Browse Source

a lot of fixing ...

master
bg 10 years ago
parent
commit
6095187b08
  1. 5
      Makefile
  2. 8
      aes/aes_keyschedule.c
  3. 12
      aes/aes_types.h
  4. 2
      arm-makefile.inc
  5. 8
      cast6/cast6.c
  6. 29
      des/des.c
  7. 13
      echo/echo.c
  8. 346
      host/rsa_oaep_check.rb
  9. 32
      host/shavs_test2.rb
  10. 2
      jh/jh_simple_small_core.c
  11. 2
      mkfiles/rabbit_c.mk
  12. 33
      present/present.c
  13. 24
      rabbit/rabbit_c.c
  14. 10
      rsa/rsa_basic.c
  15. 47
      rsa/rsa_oaep.c
  16. 4
      salsa20/salsa20.c
  17. 21
      skein/ubi.h
  18. 18
      skein/ubi1024.c
  19. 18
      skein/ubi256.c
  20. 18
      skein/ubi512.c
  21. 13
      test_src/main-aes-test.c
  22. 39
      test_src/main-rsa_oaep-test.c
  23. 16
      test_src/shavs.c
  24. 2
      testport.conf
  25. 2170
      testvectors/salsa20-128.64-verified.test-vectors
  26. 2605
      testvectors/salsa20-256.64-verified.test-vectors

5
Makefile

@ -38,7 +38,8 @@ GLOBAL_INCDIR := ./ $(TESTSRC_DIR)
#-------------------------------------------------------------------------------
# inclusion of make stubs
include mkfiles/*.mk
include $(sort $(wildcard mkfiles/*.mk))
define Assert_Template
$(1) = $(2)
@ -158,7 +159,7 @@ define MainTestElf_Template
$(1): $(2) $(3)
@echo "[ld]: $(1)"
@mkdir -p $(dir $(1))
$(CC) $(CFLAGS_A) $(LDFLAGS)$(patsubst %.elf,%.map,$(1)) -o \
@$(CC) $(CFLAGS_A) $(LDFLAGS)$(patsubst %.elf,%.map,$(1)) -o \
$(1) \
$(2) $(3) \
$(addprefix -l, $(LIBS))

8
aes/aes_keyschedule.c

@ -48,7 +48,7 @@ uint8_t rc_tab[] = { 0x01, 0x02, 0x04, 0x08,
void aes_init(const void* key, uint16_t keysize_b, aes_genctx_t* ctx){
uint8_t hi,i,nk, next_nk;
uint8_t rc=0;
union {
union __attribute__((packed)) {
uint32_t v32;
uint8_t v8[4];
} tmp;
@ -56,10 +56,10 @@ void aes_init(const void* key, uint16_t keysize_b, aes_genctx_t* ctx){
hi=4*(nk+6+1);
memcpy(ctx, key, keysize_b/8);
next_nk = nk;
for(i=nk;i<hi;++i){
for(i=nk; i<hi; ++i){
tmp.v32 = ((uint32_t*)(ctx->key[0].ks))[i-1];
if(i!=next_nk){
if(nk==8 && i%8==4){
if(i != next_nk){
if(nk == 8 && i % 8 == 4){
tmp.v8[0] = aes_sbox[tmp.v8[0]];
tmp.v8[1] = aes_sbox[tmp.v8[1]];
tmp.v8[2] = aes_sbox[tmp.v8[2]];

12
aes/aes_types.h

@ -29,27 +29,27 @@
#include <stdint.h>
typedef struct{
typedef struct __attribute__((packed)){
uint8_t ks[16];
} aes_roundkey_t;
typedef struct{
typedef struct __attribute__((packed)){
aes_roundkey_t key[10+1];
} aes128_ctx_t;
typedef struct{
typedef struct __attribute__((packed)){
aes_roundkey_t key[12+1];
} aes192_ctx_t;
typedef struct{
typedef struct __attribute__((packed)){
aes_roundkey_t key[14+1];
} aes256_ctx_t;
typedef struct{
typedef struct __attribute__((packed)){
aes_roundkey_t key[1]; /* just to avoid the warning */
} aes_genctx_t;
typedef struct{
typedef struct __attribute__((packed)){
uint8_t s[16];
} aes_cipher_state_t;

2
arm-makefile.inc

@ -16,7 +16,7 @@ TEST_DIR = test/#
BIN_DIR = bin/#
TESTSRC_DIR = test_src/#
ERASECMD =
TESTPORT = /dev/ttyUSB1
TESTPORT = /dev/ttyUSB0
TESTPORTBAUDR = 115200
TESTLOG_DIR = testlog/#
TESTPREFIX = nessie-#

8
cast6/cast6.c

@ -254,10 +254,10 @@ void cast6_init(const void* key, uint16_t keysize_b, cast6_ctx_t* ctx){
ctx->km[j][1]=F;
ctx->km[j][2]=D;
ctx->km[j][3]=B;
set_kr((uint8_t)A,j*4+0,ctx);
set_kr((uint8_t)C,j*4+1,ctx);
set_kr((uint8_t)E,j*4+2,ctx);
set_kr((uint8_t)G,j*4+3,ctx);
set_kr(buffer[0 * 4],j*4+0,ctx);
set_kr(buffer[2 * 4],j*4+1,ctx);
set_kr(buffer[4 * 4],j*4+2,ctx);
set_kr(buffer[6 * 4],j*4+3,ctx);
}
}
}

29
des/des.c

@ -297,13 +297,17 @@ uint32_t des_f(uint32_t r, uint8_t* kr){
/******************************************************************************/
void des_enc(void* out, const void* in, const void* key){
#define R *((uint32_t*)&(data[4]))
#define L *((uint32_t*)&(data[0]))
#define R (data.v32[1])
#define L (data.v32[0])
uint8_t data[8],kr[6],k[7];
uint8_t kr[6],k[7];
uint8_t i;
union {
uint8_t v8[8];
uint32_t v32[2];
} data;
permute((uint8_t*)ip_permtab, (uint8_t*)in, data);
permute((uint8_t*)ip_permtab, (uint8_t*)in, data.v8);
permute((uint8_t*)pc1_permtab, (const uint8_t*)key, k);
for(i=0; i<8; ++i){
shiftkey(k);
@ -323,19 +327,19 @@ void des_enc(void* out, const void* in, const void* key){
R ^