(ctx->pub), &u2, &(ctx->domain.p));
|
||||||
|
bigint_mul_u(&v1, &v1, &v2);
|
||||||
|
bigint_reduce(&v1, &(ctx->domain.p));
|
||||||
|
bigint_reduce(&v1, &(ctx->domain.q));
|
||||||
|
if(bigint_cmp_u(&v1, &(s->r))==0){
|
||||||
|
return DSA_SIGNATURE_OK;
|
||||||
|
}
|
||||||
|
return DSA_SIGNATURE_FAIL;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t dsa_verify_message(const dsa_signature_t* s, const void* m, uint16_t m_len_b,
|
||||||
|
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx){
|
||||||
|
bigint_t z;
|
||||||
|
uint16_t n_B = ctx->domain.q.length_W;
|
||||||
|
unsigned hash_length = (hfal_hash_getHashsize(hash_desc)+sizeof(bigint_word_t)*8-1)/(sizeof(bigint_word_t)*8);
|
||||||
|
bigint_word_t hash_value[hash_length];
|
||||||
|
memset(hash_value, 0, hash_length*sizeof(bigint_word_t));
|
||||||
|
hfal_hash_mem(hash_desc, hash_value, m, m_len_b);
|
||||||
|
z.wordv = hash_value;
|
||||||
|
z.length_W = n_B;
|
||||||
|
bigint_changeendianess(&z);
|
||||||
|
bigint_adjust(&z);
|
||||||
|
return dsa_verify_bigint(s, &z, ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,135 @@
|
||||||
|
/* entropium.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
* \file entropium.c
|
||||||
|
* \author Daniel Otte
|
||||||
|
* \email daniel.otte@rub.de
|
||||||
|
* \date 2006-05-17
|
||||||
|
* \license GPLv3 or later
|
||||||
|
* \brief This file contains an implementaition of a pseudo-random-number generator.
|
||||||
|
*
|
||||||
|
* Extension 1:
|
||||||
|
* rndCore is expanded to 512 bits for more security.
|
||||||
|
*
|
||||||
|
\verbatim
|
||||||
|
################################################################################################
|
||||||
|
# #
|
||||||
|
# +---------------------------+ #
|
||||||
|
# | | #
|
||||||
|
# V | #
|
||||||
|
# (concat) | #
|
||||||
|
+---------------+ # o---------o (xor)+---------+ o---------o o----o o---------o # +--------------+
|
||||||
|
| entropy Block | -----> | sha-256 | --(offset)-< | rndCore | ---> | sha-256 | --+----| +1 |---> | sha-256 | -----> | random Block |
|
||||||
|
+---------------+ # o---------o (xor)+---------+ o---------o | o----o o---------o # +--------------+
|
||||||
|
# (xor) (xor) | #
|
||||||
|
# ^ ^ | #
|
||||||
|
# \ / | #
|
||||||
|
# (offset)---------------------+ #
|
||||||
|
# #
|
||||||
|
################################################################################################
|
||||||
|
\endverbatim
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <inttypes.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "sha256.h"
|
||||||
|
#include "entropium.h"
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief secret entropy pool.
|
||||||
|
* This is the core of the random which is generated
|
||||||
|
*/
|
||||||
|
static
|
||||||
|
uint32_t rndCore[16];
|
||||||
|
|
||||||
|
/*************************************************************************/
|
||||||
|
|
||||||
|
/* idea is: hash the message and add it via xor to rndCore
|
||||||
|
*
|
||||||
|
* length in bits
|
||||||
|
*
|
||||||
|
* we simply first "hash" rndCore, then entropy.
|
||||||
|
*/
|
||||||
|
void entropium_addEntropy(unsigned length_b, const void* data){
|
||||||
|
sha256_ctx_t s;
|
||||||
|
static uint8_t offset=0; /* selects if higher or lower half gets updated */
|
||||||
|
sha256_init(&s);
|
||||||
|
sha256_nextBlock(&s, rndCore);
|
||||||
|
while (length_b>=512){
|
||||||
|
sha256_nextBlock(&s, data);
|
||||||
|
data = (uint8_t*)data+ 512/8;
|
||||||
|
length_b -= 512;
|
||||||
|
}
|
||||||
|
sha256_lastBlock(&s, data, length_b);
|
||||||
|
uint8_t i;
|
||||||
|
for (i=0; i<8; ++i){
|
||||||
|
rndCore[i+offset] ^= s.h[i];
|
||||||
|
}
|
||||||
|
offset ^= 8; /* hehe */
|
||||||
|
}
|
||||||
|
|
||||||
|
/*************************************************************************/
|
||||||
|
|
||||||
|
void entropium_getRandomBlock(void *b){
|
||||||
|
sha256_ctx_t s;
|
||||||
|
uint8_t offset=8;
|
||||||
|
|
||||||
|
sha256_init(&s);
|
||||||
|
sha256_lastBlock(&s, rndCore, 512); /* remember the byte order! */
|
||||||
|
uint8_t i;
|
||||||
|
for (i=0; i<8; ++i){
|
||||||
|
rndCore[i+offset] ^= s.h[i];
|
||||||
|
}
|
||||||
|
offset ^= 8; /* hehe */
|
||||||
|
memcpy(b, s.h, 32); /* back up first hash in b */
|
||||||
|
((uint8_t*)b)[*((uint8_t*)b)&31]++; /* the important increment step */
|
||||||
|
sha256_init(&s);
|
||||||
|
sha256_lastBlock(&s, b, 256);
|
||||||
|
memcpy(b, s.h, 32);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*************************************************************************/
|
||||||
|
|
||||||
|
|
||||||
|
uint8_t entropium_getRandomByte(void){
|
||||||
|
static uint8_t block[32];
|
||||||
|
static uint8_t i = 0;
|
||||||
|
|
||||||
|
if(i == 0){
|
||||||
|
entropium_getRandomBlock((void*)block);
|
||||||
|
i = 32;
|
||||||
|
}
|
||||||
|
return block[--i];
|
||||||
|
}
|
||||||
|
|
||||||
|
void entropium_fillBlockRandom(void* block, unsigned length_B){
|
||||||
|
while(length_B>ENTROPIUM_RANDOMBLOCK_SIZE){
|
||||||
|
entropium_getRandomBlock(block);
|
||||||
|
block = (uint8_t*)block + ENTROPIUM_RANDOMBLOCK_SIZE;
|
||||||
|
length_B -= ENTROPIUM_RANDOMBLOCK_SIZE;
|
||||||
|
}
|
||||||
|
while(length_B){
|
||||||
|
*((uint8_t*)block) = entropium_getRandomByte();
|
||||||
|
block= (uint8_t*)block +1; --length_B;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,84 @@
|
||||||
|
/* entropium.h */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* File: entropium.h
|
||||||
|
* Author: Daniel Otte
|
||||||
|
* Date: 23.07.2006
|
||||||
|
* License: GPL
|
||||||
|
* Description: This file contains the declarations for the pseudo-random-number generator.
|
||||||
|
**/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \file entropium.h
|
||||||
|
* \author Daniel Otte
|
||||||
|
* \date 23.07.2006
|
||||||
|
* \license GPLv3 or later
|
||||||
|
* \brief This file contains the declarations for the pseudo-random-number generator.
|
||||||
|
**/
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef ENTROPIUM_H_
|
||||||
|
#define ENTROPIUM_H_
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
/*
|
||||||
|
* length in bits
|
||||||
|
*/
|
||||||
|
#define ENTROPIUM_RANDOMBLOCK_SIZE 32 /* bytes */
|
||||||
|
|
||||||
|
/** \fn void entropium_addEntropy(unsigned length_b, const void* data)
|
||||||
|
* \brief add entropy to the prng
|
||||||
|
*
|
||||||
|
* This function adds data to the internal entropy pool
|
||||||
|
* \param length_b length of the data block in bits
|
||||||
|
* \param data pointer to the data
|
||||||
|
*/
|
||||||
|
void entropium_addEntropy(unsigned length_b, const void* data);
|
||||||
|
|
||||||
|
/** \fn void entropium_getRandomBlock(void* b)
|
||||||
|
* \brief generate a fixed size block of random data
|
||||||
|
*
|
||||||
|
* This function writes 32 bytes of random extracted from the entropy pool
|
||||||
|
* in the supplied buffer.
|
||||||
|
* \param b buffer where the random data gets written
|
||||||
|
*/
|
||||||
|
void entropium_getRandomBlock(void* b);
|
||||||
|
|
||||||
|
/** \fn uint8_t entropium_getRandomByte(void)
|
||||||
|
* \brief get a single byte of random data
|
||||||
|
*
|
||||||
|
* This function utilizes a internal buffer which gets automatically filled
|
||||||
|
* again.
|
||||||
|
* \return a byte of random data
|
||||||
|
*/
|
||||||
|
uint8_t entropium_getRandomByte(void);
|
||||||
|
|
||||||
|
/** \fn void entropium_fillBlockRandom(void* block, unsigned length_B)
|
||||||
|
* \brief get a block of random data
|
||||||
|
*
|
||||||
|
* This function writes random data extracted from the entropy pool in the
|
||||||
|
* supplied buffer. It shares a internal buffer with the
|
||||||
|
* entropium_getRandomByte() function.
|
||||||
|
* \param block pointer to the buffer where the random data goes
|
||||||
|
* \param length_B number of bytes to be written to the buffer
|
||||||
|
*/
|
||||||
|
void entropium_fillBlockRandom(void* block, unsigned length_B);
|
||||||
|
|
||||||
|
#endif /*PRNG_H_*/
|
|
@ -0,0 +1,130 @@
|
||||||
|
/* hmac-md5.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* implementation of HMAC as described in RFC2104
|
||||||
|
* Author: Daniel Otte
|
||||||
|
* email: daniel.otte@rub.de
|
||||||
|
* License: GPLv3 or later
|
||||||
|
**/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* hmac = hash ( k^opad , hash( k^ipad , msg))
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "config.h"
|
||||||
|
#include "md5.h"
|
||||||
|
#include "hmac-md5.h"
|
||||||
|
|
||||||
|
#define IPAD 0x36
|
||||||
|
#define OPAD 0x5C
|
||||||
|
|
||||||
|
#ifndef HMAC_SHORTONLY
|
||||||
|
|
||||||
|
void hmac_md5_init(hmac_md5_ctx_t *s, void* key, uint16_t keylength_b){
|
||||||
|
uint8_t buffer[MD5_BLOCK_BYTES];
|
||||||
|
uint8_t i;
|
||||||
|
|
||||||
|
memset(buffer, 0, MD5_BLOCK_BYTES);
|
||||||
|
if (keylength_b > MD5_BLOCK_BITS){
|
||||||
|
md5((void*)buffer, key, keylength_b);
|
||||||
|
} else {
|
||||||
|
memcpy(buffer, key, (keylength_b+7)/8);
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i=0; i<MD5_BLOCK_BYTES; ++i){
|
||||||
|
buffer[i] ^= IPAD;
|
||||||
|
}
|
||||||
|
md5_init(&(s->a));
|
||||||
|
md5_nextBlock(&(s->a), buffer);
|
||||||
|
|
||||||
|
for (i=0; i<MD5_BLOCK_BYTES; ++i){
|
||||||
|
buffer[i] ^= IPAD^OPAD;
|
||||||
|
}
|
||||||
|
md5_init(&(s->b));
|
||||||
|
md5_nextBlock(&(s->b), buffer);
|
||||||
|
|
||||||
|
#if defined SECURE_WIPE_BUFFER
|
||||||
|
memset(buffer, 0, MD5_BLOCK_BYTES);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
void hmac_md5_nextBlock(hmac_md5_ctx_t *s, const void* block){
|
||||||
|
md5_nextBlock(&(s->a), block);
|
||||||
|
}
|
||||||
|
|
||||||
|
void hmac_md5_lastBlock(hmac_md5_ctx_t *s, const void* block, uint16_t length_b){
|
||||||
|
md5_lastBlock(&(s->a), block, length_b);
|
||||||
|
}
|
||||||
|
|
||||||
|
void hmac_md5_final(void* dest, hmac_md5_ctx_t *s){
|
||||||
|
md5_ctx2hash((md5_hash_t*)dest, &(s->a));
|
||||||
|
md5_lastBlock(&(s->b), dest, MD5_HASH_BITS);
|
||||||
|
md5_ctx2hash((md5_hash_t*)dest, &(s->b));
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
void hmac_md5_nextBlock()
|
||||||
|
void hmac_md5_lastBlock()
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* keylength in bits!
|
||||||
|
* message length in bits!
|
||||||
|
*/
|
||||||
|
void hmac_md5(void* dest, void* key, uint16_t keylength_b, void* msg, uint32_t msglength_b){ /* a one-shot*/
|
||||||
|
md5_ctx_t s;
|
||||||
|
uint8_t i;
|
||||||
|
uint8_t buffer[MD5_BLOCK_BYTES];
|
||||||
|
|
||||||
|
memset(buffer, 0, MD5_BLOCK_BYTES);
|
||||||
|
|
||||||
|
/* if key is larger than a block we have to hash it*/
|
||||||
|
if (keylength_b > MD5_BLOCK_BITS){
|
||||||
|
md5((void*)buffer, key, keylength_b);
|
||||||
|
} else {
|
||||||
|
memcpy(buffer, key, (keylength_b+7)/8);
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i=0; i<MD5_BLOCK_BYTES; ++i){
|
||||||
|
buffer[i] ^= IPAD;
|
||||||
|
}
|
||||||
|
md5_init(&s);
|
||||||
|
md5_nextBlock(&s, buffer);
|
||||||
|
while (msglength_b >= MD5_BLOCK_BITS){
|
||||||
|
md5_nextBlock(&s, msg);
|
||||||
|
msg = (uint8_t*)msg + MD5_BLOCK_BYTES;
|
||||||
|
msglength_b -= MD5_BLOCK_BITS;
|
||||||
|
}
|
||||||
|
md5_lastBlock(&s, msg, msglength_b);
|
||||||
|
/* since buffer still contains key xor ipad we can do ... */
|
||||||
|
for (i=0; i<MD5_BLOCK_BYTES; ++i){
|
||||||
|
buffer[i] ^= IPAD ^ OPAD;
|
||||||
|
}
|
||||||
|
md5_ctx2hash(dest, &s); /* save inner hash temporary to dest */
|
||||||
|
md5_init(&s);
|
||||||
|
md5_nextBlock(&s, buffer);
|
||||||
|
md5_lastBlock(&s, dest, MD5_HASH_BITS);
|
||||||
|
md5_ctx2hash(dest, &s);
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
/* hmac-md5.h */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
#ifndef HMACMD5_H_
|
||||||
|
#define HMACMD5_H_
|
||||||
|
|
||||||
|
#include "md5.h"
|
||||||
|
|
||||||
|
#define HMAC_MD5_BITS MD5_HASH_BITS
|
||||||
|
#define HMAC_MD5_BYTES MD5_HASH_BYTES
|
||||||
|
#define HMAC_MD5_BLOCK_BITS MD5_BLOCK_BITS
|
||||||
|
#define HMAC_MD5_BLOCK_BYTES MD5_BLOCK_BYTES
|
||||||
|
|
||||||
|
typedef struct{
|
||||||
|
md5_ctx_t a,b;
|
||||||
|
} hmac_md5_ctx_t;
|
||||||
|
|
||||||
|
|
||||||
|
void hmac_md5_init(hmac_md5_ctx_t *s, void* key, uint16_t keylength_b);
|
||||||
|
void hmac_md5_nextBlock(hmac_md5_ctx_t *s, const void* block);
|
||||||
|
void hmac_md5_lastBlock(hmac_md5_ctx_t *s, const void* block, uint16_t length_b);
|
||||||
|
void hmac_md5_final(void* dest, hmac_md5_ctx_t *s);
|
||||||
|
|
||||||
|
void hmac_md5(void* dest, void* key, uint16_t keylength_b, void* msg, uint32_t msglength_b);
|
||||||
|
|
||||||
|
|
||||||
|
#endif /*HMACMD5_H_*/
|
|
@ -0,0 +1,131 @@
|
||||||
|
/* hmac-sha1.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* implementation of HMAC as described in RFC2104
|
||||||
|
* Author: Daniel Otte
|
||||||
|
* email: daniel.otte@rub.de
|
||||||
|
* License: GPLv3 or later
|
||||||
|
**/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* hmac = hash ( k^opad , hash( k^ipad , msg))
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "config.h"
|
||||||
|
#include "sha1.h"
|
||||||
|
#include "hmac-sha1.h"
|
||||||
|
|
||||||
|
#define IPAD 0x36
|
||||||
|
#define OPAD 0x5C
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef HMAC_SHORTONLY
|
||||||
|
|
||||||
|
void hmac_sha1_init(hmac_sha1_ctx_t *s, const void* key, uint16_t keylength_b){
|
||||||
|
uint8_t buffer[SHA1_BLOCK_BYTES];
|
||||||
|
uint8_t i;
|
||||||
|
|
||||||
|
memset(buffer, 0, SHA1_BLOCK_BYTES);
|
||||||
|
if (keylength_b > SHA1_BLOCK_BITS){
|
||||||
|
sha1((void*)buffer, key, keylength_b);
|
||||||
|
} else {
|
||||||
|
memcpy(buffer, key, (keylength_b+7)/8);
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i=0; i<SHA1_BLOCK_BYTES; ++i){
|
||||||
|
buffer[i] ^= IPAD;
|
||||||
|
}
|
||||||
|
sha1_init(&(s->a));
|
||||||
|
sha1_nextBlock(&(s->a), buffer);
|
||||||
|
|
||||||
|
for (i=0; i<SHA1_BLOCK_BYTES; ++i){
|
||||||
|
buffer[i] ^= IPAD^OPAD;
|
||||||
|
}
|
||||||
|
sha1_init(&(s->b));
|
||||||
|
sha1_nextBlock(&(s->b), buffer);
|
||||||
|
|
||||||
|
|
||||||
|
#if defined SECURE_WIPE_BUFFER
|
||||||
|
memset(buffer, 0, SHA1_BLOCK_BYTES);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
void hmac_sha1_nextBlock(hmac_sha1_ctx_t *s, const void* block){
|
||||||
|
sha1_nextBlock(&(s->a), block);
|
||||||
|
}
|
||||||
|
void hmac_sha1_lastBlock(hmac_sha1_ctx_t *s, const void* block, uint16_t length_b){
|
||||||
|
while(length_b>=SHA1_BLOCK_BITS){
|
||||||
|
sha1_nextBlock(&(s->a), block);
|
||||||
|
block = (uint8_t*)block + SHA1_BLOCK_BYTES;
|
||||||
|
length_b -= SHA1_BLOCK_BITS;
|
||||||
|
}
|
||||||
|
sha1_lastBlock(&(s->a), block, length_b);
|
||||||
|
}
|
||||||
|
|
||||||
|
void hmac_sha1_final(void* dest, hmac_sha1_ctx_t *s){
|
||||||
|
sha1_ctx2hash(dest, &(s->a));
|
||||||
|
sha1_lastBlock(&(s->b), dest, SHA1_HASH_BITS);
|
||||||
|
sha1_ctx2hash(dest, &(s->b));
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* keylength in bits!
|
||||||
|
* message length in bits!
|
||||||
|
*/
|
||||||
|
void hmac_sha1(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b){ /* a one-shot*/
|
||||||
|
sha1_ctx_t s;
|
||||||
|
uint8_t i;
|
||||||
|
uint8_t buffer[SHA1_BLOCK_BYTES];
|
||||||
|
|
||||||
|
memset(buffer, 0, SHA1_BLOCK_BYTES);
|
||||||
|
|
||||||
|
/* if key is larger than a block we have to hash it*/
|
||||||
|
if (keylength_b > SHA1_BLOCK_BITS){
|
||||||
|
sha1((void*)buffer, key, keylength_b);
|
||||||
|
} else {
|
||||||
|
memcpy(buffer, key, (keylength_b+7)/8);
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i=0; i<SHA1_BLOCK_BYTES; ++i){
|
||||||
|
buffer[i] ^= IPAD;
|
||||||
|
}
|
||||||
|
sha1_init(&s);
|
||||||
|
sha1_nextBlock(&s, buffer);
|
||||||
|
while (msglength_b >= SHA1_BLOCK_BITS){
|
||||||
|
sha1_nextBlock(&s, msg);
|
||||||
|
msg = (uint8_t*)msg + SHA1_BLOCK_BYTES;
|
||||||
|
msglength_b -= SHA1_BLOCK_BITS;
|
||||||
|
}
|
||||||
|
sha1_lastBlock(&s, msg, msglength_b);
|
||||||
|
/* since buffer still contains key xor ipad we can do ... */
|
||||||
|
for (i=0; i<SHA1_BLOCK_BYTES; ++i){
|
||||||
|
buffer[i] ^= IPAD ^ OPAD;
|
||||||
|
}
|
||||||
|
sha1_ctx2hash(dest, &s); /* save inner hash temporary to dest */
|
||||||
|
sha1_init(&s);
|
||||||
|
sha1_nextBlock(&s, buffer);
|
||||||
|
sha1_lastBlock(&s, dest, SHA1_HASH_BITS);
|
||||||
|
sha1_ctx2hash(dest, &s);
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,41 @@
|
||||||
|
/* hmac-sha1.h */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
#ifndef HMACSHA1_H_
|
||||||
|
#define HMACSHA1_H_
|
||||||
|
|
||||||
|
#include "sha1.h"
|
||||||
|
|
||||||
|
#define HMAC_SHA1_BITS SHA1_HASH_BITS
|
||||||
|
#define HMAC_SHA1_BYTES SHA1_HASH_BYTES
|
||||||
|
#define HMAC_SHA1_BLOCK_BITS SHA1_BLOCK_BITS
|
||||||
|
#define HMAC_SHA1_BLOCK_BYTES SHA1_BLOCK_BYTES
|
||||||
|
|
||||||
|
typedef struct{
|
||||||
|
sha1_ctx_t a, b;
|
||||||
|
} hmac_sha1_ctx_t;
|
||||||
|
|
||||||
|
|
||||||
|
void hmac_sha1_init(hmac_sha1_ctx_t *s, const void* key, uint16_t keylength_b);
|
||||||
|
void hmac_sha1_nextBlock(hmac_sha1_ctx_t *s, const void* block);
|
||||||
|
void hmac_sha1_lastBlock(hmac_sha1_ctx_t *s, const void* block, uint16_t length_b);
|
||||||
|
void hmac_sha1_final(void* dest, hmac_sha1_ctx_t *s);
|
||||||
|
|
||||||
|
void hmac_sha1(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b);
|
||||||
|
|
||||||
|
#endif /*HMACSHA1_H_*/
|
|
@ -0,0 +1,130 @@
|
||||||
|
/* hmac-sha256.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* implementation of HMAC as described in RFC2104
|
||||||
|
* Author: Daniel Otte
|
||||||
|
* email: daniel.otte@rub.de
|
||||||
|
* License: GPLv3 or later
|
||||||
|
**/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* hmac = hash ( k^opad , hash( k^ipad , msg))
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "config.h"
|
||||||
|
#include "sha256.h"
|
||||||
|
#include "hmac-sha256.h"
|
||||||
|
|
||||||
|
#define IPAD 0x36
|
||||||
|
#define OPAD 0x5C
|
||||||
|
|
||||||
|
#ifndef HMAC_SHA256_SHORTONLY
|
||||||
|
|
||||||
|
void hmac_sha256_init(hmac_sha256_ctx_t *s, const void* key, uint16_t keylength_b){
|
||||||
|
uint8_t buffer[HMAC_SHA256_BLOCK_BYTES];
|
||||||
|
uint8_t i;
|
||||||
|
|
||||||
|
memset(buffer, 0, HMAC_SHA256_BLOCK_BYTES);
|
||||||
|
if (keylength_b > HMAC_SHA256_BLOCK_BITS){
|
||||||
|
sha256((void*)buffer, key, keylength_b);
|
||||||
|
} else {
|
||||||
|
memcpy(buffer, key, (keylength_b+7)/8);
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i=0; i<HMAC_SHA256_BLOCK_BYTES; ++i){
|
||||||
|
buffer[i] ^= IPAD;
|
||||||
|
}
|
||||||
|
|
||||||
|
sha256_init(&(s->a));
|
||||||
|
sha256_nextBlock(&(s->a), buffer);
|
||||||
|
|
||||||
|
for (i=0; i<HMAC_SHA256_BLOCK_BYTES; ++i){
|
||||||
|
buffer[i] ^= IPAD^OPAD;
|
||||||
|
}
|
||||||
|
sha256_init(&(s->b));
|
||||||
|
sha256_nextBlock(&(s->b), buffer);
|
||||||
|
|
||||||
|
#if defined SECURE_WIPE_BUFFER
|
||||||
|
memset(buffer, 0, SHA256_BLOCK_BYTES);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
void hmac_sha256_nextBlock(hmac_sha256_ctx_t *s, const void* block){
|
||||||
|
sha256_nextBlock(&(s->a), block);
|
||||||
|
}
|
||||||
|
|
||||||
|
void hmac_sha256_lastBlock(hmac_sha256_ctx_t *s, const void* block, uint16_t length_b){
|
||||||
|
/* while(length_b>=SHA256_BLOCK_BITS){
|
||||||
|
sha256_nextBlock(&(s->a), block);
|
||||||
|
block = (uint8_t*)block + SHA256_BLOCK_BYTES;
|
||||||
|
length_b -= SHA256_BLOCK_BITS;
|
||||||
|
}
|
||||||
|
*/ sha256_lastBlock(&(s->a), block, length_b);
|
||||||
|
}
|
||||||
|
|
||||||
|
void hmac_sha256_final(void* dest, hmac_sha256_ctx_t *s){
|
||||||
|
sha256_ctx2hash(dest, &(s->a));
|
||||||
|
sha256_lastBlock(&(s->b), dest, SHA256_HASH_BITS);
|
||||||
|
sha256_ctx2hash(dest, &(s->b));
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* keylength in bits!
|
||||||
|
* message length in bits!
|
||||||
|
*/
|
||||||
|
void hmac_sha256(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b){ /* a one-shot*/
|
||||||
|
sha256_ctx_t s;
|
||||||
|
uint8_t i;
|
||||||
|
uint8_t buffer[HMAC_SHA256_BLOCK_BYTES];
|
||||||
|
|
||||||
|
memset(buffer, 0, HMAC_SHA256_BLOCK_BYTES);
|
||||||
|
|
||||||
|
/* if key is larger than a block we have to hash it*/
|
||||||
|
if (keylength_b > SHA256_BLOCK_BITS){
|
||||||
|
sha256((void*)buffer, key, keylength_b);
|
||||||
|
} else {
|
||||||
|
memcpy(buffer, key, (keylength_b+7)/8);
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i=0; i<SHA256_BLOCK_BYTES; ++i){
|
||||||
|
buffer[i] ^= IPAD;
|
||||||
|
}
|
||||||
|
sha256_init(&s);
|
||||||
|
sha256_nextBlock(&s, buffer);
|
||||||
|
while (msglength_b >= HMAC_SHA256_BLOCK_BITS){
|
||||||
|
sha256_nextBlock(&s, msg);
|
||||||
|
msg = (uint8_t*)msg + HMAC_SHA256_BLOCK_BYTES;
|
||||||
|
msglength_b -= HMAC_SHA256_BLOCK_BITS;
|
||||||
|
}
|
||||||
|
sha256_lastBlock(&s, msg, msglength_b);
|
||||||
|
/* since buffer still contains key xor ipad we can do ... */
|
||||||
|
for (i=0; i<HMAC_SHA256_BLOCK_BYTES; ++i){
|
||||||
|
buffer[i] ^= IPAD ^ OPAD;
|
||||||
|
}
|
||||||
|
sha256_ctx2hash(dest, &s); /* save inner hash temporary to dest */
|
||||||
|
sha256_init(&s);
|
||||||
|
sha256_nextBlock(&s, buffer);
|
||||||
|
sha256_lastBlock(&s, dest, SHA256_HASH_BITS);
|
||||||
|
sha256_ctx2hash(dest, &s);
|
||||||
|
}
|
|
@ -0,0 +1,43 @@
|
||||||
|
/* hmac-sha256.h */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
#ifndef HMACSHA256_H_
|
||||||
|
#define HMACSHA256_H_
|
||||||
|
|
||||||
|
#include "sha256.h"
|
||||||
|
|
||||||
|
#define HMAC_SHA256_BITS SHA256_HASH_BITS
|
||||||
|
#define HMAC_SHA256_BYTES SHA256_HASH_BYTES
|
||||||
|
#define HMAC_SHA256_BLOCK_BITS SHA256_BLOCK_BITS
|
||||||
|
#define HMAC_SHA256_BLOCK_BYTES SHA256_BLOCK_BYTES
|
||||||
|
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
sha256_ctx_t a,b;
|
||||||
|
} hmac_sha256_ctx_t;
|
||||||
|
|
||||||
|
|
||||||
|
void hmac_sha256_init(hmac_sha256_ctx_t *s, const void* key, uint16_t keylength_b);
|
||||||
|
void hmac_sha256_nextBlock(hmac_sha256_ctx_t *s, const void* block);
|
||||||
|
void hmac_sha256_lastBlock(hmac_sha256_ctx_t *s, const void* block, uint16_t length_b);
|
||||||
|
void hmac_sha256_final(void* dest, hmac_sha256_ctx_t *s);
|
||||||
|
|
||||||
|
void hmac_sha256(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b);
|
||||||
|
|
||||||
|
|
||||||
|
#endif /*HMACSHA256_H_*/
|
|
@ -0,0 +1,175 @@
|
||||||
|
./a51/A5_1.h
|
||||||
|
./aes/aes128_dec.h
|
||||||
|
./aes/aes128_enc.h
|
||||||
|
./aes/aes192_dec.h
|
||||||
|
./aes/aes192_enc.h
|
||||||
|
./aes/aes256_dec.h
|
||||||
|
./aes/aes256_enc.h
|
||||||
|
./aes/aes_dec.h
|
||||||
|
./aes/aes_enc.h
|
||||||
|
./aes/aes.h
|
||||||
|
./aes/aes_invsbox.h
|
||||||
|
./aes/aes_keyschedule.h
|
||||||
|
./aes/aes_sbox.h
|
||||||
|
./aes/aes_types.h
|
||||||
|
./arcfour/arcfour.h
|
||||||
|
./backup/keccak/keccak.h
|
||||||
|
./base64/base64_dec.h
|
||||||
|
./base64/base64_enc.h
|
||||||
|
./bcal/bcal_aes128.h
|
||||||
|
./bcal/bcal_aes192.h
|
||||||
|
./bcal/bcal_aes256.h
|
||||||
|
./bcal/bcal-basic.h
|
||||||
|
./bcal/bcal_camellia128.h
|
||||||
|
./bcal/bcal_cast5.h
|
||||||
|
./bcal/bcal_cast6.h
|
||||||
|
./bcal/bcal-cbc.h
|
||||||
|
./bcal/bcal-cfb_bit.h
|
||||||
|
./bcal/bcal-cfb_byte.h
|
||||||
|
./bcal/bcal-cmac.h
|
||||||
|
./bcal/bcal_cscipher.h
|
||||||
|
./bcal/bcal-ctr.h
|
||||||
|
./bcal/bcal_des.h
|
||||||
|
./bcal/bcal-eax.h
|
||||||
|
./bcal/bcal_khazad.h
|
||||||
|
./bcal/bcal-nessie.h
|
||||||
|
./bcal/bcal_noekeon.h
|
||||||
|
./bcal/bcal-ofb.h
|
||||||
|
./bcal/bcal-performance.h
|
||||||
|
./bcal/bcal_present80.h
|
||||||
|
./bcal/bcal_present128.h
|
||||||
|
./bcal/bcal_rc5.h
|
||||||
|
./bcal/bcal_rc6.h
|
||||||
|
./bcal/bcal_seed.h
|
||||||
|
./bcal/bcal_serpent.h
|
||||||
|
./bcal/bcal_skipjack.h
|
||||||
|
./bcal/bcal_tdes2.h
|
||||||
|
./bcal/bcal_tdes.h
|
||||||
|
./bcal/bcal_threefish1024.h
|
||||||
|
./bcal/bcal_threefish256.h
|
||||||
|
./bcal/bcal_threefish512.h
|
||||||
|
./bcal/bcal_xtea.h
|
||||||
|
./bcal/keysize_descriptor.h
|
||||||
|
./bigint/bigint.h
|
||||||
|
./bigint/bigint_io.h
|
||||||
|
./bigint/old_io/bigint_io.h
|
||||||
|
./blake/blake_common.h
|
||||||
|
./blake/blake_large.h
|
||||||
|
./blake/blake_small.h
|
||||||
|
./blockcipher_descriptor.h
|
||||||
|
./bmw/bmw_large.h
|
||||||
|
./bmw/bmw_small.h
|
||||||
|
./camellia/camellia.h
|
||||||
|
./cast5/cast5.h
|
||||||
|
./cast5/cast5-sbox.h
|
||||||
|
./cast6/cast6.h
|
||||||
|
./cast6/cast6_sboxes.h
|
||||||
|
./cscipher/cscipher.h
|
||||||
|
./cscipher/cscipher_sbox.h
|
||||||
|
./cubehash/cubehash.h
|
||||||
|
./des/des.h
|
||||||
|
./dsa/dsa.h
|
||||||
|
./dsa/dsa_key_blob.h
|
||||||
|
./echo/aes_enc_round.h
|
||||||
|
./echo/echo.h
|
||||||
|
./entropium/entropium.h
|
||||||
|
./entropium/sha256.h
|
||||||
|
./gf256mul/gf256mul.h
|
||||||
|
./grain/grain.h
|
||||||
|
./groestl/groestl_large.h
|
||||||
|
./groestl/groestl_small.h
|
||||||
|
./hashfunction_descriptor.h
|
||||||
|
./hfal/hfal-basic.h
|
||||||
|
./hfal/hfal_blake_large.h
|
||||||
|
./hfal/hfal_blake_small.h
|
||||||
|
./hfal/hfal_bmw_large.h
|
||||||
|
./hfal/hfal_bmw_small.h
|
||||||
|
./hfal/hfal_cubehash.h
|
||||||
|
./hfal/hfal_echo.h
|
||||||
|
./hfal/hfal_groestl_large.h
|
||||||
|
./hfal/hfal_groestl_small.h
|
||||||
|
./hfal/hfal-hmac.h
|
||||||
|
./hfal/hfal_jh.h
|
||||||
|
./hfal/hfal_keccak.h
|
||||||
|
./hfal/hfal_md5.h
|
||||||
|
./hfal/hfal-nessie.h
|
||||||
|
./hfal/hfal-performance.h
|
||||||
|
./hfal/hfal_sha1.h
|
||||||
|
./hfal/hfal_sha224.h
|
||||||
|
./hfal/hfal_sha256.h
|
||||||
|
./hfal/hfal_sha384.h
|
||||||
|
./hfal/hfal_sha512.h
|
||||||
|
./hfal/hfal_shabal.h
|
||||||
|
./hfal/hfal_skein1024.h
|
||||||
|
./hfal/hfal_skein256.h
|
||||||
|
./hfal/hfal_skein512.h
|
||||||
|
./hfal/hfal-test.h
|
||||||
|
./hmac-md5/hmac-md5.h
|
||||||
|
./hmac-sha1/hmac-sha1.h
|
||||||
|
./hmac-sha256/hmac-sha256.h
|
||||||
|
./jh_/jh_simple.h
|
||||||
|
./jh/jh_simple.h
|
||||||
|
./jh_/jh_tables.h
|
||||||
|
./jh/jh_tables.h
|
||||||
|
./keccak/keccak.h
|
||||||
|
./khazad/khazad.h
|
||||||
|
./lfsr-helper.h
|
||||||
|
./md5/md5.h
|
||||||
|
./md5/md5_sbox.h
|
||||||
|
./memxor/memxor.h
|
||||||
|
./mgf1/mgf1.h
|
||||||
|
./mickey128/mickey128.h
|
||||||
|
./mqq-sign/mqq160-sign.h
|
||||||
|
./mqq-sign/mqq160-sign_P.h
|
||||||
|
./mqq-sign/mqq160-sign_testkey.h
|
||||||
|
./mugi/aes_sbox.h
|
||||||
|
./mugi/mugi.h
|
||||||
|
./noekeon/noekeon_cbc_enc.h
|
||||||
|
./noekeon/noekeon_ctr.h
|
||||||
|
./noekeon/noekeon.h
|
||||||
|
./noekeon/noekeon_prng.h
|
||||||
|
./noekeon/omac_noekeon.h
|
||||||
|
./present/present80.h
|
||||||
|
./present/present128.h
|
||||||
|
./prf_tls12/prf_tls12.h
|
||||||
|
./rabbit/rabbit.h
|
||||||
|
./rc5/rc5.h
|
||||||
|
./rc6/rc6.h
|
||||||
|
./rsa/random_dummy.h
|
||||||
|
./rsa/rsa_basic.h
|
||||||
|
./rsa/rsaes_oaep.h
|
||||||
|
./rsa/rsaes_pkcs1v15.h
|
||||||
|
./salsa20/salsa20.h
|
||||||
|
./scal/scal_arcfour.h
|
||||||
|
./scal/scal-basic.h
|
||||||
|
./scal/scal_grain.h
|
||||||
|
./scal/scal_mickey128.h
|
||||||
|
./scal/scal-nessie.h
|
||||||
|
./scal/scal_rabbit.h
|
||||||
|
./scal/scal_salsa20.h
|
||||||
|
./scal/scal_trivium.h
|
||||||
|
./seed/seed.h
|
||||||
|
./seed/seed_sbox.h
|
||||||
|
./serpent/serpent.h
|
||||||
|
./serpent/serpent-sboxes.h
|
||||||
|
./sha1/sha1.h
|
||||||
|
./sha2/sha224.h
|
||||||
|
./sha2/sha256.h
|
||||||
|
./sha2/sha2_large_common.h
|
||||||
|
./sha2/sha2_small_common.h
|
||||||
|
./sha2/sha384.h
|
||||||
|
./sha2/sha512.h
|
||||||
|
./sha3-api.h
|
||||||
|
./shabal/shabal.h
|
||||||
|
./shabea/sha256.h
|
||||||
|
./shabea/shabea.h
|
||||||
|
./shacal1/shacal1_enc.h
|
||||||
|
./shacal2/shacal2_enc.h
|
||||||
|
./skein/skein.h
|
||||||
|
./skein/threefish.h
|
||||||
|
./skein/ubi.h
|
||||||
|
./skipjack/skipjack.h
|
||||||
|
./streamcipher_descriptor.h
|
||||||
|
./trivium/trivium.h
|
||||||
|
./xtea/xtea.h
|
||||||
|
./zodiac.h
|
|
@ -0,0 +1,4 @@
|
||||||
|
SCAL_STD = nessie_common.o performance_test.o memxor.o \
|
||||||
|
scal-basic.o scal-nessie.o \
|
||||||
|
keysize_descriptor.o nessie_stream_test.o
|
||||||
|
# scal-performance.o
|
|
@ -0,0 +1,26 @@
|
||||||
|
# Makefile for bcal-algos (library)
|
||||||
|
ALGO_NAME := BCAL_ALGOS
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := bcal/
|
||||||
|
$(ALGO_NAME)_INCDIR :=
|
||||||
|
$(ALGO_NAME)_OBJ := \
|
||||||
|
bcal_aes128.o \
|
||||||
|
bcal_aes192.o \
|
||||||
|
bcal_aes256.o \
|
||||||
|
bcal_cast5.o \
|
||||||
|
bcal_cast6.o \
|
||||||
|
bcal_cscipher.o \
|
||||||
|
bcal_des.o \
|
||||||
|
bcal_khazad.o \
|
||||||
|
bcal_noekeon.o \
|
||||||
|
bcal_present80.o \
|
||||||
|
bcal_present128.o \
|
||||||
|
bcal_rc5.o \
|
||||||
|
bcal_rc6.o \
|
||||||
|
bcal_seed.o \
|
||||||
|
bcal_serpent.o \
|
||||||
|
bcal_tdes2.o \
|
||||||
|
bcal_tdes.o \
|
||||||
|
bcal_xtea.o
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Makefile for hfal-algos (library)
|
||||||
|
ALGO_NAME := HFAL_ALGOS
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := hfal/
|
||||||
|
$(ALGO_NAME)_INCDIR :=
|
||||||
|
$(ALGO_NAME)_OBJ := \
|
||||||
|
hfal_blake_large.o \
|
||||||
|
hfal_blake_small.o \
|
||||||
|
hfal_bmw_large.o \
|
||||||
|
hfal_bmw_small.o \
|
||||||
|
hfal_cubehash.o \
|
||||||
|
hfal_echo.o \
|
||||||
|
hfal_groestl_large.o \
|
||||||
|
hfal_groestl_small.o \
|
||||||
|
hfal_jh.o \
|
||||||
|
hfal_keccak.o \
|
||||||
|
hfal_md5.o \
|
||||||
|
hfal_sha1.o \
|
||||||
|
hfal_sha224.o \
|
||||||
|
hfal_sha256.o \
|
||||||
|
hfal_sha384.o \
|
||||||
|
hfal_sha512.o \
|
||||||
|
hfal_shabal.o \
|
||||||
|
hfal_skein1024.o \
|
||||||
|
hfal_skein256.o \
|
||||||
|
hfal_skein512.o
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
# Makefile for scal-algos (library)
|
||||||
|
ALGO_NAME := SCAL_ALGOS
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := scal/
|
||||||
|
$(ALGO_NAME)_INCDIR :=
|
||||||
|
$(ALGO_NAME)_OBJ := \
|
||||||
|
scal_arcfour.o \
|
||||||
|
scal_grain.o \
|
||||||
|
scal_mickey128.o \
|
||||||
|
scal_rabbit.o \
|
||||||
|
scal_salsa20.o \
|
||||||
|
scal_trivium.o
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
# Makefile for BlueMidnightWish
|
||||||
|
ALGO_NAME := BMW
|
||||||
|
|
||||||
|
# comment out the following line for removement of BlueMidnightWish from the build process
|
||||||
|
#HASHES += $(ALGO_NAME) # currently buggy
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := bmw/
|
||||||
|
$(ALGO_NAME)_INCDIR := memxor/ hfal/
|
||||||
|
$(ALGO_NAME)_OBJ := bmw_small-asm-cstub.o bmw_small-asm.o bmw_large.o memxor.o
|
||||||
|
$(ALGO_NAME)_TESTBIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD)
|
||||||
|
$(ALGO_NAME)_NESSIE_TEST := test nessie
|
||||||
|
$(ALGO_NAME)_PERFORMANCE_TEST := performance
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
# Makefile for BlueMidnightWish
|
||||||
|
ALGO_NAME := BMW_ASM_SPEED
|
||||||
|
|
||||||
|
# comment out the following line for removement of BlueMidnightWish from the build process
|
||||||
|
HASHES += $(ALGO_NAME)
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := bmw/
|
||||||
|
$(ALGO_NAME)_INCDIR := memxor/ hfal/
|
||||||
|
$(ALGO_NAME)_OBJ := bmw_small_speed_cstub.o bmw_small_speed_asm_f0.o bmw_large_speed.o memxor.o
|
||||||
|
$(ALGO_NAME)_TESTBIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD)
|
||||||
|
$(ALGO_NAME)_NESSIE_TEST := test nessie
|
||||||
|
$(ALGO_NAME)_PERFORMANCE_TEST := performance
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
# Makefile for BlueMidnightWish
|
||||||
|
ALGO_NAME := BMW_ASMMIX_SPEED
|
||||||
|
|
||||||
|
# comment out the following line for removement of BlueMidnightWish from the build process
|
||||||
|
HASHES += $(ALGO_NAME)
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := bmw/
|
||||||
|
$(ALGO_NAME)_INCDIR := memxor/ hfal/
|
||||||
|
$(ALGO_NAME)_OBJ := bmw_small_speed_cstub.o bmw_small_speed_asmmix_f0.o bmw_large_speed.o memxor.o
|
||||||
|
$(ALGO_NAME)_TESTBIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD)
|
||||||
|
$(ALGO_NAME)_NESSIE_TEST := test nessie
|
||||||
|
$(ALGO_NAME)_PERFORMANCE_TEST := performance
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
# Makefile for camellia
|
||||||
|
ALGO_NAME := CAMELLIA_C
|
||||||
|
|
||||||
|
# comment out the following line for removement of serpent from the build process
|
||||||
|
BLOCK_CIPHERS += $(ALGO_NAME)
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := camellia/
|
||||||
|
$(ALGO_NAME)_INCDIR := bcal/
|
||||||
|
$(ALGO_NAME)_OBJ := camellia_C.o
|
||||||
|
$(ALGO_NAME)_TESTBIN := main-camellia-test.o $(CLI_STD) $(BCAL_STD) \
|
||||||
|
bcal_camellia128.o
|
||||||
|
$(ALGO_NAME)_NESSIE_TEST := "nessie"
|
||||||
|
$(ALGO_NAME)_PERFORMANCE_TEST := "performance"
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
# Makefile for DSA
|
||||||
|
ALGO_NAME := DSA
|
||||||
|
|
||||||
|
# comment out the following line for removement of DSA from the build process
|
||||||
|
SIGNATURE += $(ALGO_NAME)
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := dsa/
|
||||||
|
$(ALGO_NAME)_INCDIR := memxor/ bigint/ sha1/ noekeon/ base64/ hfal/
|
||||||
|
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o sha1.o dsa_sign.o dsa_verify.o dsa_key_blob.o base64_enc.o
|
||||||
|
$(ALGO_NAME)_TESTBIN := main-dsa-test.o $(CLI_STD) hfal_sha1.o $(HFAL_STD) \
|
||||||
|
noekeon.o noekeon_prng.o memxor.o
|
||||||
|
|
||||||
|
$(ALGO_NAME)_PERFORMANCE_TEST := performance
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
# Makefile for Entropium PRNG
|
||||||
|
ALGO_NAME := ENTROPIUM
|
||||||
|
|
||||||
|
# comment out the following line for removement of PRNG from the build process
|
||||||
|
PRNGS += $(ALGO_NAME)
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := entropium/
|
||||||
|
$(ALGO_NAME)_INCDIR := sha2/
|
||||||
|
$(ALGO_NAME)_OBJ := entropium.o sha256.o sha2_small_common.o
|
||||||
|
$(ALGO_NAME)_TESTBIN := main-entropium-test.o $(CLI_STD) performance_test.o
|
||||||
|
|
||||||
|
$(ALGO_NAME)_NESSIE_TEST := "nessie"
|
||||||
|
$(ALGO_NAME)_PERFORMANCE_TEST := "performance"
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
# Makefile for HMAC-MD5
|
||||||
|
ALGO_NAME := HMAC-MD5
|
||||||
|
|
||||||
|
# comment out the following line for removement of HMAC-MD5 from the build process
|
||||||
|
MACS += $(ALGO_NAME)
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := hmac-md5/
|
||||||
|
$(ALGO_NAME)_INCDIR := md5/
|
||||||
|
$(ALGO_NAME)_OBJ := hmac-md5.o md5.o md5_sbox.o
|
||||||
|
$(ALGO_NAME)_TESTBIN := main-hmac-md5-test.o $(CLI_STD) \
|
||||||
|
nessie_mac_test.o nessie_common.o
|
||||||
|
$(ALGO_NAME)_NESSIE_TEST := "nessie"
|
||||||
|
$(ALGO_NAME)_PERFORMANCE_TEST := "performance"
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
# Makefile for HMAC-SHA1
|
||||||
|
ALGO_NAME := HMAC-SHA1
|
||||||
|
|
||||||
|
# comment out the following line for removement of HMAC-SHA1 from the build process
|
||||||
|
MACS += $(ALGO_NAME)
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := hmac-sha1/
|
||||||
|
$(ALGO_NAME)_INCDIR := sha1/
|
||||||
|
$(ALGO_NAME)_OBJ := hmac-sha1.o sha1.o
|
||||||
|
$(ALGO_NAME)_TESTBIN := main-hmac-sha1-test.o $(CLI_STD) \
|
||||||
|
nessie_mac_test.o nessie_common.o
|
||||||
|
$(ALGO_NAME)_NESSIE_TEST := "nessie"
|
||||||
|
$(ALGO_NAME)_PERFORMANCE_TEST := "performance"
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
# Makefile for HMAC-SHA256
|
||||||
|
ALGO_NAME := HMAC-SHA256
|
||||||
|
|
||||||
|
# comment out the following line for removement of HMAC-SHA256 from the build process
|
||||||
|
MACS += $(ALGO_NAME)
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := hmac-sha256/
|
||||||
|
$(ALGO_NAME)_INCDIR := sha2/
|
||||||
|
$(ALGO_NAME)_OBJ := hmac-sha256.o sha256.o sha2_small_common.o
|
||||||
|
$(ALGO_NAME)_TESTBIN := main-hmac-sha256-test.o $(CLI_STD) \
|
||||||
|
nessie_mac_test.o nessie_common.o
|
||||||
|
$(ALGO_NAME)_NESSIE_TEST := "nessie"
|
||||||
|
$(ALGO_NAME)_PERFORMANCE_TEST := "performance"
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
ALGO_NAME := LIB_CLI_STD
|
||||||
|
|
||||||
|
LIBRARYS += ALGO_NAME
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := test_src/
|
||||||
|
$(ALGO_NAME)_OBJ := cli.o hexdigit_tab.o dbz_strings.o string-extras.o uart_i.o \
|
||||||
|
sysclock.o hw_gptm.o dump.o startup.o circularbytebuffer.o \
|
||||||
|
main-test-common.o
|
||||||
|
$(ALGO_NAME)_BIN := libcli.a
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,228 @@
|
||||||
|
|
||||||
|
/* rsa_oaep.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2012 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "memxor.h"
|
||||||
|
#include "mgf1.h"
|
||||||
|
#include "bigint.h"
|
||||||
|
#include "rsa_basic.h"
|
||||||
|
#include "rsaes_oaep.h"
|
||||||
|
|
||||||
|
#include "random_dummy.h"
|
||||||
|
|
||||||
|
#include "hfal/hfal_sha1.h"
|
||||||
|
|
||||||
|
#include "cli.h"
|
||||||
|
#include "uart_lowlevel.h"
|
||||||
|
|
||||||
|
mgf1_parameter_t mgf1_default_parameter = {
|
||||||
|
&sha1_desc
|
||||||
|
};
|
||||||
|
|
||||||
|
rsa_oaep_parameter_t rsa_oaep_default_parameter = {
|
||||||
|
mgf1,
|
||||||
|
&sha1_desc,
|
||||||
|
&mgf1_default_parameter
|
||||||
|
};
|
||||||
|
|
||||||
|
rsa_label_t rsa_oaep_default_label = {
|
||||||
|
0, NULL
|
||||||
|
};
|
||||||
|
|
||||||
|
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
|
||||||
|
const void* src, uint16_t length_B,
|
||||||
|
const rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
|
||||||
|
const rsa_label_t* label, const void* seed){
|
||||||
|
|
||||||
|
if(!p){
|
||||||
|
p = &rsa_oaep_default_parameter;
|
||||||
|
}
|
||||||
|
if(!label){
|
||||||
|
label = &rsa_oaep_default_label;
|
||||||
|
}
|
||||||
|
uint16_t hv_len = (hfal_hash_getHashsize(p->hf)+7)/8;
|
||||||
|
if(length_B > bigint_length_B(&key->modulus) - 2*hv_len - 2){
|
||||||
|
/* message too long */
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
uint16_t buffer_len = bigint_length_B(&key->modulus);
|
||||||
|
/*
|
||||||
|
cli_putstr("\r\n buffer_len = ");
|
||||||
|
cli_hexdump_rev(&buffer_len, 2);
|
||||||
|
cli_putstr("\r\n modulus_len = ");
|
||||||
|
cli_hexdump_rev(&key->modulus->length_W, 2);
|
||||||
|
*/
|
||||||
|
uint8_t* buffer = (uint8_t*)dest;
|
||||||
|
uint8_t off;
|
||||||
|
/* the following needs some explanation:
|
||||||
|
* off is the offset which is used for compensating the effect of
|
||||||
|
* changeendian() when it operates on multi-byte words.
|
||||||
|
* */
|
||||||
|
off = (sizeof(bigint_word_t) -(bigint_get_first_set_bit(&key->modulus)/8+1)%(sizeof(bigint_word_t)*8))
|
||||||
|
% (sizeof(bigint_word_t));
|
||||||
|
buffer += off;
|
||||||
|
buffer_len -= off;
|
||||||
|
// cli_putstr("\r\n off = ");
|
||||||
|
// cli_hexdump_byte(off);
|
||||||
|
uint8_t* seed_buffer = buffer + 1;
|
||||||
|
uint16_t db_len = buffer_len - hv_len - 1;
|
||||||
|
uint8_t* db = seed_buffer + hv_len;
|
||||||
|
uint16_t maskbuffer_len = db_len>hv_len?db_len:hv_len;
|
||||||
|
uint8_t maskbuffer[maskbuffer_len];
|
||||||
|
bigint_t x;
|
||||||
|
|
||||||
|
memset(dest, 0, seed_buffer - buffer + off);
|
||||||
|
memset(db + hv_len, 0, db_len - hv_len - length_B -1);
|
||||||
|
hfal_hash_mem(p->hf, db, label->label, label->length_b);
|
||||||
|
db[db_len - length_B - 1] = 0x01;
|
||||||
|
memcpy(db+db_len - length_B, src, length_B);
|
||||||
|
if(seed){
|
||||||
|
memcpy(seed_buffer, seed, hv_len);
|
||||||
|
}else{
|
||||||
|
/* generate random seed */
|
||||||
|
if(!prng_get_byte){
|
||||||
|
return 2; /* ERROR: no random generator specified */
|
||||||
|
}
|
||||||
|
uint16_t i;
|
||||||
|
for(i=0; i<hv_len; ++i){
|
||||||
|
seed_buffer[i] = prng_get_byte();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
|
||||||
|
// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
|
||||||
|
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
|
||||||
|
memxor(db, maskbuffer, db_len);
|
||||||
|
p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter);
|
||||||
|
memxor(seed_buffer, maskbuffer, hv_len);
|
||||||
|
// cli_putstr("\r\n msg (raw, post-feistel):\r\n");
|
||||||
|
// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
|
||||||
|
|
||||||
|
x.wordv = dest;
|
||||||
|
bigint_adjust(&x);
|
||||||
|
|
||||||
|
rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus));
|
||||||
|
rsa_enc(&x, key);
|
||||||
|
rsa_i2osp(NULL, &x, out_length);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
|
||||||
|
const void* src, uint16_t length_B,
|
||||||
|
const rsa_privatekey_t* key, const rsa_oaep_parameter_t *p,
|
||||||
|
const rsa_label_t* label, void* seed){
|
||||||
|
|
||||||
|
// cli_putstr("\r\n -->rsa_decrypt_oaep()"); uart_flush(0);
|
||||||
|
if(!label){
|
||||||
|
label = &rsa_oaep_default_label;
|
||||||
|
}
|
||||||
|
if(!p){
|
||||||
|
p = &rsa_oaep_default_parameter;
|
||||||
|
}
|
||||||
|
uint16_t x_len, data_len;
|
||||||
|
bigint_t x;
|
||||||
|
uint16_t hv_len = hfal_hash_getHashsize(p->hf)/8;
|
||||||
|
uint8_t label_hv[hv_len];
|
||||||
|
uint16_t msg_len = bigint_get_first_set_bit(&key->modulus) / 8 + 1;
|
||||||
|
uint16_t db_len = msg_len - hv_len - 1;
|
||||||
|
uint8_t maskbuffer[db_len>hv_len?db_len:hv_len];
|
||||||
|
|
||||||
|
uint8_t *seed_buffer = dest;
|
||||||
|
uint8_t *db_buffer = seed_buffer + hv_len;
|
||||||
|
|
||||||
|
x_len = bigint_get_first_set_bit(&key->modulus)/8;
|
||||||
|
memset(dest, 0, bigint_length_B(&key->modulus) - length_B);
|
||||||
|
memcpy((uint8_t*)dest + bigint_length_B(&key->modulus) - length_B, src, length_B);
|
||||||
|
|
||||||
|
// cli_putc('a'); uart_flush(0);
|
||||||
|
|
||||||
|
x.wordv = dest;
|
||||||
|
x.length_W = key->modulus.length_W;
|
||||||
|
x.info = 0;
|
||||||
|
bigint_adjust(&x);
|
||||||
|
|
||||||
|
|
||||||
|
// cli_putc('b'); uart_flush(0);
|
||||||
|
rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus));
|
||||||
|
// cli_putc('c'); uart_flush(0);
|
||||||
|
rsa_dec(&x, key);
|
||||||
|
// cli_putc('d'); uart_flush(0);
|
||||||
|
rsa_i2osp(NULL, &x, &data_len);
|
||||||
|
|
||||||
|
// cli_putstr("\r\n msg (raw, pre-move):\r\n");
|
||||||
|
// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
|
||||||
|
|
||||||
|
if(data_len > x_len){
|
||||||
|
return 7;
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
cli_putstr("\r\n moving some bytes; x_len = ");
|
||||||
|
cli_hexdump_rev(&x_len, 2);
|
||||||
|
cli_putstr(" data_len = ");
|
||||||
|
cli_hexdump_rev(&data_len, 2);
|
||||||
|
uart_flush(0);
|
||||||
|
*/
|
||||||
|
if(x_len != data_len){
|
||||||
|
memmove((uint8_t*)dest + x_len - data_len, dest, data_len);
|
||||||
|
// cli_putstr(" (oh, not dead yet?!)");
|
||||||
|
// uart_flush(0);
|
||||||
|
memset(dest, 0, x_len - data_len);
|
||||||
|
}
|
||||||
|
|
||||||
|
hfal_hash_mem(p->hf, label_hv, label->label, label->length_b);
|
||||||
|
/*
|
||||||
|
cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
|
||||||
|
cli_hexdump_block(seed_buffer, bigint_length_B(key->modulus), 4, 16);
|
||||||
|
uart_flush(0);
|
||||||
|
*/
|
||||||
|
p->mgf(maskbuffer, db_buffer, db_len, hv_len, p->mgf_parameter);
|
||||||
|
memxor(seed_buffer, maskbuffer, hv_len);
|
||||||
|
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
|
||||||
|
memxor(db_buffer, maskbuffer, db_len);
|
||||||
|
|
||||||
|
if(memcmp(label_hv, db_buffer, hv_len)){
|
||||||
|
// cli_putstr("\r\nDBG: DB:\r\n");
|
||||||
|
// cli_hexdump_block(db_buffer, db_len, 4, 16);
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint16_t ps_len=0;
|
||||||
|
while(db_buffer[hv_len + ps_len++] == 0)
|
||||||
|
;
|
||||||
|
|
||||||
|
--ps_len;
|
||||||
|
if(db_buffer[hv_len + ps_len] != 1){
|
||||||
|
return 3;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(seed){
|
||||||
|
memcpy(seed, seed_buffer, hv_len);
|
||||||
|
}
|
||||||
|
|
||||||
|
msg_len = db_len - hv_len - 1 - ps_len;
|
||||||
|
memmove(dest, db_buffer + hv_len + ps_len + 1, msg_len);
|
||||||
|
|
||||||
|
*out_length = msg_len;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,55 @@
|
||||||
|
/* rsaes_oaep.h */
|
||||||
|
/*
|
||||||
|
This file is part of the AVR-Crypto-Lib.
|
||||||
|
Copyright (C) 2012 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef RSAES_OAEP_H_
|
||||||
|
#define RSAES_OAEP_H_
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include "rsa_basic.h"
|
||||||
|
#include "mgf1.h"
|
||||||
|
|
||||||
|
|
||||||
|
void mgf1(void* dest, const void* seed, uint16_t seed_len_B, uint16_t out_length_B, const mgf1_parameter_t* p);
|
||||||
|
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
void (*mgf)(void* dst, const void* seed, uint16_t slen_B, uint16_t dstlen_B, const mgf1_parameter_t* p);
|
||||||
|
const hfdesc_t* hf;
|
||||||
|
mgf1_parameter_t* mgf_parameter;
|
||||||
|
} rsa_oaep_parameter_t;
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
uint16_t length_b;
|
||||||
|
const void* label;
|
||||||
|
} rsa_label_t;
|
||||||
|
|
||||||
|
extern rsa_oaep_parameter_t rsa_oaep_default_parameter;
|
||||||
|
extern rsa_label_t rsa_oaep_default_label;
|
||||||
|
|
||||||
|
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
|
||||||
|
const void* src, uint16_t length_B,
|
||||||
|
const rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
|
||||||
|
const rsa_label_t* label, const void* seed);
|
||||||
|
|
||||||
|
uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
|
||||||
|
const void* src, uint16_t length_B,
|
||||||
|
const rsa_privatekey_t* key, const rsa_oaep_parameter_t *p,
|
||||||
|
const rsa_label_t* label, void* seed);
|
||||||
|
|
||||||
|
#endif /* RSAES_OAEP_H_ */
|
|
@ -0,0 +1,142 @@
|
||||||
|
/* rsa_pkcs1v15.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "bigint.h"
|
||||||
|
#include "rsa_basic.h"
|
||||||
|
|
||||||
|
#define DEBUG 0
|
||||||
|
|
||||||
|
#if DEBUG
|
||||||
|
#include "bigint_io.h"
|
||||||
|
#include "cli.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include "random_dummy.h"
|
||||||
|
|
||||||
|
uint16_t rsa_pkcs1v15_compute_padlength_B(const bigint_t* modulus, uint16_t msg_length_B){
|
||||||
|
return bigint_get_first_set_bit(modulus) / 8 + 1 - msg_length_B - 3;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
|
||||||
|
uint16_t length_B, const rsa_publickey_t* key, const void* pad){
|
||||||
|
int16_t pad_length;
|
||||||
|
bigint_t x;
|
||||||
|
pad_length = rsa_pkcs1v15_compute_padlength_B(&key->modulus, length_B);
|
||||||
|
if(pad_length<8){
|
||||||
|
#if DEBUG
|
||||||
|
cli_putstr("\r\nERROR: pad_length<8; pad_length: ");
|
||||||
|
cli_hexdump_rev(&pad_length, 2);
|
||||||
|
#endif
|
||||||
|
return 2; /* message to long */
|
||||||
|
}
|
||||||
|
if(!pad){
|
||||||
|
#if DEBUG
|
||||||
|
cli_putstr("\r\nauto-generating pad ...");
|
||||||
|
#endif
|
||||||
|
uint16_t i;
|
||||||
|
uint8_t c;
|
||||||
|
for(i=0; i<pad_length; ++i){
|
||||||
|
do{
|
||||||
|
c = prng_get_byte();
|
||||||
|
}while(c==0);
|
||||||
|
((uint8_t*)dest)[i+2] = c;
|
||||||
|
}
|
||||||
|
}else{
|
||||||
|
#if DEBUG
|
||||||
|
cli_putstr("\r\nsupplied pad: ");
|
||||||
|
cli_hexdump_block(pad, pad_length, 4, 16);
|
||||||
|
#endif
|
||||||
|
memcpy((uint8_t*)dest + 2, pad, pad_length);
|
||||||
|
}
|
||||||
|
((uint8_t*)dest)[0] = 0x00;
|
||||||
|
((uint8_t*)dest)[1] = 0x02;
|
||||||
|
((uint8_t*)dest)[2+pad_length] = 0x00;
|
||||||
|
memcpy((uint8_t*)dest+3+pad_length, src, length_B);
|
||||||
|
x.wordv = dest;
|
||||||
|
x.length_W = (length_B+pad_length+3+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
|
||||||
|
#if DEBUG
|
||||||
|
cli_putstr("\r\nx-data: ");
|
||||||
|
cli_hexdump_block(x.wordv, x.length_W * sizeof(bigint_word_t), 4, 16);
|
||||||
|
#endif
|
||||||
|
bigint_adjust(&x);
|
||||||
|
rsa_os2ip(&x, NULL, length_B+pad_length+3);
|
||||||
|
rsa_enc(&x, key);
|
||||||
|
rsa_i2osp(NULL, &x, out_length);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
|
||||||
|
uint16_t length_B, const rsa_privatekey_t* key, void* pad){
|
||||||
|
bigint_t x;
|
||||||
|
uint16_t m_length, pad_length=0, idx=0;
|
||||||
|
x.wordv = dest;
|
||||||
|
rsa_os2ip(&x, src, length_B);
|
||||||
|
#if DEBUG
|
||||||
|
cli_putstr("\r\ncalling rsa_dec() ...");
|
||||||
|
cli_putstr("\r\nencoded block (src.len = 0x");
|
||||||
|
cli_hexdump_rev(&length_B, 2);
|
||||||
|
cli_putstr("):");
|
||||||
|
cli_hexdump_block(x.wordv, x.length_W * sizeof(bigint_word_t), 4, 16);
|
||||||
|
#endif
|
||||||
|
rsa_dec(&x, key);
|
||||||
|
#if DEBUG
|
||||||
|
cli_putstr("\r\nfinished rsa_dec() ...");
|
||||||
|
#endif
|
||||||
|
rsa_i2osp(NULL, &x, &m_length);
|
||||||
|
#if DEBUG
|
||||||
|
cli_putstr("\r\ndecoded block:");
|
||||||
|
cli_hexdump_block(x.wordv, m_length, 4, 16);
|
||||||
|
#endif
|
||||||
|
while(((uint8_t*)x.wordv)[idx]==0 && idx<m_length){
|
||||||
|
++idx;
|
||||||
|
}
|
||||||
|
if(idx>=m_length){
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
if(((uint8_t*)x.wordv)[idx]!=2){
|
||||||
|
return 3;
|
||||||
|
}
|
||||||
|
|
||||||
|
++idx;
|
||||||
|
while(((uint8_t*)x.wordv)[idx+pad_length]!=0 && (idx+pad_length)<m_length){
|
||||||
|
++pad_length;
|
||||||
|
}
|
||||||
|
if(pad_length<8 || (idx+pad_length)>=m_length){
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
|
*out_length = m_length - idx - pad_length - 1;
|
||||||
|
if(pad){
|
||||||
|
#if DEBUG
|
||||||
|
cli_putstr("\r\npadding block:");
|
||||||
|
cli_hexdump_block(((uint8_t*)x.wordv)+idx, pad_length, 4, 16);
|
||||||
|
cli_putstr("\r\npad @ 0x");
|
||||||
|
cli_hexdump_rev(&pad, 2);
|
||||||
|
cli_putstr("\r\ndst @ 0x");
|
||||||
|
cli_hexdump_rev(&dest, 2);
|
||||||
|
#endif
|
||||||
|
memcpy(pad, ((uint8_t*)x.wordv)+idx, pad_length);
|
||||||
|
}
|
||||||
|
memmove(dest, ((uint8_t*)x.wordv) + idx + pad_length + 1, m_length - idx - pad_length - 1);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
/* rsa_pkcs1v15.h */
|
||||||
|
/*
|
||||||
|
This file is part of the AVR-Crypto-Lib.
|
||||||
|
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef RSAES_PKCS1V15_H_
|
||||||
|
#define RSAES_PKCS1V15_H_
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include "rsa_basic.h"
|
||||||
|
#include "bigint.h"
|
||||||
|
|
||||||
|
uint16_t rsa_pkcs1v15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B);
|
||||||
|
|
||||||
|
|
||||||
|
uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
|
||||||
|
uint16_t length_B, const rsa_publickey_t* key, const void* pad);
|
||||||
|
|
||||||
|
uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
|
||||||
|
uint16_t length_B, const rsa_privatekey_t* key, void* pad);
|
||||||
|
|
||||||
|
#endif /* RSAES_PKCS1V15_H_ */
|
|
@ -0,0 +1,111 @@
|
||||||
|
/* streamcipher_descriptor.h */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
* \file stremcipher_descriptor.h
|
||||||
|
* \author Daniel Otte
|
||||||
|
* \date 2011-01-15
|
||||||
|
*
|
||||||
|
* \license GPLv3 or later
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef STREAMCIPHER_DESCRIPTOR_H_
|
||||||
|
#define STREAMCIPHER_DESCRIPTOR_H_
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef VOID_FPT
|
||||||
|
#define VOID_FPT
|
||||||
|
typedef void(*void_fpt)(void);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
typedef void(*sc_init1_fpt)(const void*, void*); /* key of fixed length, no IV*/
|
||||||
|
typedef void(*sc_init2_fpt)(const void*, const void*, void*); /* key and IV of fixed length */
|
||||||
|
typedef void(*sc_init3_fpt)(const void*, uint16_t,void*); /* key of variable length, no IV */
|
||||||
|
typedef void(*sc_init4_fpt)(const void*, uint16_t,const void*, void*); /* key of variable length, IV of fixed length */
|
||||||
|
typedef void(*sc_init5_fpt)(const void*, uint16_t,const void*, uint16_t, void*); /* key and IV of variable length */
|
||||||
|
|
||||||
|
typedef uint8_t(*sc_gen1_fpt)(void*); /* return keystream data */
|
||||||
|
typedef void(*sc_gen2_fpt)(void*, void*); /* write keystream data to buffer */
|
||||||
|
|
||||||
|
typedef uint8_t(*sc_genra1_fpt)(void*, uint64_t); /* return keystream data */
|
||||||
|
typedef void(*sc_genra2_fpt)(void*, void*, uint64_t); /* write keystream data to buffer */
|
||||||
|
|
||||||
|
|
||||||
|
typedef void(*sc_free_fpt)(void*);
|
||||||
|
|
||||||
|
typedef union{
|
||||||
|
void_fpt initvoid;
|
||||||
|
sc_init1_fpt init1;
|
||||||
|
sc_init2_fpt init2;
|
||||||
|
sc_init3_fpt init3;
|
||||||
|
sc_init4_fpt init4;
|
||||||
|
sc_init5_fpt init5;
|
||||||
|
} sc_init_fpt;
|
||||||
|
|
||||||
|
typedef union{
|
||||||
|
void_fpt genvoid;
|
||||||
|
sc_gen1_fpt gen1;
|
||||||
|
sc_gen2_fpt gen2;
|
||||||
|
} sc_gen_fpt;
|
||||||
|
|
||||||
|
typedef union{
|
||||||
|
void_fpt genravoid;
|
||||||
|
sc_genra1_fpt genra1;
|
||||||
|
sc_genra2_fpt genra2;
|
||||||
|
} sc_genra_fpt;
|
||||||
|
|
||||||
|
#define SC_INIT_TYPE 0x07
|
||||||
|
#define SC_INIT_TYPE_1 0x00 /* key of fixed length, no IV*/
|
||||||
|
#define SC_INIT_TYPE_2 0x02 /* key and IV of fixed length */
|
||||||
|
#define SC_INIT_TYPE_3 0x03 /* key of variable length, no IV */
|
||||||
|
#define SC_INIT_TYPE_4 0x04 /* key of variable length, IV of fixed length */
|
||||||
|
#define SC_INIT_TYPE_5 0x05 /* key and IV of variable length */
|
||||||
|
|
||||||
|
#define SC_GEN_TYPE 0x08
|
||||||
|
#define SC_GEN_TYPE_1 0x00 /* return data stream byte */
|
||||||
|
#define SC_GEN_TYPE_2 0x08 /* write data stream block into buffer */
|
||||||
|
|
||||||
|
#define SCDESC_TYPE_STREAMCIPHER 0x03
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
uint8_t type; /* 3==streamcipher */
|
||||||
|
uint8_t flags;
|
||||||
|
const char* name;
|
||||||
|
uint16_t ctxsize_B;
|
||||||
|
uint16_t gensize_b;
|
||||||
|
sc_init_fpt init;
|
||||||
|
sc_gen_fpt gen;
|
||||||
|
sc_genra_fpt genra;
|
||||||
|
sc_free_fpt free;
|
||||||
|
const void* valid_keysize_desc;
|
||||||
|
const void* valid_ivsize_desc;
|
||||||
|
} scdesc_t; /* streamcipher descriptor type */
|
||||||
|
|
||||||
|
typedef struct{
|
||||||
|
const scdesc_t* desc_ptr;
|
||||||
|
uint16_t keysize;
|
||||||
|
uint16_t ivsize;
|
||||||
|
uint16_t index;
|
||||||
|
uint8_t* buffer;
|
||||||
|
void* ctx;
|
||||||
|
} scgen_ctx_t;
|
||||||
|
|
||||||
|
#endif /* STREAMCIPHER_DESCRIPTOR_H_ */
|
||||||
|
|
|
@ -0,0 +1,195 @@
|
||||||
|
/* main-camellia-test.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* camellia test-suit
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#include "main-test-common.h"
|
||||||
|
|
||||||
|
#include "camellia.h"
|
||||||
|
#include "nessie_bc_test.h"
|
||||||
|
#include "performance_test.h"
|
||||||
|
#include "cli.h"
|
||||||
|
#include "bcal_camellia128.h"
|
||||||
|
#include "bcal-performance.h"
|
||||||
|
|
||||||
|
char* algo_name = "Camellia";
|
||||||
|
|
||||||
|
const bcdesc_t* algolist[] = {
|
||||||
|
(bcdesc_t*)&camellia128_desc,
|
||||||
|
NULL
|
||||||
|
};
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* additional validation-functions *
|
||||||
|
*****************************************************************************/
|
||||||
|
void camellia128_init_dummy(void* key, uint16_t keysize_b, void* ctx){
|
||||||
|
camellia128_init(key, ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
void testrun_nessie_camellia(void){
|
||||||
|
nessie_bc_ctx.blocksize_B = 16;
|
||||||
|
nessie_bc_ctx.keysize_b = 128;
|
||||||
|
nessie_bc_ctx.name = algo_name;
|
||||||
|
nessie_bc_ctx.ctx_size_B = sizeof(camellia128_ctx_t);
|
||||||
|
nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)camellia128_enc;
|
||||||
|
nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)camellia128_dec;
|
||||||
|
nessie_bc_ctx.cipher_genctx = (nessie_bc_gen_fpt)camellia128_init_dummy;
|
||||||
|
|
||||||
|
nessie_bc_run();
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* P No.001 : 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||||
|
*/
|
||||||
|
|
||||||
|
const uint8_t test_keys[] = {
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||||
|
0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F,
|
||||||
|
0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0,
|
||||||
|
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
|
||||||
|
0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
|
||||||
|
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
|
||||||
|
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
|
||||||
|
0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE, 0xEF, 0xCD, 0xAB, 0x89, 0x67, 0x45, 0x23, 0x01,
|
||||||
|
0xEF, 0xCD, 0xAB, 0x89, 0x67, 0x45, 0x23, 0x01, 0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE
|
||||||
|
};
|
||||||
|
|
||||||
|
void hexdump128(void* data){
|
||||||
|
uint8_t i;
|
||||||
|
for(i=0; i<16; ++i){
|
||||||
|
cli_hexdump(data, 1);
|
||||||
|
cli_putc(' ');
|
||||||
|
data = (uint8_t*)data +1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void testrun_camellia128(void){
|
||||||
|
uint8_t data[16];
|
||||||
|
uint8_t data2[16];
|
||||||
|
uint8_t key[16];
|
||||||
|
char str[4];
|
||||||
|
uint8_t i,j;
|
||||||
|
str[3]= '\0';
|
||||||
|
for(j=0; j<10; ++j){
|
||||||
|
str[0] = ('0'+(j+1)/100);
|
||||||
|
str[1] = ('0'+((j+1)/10)%10);
|
||||||
|
str[2] = ('0'+(j+1)%10);
|
||||||
|
memcpy(key, test_keys+j*16, 16);
|
||||||
|
cli_putstr("\r\nK No.");
|
||||||
|
cli_putstr(str);
|
||||||
|
cli_putstr(" : ");
|
||||||
|
hexdump128(key);
|
||||||
|
camellia128_ctx_t ctx;
|
||||||
|
camellia128_init(key, &ctx);
|
||||||
|
for(i=0; i<128; ++i){
|
||||||
|
memset(data, 0x00, 16);
|
||||||
|
data[i/8] = 0x80>>i%8;
|
||||||
|
memcpy(data2, data, 16);
|
||||||
|
str[0] = ('0'+(i+1)/100);
|
||||||
|
str[1] = ('0'+((i+1)/10)%10);
|
||||||
|
str[2] = ('0'+(i+1)%10);
|
||||||
|
cli_putstr("\r\nP No.");
|
||||||
|
cli_putstr(str);
|
||||||
|
cli_putstr(" : ");
|
||||||
|
hexdump128(data);
|
||||||
|
camellia128_enc(data, &ctx);
|
||||||
|
cli_putstr("\r\nC No.");
|
||||||
|
cli_putstr(str);
|
||||||
|
cli_putstr(" : ");
|
||||||
|
hexdump128(data);
|
||||||
|
camellia128_dec(data, &ctx);
|
||||||
|
if(memcmp(data, data2, 16)){
|
||||||
|
cli_putstr("\r\n DECRYPTION ERROR !!!");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void test_performance_camellia(void){
|
||||||
|
bcal_performance_multiple(algolist);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* self tests *
|
||||||
|
*****************************************************************************/
|
||||||
|
/*
|
||||||
|
128-bit key
|
||||||
|
key 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10
|
||||||
|
plaintext 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10
|
||||||
|
ciphertext 67 67 31 38 54 96 69 73 08 57 06 56 48 ea be 43
|
||||||
|
*/
|
||||||
|
void testrun_camellia(void){
|
||||||
|
|
||||||
|
uint8_t data[16] = { 0x01, 0x23, 0x45, 0x67,
|
||||||
|
0x89, 0xab, 0xcd, 0xef,
|
||||||
|
0xfe, 0xdc, 0xba, 0x98,
|
||||||
|
0x76, 0x54, 0x32, 0x10 };
|
||||||
|
|
||||||
|
const uint8_t key[16] = { 0x01, 0x23, 0x45, 0x67,
|
||||||
|
0x89, 0xab, 0xcd, 0xef,
|
||||||
|
0xfe, 0xdc, 0xba, 0x98,
|
||||||
|
0x76, 0x54, 0x32, 0x10 };
|
||||||
|
|
||||||
|
|
||||||
|
camellia128_ctx_t ctx;
|
||||||
|
camellia128_init(key, &ctx);
|
||||||
|
cli_putstr("\r\n key: ");
|
||||||
|
cli_hexdump(data, 16);
|
||||||
|
cli_putstr("\r\n plaintext: ");
|
||||||
|
cli_hexdump(data, 16);
|
||||||
|
camellia128_enc(data, &ctx);
|
||||||
|
cli_putstr("\r\n ciphertext: ");
|
||||||
|
cli_hexdump(data, 16);
|
||||||
|
camellia128_dec(data, &ctx);
|
||||||
|
cli_putstr("\r\n decrypted: ");
|
||||||
|
cli_hexdump(data, 16);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* main *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
const char nessie_str[] = "nessie";
|
||||||
|
const char test_str[] = "test";
|
||||||
|
const char test128_str[] = "test128";
|
||||||
|
const char performance_str[] = "performance";
|
||||||
|
const char echo_str[] = "echo";
|
||||||
|
|
||||||
|
cmdlist_entry_t cmdlist[] = {
|
||||||
|
{ nessie_str, NULL, testrun_nessie_camellia },
|
||||||
|
{ test_str, NULL, testrun_camellia},
|
||||||
|
{ test128_str, NULL, testrun_camellia128},
|
||||||
|
{ performance_str, NULL, test_performance_camellia},
|
||||||
|
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
|
||||||
|
{ NULL, NULL, NULL}
|
||||||
|
};
|
||||||
|
|
||||||
|
int main (void){
|
||||||
|
main_setup();
|
||||||
|
|
||||||
|
for(;;){
|
||||||
|
welcome_msg(algo_name);
|
||||||
|
cmd_interface(cmdlist);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,207 @@
|
||||||
|
/* main-dsa-test.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* DSA test-suit
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "config.h"
|
||||||
|
#include "cli.h"
|
||||||
|
#include "dump.h"
|
||||||
|
#include "uart_lowlevel.h"
|
||||||
|
#include "sysclock.h"
|
||||||
|
#include "hw_gptm.h"
|
||||||
|
|
||||||
|
#include "noekeon.h"
|
||||||
|
#include "noekeon_prng.h"
|
||||||
|
#include "bigint.h"
|
||||||
|
#include "bigint_io.h"
|
||||||
|
#include "dsa.h"
|
||||||
|
#include "dsa_key_blob.h"
|
||||||
|
|
||||||
|
#include "performance_test.h"
|
||||||
|
#include "hfal_sha1.h"
|
||||||
|
#include "base64_enc.h"
|
||||||
|
#include "base64_dec.h"
|
||||||
|
|
||||||
|
void uart0_putc(char byte){
|
||||||
|
uart_putc(UART_0, byte);
|
||||||
|
}
|
||||||
|
|
||||||
|
char uart0_getc(void){
|
||||||
|
return uart_getc(UART_0);
|
||||||
|
}
|
||||||
|
|
||||||
|
const char* algo_name = "DSA";
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* additional validation-functions *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
dsa_ctx_t dsa_ctx;
|
||||||
|
|
||||||
|
void load_fix_dsa(void){
|
||||||
|
load_dsa_key_blob(&dsa_ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
void dsa_print_item(bigint_t* a, const char* pstr){
|
||||||
|
uint8_t *p;
|
||||||
|
cli_putstr("\r\n");
|
||||||
|
cli_putstr(pstr);
|
||||||
|
cli_putstr(": ");
|
||||||
|
uint16_t i;
|
||||||
|
p = (uint8_t*)a->wordv + a->length_W*sizeof(bigint_word_t) -1;
|
||||||
|
for(i=0; i<a->length_W*sizeof(bigint_word_t)-1; ++i){
|
||||||
|
if(i%16==0){
|
||||||
|
cli_putstr("\r\n ");
|
||||||
|
}
|
||||||
|
cli_hexdump(p, 1);
|
||||||
|
cli_putc(':');
|
||||||
|
--p;
|
||||||
|
}
|
||||||
|
if(i%16==0){
|
||||||
|
cli_putstr("\r\n ");
|
||||||
|
}
|
||||||
|
cli_hexdump(p, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
void dsa_print_signature_b64(dsa_signature_t* s){
|
||||||
|
uint16_t size_r, size_s, size_o, i,j;
|
||||||
|
size_r = s->r.length_W*sizeof(bigint_word_t) +2;
|
||||||
|
size_s = s->s.length_W*sizeof(bigint_word_t) +2;
|
||||||
|
size_o = size_r + size_s +2;
|
||||||
|
uint8_t bin_b[size_o];
|
||||||
|
bin_b[0] = 0x30;
|
||||||
|
bin_b[1] = size_o -2;
|
||||||
|
bin_b[2] = 0x02;
|
||||||
|
bin_b[3] = size_r-2;
|
||||||
|
j=4;
|
||||||
|
for(i=s->r.length_W*sizeof(bigint_word_t); i>0; --i){
|
||||||
|
bin_b[j++] = ((uint8_t*)s->r.wordv)[i-1];
|
||||||
|
}
|
||||||
|
bin_b[j++] = 0x02;
|
||||||
|
bin_b[j++] = size_s -2;
|
||||||
|
for(i=s->s.length_W*sizeof(bigint_word_t); i>0; --i){
|
||||||
|
bin_b[j++] = ((uint8_t*)s->s.wordv)[i-1];
|
||||||
|
}
|
||||||
|
char b64_b[size_o*4/3+5];
|
||||||
|
base64enc(b64_b, bin_b, size_o);
|
||||||
|
cli_putstr(b64_b);
|
||||||
|
}
|
||||||
|
|
||||||
|
void dsa_print_ctx(dsa_ctx_t* ctx){
|
||||||
|
dsa_print_item(&(ctx->priv), "private");
|
||||||
|
dsa_print_item(&(ctx->pub), "public");
|
||||||
|
dsa_print_item(&(ctx->domain.p), "P");
|
||||||
|
dsa_print_item(&(ctx->domain.q), "Q");
|
||||||
|
dsa_print_item(&(ctx->domain.g), "G");
|
||||||
|
}
|
||||||
|
|
||||||
|
void dsa_print_signature(const dsa_signature_t* sig){
|
||||||
|
cli_putstr("\r\nDSA-Signature:\r\n r:");
|
||||||
|
bigint_print_hex(&(sig->r));
|
||||||
|
cli_putstr("\r\n s:");
|
||||||
|
bigint_print_hex(&(sig->s));
|
||||||
|
}
|
||||||
|
|
||||||
|
void quick_test(void){
|
||||||
|
dsa_signature_t dsa_sig;
|
||||||
|
uint8_t i, t=0, message[] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
|
||||||
|
load_fix_dsa();
|
||||||
|
bigint_word_t dsa_sig_s_b[dsa_ctx.domain.q.length_W],
|
||||||
|
dsa_sig_r_b[dsa_ctx.domain.q.length_W];
|
||||||
|
dsa_print_ctx(&dsa_ctx);
|
||||||
|
dsa_sig.r.wordv = dsa_sig_r_b;
|
||||||
|
dsa_sig.s.wordv = dsa_sig_s_b;
|
||||||
|
cli_putstr("\r\n\r\n=== DSA QUICK TEST ===");
|
||||||
|
for(i=0; i<9; ++i){
|
||||||
|
cli_putstr("\r\n");
|
||||||
|
cli_putc('1'+i);
|
||||||
|
cli_putstr(": message: ");
|
||||||
|
if (i){
|
||||||
|
cli_hexdump(message, i);
|
||||||
|
}else{
|
||||||
|
cli_putstr("<empty>");
|
||||||
|
}
|
||||||
|
cli_putstr("\r\n computing signature ... ");
|
||||||
|
dsa_sign_message(&dsa_sig, message, i*8, &sha1_desc, &dsa_ctx, random8);
|
||||||
|
dsa_print_signature(&dsa_sig);
|
||||||
|
cli_putstr("\r\n base64:\r\n--- SIGNATURE ---\r\n ");
|
||||||
|
dsa_print_signature_b64(&dsa_sig);
|
||||||
|
cli_putstr("\r\n verifying signature ... ");
|
||||||
|
t = dsa_verify_message(&dsa_sig, message, i*8, &sha1_desc, &dsa_ctx);
|
||||||
|
cli_putstr("\r\n verification: ");
|
||||||
|
if(t==DSA_SIGNATURE_OK){
|
||||||
|
cli_putstr("[PASS]");
|
||||||
|
}else{
|
||||||
|
cli_putstr("[FAIL]");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void reset_prng(void){
|
||||||
|
uint8_t buf[16];
|
||||||
|
memset(buf, 0, 16);
|
||||||
|
random_seed(buf);
|
||||||
|
cli_putstr("\r\nPRNG reset");
|
||||||
|
}
|
||||||
|
|
||||||
|
void testrun_performance_bigint(void){
|
||||||
|
|
||||||
|
}
|
||||||
|
/*****************************************************************************
|
||||||
|
* main *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
const char echo_test_str[] = "echo-test";
|
||||||
|
const char reset_prng_str[] = "reset-prng";
|
||||||
|
const char quick_test_str[] = "quick-test";
|
||||||
|
const char performance_str[] = "performance";
|
||||||
|
const char echo_str[] = "echo";
|
||||||
|
|
||||||
|
cmdlist_entry_t cmdlist[] = {
|
||||||
|
{ reset_prng_str, NULL, reset_prng },
|
||||||
|
{ quick_test_str, NULL, quick_test },
|
||||||
|
{ performance_str, NULL, testrun_performance_bigint },
|
||||||
|
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
|
||||||
|
{ NULL, NULL, NULL }
|
||||||
|
};
|
||||||
|
|
||||||
|
int main (void){
|
||||||
|
sysclk_set_freq(SYS_FREQ);
|
||||||
|
sysclk_mosc_verify_enable();
|
||||||
|
uart_init(UART_0, 115200, 8, UART_PARATY_NONE, UART_STOPBITS_ONE);
|
||||||
|
gptm_set_timer_32periodic(TIMER0);
|
||||||
|
|
||||||
|
cli_rx = uart0_getc;
|
||||||
|
cli_tx = uart0_putc;
|
||||||
|
|
||||||
|
for(;;){
|
||||||
|
cli_putstr("\r\n\r\nARM-Crypto-Lib VS (");
|
||||||
|
cli_putstr(algo_name);
|
||||||
|
cli_putstr("; ");
|
||||||
|
cli_putstr(__DATE__);
|
||||||
|
cli_putc(' ');
|
||||||
|
cli_putstr(__TIME__);
|
||||||
|
cli_putstr(")\r\nloaded and running\r\n");
|
||||||
|
cmd_interface(cmdlist);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,106 @@
|
||||||
|
/* main-entropium-test.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* entropium test-suit
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "main-test-common.h"
|
||||||
|
|
||||||
|
#include "entropium.h"
|
||||||
|
#include "nessie_bc_test.h"
|
||||||
|
#include "performance_test.h"
|
||||||
|
|
||||||
|
char* algo_name = "Entropium";
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* additional validation-functions *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
void testrun_entropium(void){
|
||||||
|
char c, str[16];
|
||||||
|
uint8_t data[32];
|
||||||
|
uint32_t i=0;
|
||||||
|
while('q'!=cli_getc()){
|
||||||
|
entropium_getRandomBlock(data);
|
||||||
|
cli_putstr("\r\n ");
|
||||||
|
ultoa(i, str, 10);
|
||||||
|
for(c=strlen(str); c<11; ++c){
|
||||||
|
cli_putc(' ');
|
||||||
|
}
|
||||||
|
cli_putstr(str);
|
||||||
|
++i;
|
||||||
|
cli_putstr(" : ");
|
||||||
|
cli_hexdump(data, 32);
|
||||||
|
}
|
||||||
|
cli_putstr("\r\n\r\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void testrun_performance_entropium(void){
|
||||||
|
uint64_t t;
|
||||||
|
char str[16];
|
||||||
|
uint8_t data[32];
|
||||||
|
|
||||||
|
calibrateTimer();
|
||||||
|
print_overhead();
|
||||||
|
|
||||||
|
startTimer(1);
|
||||||
|
entropium_addEntropy(128, data);
|
||||||
|
t = stopTimer();
|
||||||
|
cli_putstr("\r\n\tadd entropy time: ");
|
||||||
|
ultoa((unsigned long)t, str, 10);
|
||||||
|
cli_putstr(str);
|
||||||
|
|
||||||
|
|
||||||
|
startTimer(1);
|
||||||
|
entropium_getRandomBlock(data);
|
||||||
|
t = stopTimer();
|
||||||
|
cli_putstr("\r\n\tget random time: ");
|
||||||
|
ultoa((unsigned long)t, str, 10);
|
||||||
|
cli_putstr(str);
|
||||||
|
|
||||||
|
cli_putstr("\r\n");
|
||||||
|
}
|
||||||
|
/*****************************************************************************
|
||||||
|
* main *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
const char nessie_str[] = "nessie";
|
||||||
|
const char test_str[] = "test";
|
||||||
|
const char performance_str[] = "performance";
|
||||||
|
const char echo_str[] = "echo";
|
||||||
|
|
||||||
|
cmdlist_entry_t cmdlist[] = {
|
||||||
|
{ nessie_str, NULL, testrun_entropium},
|
||||||
|
{ test_str, NULL, testrun_entropium},
|
||||||
|
{ performance_str, NULL, testrun_performance_entropium},
|
||||||
|
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
|
||||||
|
{ NULL, NULL, NULL}
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
int main (void){
|
||||||
|
main_setup();
|
||||||
|
|
||||||
|
for(;;){
|
||||||
|
welcome_msg(algo_name);
|
||||||
|
cmd_interface(cmdlist);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,183 @@
|
||||||
|
/* main-hmac-md5-test.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* HMAC-MD5 test-suit
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#include "main-test-common.h"
|
||||||
|
|
||||||
|
#include "md5.h"
|
||||||
|
#include "hmac-md5.h"
|
||||||
|
/*
|
||||||
|
#include "base64_enc.h"
|
||||||
|
#include "base64_dec.h"
|
||||||
|
*/
|
||||||
|
#include "nessie_mac_test.h"
|
||||||
|
|
||||||
|
const char* algo_name = "HMAC-MD5";
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* additional validation-functions *
|
||||||
|
*****************************************************************************/
|
||||||
|
void testrun_nessie_hmacmd5(void){
|
||||||
|
nessie_mac_ctx.macsize_b = HMAC_MD5_BITS;
|
||||||
|
nessie_mac_ctx.keysize_b = HMAC_MD5_BLOCK_BITS;
|
||||||
|
nessie_mac_ctx.blocksize_B = HMAC_MD5_BLOCK_BYTES;
|
||||||
|
nessie_mac_ctx.ctx_size_B = sizeof(hmac_md5_ctx_t);
|
||||||
|
nessie_mac_ctx.name = algo_name;
|
||||||
|
nessie_mac_ctx.mac_init = (nessie_mac_init_fpt)hmac_md5_init;
|
||||||
|
nessie_mac_ctx.mac_next = (nessie_mac_next_fpt)hmac_md5_nextBlock;
|
||||||
|
nessie_mac_ctx.mac_last = (nessie_mac_last_fpt)hmac_md5_lastBlock;
|
||||||
|
nessie_mac_ctx.mac_conv = (nessie_mac_conv_fpt)hmac_md5_final;
|
||||||
|
|
||||||
|
nessie_mac_run();
|
||||||
|
}
|
||||||
|
|
||||||
|
void testrun_test_hmacmd5(void){
|
||||||
|
uint8_t hmac[16];
|
||||||
|
uint8_t keys[][16] = {
|
||||||
|
{ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
|
||||||
|
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b },
|
||||||
|
{ 'J', 'e', 'f', 'e', },
|
||||||
|
{ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
|
||||||
|
0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA }
|
||||||
|
};
|
||||||
|
uint8_t buffer[50];
|
||||||
|
cli_putstr("\r\n hmac (1): ");
|
||||||
|
hmac_md5(hmac, keys[0], 128, "Hi There", 64);
|
||||||
|
cli_hexdump(hmac, 16);
|
||||||
|
|
||||||
|
cli_putstr("\r\n hmac (2): ");
|
||||||
|
hmac_md5(hmac, keys[1], 4*8, "what do ya want for nothing?", 28*8);
|
||||||
|
cli_hexdump(hmac, 16);
|
||||||
|
|
||||||
|
cli_putstr("\r\n hmac (3): ");
|
||||||
|
memset(buffer, 0xDD, 50);
|
||||||
|
hmac_md5(hmac, keys[2], 128, buffer, 50*8);
|
||||||
|
cli_hexdump(hmac, 16);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
void hmacmd5_interactive(void){
|
||||||
|
char key[101];
|
||||||
|
char msg[101];
|
||||||
|
uint8_t hmac[HMAC_MD5_BYTES];
|
||||||
|
uint8_t key_len, msg_len;
|
||||||
|
cli_putstr("\r\nHMAC-MD5:\r\nkey: ");
|
||||||
|
cli_getsn(key, 100);
|
||||||
|
key_len = strlen(key);
|
||||||
|
cli_putstr("\r\nmsg: ");
|
||||||
|
cli_getsn(msg, 100);
|
||||||
|
msg_len = strlen(msg);
|
||||||
|
hmac_md5(hmac, key, key_len*8, msg, msg_len*8);
|
||||||
|
cli_putstr("\r\nhmac-md5: ");
|
||||||
|
cli_hexdump(hmac, HMAC_MD5_BYTES);
|
||||||
|
}
|
||||||
|
|
||||||
|
void strhexdump(char* dest, void* src, uint16_t length){
|
||||||
|
char table[] = { '0', '1', '2', '3',
|
||||||
|
'4', '5', '6', '7',
|
||||||
|
'8', '9', 'a', 'b',
|
||||||
|
'c', 'd', 'e', 'f' };
|
||||||
|
while(length--){
|
||||||
|
*dest++ = table[(*((uint8_t*)src))>>4];
|
||||||
|
*dest++ = table[(*((uint8_t*)src))&0xf];
|
||||||
|
src = (uint8_t*)src +1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
void cram_md5_interactive(void){
|
||||||
|
char key[101];
|
||||||
|
char msg_b64[101];
|
||||||
|
char username[101];
|
||||||
|
uint8_t msg[100];
|
||||||
|
uint8_t hmac[HMAC_MD5_BYTES];
|
||||||
|
int key_len, msg_len;
|
||||||
|
int ul;
|
||||||
|
cli_putstr("\r\nCRAM-MD5:\r\nkey: ");
|
||||||
|
cli_getsn(key, 100);
|
||||||
|
key_len = strlen(key);
|
||||||
|
cli_putstr("\r\nusername: ");
|
||||||
|
cli_getsn(username, 60);
|
||||||
|
cli_putstr("\r\nchallange: ");
|
||||||
|
cli_getsn(msg_b64, 100);
|
||||||
|
if((msg_len = base64_binlength(msg_b64, 1))==-1){
|
||||||
|
cli_putstr("\r\nERROR in base64 encoding !\r\n");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
base64dec(msg, msg_b64, 1);
|
||||||
|
hmac_md5(hmac, key, key_len*8, msg, msg_len*8);
|
||||||
|
ul=strlen(username);
|
||||||
|
username[ul]=' ';
|
||||||
|
strhexdump(username+ul+1, hmac, 128/8);
|
||||||
|
base64enc(msg_b64, username, ul+1+128/8*2);
|
||||||
|
cli_putstr("\r\nresponse: ");
|
||||||
|
cli_hexdump(hmac, HMAC_MD5_BYTES);
|
||||||
|
cli_putstr("\r\nresponse (b64): ");
|
||||||
|
cli_putstr(msg_b64);
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
void md5_interactive(void){
|
||||||
|
char msg[101];
|
||||||
|
uint8_t hash[MD5_HASH_BYTES];
|
||||||
|
uint8_t msg_len;
|
||||||
|
cli_putstr("\r\nmsg: ");
|
||||||
|
cli_getsn(msg, 100);
|
||||||
|
msg_len = strlen(msg);
|
||||||
|
md5((void*)hash, msg, msg_len*8);
|
||||||
|
cli_putstr("\r\nmd5: ");
|
||||||
|
cli_hexdump(hash, MD5_HASH_BYTES);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* main *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
const char nessie_str[] = "nessie";
|
||||||
|
const char test_str[] = "test";
|
||||||
|
/* const char performance_str[] = "performance"; */
|
||||||
|
const char echo_str[] = "echo";
|
||||||
|
const char hmd5i_str[] = "hmac-md5";
|
||||||
|
/* const char crammd5i_str[] = "cram-md5"; */
|
||||||
|
const char md5i_str[] = "md5";
|
||||||
|
|
||||||
|
|
||||||
|
const cmdlist_entry_t const cmdlist[] = {
|
||||||
|
{ nessie_str, NULL, testrun_nessie_hmacmd5},
|
||||||
|
{ test_str, NULL, testrun_test_hmacmd5},
|
||||||
|
{ hmd5i_str, NULL, hmacmd5_interactive},
|
||||||
|
/* { crammd5i_str, NULL, cram_md5_interactive}, */
|
||||||
|
{ md5i_str, NULL, md5_interactive},
|
||||||
|
/* { performance_str, NULL, testrun_performance_hmacmd5}, */
|
||||||
|
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
|
||||||
|
{ NULL, NULL, NULL}
|
||||||
|
};
|
||||||
|
|
||||||
|
int main (void){
|
||||||
|
main_setup();
|
||||||
|
|
||||||
|
for(;;){
|
||||||
|
welcome_msg(algo_name);
|
||||||
|
cmd_interface(cmdlist);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,76 @@
|
||||||
|
/* main-hmac-sha1-test.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* HMAC-SHA1 test-suit
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "main-test-common.h"
|
||||||
|
#include "sha1.h"
|
||||||
|
#include "hmac-sha1.h"
|
||||||
|
|
||||||
|
#include "nessie_mac_test.h"
|
||||||
|
|
||||||
|
|
||||||
|
const char* algo_name = "HMAC-SHA1";
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* additional validation-functions *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
void testrun_nessie_hmacsha1(void){
|
||||||
|
nessie_mac_ctx.macsize_b = HMAC_SHA1_BITS;
|
||||||
|
nessie_mac_ctx.keysize_b = HMAC_SHA1_BLOCK_BITS;
|
||||||
|
nessie_mac_ctx.blocksize_B = HMAC_SHA1_BLOCK_BYTES;
|
||||||
|
nessie_mac_ctx.ctx_size_B = sizeof(hmac_sha1_ctx_t);
|
||||||
|
nessie_mac_ctx.name = algo_name;
|
||||||
|
nessie_mac_ctx.mac_init = (nessie_mac_init_fpt)hmac_sha1_init;
|
||||||
|
nessie_mac_ctx.mac_next = (nessie_mac_next_fpt)hmac_sha1_nextBlock;
|
||||||
|
nessie_mac_ctx.mac_last = (nessie_mac_last_fpt)hmac_sha1_lastBlock;
|
||||||
|
nessie_mac_ctx.mac_conv = (nessie_mac_conv_fpt)hmac_sha1_final;
|
||||||
|
|
||||||
|
nessie_mac_run();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* main *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
const char nessie_str[] = "nessie";
|
||||||
|
const char test_str[] = "test";
|
||||||
|
/* const char performance_str[] = "performance"; */
|
||||||
|
const char echo_str[] = "echo";
|
||||||
|
|
||||||
|
const cmdlist_entry_t const cmdlist[] = {
|
||||||
|
{ nessie_str, NULL, testrun_nessie_hmacsha1},
|
||||||
|
{ test_str, NULL, testrun_nessie_hmacsha1},
|
||||||
|
/* { performance_str, NULL, testrun_performance_hmacsha1}, */
|
||||||
|
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
|
||||||
|
{ NULL, NULL, NULL}
|
||||||
|
};
|
||||||
|
|
||||||
|
int main (void){
|
||||||
|
main_setup();
|
||||||
|
|
||||||
|
for(;;){
|
||||||
|
welcome_msg(algo_name);
|
||||||
|
cmd_interface(cmdlist);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,95 @@
|
||||||
|
/* main-hmac-sha256-test.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* HMAC-SHA256 test-suit
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "main-test-common.h"
|
||||||
|
|
||||||
|
#include "sha256.h"
|
||||||
|
#include "hmac-sha256.h"
|
||||||
|
|
||||||
|
#include "nessie_mac_test.h"
|
||||||
|
|
||||||
|
|
||||||
|
const char* algo_name = "HMAC-SHA256";
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* additional validation-functions *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
void testrun_hmacsha256(void){
|
||||||
|
uint8_t key[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
|
||||||
|
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
|
||||||
|
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
|
||||||
|
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
|
||||||
|
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
|
||||||
|
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
|
||||||
|
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
|
||||||
|
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF };
|
||||||
|
uint8_t msg[] = { 0x00 };
|
||||||
|
uint8_t mac[HMAC_SHA256_BYTES];
|
||||||
|
hmac_sha256(mac, key, 512, msg, 0);
|
||||||
|
cli_putstr("\r\n quick hmac = ");
|
||||||
|
cli_hexdump(mac, HMAC_SHA256_BYTES);
|
||||||
|
cli_putstr("\r\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
void testrun_nessie_hmacsha256(void){
|
||||||
|
nessie_mac_ctx.macsize_b = HMAC_SHA256_BITS;
|
||||||
|
nessie_mac_ctx.keysize_b = HMAC_SHA256_BLOCK_BITS;
|
||||||
|
nessie_mac_ctx.blocksize_B = HMAC_SHA256_BLOCK_BYTES;
|
||||||
|
nessie_mac_ctx.ctx_size_B = sizeof(hmac_sha256_ctx_t);
|
||||||
|
nessie_mac_ctx.name = algo_name;
|
||||||
|
nessie_mac_ctx.mac_init = (nessie_mac_init_fpt)hmac_sha256_init;
|
||||||
|
nessie_mac_ctx.mac_next = (nessie_mac_next_fpt)hmac_sha256_nextBlock;
|
||||||
|
nessie_mac_ctx.mac_last = (nessie_mac_last_fpt)hmac_sha256_lastBlock;
|
||||||
|
nessie_mac_ctx.mac_conv = (nessie_mac_conv_fpt)hmac_sha256_final;
|
||||||
|
|
||||||
|
nessie_mac_run();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* main *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
const char nessie_str[] = "nessie";
|
||||||
|
const char test_str[] = "test";
|
||||||
|
/* const char performance_str[] = "performance"; */
|
||||||
|
const char echo_str[] = "echo";
|
||||||
|
|
||||||
|
const cmdlist_entry_t const cmdlist[] = {
|
||||||
|
{ nessie_str, NULL, testrun_nessie_hmacsha256},
|
||||||
|
{ test_str, NULL, testrun_hmacsha256},
|
||||||
|
/* { performance_str, NULL, testrun_performance_hmacsha256}, */
|
||||||
|
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
|
||||||
|
{ NULL, NULL, NULL}
|
||||||
|
};
|
||||||
|
|
||||||
|
int main (void){
|
||||||
|
main_setup();
|
||||||
|
|
||||||
|
for(;;){
|
||||||
|
welcome_msg(algo_name);
|
||||||
|
cmd_interface(cmdlist);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,794 @@
|
||||||
|
/* main-dsa-test.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* RSA test-suit
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#include "main-test-common.h"
|
||||||
|
|
||||||
|
#include "noekeon.h"
|
||||||
|
#include "noekeon_prng.h"
|
||||||
|
#include "bigint.h"
|
||||||
|
#include "bigint_io.h"
|
||||||
|
#include "random_dummy.h"
|
||||||
|
#include "rsa_basic.h"
|
||||||
|
#include "rsaes_oaep.h"
|
||||||
|
|
||||||
|
#include "performance_test.h"
|
||||||
|
|
||||||
|
const char* algo_name = "RSAES-OAEP";
|
||||||
|
|
||||||
|
#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t))
|
||||||
|
#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* additional validation-functions *
|
||||||
|
*****************************************************************************/
|
||||||
|
#if 0
|
||||||
|
/* ==================================
|
||||||
|
* Example 1: A 1024-bit RSA Key Pair
|
||||||
|
* ================================== */
|
||||||
|
|
||||||
|
/* ------------------------------
|
||||||
|
* Components of the RSA Key Pair
|
||||||
|
* ------------------------------ */
|
||||||
|
|
||||||
|
/* RSA modulus n: */
|
||||||
|
const uint8_t modulus[] = {
|
||||||
|
0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
|
||||||
|
0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
|
||||||
|
0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
|
||||||
|
0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
|
||||||
|
0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
|
||||||
|
0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
|
||||||
|
0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
|
||||||
|
0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
|
||||||
|
};
|
||||||
|
|
||||||
|
/* RSA public exponent e: */
|
||||||
|
const uint8_t public_exponent[] = {
|
||||||
|
0x00, 0x01, 0x00, 0x01
|
||||||
|
};
|
||||||
|
|
||||||
|
/* RSA private exponent d: */
|
||||||
|
const uint8_t private_exponent[] = {
|
||||||
|
0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
|
||||||
|
0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
|
||||||
|
0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
|
||||||
|
0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
|
||||||
|
0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
|
||||||
|
0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
|
||||||
|
0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
|
||||||
|
0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Prime p: */
|
||||||
|
const uint8_t p[] = {
|
||||||
|
0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
|
||||||
|
0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
|
||||||
|
0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
|
||||||
|
0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Prime q: */
|
||||||
|
const uint8_t q[] = {
|
||||||
|
0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
|
||||||
|
0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
|
||||||
|
0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
|
||||||
|
0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
|
||||||
|
};
|
||||||
|
|
||||||
|
/* p's CRT exponent dP: */
|
||||||
|
const uint8_t dp[] = {
|
||||||
|
0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
|
||||||
|
0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
|
||||||
|
0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
|
||||||
|
0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
|
||||||
|
};
|
||||||
|
|
||||||
|
/* q's CRT exponent dQ: */
|
||||||
|
const uint8_t dq[] = {
|
||||||
|
0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
|
||||||
|
0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
|
||||||
|
0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
|
||||||
|
0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
|
||||||
|
};
|
||||||
|
|
||||||
|
/* CRT coefficient qInv: */
|
||||||
|
const uint8_t qinv[] = {
|
||||||
|
0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
|
||||||
|
0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
|
||||||
|
0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
|
||||||
|
0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1
|
||||||
|
};
|
||||||
|
|
||||||
|
/* ---------------------------------
|
||||||
|
* RSAES-OAEP Encryption Example 1.1
|
||||||
|
* --------------------------------- */
|
||||||
|
|
||||||
|
/* Message to be, encrypted: */
|
||||||
|
const uint8_t message[] = {
|
||||||
|
0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
|
||||||
|
0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Seed: */
|
||||||
|
const uint8_t seed[] = {
|
||||||
|
0x18, 0xb7, 0x76, 0xea, 0x21, 0x06, 0x9d, 0x69, 0x77, 0x6a, 0x33, 0xe9, 0x6b, 0xad, 0x48, 0xe1,
|
||||||
|
0xdd, 0xa0, 0xa5, 0xef
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Encryption: */
|
||||||
|
const uint8_t encrypted[] = {
|
||||||
|
0x35, 0x4f, 0xe6, 0x7b, 0x4a, 0x12, 0x6d, 0x5d, 0x35, 0xfe, 0x36, 0xc7, 0x77, 0x79, 0x1a, 0x3f,
|
||||||
|
0x7b, 0xa1, 0x3d, 0xef, 0x48, 0x4e, 0x2d, 0x39, 0x08, 0xaf, 0xf7, 0x22, 0xfa, 0xd4, 0x68, 0xfb,
|
||||||
|
0x21, 0x69, 0x6d, 0xe9, 0x5d, 0x0b, 0xe9, 0x11, 0xc2, 0xd3, 0x17, 0x4f, 0x8a, 0xfc, 0xc2, 0x01,
|
||||||
|
0x03, 0x5f, 0x7b, 0x6d, 0x8e, 0x69, 0x40, 0x2d, 0xe5, 0x45, 0x16, 0x18, 0xc2, 0x1a, 0x53, 0x5f,
|
||||||
|
0xa9, 0xd7, 0xbf, 0xc5, 0xb8, 0xdd, 0x9f, 0xc2, 0x43, 0xf8, 0xcf, 0x92, 0x7d, 0xb3, 0x13, 0x22,
|
||||||
|
0xd6, 0xe8, 0x81, 0xea, 0xa9, 0x1a, 0x99, 0x61, 0x70, 0xe6, 0x57, 0xa0, 0x5a, 0x26, 0x64, 0x26,
|
||||||
|
0xd9, 0x8c, 0x88, 0x00, 0x3f, 0x84, 0x77, 0xc1, 0x22, 0x70, 0x94, 0xa0, 0xd9, 0xfa, 0x1e, 0x8c,
|
||||||
|
0x40, 0x24, 0x30, 0x9c, 0xe1, 0xec, 0xcc, 0xb5, 0x21, 0x00, 0x35, 0xd4, 0x7a, 0xc7, 0x2e, 0x8a
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Message to be encrypted: */
|
||||||
|
const uint8_t message2[] = {
|
||||||
|
0x75, 0x0c, 0x40, 0x47, 0xf5, 0x47, 0xe8, 0xe4, 0x14, 0x11, 0x85, 0x65, 0x23, 0x29, 0x8a, 0xc9,
|
||||||
|
0xba, 0xe2, 0x45, 0xef, 0xaf, 0x13, 0x97, 0xfb, 0xe5, 0x6f, 0x9d, 0xd5
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Seed: */
|
||||||
|
const uint8_t seed2[] = {
|
||||||
|
0x0c, 0xc7, 0x42, 0xce, 0x4a, 0x9b, 0x7f, 0x32, 0xf9, 0x51, 0xbc, 0xb2, 0x51, 0xef, 0xd9, 0x25,
|
||||||
|
0xfe, 0x4f, 0xe3, 0x5f
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Encryption: */
|
||||||
|
const uint8_t encrypted2[] = {
|
||||||
|
0x64, 0x0d, 0xb1, 0xac, 0xc5, 0x8e, 0x05, 0x68, 0xfe, 0x54, 0x07, 0xe5, 0xf9, 0xb7, 0x01, 0xdf,
|
||||||
|
0xf8, 0xc3, 0xc9, 0x1e, 0x71, 0x6c, 0x53, 0x6f, 0xc7, 0xfc, 0xec, 0x6c, 0xb5, 0xb7, 0x1c, 0x11,
|
||||||
|
0x65, 0x98, 0x8d, 0x4a, 0x27, 0x9e, 0x15, 0x77, 0xd7, 0x30, 0xfc, 0x7a, 0x29, 0x93, 0x2e, 0x3f,
|
||||||
|
0x00, 0xc8, 0x15, 0x15, 0x23, 0x6d, 0x8d, 0x8e, 0x31, 0x01, 0x7a, 0x7a, 0x09, 0xdf, 0x43, 0x52,
|
||||||
|
0xd9, 0x04, 0xcd, 0xeb, 0x79, 0xaa, 0x58, 0x3a, 0xdc, 0xc3, 0x1e, 0xa6, 0x98, 0xa4, 0xc0, 0x52,
|
||||||
|
0x83, 0xda, 0xba, 0x90, 0x89, 0xbe, 0x54, 0x91, 0xf6, 0x7c, 0x1a, 0x4e, 0xe4, 0x8d, 0xc7, 0x4b,
|
||||||
|
0xbb, 0xe6, 0x64, 0x3a, 0xef, 0x84, 0x66, 0x79, 0xb4, 0xcb, 0x39, 0x5a, 0x35, 0x2d, 0x5e, 0xd1,
|
||||||
|
0x15, 0x91, 0x2d, 0xf6, 0x96, 0xff, 0xe0, 0x70, 0x29, 0x32, 0x94, 0x6d, 0x71, 0x49, 0x2b, 0x44
|
||||||
|
};
|
||||||
|
|
||||||
|
/**********************************************************************************************/
|
||||||
|
/* ---------------------------------
|
||||||
|
* RSAES-OAEP Encryption Example 2.1
|
||||||
|
* --------------------------------- */
|
||||||
|
|
||||||
|
/* Message to be encrypted: */
|
||||||
|
const uint8_t message3[] = {
|
||||||
|
0x8f, 0xf0, 0x0c, 0xaa, 0x60, 0x5c, 0x70, 0x28, 0x30, 0x63, 0x4d, 0x9a, 0x6c, 0x3d, 0x42, 0xc6,
|
||||||
|
0x52, 0xb5, 0x8c, 0xf1, 0xd9, 0x2f, 0xec, 0x57, 0x0b, 0xee, 0xe7
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Seed: */
|
||||||
|
const uint8_t seed3[] = {
|
||||||
|
0x8c, 0x40, 0x7b, 0x5e, 0xc2, 0x89, 0x9e, 0x50, 0x99, 0xc5, 0x3e, 0x8c, 0xe7, 0x93, 0xbf, 0x94,
|
||||||
|
0xe7, 0x1b, 0x17, 0x82
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Encryption: */
|
||||||
|
const uint8_t encrypted3[] = {
|
||||||
|
0x01, 0x81, 0xaf, 0x89, 0x22, 0xb9, 0xfc, 0xb4, 0xd7, 0x9d, 0x92, 0xeb, 0xe1, 0x98, 0x15, 0x99,
|
||||||
|
0x2f, 0xc0, 0xc1, 0x43, 0x9d, 0x8b, 0xcd, 0x49, 0x13, 0x98, 0xa0, 0xf4, 0xad, 0x3a, 0x32, 0x9a,
|
||||||
|
0x5b, 0xd9, 0x38, 0x55, 0x60, 0xdb, 0x53, 0x26, 0x83, 0xc8, 0xb7, 0xda, 0x04, 0xe4, 0xb1, 0x2a,
|
||||||
|
0xed, 0x6a, 0xac, 0xdf, 0x47, 0x1c, 0x34, 0xc9, 0xcd, 0xa8, 0x91, 0xad, 0xdc, 0xc2, 0xdf, 0x34,
|
||||||
|
0x56, 0x65, 0x3a, 0xa6, 0x38, 0x2e, 0x9a, 0xe5, 0x9b, 0x54, 0x45, 0x52, 0x57, 0xeb, 0x09, 0x9d,
|
||||||
|
0x56, 0x2b, 0xbe, 0x10, 0x45, 0x3f, 0x2b, 0x6d, 0x13, 0xc5, 0x9c, 0x02, 0xe1, 0x0f, 0x1f, 0x8a,
|
||||||
|
0xbb, 0x5d, 0xa0, 0xd0, 0x57, 0x09, 0x32, 0xda, 0xcf, 0x2d, 0x09, 0x01, 0xdb, 0x72, 0x9d, 0x0f,
|
||||||
|
0xef, 0xcc, 0x05, 0x4e, 0x70, 0x96, 0x8e, 0xa5, 0x40, 0xc8, 0x1b, 0x04, 0xbc, 0xae, 0xfe, 0x72,
|
||||||
|
0x0e
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
/**********************************************************************************************/
|
||||||
|
|
||||||
|
/* ---------------------------------
|
||||||
|
* RSAES-OAEP Encryption Example 2.4
|
||||||
|
* --------------------------------- */
|
||||||
|
|
||||||
|
/* Message to be encrypted: */
|
||||||
|
const uint8_t message4[] = {
|
||||||
|
0xa7, 0xeb, 0x2a, 0x50, 0x36, 0x93, 0x1d, 0x27, 0xd4, 0xe8, 0x91, 0x32, 0x6d, 0x99, 0x69, 0x2f,
|
||||||
|
0xfa, 0xdd, 0xa9, 0xbf, 0x7e, 0xfd, 0x3e, 0x34, 0xe6, 0x22, 0xc4, 0xad, 0xc0, 0x85, 0xf7, 0x21,
|
||||||
|
0xdf, 0xe8, 0x85, 0x07, 0x2c, 0x78, 0xa2, 0x03, 0xb1, 0x51, 0x73, 0x9b, 0xe5, 0x40, 0xfa, 0x8c,
|
||||||
|
0x15, 0x3a, 0x10, 0xf0, 0x0a
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Seed: */
|
||||||
|
const uint8_t seed4[] = {
|
||||||
|
0x9a, 0x7b, 0x3b, 0x0e, 0x70, 0x8b, 0xd9, 0x6f, 0x81, 0x90, 0xec, 0xab, 0x4f, 0xb9, 0xb2, 0xb3,
|
||||||
|
0x80, 0x5a, 0x81, 0x56
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Encryption: */
|
||||||
|
const uint8_t encrypted4[] = {
|
||||||
|
/* 0x00,*/ 0xa4, 0x57, 0x8c, 0xbc, 0x17, 0x63, 0x18, 0xa6, 0x38, 0xfb, 0xa7, 0xd0, 0x1d, 0xf1, 0x57,
|
||||||
|
0x46, 0xaf, 0x44, 0xd4, 0xf6, 0xcd, 0x96, 0xd7, 0xe7, 0xc4, 0x95, 0xcb, 0xf4, 0x25, 0xb0, 0x9c,
|
||||||
|
0x64, 0x9d, 0x32, 0xbf, 0x88, 0x6d, 0xa4, 0x8f, 0xba, 0xf9, 0x89, 0xa2, 0x11, 0x71, 0x87, 0xca,
|
||||||
|
0xfb, 0x1f, 0xb5, 0x80, 0x31, 0x76, 0x90, 0xe3, 0xcc, 0xd4, 0x46, 0x92, 0x0b, 0x7a, 0xf8, 0x2b,
|
||||||
|
0x31, 0xdb, 0x58, 0x04, 0xd8, 0x7d, 0x01, 0x51, 0x4a, 0xcb, 0xfa, 0x91, 0x56, 0xe7, 0x82, 0xf8,
|
||||||
|
0x67, 0xf6, 0xbe, 0xd9, 0x44, 0x9e, 0x0e, 0x9a, 0x2c, 0x09, 0xbc, 0xec, 0xc6, 0xaa, 0x08, 0x76,
|
||||||
|
0x36, 0x96, 0x5e, 0x34, 0xb3, 0xec, 0x76, 0x6f, 0x2f, 0xe2, 0xe4, 0x30, 0x18, 0xa2, 0xfd, 0xde,
|
||||||
|
0xb1, 0x40, 0x61, 0x6a, 0x0e, 0x9d, 0x82, 0xe5, 0x33, 0x10, 0x24, 0xee, 0x06, 0x52, 0xfc, 0x76,
|
||||||
|
0x41
|
||||||
|
};
|
||||||
|
|
||||||
|
/**********************************************************************************************/
|
||||||
|
#if 1
|
||||||
|
/* RSA modulus n: */
|
||||||
|
const uint8_t modulus2[] = {
|
||||||
|
0x01, 0x94, 0x7c, 0x7f, 0xce, 0x90, 0x42, 0x5f, 0x47, 0x27, 0x9e, 0x70, 0x85, 0x1f, 0x25, 0xd5,
|
||||||
|
0xe6, 0x23, 0x16, 0xfe, 0x8a, 0x1d, 0xf1, 0x93, 0x71, 0xe3, 0xe6, 0x28, 0xe2, 0x60, 0x54, 0x3e,
|
||||||
|
0x49, 0x01, 0xef, 0x60, 0x81, 0xf6, 0x8c, 0x0b, 0x81, 0x41, 0x19, 0x0d, 0x2a, 0xe8, 0xda, 0xba,
|
||||||
|
0x7d, 0x12, 0x50, 0xec, 0x6d, 0xb6, 0x36, 0xe9, 0x44, 0xec, 0x37, 0x22, 0x87, 0x7c, 0x7c, 0x1d,
|
||||||
|
0x0a, 0x67, 0xf1, 0x4b, 0x16, 0x94, 0xc5, 0xf0, 0x37, 0x94, 0x51, 0xa4, 0x3e, 0x49, 0xa3, 0x2d,
|
||||||
|
0xde, 0x83, 0x67, 0x0b, 0x73, 0xda, 0x91, 0xa1, 0xc9, 0x9b, 0xc2, 0x3b, 0x43, 0x6a, 0x60, 0x05,
|
||||||
|
0x5c, 0x61, 0x0f, 0x0b, 0xaf, 0x99, 0xc1, 0xa0, 0x79, 0x56, 0x5b, 0x95, 0xa3, 0xf1, 0x52, 0x66,
|
||||||
|
0x32, 0xd1, 0xd4, 0xda, 0x60, 0xf2, 0x0e, 0xda, 0x25, 0xe6, 0x53, 0xc4, 0xf0, 0x02, 0x76, 0x6f,
|
||||||
|
0x45
|
||||||
|
};
|
||||||
|
|
||||||
|
/* RSA public exponent e: */
|
||||||
|
const uint8_t public_exponent2[] = {
|
||||||
|
0x01, 0x00, 0x01
|
||||||
|
};
|
||||||
|
|
||||||
|
/* RSA private exponent d: */
|
||||||
|
const uint8_t private_exponent2[] = {
|
||||||
|
0x08, 0x23, 0xf2, 0x0f, 0xad, 0xb5, 0xda, 0x89, 0x08, 0x8a, 0x9d, 0x00, 0x89, 0x3e, 0x21, 0xfa,
|
||||||
|
0x4a, 0x1b, 0x11, 0xfb, 0xc9, 0x3c, 0x64, 0xa3, 0xbe, 0x0b, 0xaa, 0xea, 0x97, 0xfb, 0x3b, 0x93,
|
||||||
|
0xc3, 0xff, 0x71, 0x37, 0x04, 0xc1, 0x9c, 0x96, 0x3c, 0x1d, 0x10, 0x7a, 0xae, 0x99, 0x05, 0x47,
|
||||||
|
0x39, 0xf7, 0x9e, 0x02, 0xe1, 0x86, 0xde, 0x86, 0xf8, 0x7a, 0x6d, 0xde, 0xfe, 0xa6, 0xd8, 0xcc,
|
||||||
|
0xd1, 0xd3, 0xc8, 0x1a, 0x47, 0xbf, 0xa7, 0x25, 0x5b, 0xe2, 0x06, 0x01, 0xa4, 0xa4, 0xb2, 0xf0,
|
||||||
|
0x8a, 0x16, 0x7b, 0x5e, 0x27, 0x9d, 0x71, 0x5b, 0x1b, 0x45, 0x5b, 0xdd, 0x7e, 0xab, 0x24, 0x59,
|
||||||
|
0x41, 0xd9, 0x76, 0x8b, 0x9a, 0xce, 0xfb, 0x3c, 0xcd, 0xa5, 0x95, 0x2d, 0xa3, 0xce, 0xe7, 0x25,
|
||||||
|
0x25, 0xb4, 0x50, 0x16, 0x63, 0xa8, 0xee, 0x15, 0xc9, 0xe9, 0x92, 0xd9, 0x24, 0x62, 0xfe, 0x39
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Prime p: */
|
||||||
|
const uint8_t p2[] = {
|
||||||
|
0x01, 0x59, 0xdb, 0xde, 0x04, 0xa3, 0x3e, 0xf0, 0x6f, 0xb6, 0x08, 0xb8, 0x0b, 0x19, 0x0f, 0x4d,
|
||||||
|
0x3e, 0x22, 0xbc, 0xc1, 0x3a, 0xc8, 0xe4, 0xa0, 0x81, 0x03, 0x3a, 0xbf, 0xa4, 0x16, 0xed, 0xb0,
|
||||||
|
0xb3, 0x38, 0xaa, 0x08, 0xb5, 0x73, 0x09, 0xea, 0x5a, 0x52, 0x40, 0xe7, 0xdc, 0x6e, 0x54, 0x37,
|
||||||
|
0x8c, 0x69, 0x41, 0x4c, 0x31, 0xd9, 0x7d, 0xdb, 0x1f, 0x40, 0x6d, 0xb3, 0x76, 0x9c, 0xc4, 0x1a,
|
||||||
|
0x43
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Prime q: */
|
||||||
|
const uint8_t q2[] = {
|
||||||
|
0x01, 0x2b, 0x65, 0x2f, 0x30, 0x40, 0x3b, 0x38, 0xb4, 0x09, 0x95, 0xfd, 0x6f, 0xf4, 0x1a, 0x1a,
|
||||||
|
0xcc, 0x8a, 0xda, 0x70, 0x37, 0x32, 0x36, 0xb7, 0x20, 0x2d, 0x39, 0xb2, 0xee, 0x30, 0xcf, 0xb4,
|
||||||
|
0x6d, 0xb0, 0x95, 0x11, 0xf6, 0xf3, 0x07, 0xcc, 0x61, 0xcc, 0x21, 0x60, 0x6c, 0x18, 0xa7, 0x5b,
|
||||||
|
0x8a, 0x62, 0xf8, 0x22, 0xdf, 0x03, 0x1b, 0xa0, 0xdf, 0x0d, 0xaf, 0xd5, 0x50, 0x6f, 0x56, 0x8b,
|
||||||
|
0xd7
|
||||||
|
};
|
||||||
|
|
||||||
|
/* p's CRT exponent dP: */
|
||||||
|
const uint8_t dp2[] = {
|
||||||
|
0x43, 0x6e, 0xf5, 0x08, 0xde, 0x73, 0x65, 0x19, 0xc2, 0xda, 0x4c, 0x58, 0x0d, 0x98, 0xc8, 0x2c,
|
||||||
|
0xb7, 0x45, 0x2a, 0x3f, 0xb5, 0xef, 0xad, 0xc3, 0xb9, 0xc7, 0x78, 0x9a, 0x1b, 0xc6, 0x58, 0x4f,
|
||||||
|
0x79, 0x5a, 0xdd, 0xbb, 0xd3, 0x24, 0x39, 0xc7, 0x46, 0x86, 0x55, 0x2e, 0xcb, 0x6c, 0x2c, 0x30,
|
||||||
|
0x7a, 0x4d, 0x3a, 0xf7, 0xf5, 0x39, 0xee, 0xc1, 0x57, 0x24, 0x8c, 0x7b, 0x31, 0xf1, 0xa2, 0x55
|
||||||
|
};
|
||||||
|
|
||||||
|
/* q's CRT exponent dQ: */
|
||||||
|
const uint8_t dq2[] = {
|
||||||
|
0x01, 0x2b, 0x15, 0xa8, 0x9f, 0x3d, 0xfb, 0x2b, 0x39, 0x07, 0x3e, 0x73, 0xf0, 0x2b, 0xdd, 0x0c,
|
||||||
|
0x1a, 0x7b, 0x37, 0x9d, 0xd4, 0x35, 0xf0, 0x5c, 0xdd, 0xe2, 0xef, 0xf9, 0xe4, 0x62, 0x94, 0x8b,
|
||||||
|
0x7c, 0xec, 0x62, 0xee, 0x90, 0x50, 0xd5, 0xe0, 0x81, 0x6e, 0x07, 0x85, 0xa8, 0x56, 0xb4, 0x91,
|
||||||
|
0x08, 0xdc, 0xb7, 0x5f, 0x36, 0x83, 0x87, 0x4d, 0x1c, 0xa6, 0x32, 0x9a, 0x19, 0x01, 0x30, 0x66,
|
||||||
|
0xff
|
||||||
|
};
|
||||||
|
|
||||||
|
/* CRT coefficient qInv: */
|
||||||
|
const uint8_t qinv2[] = {
|
||||||
|
0x02, 0x70, 0xdb, 0x17, 0xd5, 0x91, 0x4b, 0x01, 0x8d, 0x76, 0x11, 0x8b, 0x24, 0x38, 0x9a, 0x73,
|
||||||
|
0x50, 0xec, 0x83, 0x6b, 0x00, 0x63, 0xa2, 0x17, 0x21, 0x23, 0x6f, 0xd8, 0xed, 0xb6, 0xd8, 0x9b,
|
||||||
|
0x51, 0xe7, 0xee, 0xb8, 0x7b, 0x61, 0x1b, 0x71, 0x32, 0xcb, 0x7e, 0xa7, 0x35, 0x6c, 0x23, 0x15,
|
||||||
|
0x1c, 0x1e, 0x77, 0x51, 0x50, 0x7c, 0x78, 0x6d, 0x9e, 0xe1, 0x79, 0x41, 0x70, 0xa8, 0xc8, 0xe8
|
||||||
|
};
|
||||||
|
|
||||||
|
#endif
|
||||||
|
/**********************************************************************************************/
|
||||||
|
|
||||||
|
|
||||||
|
uint8_t keys_allocated = 0;
|
||||||
|
rsa_publickey_t pub_key;
|
||||||
|
rsa_privatekey_t priv_key;
|
||||||
|
|
||||||
|
#if 0
|
||||||
|
#define MSG message
|
||||||
|
#define SEED seed
|
||||||
|
#define ENCRYPTED encrypted
|
||||||
|
#define MODULUS modulus
|
||||||
|
#define PUB_EXPONENT public_exponent
|
||||||
|
#define PRIV_EXPONENT private_exponent
|
||||||
|
#define P p
|
||||||
|
#define Q q
|
||||||
|
#define DP dp
|
||||||
|
#define DQ dq
|
||||||
|
#define QINV qinv
|
||||||
|
#else
|
||||||
|
#define MSG message4
|
||||||
|
#define SEED seed4
|
||||||
|
#define ENCRYPTED encrypted4
|
||||||
|
#define MODULUS modulus2
|
||||||
|
#define PUB_EXPONENT public_exponent2
|
||||||
|
#define PRIV_EXPONENT private_exponent2
|
||||||
|
#define P p2
|
||||||
|
#define Q q2
|
||||||
|
#define DP dp2
|
||||||
|
#define DQ dq2
|
||||||
|
#define QINV qinv2
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
uint8_t convert_nibble(uint8_t c){
|
||||||
|
if(c>='0' && c<='9'){
|
||||||
|
return c - '0';
|
||||||
|
}
|
||||||
|
c |= 'A' ^ 'a';
|
||||||
|
if(c>='a' && c<='f'){
|
||||||
|
return c - 'a' + 10;
|
||||||
|
}
|
||||||
|
return 0xff;
|
||||||
|
}
|
||||||
|
|
||||||
|
const char *block_ignore_string=" \t\r\n,;";
|
||||||
|
#define BUFFER_LIMIT 120
|
||||||
|
uint16_t read_os(void* dst, uint16_t length, const char* ignore_string){
|
||||||
|
uint16_t counter = 0;
|
||||||
|
uint16_t c;
|
||||||
|
uint8_t v, tmp = 0, idx = 0;
|
||||||
|
if(!ignore_string){
|
||||||
|
ignore_string = block_ignore_string;
|
||||||
|
}
|
||||||
|
while(counter < length){
|
||||||
|
c = cli_getc();
|
||||||
|
if(c > 0xff){
|
||||||
|
return counter;
|
||||||
|
}
|
||||||
|
if(strchr(ignore_string, c)){
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
v = convert_nibble(c);
|
||||||
|
if(v > 0x0f){
|
||||||
|
return counter;
|
||||||
|
}
|
||||||
|
if(idx){
|
||||||
|
((uint8_t*)dst)[counter++] = (tmp << 4) | v;
|
||||||
|
idx = 0;
|
||||||
|
if(counter % (BUFFER_LIMIT/2) == 0){
|
||||||
|
cli_putc('.');
|
||||||
|
}
|
||||||
|
}else{
|
||||||
|
tmp = v;
|
||||||
|
idx = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return counter;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint16_t own_atou(const char* str){
|
||||||
|
uint16_t r=0;
|
||||||
|
while(*str && *str >= '0' && *str <= '9'){
|
||||||
|
r *= 10;
|
||||||
|
r += *str++ - '0';
|
||||||
|
}
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
char* own_utoa(unsigned value, char* str, uint8_t radix){
|
||||||
|
char *p = str, *b = str;
|
||||||
|
char t;
|
||||||
|
div_t d;
|
||||||
|
if(radix>36){
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
if(value == 0){
|
||||||
|
*p++ = '0';
|
||||||
|
*p = '\0';
|
||||||
|
return str;
|
||||||
|
}
|
||||||
|
while(value){
|
||||||
|
d = div(value, radix);
|
||||||
|
value = d.quot;
|
||||||
|
if(d.rem < 10){
|
||||||
|
*p++ = '0' + d.rem;
|
||||||
|
}else{
|
||||||
|
*p++ = 'a' + d.rem - 10;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
*p = '\0';
|
||||||
|
while(str<p){
|
||||||
|
t = *str;
|
||||||
|
*str++ = *--p;
|
||||||
|
*p = t;
|
||||||
|
}
|
||||||
|
return b;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t read_bigint(bigint_t* a, char* prompt){
|
||||||
|
uint16_t read_length, actual_length;
|
||||||
|
uint8_t off;
|
||||||
|
uint8_t *buffer;
|
||||||
|
char read_int_str[18];
|
||||||
|
cli_putstr(prompt);
|
||||||
|
cli_putstr("\r\n length: ");
|
||||||
|
cli_getsn(read_int_str, 16);
|
||||||
|
read_length = own_atou(read_int_str);
|
||||||
|
off = (sizeof(bigint_word_t) - (read_length % sizeof(bigint_word_t))) % sizeof(bigint_word_t);
|
||||||
|
buffer = malloc(((read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t));
|
||||||
|
if(!buffer){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
|
cli_putstr("\r\n data: ");
|
||||||
|
memset(buffer, 0, sizeof(bigint_word_t));
|
||||||
|
actual_length = read_os(buffer + off, read_length, NULL);
|
||||||
|
if(actual_length != read_length){
|
||||||
|
cli_putstr("\r\nERROR: unexpected end of data!");
|
||||||
|
free(buffer);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
a->wordv = (bigint_word_t*)buffer;
|
||||||
|
a->length_W = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||||
|
a->info = 0;
|
||||||
|
bigint_changeendianess(a);
|
||||||
|
bigint_adjust(a);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t pre_alloc_key_crt(void){
|
||||||
|
priv_key.n = 5;
|
||||||
|
priv_key.components = malloc(5 * sizeof(bigint_t));
|
||||||
|
if(!priv_key.components){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
void free_key(void){
|
||||||
|
uint8_t c;
|
||||||
|
free(pub_key.modulus.wordv);
|
||||||
|
free(pub_key.exponent.wordv);
|
||||||
|
pub_key.modulus.wordv = priv_key.modulus.wordv = NULL;
|
||||||
|
for(c = 0; c < priv_key.n; ++c){
|
||||||
|
free(priv_key.components[c].wordv);
|
||||||
|
}
|
||||||
|
free(priv_key.components);
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t read_key_crt(void){
|
||||||
|
uint8_t r;
|
||||||
|
cli_putstr("\r\n== reading key (crt) ==");
|
||||||
|
r = pre_alloc_key_crt();
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&pub_key.modulus, "\r\n = module =");
|
||||||
|
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&priv_key.components[0], "\r\n = p (first prime) =");
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&priv_key.components[1], "\r\n = q (second prime) =");
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&priv_key.components[2], "\r\n = dp (p's exponent) =");
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&priv_key.components[3], "\r\n = dq (q's exponent) =");
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&priv_key.components[4], "\r\n = qInv (q' coefficient) =");
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t read_key_conv(void){
|
||||||
|
uint8_t r;
|
||||||
|
cli_putstr("\r\n== reading key (crt) ==");
|
||||||
|
r = read_bigint(&pub_key.modulus,"\r\n = module =");
|
||||||
|
if(r) return r;
|
||||||
|
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
|
||||||
|
priv_key.n = 1;
|
||||||
|
priv_key.components = malloc(sizeof(bigint_t));
|
||||||
|
if(!priv_key.components){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
|
r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&priv_key.components[0], "\r\n = private exponent =");
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
void load_priv_conventional(void){
|
||||||
|
priv_key.components = malloc(sizeof(bigint_t));
|
||||||
|
priv_key.components[0].length_W = (sizeof(PRIV_EXPONENT) +
|
||||||
|
sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||||
|
priv_key.components[0].wordv = malloc(priv_key.components[0].length_W *
|
||||||
|
sizeof(bigint_word_t));
|
||||||
|
if(!priv_key.components[0].wordv){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
memcpy(priv_key.components[0].wordv, PRIV_EXPONENT, sizeof(PRIV_EXPONENT));
|
||||||
|
priv_key.n = 1;
|
||||||
|
bigint_changeendianess(&priv_key.components[0]);
|
||||||
|
bigint_adjust(&priv_key.components[0]);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void load_priv_crt_mono(void){
|
||||||
|
bigint_t *v;
|
||||||
|
const uint8_t *bv[5] = {P,Q,DP,DQ,QINV};
|
||||||
|
uint16_t sv[5] = {sizeof(P), sizeof(Q), sizeof(DP), sizeof(DQ), sizeof(QINV)};
|
||||||
|
uint8_t i;
|
||||||
|
v = malloc(5 * sizeof(bigint_t));
|
||||||
|
if(!v){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
priv_key.components = v;
|
||||||
|
priv_key.n = 5;
|
||||||
|
for(i=0; i<5; ++i){
|
||||||
|
v[i].info = 0;
|
||||||
|
v[i].length_W = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||||
|
v[i].wordv = calloc(v[i].length_W , sizeof(bigint_word_t));
|
||||||
|
if(!v[i].wordv){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
memcpy(v[i].wordv, bv[i], sv[i]);
|
||||||
|
bigint_changeendianess(&v[i]);
|
||||||
|
bigint_adjust(&v[i]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t load_bigint_from_os(bigint_t* a, const void* os, uint16_t length_B){
|
||||||
|
a->length_W = BIGINT_CEIL(length_B) / sizeof(bigint_word_t);
|
||||||
|
a->wordv = malloc(BIGINT_CEIL(length_B));
|
||||||
|
if(!a->wordv){
|
||||||
|
cli_putstr("\r\nOOM!\r\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
memset(a->wordv, 0, sizeof(bigint_word_t));
|
||||||
|
memcpy((uint8_t*)a->wordv + BIGINT_OFF(length_B), os, length_B);
|
||||||
|
a->info = 0;
|
||||||
|
bigint_changeendianess(a);
|
||||||
|
bigint_adjust(a);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
void load_fix_rsa(void){
|
||||||
|
if(keys_allocated){
|
||||||
|
free_key();
|
||||||
|
}
|
||||||
|
keys_allocated = 1;
|
||||||
|
|
||||||
|
if(pre_alloc_key_crt()){
|
||||||
|
cli_putstr("\r\nOOM!\r\n");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
load_bigint_from_os(&pub_key.modulus, MODULUS, sizeof(MODULUS));
|
||||||
|
load_bigint_from_os(&pub_key.exponent, PUB_EXPONENT, sizeof(PUB_EXPONENT));
|
||||||
|
priv_key.n = 5;
|
||||||
|
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
|
||||||
|
load_bigint_from_os(&priv_key.components[0], P, sizeof(P));
|
||||||
|
load_bigint_from_os(&priv_key.components[1], Q, sizeof(Q));
|
||||||
|
load_bigint_from_os(&priv_key.components[2], DP, sizeof(DP));
|
||||||
|
load_bigint_from_os(&priv_key.components[3], DQ, sizeof(DQ));
|
||||||
|
load_bigint_from_os(&priv_key.components[4], QINV, sizeof(QINV));
|
||||||
|
|
||||||
|
// load_priv_conventional();
|
||||||
|
// load_priv_crt_mono();
|
||||||
|
}
|
||||||
|
|
||||||
|
void quick_test(void){
|
||||||
|
uint8_t *ciphertext, *plaintext, rc;
|
||||||
|
uint8_t seed[sizeof(SEED)];
|
||||||
|
uint16_t clen, plen;
|
||||||
|
ciphertext = malloc(clen = pub_key.modulus.length_W * sizeof(bigint_word_t));
|
||||||
|
plaintext = malloc(pub_key.modulus.length_W * sizeof(bigint_word_t));
|
||||||
|
memcpy(plaintext, MSG, sizeof(MSG));
|
||||||
|
memcpy(seed, SEED, sizeof(SEED));
|
||||||
|
cli_putstr("\r\nplaintext:");
|
||||||
|
cli_hexdump_block(plaintext, sizeof(MSG), 4, 8);
|
||||||
|
cli_putstr("\r\nencrypting: ...");
|
||||||
|
rc = rsa_encrypt_oaep(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, NULL, NULL, seed);
|
||||||
|
if(rc){
|
||||||
|
cli_putstr("\r\nERROR: rsa_encrypt_oaep returned: ");
|
||||||
|
cli_hexdump_byte(rc);
|
||||||
|
return;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
cli_putstr("\r\n\r\nciphertext:");
|
||||||
|
cli_hexdump_block(ciphertext, clen, 4, 8);
|
||||||
|
if(clen!=sizeof(ENCRYPTED)){
|
||||||
|
cli_putstr("\r\n>>FAIL (no size match)<<");
|
||||||
|
}else{
|
||||||
|
if(memcmp(ciphertext, ENCRYPTED, clen)){
|
||||||
|
cli_putstr("\r\n>>FAIL (no content match)<<");
|
||||||
|
}else{
|
||||||
|
cli_putstr("\r\n>>OK<<");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
cli_putstr("\r\ndecrypting: ...");
|
||||||
|
rc = rsa_decrypt_oaep(plaintext, &plen, ciphertext, clen, &priv_key, NULL, NULL, NULL);
|
||||||
|
if(rc){
|
||||||
|
cli_putstr("\r\nERROR: rsa_decrypt_oaep returned: ");
|
||||||
|
cli_hexdump_byte(rc);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
cli_putstr("\r\n\r\nplaintext:");
|
||||||
|
cli_hexdump_block(plaintext, plen, 4, 8);
|
||||||
|
|
||||||
|
free(ciphertext);
|
||||||
|
free(plaintext);
|
||||||
|
}
|
||||||
|
|
||||||
|
void run_seed_test(void){
|
||||||
|
uint8_t *msg, *ciph, *msg_;
|
||||||
|
uint16_t msg_len, ciph_len, msg_len_;
|
||||||
|
uint8_t seed[20], seed_out[20];
|
||||||
|
char read_int_str[18];
|
||||||
|
cli_putstr("\r\n== test with given seed ==");
|
||||||
|
cli_putstr("\r\n = message =");
|
||||||
|
cli_putstr("\r\n length: ");
|
||||||
|
cli_getsn(read_int_str, 16);
|
||||||
|
msg_len = own_atou(read_int_str);
|
||||||
|
msg = malloc(msg_len);
|
||||||
|
if(!msg){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
ciph = malloc(bigint_length_B(&pub_key.modulus));
|
||||||
|
if(!ciph){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
msg_ = malloc(bigint_length_B(&pub_key.modulus));
|
||||||
|
if(!msg_){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
cli_putstr("\r\n data: ");
|
||||||
|
read_os(msg, msg_len, NULL);
|
||||||
|
cli_putstr("\r\n seed (20 bytes): ");
|
||||||
|
read_os(seed, 20, NULL);
|
||||||
|
|
||||||
|
cli_putstr("\r\n encrypting ...");
|
||||||
|
rsa_encrypt_oaep(ciph, &ciph_len, msg, msg_len, &pub_key, NULL, NULL, seed);
|
||||||
|
cli_putstr("\r\n ciphertext:");
|
||||||
|
cli_hexdump_block(ciph, ciph_len, 4, 16);
|
||||||
|
cli_putstr("\r\n decrypting ... ");
|
||||||
|
rsa_decrypt_oaep(msg_, &msg_len_, ciph, ciph_len, &priv_key, NULL, NULL, seed_out);
|
||||||
|
cli_putstr("[done]");
|
||||||
|
if(msg_len != msg_len_){
|
||||||
|
char tstr[16];
|
||||||
|
cli_putstr("\r\nERROR: wrong decrypted message length (");
|
||||||
|
|
||||||
|
own_utoa(msg_len_, tstr, 10);
|
||||||
|
cli_putstr(tstr);
|
||||||
|
cli_putstr(" instead of ");
|
||||||
|
own_utoa(msg_len, tstr, 10);
|
||||||
|
cli_putstr(tstr);
|
||||||
|
cli_putc(')');
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
if(memcmp(msg, msg_, msg_len)){
|
||||||
|
cli_putstr("\r\nERROR: wrong decrypted message:");
|
||||||
|
cli_hexdump_block(msg_, msg_len_, 4, 16);
|
||||||
|
cli_putstr("\r\nreference:");
|
||||||
|
cli_hexdump_block(msg, msg_len, 4, 16);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(memcmp(seed, seed_out, 20)){
|
||||||
|
cli_putstr("\r\nERROR: wrong decrypted seed:");
|
||||||
|
cli_hexdump_block(seed_out, 20, 4, 16);
|
||||||
|
cli_putstr("\r\nreference:");
|
||||||
|
cli_hexdump_block(seed, 20, 4, 16);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
cli_putstr("\r\n >>OK<<");
|
||||||
|
end:
|
||||||
|
free(msg);
|
||||||
|
free(msg_);
|
||||||
|
free(ciph);
|
||||||
|
}
|
||||||
|
|
||||||
|
void reset_prng(void){
|
||||||
|
uint8_t buf[16];
|
||||||
|
memset(buf, 0, 16);
|
||||||
|
random_seed(buf);
|
||||||
|
cli_putstr("\r\nPRNG reset");
|
||||||
|
}
|
||||||
|
|
||||||
|
void rsa_init(void){
|
||||||
|
prng_get_byte = random8;
|
||||||
|
}
|
||||||
|
|
||||||
|
void load_key(void){
|
||||||
|
if(keys_allocated){
|
||||||
|
free_key();
|
||||||
|
}
|
||||||
|
keys_allocated = 1;
|
||||||
|
read_key_crt();
|
||||||
|
}
|
||||||
|
|
||||||
|
void test_dump(void){
|
||||||
|
char lstr[16];
|
||||||
|
int len;
|
||||||
|
cli_putstr("\r\nenter dump length: ");
|
||||||
|
cli_getsn(lstr, 15);
|
||||||
|
len = own_atou(lstr);
|
||||||
|
cli_putstr("\r\ndumping 0x");
|
||||||
|
cli_hexdump_rev(&len, 2);
|
||||||
|
cli_putstr(" byte:");
|
||||||
|
cli_hexdump_block(pub_key.modulus.wordv, len, 4, 8);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* main *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
const char echo_test_str[] = "echo-test";
|
||||||
|
const char reset_prng_str[] = "reset-prng";
|
||||||
|
const char load_key_str[] = "load-key";
|
||||||
|
const char load_fix_key_str[] = "load-fix-key";
|
||||||
|
const char quick_test_str[] = "quick-test";
|
||||||
|
const char seed_test_str[] = "seed-test";
|
||||||
|
const char dump_test_str[] = "dump-test";
|
||||||
|
const char performance_str[] = "performance";
|
||||||
|
const char echo_str[] = "echo";
|
||||||
|
|
||||||
|
const cmdlist_entry_t cmdlist[] = {
|
||||||
|
{ reset_prng_str, NULL, reset_prng },
|
||||||
|
{ load_key_str, NULL, load_key },
|
||||||
|
{ load_fix_key_str, NULL, load_fix_rsa },
|
||||||
|
{ quick_test_str, NULL, quick_test },
|
||||||
|
{ seed_test_str, NULL, run_seed_test },
|
||||||
|
{ dump_test_str, NULL, test_dump },
|
||||||
|
// { performance_str, NULL, testrun_performance_bigint },
|
||||||
|
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
|
||||||
|
{ NULL, NULL, NULL }
|
||||||
|
};
|
||||||
|
|
||||||
|
void dump_sp(void){
|
||||||
|
uint8_t x;
|
||||||
|
uint8_t *xa = &x;
|
||||||
|
cli_putstr("\r\nstack pointer: ~");
|
||||||
|
cli_hexdump_rev(&xa, 4);
|
||||||
|
}
|
||||||
|
|
||||||
|
int main (void){
|
||||||
|
main_setup();
|
||||||
|
|
||||||
|
for(;;){
|
||||||
|
welcome_msg(algo_name);
|
||||||
|
rsa_init();
|
||||||
|
cmd_interface(cmdlist);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,714 @@
|
||||||
|
/* main-dsa-test.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* RSA test-suit
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#include "main-test-common.h"
|
||||||
|
|
||||||
|
#include "noekeon.h"
|
||||||
|
#include "noekeon_prng.h"
|
||||||
|
#include "bigint.h"
|
||||||
|
#include "bigint_io.h"
|
||||||
|
#include "random_dummy.h"
|
||||||
|
#include "rsa_basic.h"
|
||||||
|
#include "rsaes_pkcs1v15.h"
|
||||||
|
|
||||||
|
#include "performance_test.h"
|
||||||
|
|
||||||
|
const char* algo_name = "RSAES-PKCS15";
|
||||||
|
|
||||||
|
#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t))
|
||||||
|
#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* additional validation-functions *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
/* Modulus: */
|
||||||
|
const uint8_t modulus[] = {
|
||||||
|
0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
|
||||||
|
0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
|
||||||
|
0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
|
||||||
|
0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
|
||||||
|
0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
|
||||||
|
0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
|
||||||
|
0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
|
||||||
|
0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Public exponent: */
|
||||||
|
const uint8_t pub_exponent[] = { 0x01, 0x00, 0x01 };
|
||||||
|
|
||||||
|
/* Exponent: */
|
||||||
|
const uint8_t priv_exponent[] = {
|
||||||
|
0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
|
||||||
|
0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
|
||||||
|
0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
|
||||||
|
0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
|
||||||
|
0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
|
||||||
|
0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
|
||||||
|
0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
|
||||||
|
0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Prime 1: */
|
||||||
|
const uint8_t p[] = {
|
||||||
|
0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
|
||||||
|
0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
|
||||||
|
0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
|
||||||
|
0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Prime 2: */
|
||||||
|
const uint8_t q[] = {
|
||||||
|
0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
|
||||||
|
0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
|
||||||
|
0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
|
||||||
|
0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Prime exponent 1: */
|
||||||
|
const uint8_t dp[] = {
|
||||||
|
0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
|
||||||
|
0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
|
||||||
|
0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
|
||||||
|
0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Prime exponent 2: */
|
||||||
|
const uint8_t dq[] = {
|
||||||
|
0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
|
||||||
|
0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
|
||||||
|
0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
|
||||||
|
0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Coefficient: */
|
||||||
|
const uint8_t qinv[] = {
|
||||||
|
0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
|
||||||
|
0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
|
||||||
|
0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
|
||||||
|
0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1
|
||||||
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Example 2: A 1024-bit RSA key pair
|
||||||
|
* ---------------------------------------------------
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Modulus: */
|
||||||
|
const uint8_t modulus2[] = {
|
||||||
|
0x98, 0xb7, 0x05, 0x82, 0xca, 0x80, 0x8f, 0xd1, 0xd3, 0x50, 0x95, 0x62, 0xa0, 0xef, 0x30, 0x5a,
|
||||||
|
0xf6, 0xd9, 0x87, 0x54, 0x43, 0xb3, 0x5b, 0xdf, 0x24, 0xd5, 0x36, 0x35, 0x3e, 0x3f, 0x12, 0x28,
|
||||||
|
0xdc, 0xd1, 0x2a, 0x78, 0x56, 0x83, 0x56, 0xc6, 0xff, 0x32, 0x3a, 0xbf, 0x72, 0xac, 0x1c, 0xdb,
|
||||||
|
0xfe, 0x71, 0x2f, 0xb4, 0x9f, 0xe5, 0x94, 0xa5, 0xa2, 0x17, 0x5d, 0x48, 0xb6, 0x73, 0x25, 0x38,
|
||||||
|
0xd8, 0xdf, 0x37, 0xcb, 0x97, 0x0b, 0xe4, 0xa5, 0xb5, 0x62, 0xc3, 0xf2, 0x98, 0xdb, 0x9d, 0xdf,
|
||||||
|
0x75, 0x60, 0x78, 0x77, 0x91, 0x8c, 0xce, 0xd1, 0xd0, 0xd1, 0xf3, 0x77, 0x33, 0x8c, 0x0d, 0x3d,
|
||||||
|
0x32, 0x07, 0x79, 0x7e, 0x86, 0x2c, 0x65, 0xd1, 0x14, 0x39, 0xe5, 0x88, 0x17, 0x75, 0x27, 0xa7,
|
||||||
|
0xde, 0xd9, 0x19, 0x71, 0xad, 0xcf, 0x91, 0xe2, 0xe8, 0x34, 0xe3, 0x7f, 0x05, 0xa7, 0x36, 0x55
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Public exponent: */
|
||||||
|
const uint8_t pub_exponent2[] = {0x01, 0x00, 0x01 };
|
||||||
|
|
||||||
|
/* Exponent: */
|
||||||
|
const uint8_t priv_exponent2[] = {
|
||||||
|
0x06, 0x14, 0xa7, 0x86, 0x05, 0x2d, 0x28, 0x4c, 0xd9, 0x06, 0xa8, 0xe4, 0x13, 0xf7, 0x62, 0x2c,
|
||||||
|
0x05, 0x0f, 0x35, 0x49, 0xc0, 0x26, 0x58, 0x9e, 0xa2, 0x77, 0x50, 0xe0, 0xbe, 0xd9, 0x41, 0x0e,
|
||||||
|
0x5a, 0x78, 0x83, 0xa1, 0xe6, 0x03, 0xf5, 0xc5, 0x17, 0xad, 0x36, 0xd4, 0x9f, 0xaa, 0xc5, 0xbd,
|
||||||
|
0x66, 0xbc, 0xb8, 0x03, 0x0f, 0xa8, 0xd3, 0x09, 0xe3, 0x51, 0xdd, 0xd7, 0x82, 0xd8, 0x43, 0xdf,
|
||||||
|
0x97, 0x56, 0x80, 0xae, 0x73, 0xee, 0xa9, 0xaa, 0xb2, 0x89, 0xb7, 0x57, 0x20, 0x5d, 0xad, 0xb8,
|
||||||
|
0xfd, 0xfb, 0x98, 0x9e, 0xc8, 0xdb, 0x8e, 0x70, 0x95, 0xf5, 0x1f, 0x24, 0x52, 0x9f, 0x56, 0x37,
|
||||||
|
0xaa, 0x66, 0x93, 0x31, 0xe2, 0x56, 0x9f, 0x8b, 0x85, 0x4a, 0xbe, 0xce, 0xc9, 0x9a, 0xa2, 0x64,
|
||||||
|
0xc3, 0xda, 0x7c, 0xc6, 0x86, 0x6f, 0x0c, 0x0e, 0x1f, 0xb8, 0x46, 0x98, 0x48, 0x58, 0x1c, 0x73
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Prime 1: */
|
||||||
|
const uint8_t p2[] = {
|
||||||
|
0xcb, 0x61, 0xa8, 0x8c, 0x8c, 0x30, 0x5a, 0xd9, 0xa8, 0xfb, 0xec, 0x2b, 0xa4, 0xc8, 0x6c, 0xcc,
|
||||||
|
0xc2, 0x02, 0x80, 0x24, 0xaa, 0x16, 0x90, 0xc2, 0x9b, 0xc8, 0x26, 0x4d, 0x2f, 0xeb, 0xe8, 0x7e,
|
||||||
|
0x4f, 0x86, 0xe9, 0x12, 0xef, 0x0f, 0x5c, 0x18, 0x53, 0xd7, 0x1c, 0xbc, 0x9b, 0x14, 0xba, 0xed,
|
||||||
|
0x3c, 0x37, 0xce, 0xf6, 0xc7, 0xa3, 0x59, 0x8b, 0x6f, 0xbe, 0x06, 0x48, 0x10, 0x90, 0x5b, 0x57
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Prime 2: */
|
||||||
|
const uint8_t q2[] = {
|
||||||
|
0xc0, 0x39, 0x9f, 0x0b, 0x93, 0x80, 0xfa, 0xba, 0x38, 0xff, 0x80, 0xd2, 0xff, 0xf6, 0xed, 0xe7,
|
||||||
|
0x9c, 0xfd, 0xab, 0xf6, 0x58, 0x97, 0x20, 0x77, 0xa5, 0xe2, 0xb2, 0x95, 0x69, 0x3e, 0xa5, 0x10,
|
||||||
|
0x72, 0x26, 0x8b, 0x91, 0x74, 0x6e, 0xea, 0x9b, 0xe0, 0x4a, 0xd6, 0x61, 0x00, 0xeb, 0xed, 0x73,
|
||||||
|
0x3d, 0xb4, 0xcd, 0x01, 0x47, 0xa1, 0x8d, 0x6d, 0xe8, 0xc0, 0xcd, 0x8f, 0xbf, 0x24, 0x9c, 0x33
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Prime exponent 1: */
|
||||||
|
const uint8_t dp2[] = {
|
||||||
|
0x94, 0x4c, 0x3a, 0x65, 0x79, 0x57, 0x4c, 0xf7, 0x87, 0x33, 0x62, 0xab, 0x14, 0x35, 0x9c, 0xb7,
|
||||||
|
0xd5, 0x03, 0x93, 0xc2, 0xa8, 0x4f, 0x59, 0xf0, 0xbd, 0x3c, 0xbd, 0x48, 0xed, 0x17, 0x7c, 0x68,
|
||||||
|
0x95, 0xbe, 0x8e, 0xb6, 0xe2, 0x9f, 0xf5, 0x8c, 0x3b, 0x9e, 0x0f, 0xf3, 0x2a, 0xb5, 0x7b, 0xf3,
|
||||||
|
0xbe, 0x44, 0x07, 0x62, 0x84, 0x81, 0x84, 0xaa, 0x9a, 0xa9, 0x19, 0xd5, 0x74, 0x56, 0x7e, 0x73
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Prime exponent 2: */
|
||||||
|
const uint8_t dq2[] = {
|
||||||
|
0x45, 0xeb, 0xef, 0xd5, 0x87, 0x27, 0x30, 0x8c, 0xd2, 0xb4, 0xe6, 0x08, 0x5a, 0x81, 0x58, 0xd2,
|
||||||
|
0x9a, 0x41, 0x8f, 0xee, 0xc1, 0x14, 0xe0, 0x03, 0x85, 0xbc, 0xeb, 0x96, 0xfb, 0xbc, 0x84, 0xd0,
|
||||||
|
0x71, 0xa5, 0x61, 0xb9, 0x5c, 0x30, 0x08, 0x79, 0x00, 0xe2, 0x58, 0x0e, 0xdb, 0x05, 0xf6, 0xce,
|
||||||
|
0xa7, 0x90, 0x7f, 0xcd, 0xca, 0x5f, 0x92, 0x91, 0x7b, 0x4b, 0xbe, 0xba, 0x5e, 0x1e, 0x14, 0x0f
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Coefficient: */
|
||||||
|
const uint8_t qinv2[] = {
|
||||||
|
0xc5, 0x24, 0x68, 0xc8, 0xfd, 0x15, 0xe5, 0xda, 0x2f, 0x6c, 0x8e, 0xba, 0x4e, 0x97, 0xba, 0xeb,
|
||||||
|
0xe9, 0x95, 0xb6, 0x7a, 0x1a, 0x7a, 0xd7, 0x19, 0xdd, 0x9f, 0xff, 0x36, 0x6b, 0x18, 0x4d, 0x5a,
|
||||||
|
0xb4, 0x55, 0x07, 0x59, 0x09, 0x29, 0x20, 0x44, 0xec, 0xb3, 0x45, 0xcf, 0x2c, 0xdd, 0x26, 0x22,
|
||||||
|
0x8e, 0x21, 0xf8, 0x51, 0x83, 0x25, 0x5f, 0x4a, 0x9e, 0x69, 0xf4, 0xc7, 0x15, 0x2e, 0xbb, 0x0f
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/* PKCS#1 v1.5 encryption of 0x20, random messages with random s0xee,ds
|
||||||
|
* ---------------------------------------------------------------------------
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Message: */
|
||||||
|
const uint8_t message_x[] = {
|
||||||
|
0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
|
||||||
|
0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Seed: */
|
||||||
|
const uint8_t seed_x[] = {
|
||||||
|
0x01, 0x73, 0x41, 0xae, 0x38, 0x75, 0xd5, 0xf8, 0x71, 0x01, 0xf8, 0xcc, 0x4f, 0xa9, 0xb9, 0xbc,
|
||||||
|
0x15, 0x6b, 0xb0, 0x46, 0x28, 0xfc, 0xcd, 0xb2, 0xf4, 0xf1, 0x1e, 0x90, 0x5b, 0xd3, 0xa1, 0x55,
|
||||||
|
0xd3, 0x76, 0xf5, 0x93, 0xbd, 0x73, 0x04, 0x21, 0x08, 0x74, 0xeb, 0xa0, 0x8a, 0x5e, 0x22, 0xbc,
|
||||||
|
0xcc, 0xb4, 0xc9, 0xd3, 0x88, 0x2a, 0x93, 0xa5, 0x4d, 0xb0, 0x22, 0xf5, 0x03, 0xd1, 0x63, 0x38,
|
||||||
|
0xb6, 0xb7, 0xce, 0x16, 0xdc, 0x7f, 0x4b, 0xbf, 0x9a, 0x96, 0xb5, 0x97, 0x72, 0xd6, 0x60, 0x6e,
|
||||||
|
0x97, 0x47, 0xc7, 0x64, 0x9b, 0xf9, 0xe0, 0x83, 0xdb, 0x98, 0x18, 0x84, 0xa9, 0x54, 0xab, 0x3c,
|
||||||
|
0x6f };
|
||||||
|
|
||||||
|
/* Encryption: */
|
||||||
|
const uint8_t encrypted_x[] = {
|
||||||
|
0x50, 0xb4, 0xc1, 0x41, 0x36, 0xbd, 0x19, 0x8c, 0x2f, 0x3c, 0x3e, 0xd2, 0x43, 0xfc, 0xe0, 0x36,
|
||||||
|
0xe1, 0x68, 0xd5, 0x65, 0x17, 0x98, 0x4a, 0x26, 0x3c, 0xd6, 0x64, 0x92, 0xb8, 0x08, 0x04, 0xf1,
|
||||||
|
0x69, 0xd2, 0x10, 0xf2, 0xb9, 0xbd, 0xfb, 0x48, 0xb1, 0x2f, 0x9e, 0xa0, 0x50, 0x09, 0xc7, 0x7d,
|
||||||
|
0xa2, 0x57, 0xcc, 0x60, 0x0c, 0xce, 0xfe, 0x3a, 0x62, 0x83, 0x78, 0x9d, 0x8e, 0xa0, 0xe6, 0x07,
|
||||||
|
0xac, 0x58, 0xe2, 0x69, 0x0e, 0xc4, 0xeb, 0xc1, 0x01, 0x46, 0xe8, 0xcb, 0xaa, 0x5e, 0xd4, 0xd5,
|
||||||
|
0xcc, 0xe6, 0xfe, 0x7b, 0x0f, 0xf9, 0xef, 0xc1, 0xea, 0xbb, 0x56, 0x4d, 0xbf, 0x49, 0x82, 0x85,
|
||||||
|
0xf4, 0x49, 0xee, 0x61, 0xdd, 0x7b, 0x42, 0xee, 0x5b, 0x58, 0x92, 0xcb, 0x90, 0x60, 0x1f, 0x30,
|
||||||
|
0xcd, 0xa0, 0x7b, 0xf2, 0x64, 0x89, 0x31, 0x0b, 0xcd, 0x23, 0xb5, 0x28, 0xce, 0xab, 0x3c, 0x31
|
||||||
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
* PKCS#1 v1.5 Encryption Example 2.15
|
||||||
|
* ----------------------------------
|
||||||
|
*/
|
||||||
|
/* Message: */
|
||||||
|
const uint8_t message_2_15[] = {
|
||||||
|
0xa6, 0xd0, 0xe8, 0xc1, 0xea, 0x4a, 0xb4, 0xec, 0xc8, 0x95, 0x7d, 0x62, 0x28, 0x15, 0x79, 0x67,
|
||||||
|
0x5a, 0x64, 0x8d, 0x62, 0xb7, 0xf2, 0x2b, 0x2b, 0x08, 0xd1, 0x31, 0x3f, 0x40, 0x6f, 0x13, 0x7e,
|
||||||
|
0x99, 0x42, 0x67, 0x35, 0xcd, 0xb9, 0x37, 0x2f, 0xec, 0xa1, 0xee, 0x78, 0x46, 0x3f, 0xa5, 0xde,
|
||||||
|
0x9c, 0xdd, 0x84, 0x75, 0x6c, 0x68, 0xbd, 0x1d, 0x92, 0xba, 0x96, 0x5f, 0x50, 0x64, 0x10, 0xb1
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Seed: */
|
||||||
|
const uint8_t seed_2_15[] = {
|
||||||
|
0x1c, 0x25, 0xc9, 0xb8, 0x32, 0x16, 0x9a, 0x1f, 0xdb, 0x6c, 0x14, 0x8e, 0x47, 0xe6, 0x6c, 0x3c,
|
||||||
|
0xc8, 0x21, 0x41, 0xe6, 0x11, 0xa6, 0xf3, 0x0c, 0xc9, 0x0c, 0x50, 0x49, 0xe8, 0xc5, 0x02, 0xb3,
|
||||||
|
0x1c, 0xad, 0xc7, 0x62, 0x39, 0xb7, 0xbd, 0xaf, 0x93, 0xfa, 0x97, 0x34, 0x3e, 0x7e, 0xe5, 0x51,
|
||||||
|
0xbc, 0x52, 0xfd, 0xb5, 0xec, 0x9e, 0x40, 0x0a, 0xf0, 0x5d, 0xbe, 0xac, 0xda
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Encryption: */
|
||||||
|
const uint8_t encrypted_2_15[] = {
|
||||||
|
0xe8, 0xb2, 0xfc, 0x76, 0xdf, 0xb4, 0xa6, 0xcc, 0x43, 0x64, 0xde, 0x8f, 0x68, 0x3c, 0x3f,
|
||||||
|
0xcd, 0x0a, 0x9e, 0xcf, 0xbd, 0x4a, 0x5a, 0x72, 0x24, 0xf4, 0x9a, 0xe9, 0xb4, 0xf3, 0xb5, 0xcd,
|
||||||
|
0xc7, 0x1c, 0xbb, 0x8c, 0x66, 0xfd, 0x35, 0xf3, 0xd1, 0x8e, 0xca, 0x98, 0x96, 0x7b, 0xd4, 0x00,
|
||||||
|
0x5d, 0xf7, 0x91, 0x52, 0x41, 0x6f, 0xd4, 0x7e, 0x56, 0x2c, 0x55, 0xed, 0xc6, 0xd6, 0x12, 0x12,
|
||||||
|
0x28, 0x6e, 0xf9, 0x75, 0xbc, 0xc8, 0x02, 0x69, 0x25, 0x92, 0x65, 0x39, 0x00, 0x97, 0x3c, 0x72,
|
||||||
|
0xe0, 0x1a, 0x69, 0x3b, 0x05, 0xfc, 0x2d, 0x58, 0x56, 0xea, 0xef, 0x7a, 0xc0, 0x8f, 0xf5, 0xec,
|
||||||
|
0xd5, 0x31, 0xe2, 0xc2, 0xce, 0x92, 0x77, 0x45, 0xa1, 0x16, 0x5a, 0x51, 0xaa, 0x66, 0x98, 0xa1,
|
||||||
|
0xff, 0xcb, 0x87, 0xf8, 0x1e, 0xf6, 0x51, 0x0b, 0xca, 0xf9, 0xcb, 0x76, 0x1e, 0x9e, 0x1f, 0x0f
|
||||||
|
};
|
||||||
|
|
||||||
|
uint8_t keys_allocated = 0;
|
||||||
|
rsa_publickey_t pub_key;
|
||||||
|
rsa_privatekey_t priv_key;
|
||||||
|
|
||||||
|
#if 1
|
||||||
|
#define MSG message_2_15
|
||||||
|
#define SEED seed_2_15
|
||||||
|
#define ENCRYPTED encrypted_2_15
|
||||||
|
#define MODULUS modulus2
|
||||||
|
#define PUB_EXPONENT pub_exponent2
|
||||||
|
#define PRIV_EXPONENT priv_exponent2
|
||||||
|
#define P p2
|
||||||
|
#define Q q2
|
||||||
|
#define DP dp2
|
||||||
|
#define DQ dq2
|
||||||
|
#define QINV qinv2
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
uint8_t convert_nibble(uint8_t c){
|
||||||
|
if(c>='0' && c<='9'){
|
||||||
|
return c - '0';
|
||||||
|
}
|
||||||
|
c |= 'A' ^ 'a';
|
||||||
|
if(c>='a' && c<='f'){
|
||||||
|
return c - 'a' + 10;
|
||||||
|
}
|
||||||
|
return 0xff;
|
||||||
|
}
|
||||||
|
|
||||||
|
const char *block_ignore_string=" \t\r\n,;";
|
||||||
|
#define BUFFER_LIMIT 120
|
||||||
|
uint16_t read_os(void* dst, uint16_t length, const char* ignore_string){
|
||||||
|
uint16_t counter = 0;
|
||||||
|
uint16_t c;
|
||||||
|
uint8_t v, tmp = 0, idx = 0;
|
||||||
|
if(!ignore_string){
|
||||||
|
ignore_string = block_ignore_string;
|
||||||
|
}
|
||||||
|
while(counter < length){
|
||||||
|
c = cli_getc();
|
||||||
|
if(c > 0xff){
|
||||||
|
return counter;
|
||||||
|
}
|
||||||
|
if(strchr(ignore_string, c)){
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
v = convert_nibble(c);
|
||||||
|
if(v > 0x0f){
|
||||||
|
return counter;
|
||||||
|
}
|
||||||
|
if(idx){
|
||||||
|
((uint8_t*)dst)[counter++] = (tmp << 4) | v;
|
||||||
|
idx = 0;
|
||||||
|
if(counter % (BUFFER_LIMIT/2) == 0){
|
||||||
|
cli_putc('.');
|
||||||
|
}
|
||||||
|
}else{
|
||||||
|
tmp = v;
|
||||||
|
idx = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return counter;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint16_t own_atou(const char* str){
|
||||||
|
uint16_t r=0;
|
||||||
|
while(*str && *str >= '0' && *str <= '9'){
|
||||||
|
r *= 10;
|
||||||
|
r += *str++ - '0';
|
||||||
|
}
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t read_bigint(bigint_t* a, char* prompt){
|
||||||
|
uint16_t read_length, actual_length;
|
||||||
|
uint8_t off;
|
||||||
|
uint8_t *buffer;
|
||||||
|
char read_int_str[18];
|
||||||
|
cli_putstr(prompt);
|
||||||
|
cli_putstr("\r\n length: ");
|
||||||
|
cli_getsn(read_int_str, 16);
|
||||||
|
read_length = own_atou(read_int_str);
|
||||||
|
off = (sizeof(bigint_word_t) - (read_length % sizeof(bigint_word_t))) % sizeof(bigint_word_t);
|
||||||
|
buffer = malloc(((read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t));
|
||||||
|
if(!buffer){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
|
cli_putstr("\r\n data: ");
|
||||||
|
memset(buffer, 0, sizeof(bigint_word_t));
|
||||||
|
actual_length = read_os(buffer + off, read_length, NULL);
|
||||||
|
if(actual_length != read_length){
|
||||||
|
cli_putstr("\r\nERROR: unexpected end of data!");
|
||||||
|
free(buffer);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
a->wordv = (bigint_word_t*)buffer;
|
||||||
|
a->length_W = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||||
|
a->info = 0;
|
||||||
|
bigint_changeendianess(a);
|
||||||
|
bigint_adjust(a);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t pre_alloc_key_crt(void){
|
||||||
|
priv_key.n = 5;
|
||||||
|
priv_key.components = malloc(5 * sizeof(bigint_t));
|
||||||
|
if(!priv_key.components){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
void free_key(void){
|
||||||
|
uint8_t c;
|
||||||
|
free(pub_key.modulus.wordv);
|
||||||
|
free(pub_key.exponent.wordv);
|
||||||
|
pub_key.modulus.wordv = priv_key.modulus.wordv = NULL;
|
||||||
|
for(c = 0; c < priv_key.n; ++c){
|
||||||
|
free(priv_key.components[c].wordv);
|
||||||
|
}
|
||||||
|
free(priv_key.components);
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t read_key_crt(void){
|
||||||
|
uint8_t r;
|
||||||
|
cli_putstr("\r\n== reading key (crt) ==");
|
||||||
|
r = pre_alloc_key_crt();
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&pub_key.modulus, "\r\n = module =");
|
||||||
|
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&priv_key.components[0], "\r\n = p (first prime) =");
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&priv_key.components[1], "\r\n = q (second prime) =");
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&priv_key.components[2], "\r\n = dp (p's exponent) =");
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&priv_key.components[3], "\r\n = dq (q's exponent) =");
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&priv_key.components[4], "\r\n = qInv (q' coefficient) =");
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t read_key_conv(void){
|
||||||
|
uint8_t r;
|
||||||
|
cli_putstr("\r\n== reading key (crt) ==");
|
||||||
|
r = read_bigint(&pub_key.modulus,"\r\n = module =");
|
||||||
|
if(r) return r;
|
||||||
|
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
|
||||||
|
priv_key.n = 1;
|
||||||
|
priv_key.components = malloc(sizeof(bigint_t));
|
||||||
|
if(!priv_key.components){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
|
r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
|
||||||
|
if(r) return r;
|
||||||
|
r = read_bigint(&priv_key.components[0], "\r\n = private exponent =");
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
void load_priv_conventional(void){
|
||||||
|
priv_key.components = malloc(sizeof(bigint_t));
|
||||||
|
priv_key.components[0].length_W = (sizeof(PRIV_EXPONENT) +
|
||||||
|
sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||||
|
priv_key.components[0].wordv = malloc(priv_key.components[0].length_W *
|
||||||
|
sizeof(bigint_word_t));
|
||||||
|
if(!priv_key.components[0].wordv){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
memcpy(priv_key.components[0].wordv, PRIV_EXPONENT, sizeof(PRIV_EXPONENT));
|
||||||
|
priv_key.n = 1;
|
||||||
|
bigint_changeendianess(&priv_key.components[0]);
|
||||||
|
bigint_adjust(&priv_key.components[0]);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void load_priv_crt_mono(void){
|
||||||
|
bigint_t *v;
|
||||||
|
const uint8_t *bv[5] = {P,Q,DP,DQ,QINV};
|
||||||
|
uint16_t sv[5] = {sizeof(P), sizeof(Q), sizeof(DP), sizeof(DQ), sizeof(QINV)};
|
||||||
|
uint8_t i;
|
||||||
|
v = malloc(5 * sizeof(bigint_t));
|
||||||
|
if(!v){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
priv_key.components = v;
|
||||||
|
priv_key.n = 5;
|
||||||
|
for(i=0; i<5; ++i){
|
||||||
|
v[i].info = 0;
|
||||||
|
v[i].length_W = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||||
|
v[i].wordv = calloc(v[i].length_W , sizeof(bigint_word_t));
|
||||||
|
if(!v[i].wordv){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
memcpy(v[i].wordv, bv[i], sv[i]);
|
||||||
|
bigint_changeendianess(&v[i]);
|
||||||
|
bigint_adjust(&v[i]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t load_bigint_from_os(bigint_t* a, const void* os, uint16_t length_B){
|
||||||
|
a->length_W = BIGINT_CEIL(length_B) / sizeof(bigint_word_t);
|
||||||
|
a->wordv = malloc(BIGINT_CEIL(length_B));
|
||||||
|
if(!a->wordv){
|
||||||
|
cli_putstr("\r\nOOM!\r\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
memset(a->wordv, 0, sizeof(bigint_word_t));
|
||||||
|
memcpy((uint8_t*)a->wordv + BIGINT_OFF(length_B), os, length_B);
|
||||||
|
a->info = 0;
|
||||||
|
bigint_changeendianess(a);
|
||||||
|
bigint_adjust(a);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
void load_fix_rsa(void){
|
||||||
|
if(keys_allocated){
|
||||||
|
free_key();
|
||||||
|
}
|
||||||
|
keys_allocated = 1;
|
||||||
|
|
||||||
|
if(pre_alloc_key_crt()){
|
||||||
|
cli_putstr("\r\nOOM!\r\n");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
load_bigint_from_os(&pub_key.modulus, MODULUS, sizeof(MODULUS));
|
||||||
|
load_bigint_from_os(&pub_key.exponent, PUB_EXPONENT, sizeof(PUB_EXPONENT));
|
||||||
|
priv_key.n = 5;
|
||||||
|
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
|
||||||
|
load_bigint_from_os(&priv_key.components[0], P, sizeof(P));
|
||||||
|
load_bigint_from_os(&priv_key.components[1], Q, sizeof(Q));
|
||||||
|
load_bigint_from_os(&priv_key.components[2], DP, sizeof(DP));
|
||||||
|
load_bigint_from_os(&priv_key.components[3], DQ, sizeof(DQ));
|
||||||
|
load_bigint_from_os(&priv_key.components[4], QINV, sizeof(QINV));
|
||||||
|
|
||||||
|
// load_priv_conventional();
|
||||||
|
// load_priv_crt_mono();
|
||||||
|
}
|
||||||
|
|
||||||
|
void quick_test(void){
|
||||||
|
uint8_t *ciphertext, *plaintext, rc;
|
||||||
|
uint8_t seed[sizeof(SEED)], seed_out[sizeof(SEED)];
|
||||||
|
uint16_t clen, plen;
|
||||||
|
if(!keys_allocated){
|
||||||
|
load_fix_rsa();
|
||||||
|
}
|
||||||
|
ciphertext = malloc(clen = pub_key.modulus.length_W * sizeof(bigint_word_t));
|
||||||
|
plaintext = malloc(pub_key.modulus.length_W * sizeof(bigint_word_t));
|
||||||
|
memcpy(plaintext, MSG, sizeof(MSG));
|
||||||
|
memcpy(seed, SEED, sizeof(SEED));
|
||||||
|
cli_putstr("\r\nplaintext:");
|
||||||
|
cli_hexdump_block(plaintext, sizeof(MSG), 4, 16);
|
||||||
|
cli_putstr("\r\nseed:");
|
||||||
|
cli_hexdump_block(seed, sizeof(SEED), 4, 16);
|
||||||
|
cli_putstr("\r\nencrypting: ...");
|
||||||
|
|
||||||
|
rc = rsa_encrypt_pkcs1v15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed);
|
||||||
|
if(rc){
|
||||||
|
cli_putstr("\r\nERROR: rsa_encrypt_pkcs1v15 returned: ");
|
||||||
|
cli_hexdump_byte(rc);
|
||||||
|
return;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
cli_putstr("\r\n\r\nciphertext:");
|
||||||
|
cli_hexdump_block(ciphertext, clen, 4, 16);
|
||||||
|
if(clen!=sizeof(ENCRYPTED)){
|
||||||
|
cli_putstr("\r\n>>FAIL (no size match)<<");
|
||||||
|
}else{
|
||||||
|
if(memcmp(ciphertext, ENCRYPTED, clen)){
|
||||||
|
cli_putstr("\r\n>>FAIL (no content match)<<");
|
||||||
|
}else{
|
||||||
|
cli_putstr("\r\n>>OK<<");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
cli_putstr("\r\ndecrypting: ...");
|
||||||
|
rc = rsa_decrypt_pkcs1v15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out);
|
||||||
|
if(rc){
|
||||||
|
cli_putstr("\r\nERROR: rsa_decrypt_pkcs1v15 returned: ");
|
||||||
|
cli_hexdump_byte(rc);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
cli_putstr("\r\n\r\nplaintext:");
|
||||||
|
cli_hexdump_block(plaintext, plen, 4, 16);
|
||||||
|
cli_putstr("\r\n\r\nseed (out):");
|
||||||
|
cli_hexdump_block(seed_out, sizeof(SEED), 4, 16);
|
||||||
|
|
||||||
|
free(ciphertext);
|
||||||
|
free(plaintext);
|
||||||
|
}
|
||||||
|
|
||||||
|
void run_seed_test(void){
|
||||||
|
uint8_t *msg, *ciph, *msg_;
|
||||||
|
uint16_t msg_len, ciph_len, msg_len_;
|
||||||
|
uint16_t seed_len;
|
||||||
|
uint8_t *seed, *seed_out;
|
||||||
|
char read_int_str[18];
|
||||||
|
cli_putstr("\r\n== test with given seed ==");
|
||||||
|
cli_putstr("\r\n = message =");
|
||||||
|
cli_putstr("\r\n length: ");
|
||||||
|
cli_getsn(read_int_str, 16);
|
||||||
|
msg_len = own_atou(read_int_str);
|
||||||
|
seed_len = rsa_pkcs1v15_compute_padlength_B(&pub_key.modulus, msg_len);
|
||||||
|
seed = malloc(seed_len);
|
||||||
|
if(!seed){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
seed_out = malloc(seed_len);
|
||||||
|
if(!seed_out){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
msg = malloc(msg_len);
|
||||||
|
if(!msg){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
ciph = malloc(bigint_length_B(&pub_key.modulus));
|
||||||
|
if(!ciph){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
msg_ = malloc(bigint_length_B(&pub_key.modulus));
|
||||||
|
if(!msg_){
|
||||||
|
cli_putstr("\r\nERROR: OOM!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
cli_putstr("\r\n data: ");
|
||||||
|
read_os(msg, msg_len, NULL);
|
||||||
|
cli_putstr("\r\n seed (0x");
|
||||||
|
cli_hexdump_rev(&seed_len, 2);
|
||||||
|
cli_putstr(" bytes): ");
|
||||||
|
read_os(seed, seed_len, NULL);
|
||||||
|
|
||||||
|
cli_putstr("\r\n encrypting ...");
|
||||||
|
/*
|
||||||
|
cli_putstr("\r\n plaintext:");
|
||||||
|
cli_hexdump_block(msg, msg_len, 4, 16);
|
||||||
|
cli_putstr("\r\n seed:");
|
||||||
|
cli_hexdump_block(seed, seed_len, 4, 16);
|
||||||
|
*/
|
||||||
|
rsa_encrypt_pkcs1v15(ciph, &ciph_len, msg, msg_len, &pub_key, seed);
|
||||||
|
cli_putstr("\r\n ciphertext:");
|
||||||
|
cli_hexdump_block(ciph, ciph_len, 4, 16);
|
||||||
|
cli_putstr("\r\n decrypting ... ");
|
||||||
|
rsa_decrypt_pkcs1v15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out);
|
||||||
|
cli_putstr("[done]");
|
||||||
|
if(msg_len != msg_len_){
|
||||||
|
char tstr[16];
|
||||||
|
cli_putstr("\r\nERROR: wrong decrypted message length (");
|
||||||
|
ultoa(msg_len_, tstr, 10);
|
||||||
|
cli_putstr(tstr);
|
||||||
|
cli_putstr(" instead of ");
|
||||||
|
ultoa(msg_len, tstr, 10);
|
||||||
|
cli_putstr(tstr);
|
||||||
|
cli_putc(')');
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
if(memcmp(msg, msg_, msg_len)){
|
||||||
|
cli_putstr("\r\nERROR: wrong decrypted message:");
|
||||||
|
cli_hexdump_block(msg_, msg_len_, 4, 16);
|
||||||
|
cli_putstr("\r\nreference:");
|
||||||
|
cli_hexdump_block(msg, msg_len, 4, 16);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(memcmp(seed, seed_out, seed_len)){
|
||||||
|
cli_putstr("\r\nERROR: wrong decrypted seed:");
|
||||||
|
cli_hexdump_block(seed_out, seed_len, 4, 16);
|
||||||
|
cli_putstr("\r\nreference:");
|
||||||
|
cli_hexdump_block(seed, seed_len, 4, 16);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
cli_putstr("\r\n >>OK<<");
|
||||||
|
end:
|
||||||
|
free(ciph);
|
||||||
|
free(msg_);
|
||||||
|
free(msg);
|
||||||
|
free(seed_out);
|
||||||
|
free(seed);
|
||||||
|
}
|
||||||
|
|
||||||
|
void reset_prng(void){
|
||||||
|
uint8_t buf[16];
|
||||||
|
memset(buf, 0, 16);
|
||||||
|
random_seed(buf);
|
||||||
|
cli_putstr("\r\nPRNG reset");
|
||||||
|
}
|
||||||
|
|
||||||
|
void rsa_init(void){
|
||||||
|
prng_get_byte = random8;
|
||||||
|
}
|
||||||
|
|
||||||
|
void load_key(void){
|
||||||
|
if(keys_allocated){
|
||||||
|
free_key();
|
||||||
|
}
|
||||||
|
keys_allocated = 1;
|
||||||
|
read_key_crt();
|
||||||
|
}
|
||||||
|
|
||||||
|
void test_dump(void){
|
||||||
|
char lstr[16];
|
||||||
|
int len;
|
||||||
|
cli_putstr("\r\nenter dump length: ");
|
||||||
|
cli_getsn(lstr, 15);
|
||||||
|
len = own_atou(lstr);
|
||||||
|
cli_putstr("\r\ndumping 0x");
|
||||||
|
cli_hexdump_rev(&len, 2);
|
||||||
|
cli_putstr(" byte:");
|
||||||
|
cli_hexdump_block(pub_key.modulus.wordv, len, 4, 8);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* main *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
const char echo_test_str[] = "echo-test";
|
||||||
|
const char reset_prng_str[] = "reset-prng";
|
||||||
|
const char load_key_str[] = "load-key";
|
||||||
|
const char load_fix_key_str[] = "load-fix-key";
|
||||||
|
const char quick_test_str[] = "quick-test";
|
||||||
|
const char seed_test_str[] = "seed-test";
|
||||||
|
const char dump_test_str[] = "dump-test";
|
||||||
|
const char performance_str[] = "performance";
|
||||||
|
const char echo_str[] = "echo";
|
||||||
|
|
||||||
|
const cmdlist_entry_t cmdlist[] = {
|
||||||
|
{ reset_prng_str, NULL, reset_prng },
|
||||||
|
{ load_key_str, NULL, load_key },
|
||||||
|
{ load_fix_key_str, NULL, load_fix_rsa },
|
||||||
|
{ quick_test_str, NULL, quick_test },
|
||||||
|
{ seed_test_str, NULL, run_seed_test },
|
||||||
|
{ dump_test_str, NULL, test_dump },
|
||||||
|
// { performance_str, NULL, testrun_performance_bigint },
|
||||||
|
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
|
||||||
|
{ NULL, NULL, NULL }
|
||||||
|
};
|
||||||
|
|
||||||
|
void dump_sp(void){
|
||||||
|
uint8_t x;
|
||||||
|
uint8_t *xa = &x;
|
||||||
|
cli_putstr("\r\nstack pointer: ~");
|
||||||
|
cli_hexdump_rev(&xa, 4);
|
||||||
|
}
|
||||||
|
|
||||||
|
int main (void){
|
||||||
|
main_setup();
|
||||||
|
|
||||||
|
for(;;){
|
||||||
|
welcome_msg(algo_name);
|
||||||
|
rsa_init();
|
||||||
|
cmd_interface(cmdlist);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,217 @@
|
||||||
|
/* main-sha512-test.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* SHA-512 test-suit
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "main-test-common.h"
|
||||||
|
#include "uart_lowlevel.h"
|
||||||
|
|
||||||
|
#include "shavs.h"
|
||||||
|
#include "nessie_hash_test.h"
|
||||||
|
#include "performance_test.h"
|
||||||
|
#include "hfal-nessie.h"
|
||||||
|
#include "hfal-performance.h"
|
||||||
|
#include "hfal-test.h"
|
||||||
|
|
||||||
|
|
||||||
|
#include "sha224.h"
|
||||||
|
#include "hfal_sha224.h"
|
||||||
|
#include "sha256.h"
|
||||||
|
#include "hfal_sha256.h"
|
||||||
|
#include "sha384.h"
|
||||||
|
#include "hfal_sha384.h"
|
||||||
|
#include "sha512.h"
|
||||||
|
#include "hfal_sha512.h"
|
||||||
|
|
||||||
|
const char* algo_name = "SHA-2";
|
||||||
|
|
||||||
|
const hfdesc_t* algolist[] = {
|
||||||
|
(hfdesc_t*)&sha224_desc,
|
||||||
|
(hfdesc_t*)&sha256_desc,
|
||||||
|
(hfdesc_t*)&sha384_desc,
|
||||||
|
(hfdesc_t*)&sha512_desc,
|
||||||
|
NULL
|
||||||
|
};
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* additional validation-functions *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
void testrun_nessie_sha2(void){
|
||||||
|
hfal_nessie_multiple(algolist);
|
||||||
|
}
|
||||||
|
|
||||||
|
void testrun_performance_sha2(void){
|
||||||
|
hfal_performance_multiple(algolist);
|
||||||
|
}
|
||||||
|
|
||||||
|
void simple_test(void){
|
||||||
|
const char *msg = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
|
||||||
|
"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
|
||||||
|
|
||||||
|
uint8_t hash[64];
|
||||||
|
sha512_ctx_t ctx;
|
||||||
|
cli_putstr("\r\nDBG: init ..."); uart_flush(0);
|
||||||
|
sha512_init(&ctx);
|
||||||
|
cli_putstr("\r\nDBG: init done"); uart_flush(0);
|
||||||
|
sha512_lastBlock(&ctx, msg, 3*8);
|
||||||
|
cli_putstr("\r\nDBG: lastBlock done"); uart_flush(0);
|
||||||
|
sha512_ctx2hash(hash, &ctx);
|
||||||
|
cli_putstr("\r\n hash = ");
|
||||||
|
cli_hexdump(hash, 64);
|
||||||
|
|
||||||
|
|
||||||
|
cli_putstr("\r\nDBG: init ..."); uart_flush(0);
|
||||||
|
sha512_init(&ctx);
|
||||||
|
cli_putstr("\r\nDBG: init done"); uart_flush(0);
|
||||||
|
sha512_lastBlock(&ctx, msg, 896);
|
||||||
|
cli_putstr("\r\nDBG: lastBlock done"); uart_flush(0);
|
||||||
|
sha512_ctx2hash(hash, &ctx);
|
||||||
|
cli_putstr("\r\n hash = ");
|
||||||
|
cli_hexdump(hash, 64);
|
||||||
|
|
||||||
|
uint32_t c=0;
|
||||||
|
uint8_t buffer[128];
|
||||||
|
memset(buffer, 'a', 128);
|
||||||
|
cli_putstr("\r\nDBG: init ..."); uart_flush(0);
|
||||||
|
sha512_init(&ctx);
|
||||||
|
cli_putstr("\r\nDBG: init done"); uart_flush(0);
|
||||||
|
do{
|
||||||
|
sha512_nextBlock(&ctx, buffer);
|
||||||
|
c += 128;
|
||||||
|
}while(c+128<1000000L);
|
||||||
|
sha512_lastBlock(&ctx, buffer, (1000000-c)*8);
|
||||||
|
cli_putstr("\r\nDBG: lastBlock done"); uart_flush(0);
|
||||||
|
sha512_ctx2hash(hash, &ctx);
|
||||||
|
cli_putstr("\r\n hash = ");
|
||||||
|
cli_hexdump(hash, 64);
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
void test_monte(void){
|
||||||
|
uint8_t data1[] = {
|
||||||
|
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
|
||||||
|
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
|
||||||
|
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
|
||||||
|
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
|
||||||
|
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
|
||||||
|
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
|
||||||
|
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
|
||||||
|
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
|
||||||
|
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
|
||||||
|
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
|
||||||
|
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
|
||||||
|
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7 };
|
||||||
|
|
||||||
|
uint8_t data2[] = {
|
||||||
|
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
|
||||||
|
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
|
||||||
|
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
|
||||||
|
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
|
||||||
|
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
|
||||||
|
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
|
||||||
|
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
|
||||||
|
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
|
||||||
|
0xFD, 0xDF, 0x1B, 0x37, 0xDD, 0x34, 0xB3, 0xB2,
|
||||||
|
0x01, 0xD4, 0x3C, 0x57, 0xBC, 0xDE, 0x11, 0x58,
|
||||||
|
0x38, 0xF0, 0xDF, 0x70, 0x1D, 0xA9, 0x3C, 0x3B,
|
||||||
|
0xF2, 0xC9, 0xC8, 0x68, 0x96, 0xE7, 0xE6, 0xC7 };
|
||||||
|
uint8_t hash[SHA256_HASH_BYTES];
|
||||||
|
sha256((sha256_hash_t*)hash, data1, 3*32*8);
|
||||||
|
cli_putstr("\r\n hash(data1) = ");
|
||||||
|
cli_hexdump(hash, 32);
|
||||||
|
sha256((sha256_hash_t*)hash, data2, 3*32*8);
|
||||||
|
cli_putstr("\r\n hash(data2) = ");
|
||||||
|
cli_hexdump(hash, 32);
|
||||||
|
}
|
||||||
|
|
||||||
|
void test_monte2(void){
|
||||||
|
uint8_t data[] = {
|
||||||
|
0x6c, 0xd4, 0xc0, 0xc5, 0xcb, 0x2c, 0xa2, 0xa0,
|
||||||
|
0xf1, 0xd1, 0xae, 0xce, 0xba, 0xc0, 0x3b, 0x52,
|
||||||
|
0xe6, 0x4e, 0xa0, 0x3d, 0x1a, 0x16, 0x54, 0x37,
|
||||||
|
0x29, 0x36, 0x54, 0x5b, 0x92, 0xbb, 0xc5, 0x48,
|
||||||
|
0x4a, 0x59, 0xdb, 0x74, 0xbb, 0x60, 0xf9, 0xc4,
|
||||||
|
0x0c, 0xeb, 0x1a, 0x5a, 0xa3, 0x5a, 0x6f, 0xaf,
|
||||||
|
0xe8, 0x03, 0x49, 0xe1, 0x4c, 0x25, 0x3a, 0x4e,
|
||||||
|
0x8b, 0x1d, 0x77, 0x61, 0x2d, 0xdd, 0x81, 0xac,
|
||||||
|
0xe9, 0x26, 0xae, 0x8b, 0x0a, 0xf6, 0xe5, 0x31,
|
||||||
|
0x76, 0xdb, 0xff, 0xcc, 0x2a, 0x6b, 0x88, 0xc6,
|
||||||
|
0xbd, 0x76, 0x5f, 0x93, 0x9d, 0x3d, 0x17, 0x8a,
|
||||||
|
0x9b, 0xde, 0x9e, 0xf3, 0xaa, 0x13, 0x1c, 0x61,
|
||||||
|
0xe3, 0x1c, 0x1e, 0x42, 0xcd, 0xfa, 0xf4, 0xb4,
|
||||||
|
0xdc, 0xde, 0x57, 0x9a, 0x37, 0xe1, 0x50, 0xef,
|
||||||
|
0xbe, 0xf5, 0x55, 0x5b, 0x4c, 0x1c, 0xb4, 0x04,
|
||||||
|
0x39, 0xd8, 0x35, 0xa7, 0x24, 0xe2, 0xfa, 0xe7 };
|
||||||
|
|
||||||
|
uint8_t hash[SHA256_HASH_BYTES];
|
||||||
|
sha256((sha256_hash_t*)hash, data, 1024);
|
||||||
|
cli_putstr("\r\n hash(data) = ");
|
||||||
|
cli_hexdump(hash, 32);
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
/*****************************************************************************
|
||||||
|
* main *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
const char nessie_str[] = "nessie";
|
||||||
|
const char test_str[] = "test";
|
||||||
|
//const char monte_str[] = "monte";
|
||||||
|
//const char monte2_str[] = "monte2";
|
||||||
|
const char performance_str[] = "performance";
|
||||||
|
const char echo_str[] = "echo";
|
||||||
|
const char shavs_list_str[] = "shavs_list";
|
||||||
|
const char shavs_set_str[] = "shavs_set";
|
||||||
|
const char shavs_test1_str[] = "shavs_test1";
|
||||||
|
const char shavs_test2_str[] = "shavs_test2";
|
||||||
|
const char shavs_test3_str[] = "shavs_test3";
|
||||||
|
const char dump_str[] = "dump";
|
||||||
|
|
||||||
|
const cmdlist_entry_t cmdlist[] = {
|
||||||
|
{ nessie_str, NULL, testrun_nessie_sha2 },
|
||||||
|
{ test_str, NULL, simple_test },
|
||||||
|
// { monte_str, NULL, test_monte },
|
||||||
|
// { monte2_str, NULL, test_monte2 },
|
||||||
|
{ performance_str, NULL, testrun_performance_sha2 },
|
||||||
|
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
|
||||||
|
{ shavs_list_str, NULL, shavs_listalgos },
|
||||||
|
{ shavs_set_str, (void*)1, (void_fpt)shavs_setalgo },
|
||||||
|
{ shavs_test1_str, NULL, shavs_test1 },
|
||||||
|
{ shavs_test2_str, NULL, shavs_test2 },
|
||||||
|
{ shavs_test3_str, NULL, shavs_test3 },
|
||||||
|
{ dump_str, (void*)1, (void_fpt)dump },
|
||||||
|
{ NULL, NULL, NULL }
|
||||||
|
};
|
||||||
|
|
||||||
|
int main(void) {
|
||||||
|
main_setup();
|
||||||
|
|
||||||
|
shavs_algolist=(hfdesc_t**)algolist;
|
||||||
|
shavs_algo=(hfdesc_t*)&sha256_desc;
|
||||||
|
|
||||||
|
for(;;){
|
||||||
|
welcome_msg(algo_name);
|
||||||
|
cmd_interface(cmdlist);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,214 @@
|
||||||
|
/* nessie_bc_test.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* author: Daniel Otte
|
||||||
|
* email: daniel.otte@rub.de
|
||||||
|
* license: GPLv3
|
||||||
|
*
|
||||||
|
* a suit for running the nessie-tests for blockciphers
|
||||||
|
*
|
||||||
|
* */
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "nessie_bc_test.h"
|
||||||
|
#include "nessie_common.h"
|
||||||
|
|
||||||
|
volatile nessie_bc_ctx_t nessie_bc_ctx;
|
||||||
|
|
||||||
|
void nessie_bc_init(void){
|
||||||
|
memset((void*)&nessie_bc_ctx, 0, sizeof(nessie_bc_ctx_t));
|
||||||
|
}
|
||||||
|
|
||||||
|
static
|
||||||
|
void nessie_bc_free(void* ctx){
|
||||||
|
if(nessie_bc_ctx.cipher_free)
|
||||||
|
nessie_bc_ctx.cipher_free(ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
void nessie_bc_enc(uint8_t* key, uint8_t* pt){
|
||||||
|
uint8_t ctx[nessie_bc_ctx.ctx_size_B];
|
||||||
|
uint8_t buffer[nessie_bc_ctx.blocksize_B];
|
||||||
|
uint16_t i;
|
||||||
|
|
||||||
|
/* single test */
|
||||||
|
nessie_print_item("key", key, (nessie_bc_ctx.keysize_b+7)/8);
|
||||||
|
nessie_bc_ctx.cipher_genctx(key, nessie_bc_ctx.keysize_b, ctx);
|
||||||
|
|
||||||
|
memcpy(buffer, pt, nessie_bc_ctx.blocksize_B);
|
||||||
|
nessie_print_item("plain", buffer, nessie_bc_ctx.blocksize_B);
|
||||||
|
nessie_bc_ctx.cipher_enc(buffer, ctx);
|
||||||
|
nessie_print_item("cipher", buffer, nessie_bc_ctx.blocksize_B);
|
||||||
|
if(nessie_bc_ctx.cipher_dec){
|
||||||
|
nessie_bc_ctx.cipher_dec(buffer, ctx);
|
||||||
|
nessie_print_item("decrypted", buffer, nessie_bc_ctx.blocksize_B);
|
||||||
|
}
|
||||||
|
/* 100 times test */
|
||||||
|
memcpy(buffer, pt, nessie_bc_ctx.blocksize_B);
|
||||||
|
for(i=0; i<100; ++i){
|
||||||
|
nessie_bc_ctx.cipher_enc(buffer, ctx);
|
||||||
|
NESSIE_SEND_ALIVE_A(i);
|
||||||
|
}
|
||||||
|
nessie_print_item("Iterated 100 times", buffer, nessie_bc_ctx.blocksize_B);
|
||||||
|
#ifndef NESSIE_NO1KTEST
|
||||||
|
/* 1000 times test, we use the 100 preceding steps to fasten things a bit */
|
||||||
|
for(; i<1000; ++i){
|
||||||
|
nessie_bc_ctx.cipher_enc(buffer, ctx);
|
||||||
|
NESSIE_SEND_ALIVE_A(i);
|
||||||
|
}
|
||||||
|
nessie_print_item("Iterated 1000 times", buffer, nessie_bc_ctx.blocksize_B);
|
||||||
|
#endif
|
||||||
|
nessie_bc_free(ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
void nessie_bc_dec(uint8_t* key, uint8_t* ct){
|
||||||
|
uint8_t ctx[nessie_bc_ctx.ctx_size_B];
|
||||||
|
uint8_t buffer[nessie_bc_ctx.blocksize_B];
|
||||||
|
|
||||||
|
/* single test */
|
||||||
|
nessie_print_item("key", key, (nessie_bc_ctx.keysize_b+7)/8);
|
||||||
|
nessie_bc_ctx.cipher_genctx(key, nessie_bc_ctx.keysize_b, ctx);
|
||||||
|
memcpy(buffer, ct, nessie_bc_ctx.blocksize_B);
|
||||||
|
nessie_print_item("cipher", buffer, nessie_bc_ctx.blocksize_B);
|
||||||
|
nessie_bc_ctx.cipher_dec(buffer, ctx);
|
||||||
|
nessie_print_item("plain", buffer, nessie_bc_ctx.blocksize_B);
|
||||||
|
nessie_bc_ctx.cipher_enc(buffer, ctx);
|
||||||
|
nessie_print_item("encrypted", buffer, nessie_bc_ctx.blocksize_B);
|
||||||
|
nessie_bc_free(ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
void nessie_bc_run(void){
|
||||||
|
uint16_t i;
|
||||||
|
uint8_t set;
|
||||||
|
uint8_t key[(nessie_bc_ctx.keysize_b+7)/8];
|
||||||
|
uint8_t buffer[nessie_bc_ctx.blocksize_B];
|
||||||
|
|
||||||
|
nessie_print_header(nessie_bc_ctx.name, nessie_bc_ctx.keysize_b,
|
||||||
|
nessie_bc_ctx.blocksize_B*8, 0, 0, 0);
|
||||||
|
/* test set 1 */
|
||||||
|
set=1;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
for(i=0; i<nessie_bc_ctx.keysize_b; ++i){
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
memset(key, 0, (nessie_bc_ctx.keysize_b+7)/8);
|
||||||
|
key[i/8] |= 0x80>>(i%8);
|
||||||
|
memset(buffer, 0, nessie_bc_ctx.blocksize_B);
|
||||||
|
nessie_bc_enc(key, buffer);
|
||||||
|
}
|
||||||
|
/* test set 2 */
|
||||||
|
set=2;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
for(i=0; i<nessie_bc_ctx.blocksize_B*8; ++i){
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
memset(key, 0, (nessie_bc_ctx.keysize_b+7)/8);
|
||||||
|
memset(buffer, 0, nessie_bc_ctx.blocksize_B);
|
||||||
|
buffer[i/8] |= 0x80>>(i%8);
|
||||||
|
nessie_bc_enc(key, buffer);
|
||||||
|
}
|
||||||
|
/* test set 3 */
|
||||||
|
set=3;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
for(i=0; i<256; ++i){
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
memset(key, i, (nessie_bc_ctx.keysize_b+7)/8);
|
||||||
|
memset(buffer, i, nessie_bc_ctx.blocksize_B);
|
||||||
|
nessie_bc_enc(key, buffer);
|
||||||
|
}
|
||||||
|
/* test set 4 */
|
||||||
|
set=4;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
/* 4 - 0*/
|
||||||
|
nessie_print_set_vector(set, 0);
|
||||||
|
for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){
|
||||||
|
key[i]=i;
|
||||||
|
}
|
||||||
|
for(i=0; i<nessie_bc_ctx.blocksize_B; ++i){
|
||||||
|
buffer[i]=i*0x11;
|
||||||
|
}
|
||||||
|
nessie_bc_enc(key, buffer);
|
||||||
|
/* 4 - 1 */
|
||||||
|
nessie_print_set_vector(set, 1);
|
||||||
|
/* This is the test vectors in Kasumi */
|
||||||
|
static uint8_t kasumi_key[] = {
|
||||||
|
0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
|
||||||
|
0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 };
|
||||||
|
static uint8_t kasumi_plain[]={
|
||||||
|
0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 };
|
||||||
|
for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){
|
||||||
|
key[i]=kasumi_key[i%sizeof(kasumi_key)];
|
||||||
|
}
|
||||||
|
for(i=0; i<nessie_bc_ctx.blocksize_B; ++i){
|
||||||
|
buffer[i]=kasumi_plain[i%sizeof(kasumi_plain)];
|
||||||
|
}
|
||||||
|
nessie_bc_enc(key, buffer);
|
||||||
|
/* half done ;-) */
|
||||||
|
if(nessie_bc_ctx.cipher_dec==NULL)
|
||||||
|
return;
|
||||||
|
/* test set 5 */
|
||||||
|
set=5;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
for(i=0; i<nessie_bc_ctx.keysize_b; ++i){
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
memset(key, 0, (nessie_bc_ctx.keysize_b+7)/8);
|
||||||
|
key[i/8] |= 0x80>>(i%8);
|
||||||
|
memset(buffer, 0, nessie_bc_ctx.blocksize_B);
|
||||||
|
nessie_bc_dec(key, buffer);
|
||||||
|
}
|
||||||
|
/* test set 6 */
|
||||||
|
set=6;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
for(i=0; i<nessie_bc_ctx.blocksize_B*8; ++i){
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
memset(key, 0, (nessie_bc_ctx.keysize_b+7)/8);
|
||||||
|
memset(buffer, 0, nessie_bc_ctx.blocksize_B);
|
||||||
|
buffer[i/8] |= 0x80>>(i%8);
|
||||||
|
nessie_bc_dec(key, buffer);
|
||||||
|
}
|
||||||
|
/* test set 7 */
|
||||||
|
set=7;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
for(i=0; i<256; ++i){
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
memset(key, i, (nessie_bc_ctx.keysize_b+7)/8);
|
||||||
|
memset(buffer, i, nessie_bc_ctx.blocksize_B);
|
||||||
|
nessie_bc_dec(key, buffer);
|
||||||
|
}
|
||||||
|
/* test set 8 */
|
||||||
|
set=8;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
/* 8 - 0*/
|
||||||
|
nessie_print_set_vector(set, 0);
|
||||||
|
for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){
|
||||||
|
key[i]=(uint8_t)i;
|
||||||
|
}
|
||||||
|
for(i=0; i<nessie_bc_ctx.blocksize_B; ++i){
|
||||||
|
buffer[i]=(uint8_t)(i*0x11);
|
||||||
|
}
|
||||||
|
nessie_bc_dec(key, buffer);
|
||||||
|
/* 8 - 1 */
|
||||||
|
nessie_print_set_vector(set, 1);
|
||||||
|
for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){
|
||||||
|
key[i]=kasumi_key[i%sizeof(kasumi_key)];
|
||||||
|
}
|
||||||
|
for(i=0; i<nessie_bc_ctx.blocksize_B; ++i){
|
||||||
|
buffer[i]=kasumi_plain[i%sizeof(kasumi_plain)];
|
||||||
|
}
|
||||||
|
nessie_bc_dec(key, buffer);
|
||||||
|
nessie_print_footer();
|
||||||
|
}
|
|
@ -0,0 +1,47 @@
|
||||||
|
/* nessie_bc_test.h */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
#ifndef NESSIE_BC_TEST_H_
|
||||||
|
#define NESSIE_BC_TEST_H_
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
|
typedef void (*nessie_bc_gen_fpt)(const uint8_t* key, uint16_t keysize_b, void* ctx);
|
||||||
|
typedef void (*nessie_bc_free_fpt)(void* ctx);
|
||||||
|
typedef void (*nessie_bc_enc_fpt)(void* buffer, const void* ctx);
|
||||||
|
typedef void (*nessie_bc_dec_fpt)(void* buffer, const void* ctx);
|
||||||
|
|
||||||
|
typedef struct nessie_bc_ctx_st{
|
||||||
|
uint16_t keysize_b;
|
||||||
|
uint16_t blocksize_B;
|
||||||
|
uint16_t ctx_size_B;
|
||||||
|
const char* name;
|
||||||
|
nessie_bc_gen_fpt cipher_genctx;
|
||||||
|
nessie_bc_free_fpt cipher_free;
|
||||||
|
nessie_bc_enc_fpt cipher_enc;
|
||||||
|
nessie_bc_dec_fpt cipher_dec;
|
||||||
|
} nessie_bc_ctx_t;
|
||||||
|
|
||||||
|
|
||||||
|
extern volatile nessie_bc_ctx_t nessie_bc_ctx;
|
||||||
|
|
||||||
|
void nessie_bc_run(void);
|
||||||
|
void nessie_bc_init(void);
|
||||||
|
|
||||||
|
|
||||||
|
#endif /*NESSIE_BC_TEST_H_*/
|
|
@ -0,0 +1,302 @@
|
||||||
|
/* nessie_mac_test.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* author: Daniel Otte
|
||||||
|
* email: daniel.otte@rub.de
|
||||||
|
* license: GPLv3
|
||||||
|
*
|
||||||
|
* a suit for running the nessie-tests for MACs
|
||||||
|
*
|
||||||
|
* */
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include "nessie_mac_test.h"
|
||||||
|
#include "nessie_common.h"
|
||||||
|
#include "dbz_strings.h"
|
||||||
|
|
||||||
|
nessie_mac_ctx_t nessie_mac_ctx;
|
||||||
|
|
||||||
|
#define KEYSIZE_B ((nessie_mac_ctx.keysize_b+7)/8)
|
||||||
|
#define MACSIZE_B ((nessie_mac_ctx.macsize_b+7)/8)
|
||||||
|
#define BLOCKSIZE_B (nessie_mac_ctx.blocksize_B)
|
||||||
|
|
||||||
|
#define PRINTKEY nessie_print_item("key", key, KEYSIZE_B)
|
||||||
|
#define PRINTMAC nessie_print_item("MAC", mac, MACSIZE_B)
|
||||||
|
|
||||||
|
|
||||||
|
static const uint8_t keyproto[] = {
|
||||||
|
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
|
||||||
|
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
|
||||||
|
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
|
||||||
|
|
||||||
|
static
|
||||||
|
void ascii_mac(const void* data, const void* desc, uint8_t* key){
|
||||||
|
uint8_t ctx[nessie_mac_ctx.ctx_size_B];
|
||||||
|
uint8_t mac[MACSIZE_B];
|
||||||
|
uint16_t sl;
|
||||||
|
uint8_t buffer[BLOCKSIZE_B];
|
||||||
|
|
||||||
|
NESSIE_PUTSTR("\r\n message=");
|
||||||
|
NESSIE_PUTSTR(desc);
|
||||||
|
PRINTKEY;
|
||||||
|
nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
|
||||||
|
sl = strlen(data);
|
||||||
|
while(sl>nessie_mac_ctx.blocksize_B){
|
||||||
|
memcpy(buffer, data, BLOCKSIZE_B);
|
||||||
|
nessie_mac_ctx.mac_next(ctx, buffer);
|
||||||
|
data = (uint8_t*)data + BLOCKSIZE_B;
|
||||||
|
sl -= BLOCKSIZE_B;
|
||||||
|
}
|
||||||
|
memcpy(buffer, data, sl);
|
||||||
|
nessie_mac_ctx.mac_last(ctx, buffer, sl*8);
|
||||||
|
nessie_mac_ctx.mac_conv(mac, ctx);
|
||||||
|
PRINTMAC;
|
||||||
|
}
|
||||||
|
|
||||||
|
// message=1 million times "a"
|
||||||
|
|
||||||
|
static
|
||||||
|
void amillion_mac(uint8_t* key){
|
||||||
|
uint8_t ctx[nessie_mac_ctx.ctx_size_B];
|
||||||
|
uint8_t mac[MACSIZE_B];
|
||||||
|
uint8_t block[nessie_mac_ctx.blocksize_B];
|
||||||
|
uint32_t n=1000000LL;
|
||||||
|
uint16_t i=0;
|
||||||
|
|
||||||
|
NESSIE_PUTSTR("\r\n message=");
|
||||||
|
NESSIE_PUTSTR("1 million times \"a\"");
|
||||||
|
PRINTKEY;
|
||||||
|
|
||||||
|
memset(block, 'a', nessie_mac_ctx.blocksize_B);
|
||||||
|
nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
|
||||||
|
while(n>=nessie_mac_ctx.blocksize_B){
|
||||||
|
nessie_mac_ctx.mac_next(ctx, block);
|
||||||
|
n -= nessie_mac_ctx.blocksize_B;
|
||||||
|
NESSIE_SEND_ALIVE_A(i++);
|
||||||
|
}
|
||||||
|
nessie_mac_ctx.mac_last(ctx, block, n*8);
|
||||||
|
nessie_mac_ctx.mac_conv(mac, ctx);
|
||||||
|
PRINTMAC;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static
|
||||||
|
void zero_mac(uint16_t n, uint8_t* key){
|
||||||
|
uint8_t ctx[nessie_mac_ctx.ctx_size_B];
|
||||||
|
uint8_t mac[MACSIZE_B];
|
||||||
|
uint8_t block[nessie_mac_ctx.blocksize_B];
|
||||||
|
|
||||||
|
NESSIE_PUTSTR("\r\n message=");
|
||||||
|
if(n>=10000)
|
||||||
|
NESSIE_PUTC('0'+n/10000);
|
||||||
|
if(n>=1000)
|
||||||
|
NESSIE_PUTC('0'+(n/1000)%10);
|
||||||
|
if(n>=100)
|
||||||
|
NESSIE_PUTC('0'+(n/100)%10);
|
||||||
|
if(n>=10)
|
||||||
|
NESSIE_PUTC('0'+(n/10)%10);
|
||||||
|
NESSIE_PUTC('0'+n%10);
|
||||||
|
NESSIE_PUTSTR(" zero bits");
|
||||||
|
PRINTKEY;
|
||||||
|
|
||||||
|
memset(block, 0, nessie_mac_ctx.blocksize_B);
|
||||||
|
nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
|
||||||
|
while(n>nessie_mac_ctx.blocksize_B*8){
|
||||||
|
nessie_mac_ctx.mac_next(ctx, block);
|
||||||
|
n -= nessie_mac_ctx.blocksize_B*8;
|
||||||
|
}
|
||||||
|
nessie_mac_ctx.mac_last(ctx, block, n);
|
||||||
|
nessie_mac_ctx.mac_conv(mac, ctx);
|
||||||
|
PRINTMAC;
|
||||||
|
}
|
||||||
|
|
||||||
|
static
|
||||||
|
void one_in512_mac(uint16_t pos, uint8_t* key){
|
||||||
|
uint8_t ctx[nessie_mac_ctx.ctx_size_B];
|
||||||
|
uint8_t mac[MACSIZE_B];
|
||||||
|
uint8_t block[nessie_mac_ctx.blocksize_B];
|
||||||
|
uint16_t n=512;
|
||||||
|
char* tab[8]={"80", "40", "20", "10",
|
||||||
|
"08", "04", "02", "01" };
|
||||||
|
|
||||||
|
pos&=511;
|
||||||
|
NESSIE_PUTSTR("\r\n message=");
|
||||||
|
NESSIE_PUTSTR("512-bit string: ");
|
||||||
|
if((pos/8) >=10){
|
||||||
|
NESSIE_PUTC('0'+(pos/8/10)%10);
|
||||||
|
} else {
|
||||||
|
NESSIE_PUTC(' ');
|
||||||
|
}
|
||||||
|
NESSIE_PUTC('0'+(pos/8)%10);
|
||||||
|
NESSIE_PUTSTR("*00,");
|
||||||
|
NESSIE_PUTSTR(tab[pos&7]);
|
||||||
|
NESSIE_PUTC(',');
|
||||||
|
if(63-(pos/8) >=10){
|
||||||
|
NESSIE_PUTC('0'+((63-pos/8)/10)%10);
|
||||||
|
} else {
|
||||||
|
NESSIE_PUTC(' ');
|
||||||
|
}
|
||||||
|
NESSIE_PUTC('0'+(63-pos/8)%10);
|
||||||
|
NESSIE_PUTSTR("*00");
|
||||||
|
PRINTKEY;
|
||||||
|
|
||||||
|
/* now the real stuff */
|
||||||
|
memset(block, 0, 512/8);
|
||||||
|
block[pos>>3] = 0x80>>(pos&0x7);
|
||||||
|
uint8_t* bp;
|
||||||
|
bp = block;
|
||||||
|
nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
|
||||||
|
while(n>nessie_mac_ctx.blocksize_B*8){
|
||||||
|
nessie_mac_ctx.mac_next(ctx, bp);
|
||||||
|
n -= nessie_mac_ctx.blocksize_B*8;
|
||||||
|
bp += nessie_mac_ctx.blocksize_B;
|
||||||
|
}
|
||||||
|
nessie_mac_ctx.mac_last(ctx, bp, n);
|
||||||
|
nessie_mac_ctx.mac_conv(mac, ctx);
|
||||||
|
PRINTMAC;
|
||||||
|
}
|
||||||
|
|
||||||
|
static
|
||||||
|
void tv4_mac(void){
|
||||||
|
uint8_t ctx[nessie_mac_ctx.ctx_size_B];
|
||||||
|
uint8_t mac[MACSIZE_B];
|
||||||
|
uint8_t block[MACSIZE_B];
|
||||||
|
uint8_t key[KEYSIZE_B];
|
||||||
|
uint16_t n=MACSIZE_B*8;
|
||||||
|
uint32_t i;
|
||||||
|
char str[6];
|
||||||
|
|
||||||
|
NESSIE_PUTSTR("\r\n message=");
|
||||||
|
utoa(MACSIZE_B*8, str, 10);
|
||||||
|
NESSIE_PUTSTR(str);
|
||||||
|
NESSIE_PUTSTR(" zero bits");
|
||||||
|
memset(block, 0, MACSIZE_B);
|
||||||
|
for(i=0; i<KEYSIZE_B; ++i)
|
||||||
|
key[i] = keyproto[i%(3*8)];
|
||||||
|
nessie_print_item("key", key, KEYSIZE_B);
|
||||||
|
nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
|
||||||
|
while(n>nessie_mac_ctx.blocksize_B*8){
|
||||||
|
nessie_mac_ctx.mac_next(ctx, block);
|
||||||
|
n -= nessie_mac_ctx.blocksize_B*8;
|
||||||
|
}
|
||||||
|
nessie_mac_ctx.mac_last(ctx, block, n);
|
||||||
|
nessie_mac_ctx.mac_conv(mac, ctx);
|
||||||
|
PRINTMAC;
|
||||||
|
for(i=1; i<100000L; ++i){ /* this assumes BLOCKSIZE >= HASHSIZE */
|
||||||
|
nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
|
||||||
|
nessie_mac_ctx.mac_last(ctx, mac, nessie_mac_ctx.macsize_b);
|
||||||
|
nessie_mac_ctx.mac_conv(mac, ctx);
|
||||||
|
NESSIE_SEND_ALIVE_A(i);
|
||||||
|
}
|
||||||
|
nessie_print_item("iterated 100000 times", mac, MACSIZE_B);
|
||||||
|
}
|
||||||
|
|
||||||
|
void nessie_mac_run(void){
|
||||||
|
uint16_t i;
|
||||||
|
uint8_t set;
|
||||||
|
uint8_t key[KEYSIZE_B];
|
||||||
|
|
||||||
|
nessie_print_header(nessie_mac_ctx.name, nessie_mac_ctx.keysize_b, 0, 0,
|
||||||
|
nessie_mac_ctx.macsize_b, 0);
|
||||||
|
/* test set 1 */
|
||||||
|
const char* challange_dbz=
|
||||||
|
"\0"
|
||||||
|
"\"\" (empty string)\0"
|
||||||
|
"a\0"
|
||||||
|
"\"a\"\0"
|
||||||
|
"abc\0"
|
||||||
|
"\"abc\"\0"
|
||||||
|
"message digest\0"
|
||||||
|
"\"message digest\"\0"
|
||||||
|
"abcdefghijklmnopqrstuvwxyz\0"
|
||||||
|
"\"abcdefghijklmnopqrstuvwxyz\"\0"
|
||||||
|
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq\0"
|
||||||
|
"\"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq\"\0"
|
||||||
|
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
||||||
|
"abcdefghijklmnopqrstuvwxyz"
|
||||||
|
"0123456789\0"
|
||||||
|
"\"A...Za...z0...9\"\0"
|
||||||
|
"1234567890123456789012345678901234567890"
|
||||||
|
"1234567890123456789012345678901234567890\0"
|
||||||
|
"8 times \"1234567890\"\0"
|
||||||
|
"Now is the time for all \0"
|
||||||
|
"\"Now is the time for all \"\0"
|
||||||
|
"Now is the time for it\0"
|
||||||
|
"\"Now is the time for it\"\0"
|
||||||
|
;
|
||||||
|
|
||||||
|
set=1;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
for(i=0; i<KEYSIZE_B; ++i){
|
||||||
|
key[i] = keyproto[i%sizeof(keyproto)];
|
||||||
|
}
|
||||||
|
const char* challange[20];
|
||||||
|
dbz_splitup(challange_dbz, challange);
|
||||||
|
for(i=0; i<10; ++i){
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
ascii_mac(challange[2*i], challange[2*i+1], key);
|
||||||
|
}
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
amillion_mac(key);
|
||||||
|
for(i=0; i<KEYSIZE_B; ++i){
|
||||||
|
key[i] = keyproto[0x10+i%0x8];
|
||||||
|
}
|
||||||
|
for(i=0; i<10; ++i){
|
||||||
|
nessie_print_set_vector(set, 11+i);
|
||||||
|
ascii_mac(challange[2*i], challange[2*i+1], key);
|
||||||
|
}
|
||||||
|
nessie_print_set_vector(set, 11+i);
|
||||||
|
amillion_mac(key);
|
||||||
|
/* test set 2 */
|
||||||
|
set=2;
|
||||||
|
for(i=0; i<KEYSIZE_B; ++i){
|
||||||
|
key[i] = keyproto[i%sizeof(keyproto)];
|
||||||
|
}
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
for(i=0; i<1024; ++i){
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
zero_mac(i, key);
|
||||||
|
}
|
||||||
|
/* test set 3 */
|
||||||
|
set=3;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
/* we use the same key as above */
|
||||||
|
for(i=0; i<512; ++i){
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
one_in512_mac(i, key);
|
||||||
|
}
|
||||||
|
/* test set 4 */
|
||||||
|
set=4;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
/* we use the same key as above */
|
||||||
|
nessie_print_set_vector(set, 0);
|
||||||
|
tv4_mac();
|
||||||
|
/* test set 5 */
|
||||||
|
set=5;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
for(i=0; i<nessie_mac_ctx.keysize_b; ++i){
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
memset(key, 0, KEYSIZE_B);
|
||||||
|
key[i>>3]=0x80>>(i&0x7);
|
||||||
|
ascii_mac("ABC", "\"ABC\"", key);
|
||||||
|
}
|
||||||
|
nessie_print_footer();
|
||||||
|
}
|
|
@ -0,0 +1,47 @@
|
||||||
|
/* nessie_mac_test.h */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
#ifndef NESSIE_MAC_TEST_H_
|
||||||
|
#define NESSIE_MAC_TEST_H_
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
|
typedef void (*nessie_mac_init_fpt)(void* ctx, const void* key, uint16_t keysize_b);
|
||||||
|
typedef void (*nessie_mac_next_fpt)(void* ctx, const void* buffer);
|
||||||
|
typedef void (*nessie_mac_last_fpt)(void* ctx, const void* buffer, uint16_t size_b);
|
||||||
|
typedef void (*nessie_mac_conv_fpt)(void* buffer, void* ctx);
|
||||||
|
|
||||||
|
|
||||||
|
typedef struct nessie_mac_ctx_st{
|
||||||
|
uint16_t macsize_b;
|
||||||
|
uint16_t keysize_b;
|
||||||
|
uint16_t blocksize_B;
|
||||||
|
uint16_t ctx_size_B;
|
||||||
|
const char* name;
|
||||||
|
nessie_mac_init_fpt mac_init;
|
||||||
|
nessie_mac_next_fpt mac_next;
|
||||||
|
nessie_mac_last_fpt mac_last;
|
||||||
|
nessie_mac_conv_fpt mac_conv;
|
||||||
|
} nessie_mac_ctx_t;
|
||||||
|
|
||||||
|
|
||||||
|
extern nessie_mac_ctx_t nessie_mac_ctx;
|
||||||
|
|
||||||
|
void nessie_mac_run(void);
|
||||||
|
|
||||||
|
#endif /*NESSIE_MAC_TEST_H_*/
|
|
@ -0,0 +1,185 @@
|
||||||
|
/* nessie_stream_test.c */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* author: Daniel Otte
|
||||||
|
* email: daniel.otte@rub.de
|
||||||
|
* license: GPLv3
|
||||||
|
*
|
||||||
|
* a suit for running the nessie-tests for streamciphers
|
||||||
|
*
|
||||||
|
* */
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "nessie_stream_test.h"
|
||||||
|
#include "nessie_common.h"
|
||||||
|
#include "memxor.h"
|
||||||
|
|
||||||
|
nessie_stream_ctx_t nessie_stream_ctx;
|
||||||
|
|
||||||
|
|
||||||
|
#define BLOCKSIZE_B 64
|
||||||
|
|
||||||
|
|
||||||
|
static
|
||||||
|
void nessie_gen_block(void* ctx, uint8_t* block){
|
||||||
|
uint16_t i;
|
||||||
|
for(i=0; i<BLOCKSIZE_B; ++i){
|
||||||
|
block[i] = nessie_stream_ctx.cipher_enc(ctx);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static
|
||||||
|
void nessie_stream_enc(uint8_t* key){
|
||||||
|
uint8_t ctx[nessie_stream_ctx.ctx_size_B];
|
||||||
|
uint8_t buffer[BLOCKSIZE_B];
|
||||||
|
uint8_t xorbuffer[BLOCKSIZE_B];
|
||||||
|
uint8_t i;
|
||||||
|
|
||||||
|
memset(xorbuffer, 0, BLOCKSIZE_B);
|
||||||
|
|
||||||
|
nessie_print_item("key", key, (nessie_stream_ctx.keysize_b+7)/8);
|
||||||
|
|
||||||
|
nessie_stream_ctx.cipher_genctx(key, nessie_stream_ctx.keysize_b, ctx);
|
||||||
|
|
||||||
|
nessie_gen_block(ctx, buffer);
|
||||||
|
memxor(xorbuffer, buffer, BLOCKSIZE_B);
|
||||||
|
nessie_print_item("stream[0..63]", buffer, BLOCKSIZE_B);
|
||||||
|
|
||||||
|
for(i=0; i<((192-0)/BLOCKSIZE_B-1); ++i){
|
||||||
|
nessie_gen_block(ctx, buffer);
|
||||||
|
memxor(xorbuffer, buffer, BLOCKSIZE_B);
|
||||||
|
}
|
||||||
|
|
||||||
|
nessie_gen_block(ctx, buffer);
|
||||||
|
memxor(xorbuffer, buffer, BLOCKSIZE_B);
|
||||||
|
nessie_print_item("stream[192..255]", buffer, BLOCKSIZE_B);
|
||||||
|
|
||||||
|
nessie_gen_block(ctx, buffer);
|
||||||
|
memxor(xorbuffer, buffer, BLOCKSIZE_B);
|
||||||
|
nessie_print_item("stream[256..319]", buffer, BLOCKSIZE_B);
|
||||||
|
|
||||||
|
for(i=0; i<((448-256)/BLOCKSIZE_B-1); ++i){
|
||||||
|
nessie_gen_block(ctx, buffer);
|
||||||
|
memxor(xorbuffer, buffer, BLOCKSIZE_B);
|
||||||
|
}
|
||||||
|
|
||||||
|
nessie_gen_block(ctx, buffer);
|
||||||
|
memxor(xorbuffer, buffer, BLOCKSIZE_B);
|
||||||
|
nessie_print_item("stream[448..511]", buffer, BLOCKSIZE_B);
|
||||||
|
|
||||||
|
nessie_print_item("stream[0..511]xored", xorbuffer, BLOCKSIZE_B);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static
|
||||||
|
void nessie_stream_enc_large(uint8_t* key){
|
||||||
|
uint8_t ctx[nessie_stream_ctx.ctx_size_B];
|
||||||
|
uint8_t buffer[BLOCKSIZE_B];
|
||||||
|
uint8_t xorbuffer[BLOCKSIZE_B];
|
||||||
|
uint32_t i;
|
||||||
|
|
||||||
|
memset(xorbuffer, 0, BLOCKSIZE_B);
|
||||||
|
|
||||||
|
nessie_print_item("key", key, (nessie_stream_ctx.keysize_b+7)/8);
|
||||||
|
|
||||||
|
nessie_stream_ctx.cipher_genctx(key, nessie_stream_ctx.keysize_b, ctx);
|
||||||
|
|
||||||
|
nessie_gen_block(ctx, buffer);
|
||||||
|
memxor(xorbuffer, buffer, BLOCKSIZE_B);
|
||||||
|
nessie_print_item("stream[0..63]", buffer, BLOCKSIZE_B);
|
||||||
|
|
||||||
|
for(i=0; i<((65472-0)/BLOCKSIZE_B-1); ++i){
|
||||||
|
nessie_gen_block(ctx, buffer);
|
||||||
|
memxor(xorbuffer, buffer, BLOCKSIZE_B);
|
||||||
|
NESSIE_SEND_ALIVE_A(i);
|
||||||
|
}
|
||||||
|
|
||||||
|
nessie_gen_block(ctx, buffer);
|
||||||
|
memxor(xorbuffer, buffer, BLOCKSIZE_B);
|
||||||
|
nessie_print_item("stream[65472..65535]", buffer, BLOCKSIZE_B);
|
||||||
|
|
||||||
|
nessie_gen_block(ctx, buffer);
|
||||||
|
memxor(xorbuffer, buffer, BLOCKSIZE_B);
|
||||||
|
nessie_print_item("stream[65536..65599]", buffer, BLOCKSIZE_B);
|
||||||
|
|
||||||
|
for(i=0; i<((131008-65536)/BLOCKSIZE_B-1); ++i){
|
||||||
|
nessie_gen_block(ctx, buffer);
|
||||||
|
memxor(xorbuffer, buffer, BLOCKSIZE_B);
|
||||||
|
NESSIE_SEND_ALIVE_A(i);
|
||||||
|
}
|
||||||
|
|
||||||
|
nessie_gen_block(ctx, buffer);
|
||||||
|
memxor(xorbuffer, buffer, BLOCKSIZE_B);
|
||||||
|
nessie_print_item("stream[131008..131071]", buffer, BLOCKSIZE_B);
|
||||||
|
|
||||||
|
nessie_print_item("stream[0..131071]xored", xorbuffer, BLOCKSIZE_B);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
void nessie_stream_run(void){
|
||||||
|
uint16_t i;
|
||||||
|
uint8_t set;
|
||||||
|
uint8_t key[(nessie_stream_ctx.keysize_b+7)/8];
|
||||||
|
|
||||||
|
nessie_print_header(nessie_stream_ctx.name, nessie_stream_ctx.keysize_b,
|
||||||
|
0, 0, 0, nessie_stream_ctx.ivsize_b);
|
||||||
|
/* test set 1 */
|
||||||
|
set=1;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
for(i=0; i<nessie_stream_ctx.keysize_b; ++i){
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
memset(key, 0, (nessie_stream_ctx.keysize_b+7)/8);
|
||||||
|
key[i/8] |= 0x80>>(i%8);
|
||||||
|
nessie_stream_enc(key);
|
||||||
|
}
|
||||||
|
/* test set 2 */
|
||||||
|
set=2;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
for(i=0; i<256; ++i){
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
memset(key, i, (nessie_stream_ctx.keysize_b+7)/8);
|
||||||
|
nessie_stream_enc(key);
|
||||||
|
}
|
||||||
|
/* test set 3 */
|
||||||
|
set=3;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
for(i=0; i<256; ++i){
|
||||||
|
uint8_t j;
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
for(j=0; j<(nessie_stream_ctx.keysize_b+7)/8; ++j){
|
||||||
|
key[j]=(i+j)&0xff;
|
||||||
|
}
|
||||||
|
nessie_stream_enc(key);
|
||||||
|
}
|
||||||
|
/* test set 4 */
|
||||||
|
set=4;
|
||||||
|
nessie_print_setheader(set);
|
||||||
|
for(i=0; i<4; ++i){
|
||||||
|
uint8_t j;
|
||||||
|
nessie_print_set_vector(set, i);
|
||||||
|
for(j=0; j<(nessie_stream_ctx.keysize_b+7)/8; ++j){
|
||||||
|
key[j]=(i*5+j*0x53)&0xff;
|
||||||
|
}
|
||||||
|
nessie_stream_enc_large(key);
|
||||||
|
}
|
||||||
|
|
||||||
|
nessie_print_footer();
|
||||||
|
}
|
|
@ -0,0 +1,42 @@
|
||||||
|
/* nessie_stream_test.h */
|
||||||
|
/*
|
||||||
|
This file is part of the ARM-Crypto-Lib.
|
||||||
|
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
#ifndef NESSIE_STREAM_TEST_H_
|
||||||
|
#define NESSIE_STREAM_TEST_H_
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
|
typedef void (*nessie_stream_genctx_fpt)(uint8_t* key, uint16_t keylength_b, void* ctx);
|
||||||
|
typedef uint8_t (*nessie_stream_genenc_fpt)(void* ctx);
|
||||||
|
|
||||||
|
typedef struct nessie_stream_ctx_st{
|
||||||
|
uint16_t keysize_b;
|
||||||
|
uint16_t ivsize_b;
|
||||||
|
uint16_t outsize_b;
|
||||||
|
uint16_t ctx_size_B;
|
||||||
|
char* name;
|
||||||
|
nessie_stream_genctx_fpt cipher_genctx;
|
||||||
|
nessie_stream_genenc_fpt cipher_enc;
|
||||||
|
} nessie_stream_ctx_t;
|
||||||
|
|
||||||
|
|
||||||
|
extern nessie_stream_ctx_t nessie_stream_ctx;
|
||||||
|
|
||||||
|
void nessie_stream_run(void);
|
||||||
|
|
||||||
|
#endif /*NESSIE_STREAM_TEST_H_*/
|
Loading…
Reference in New Issue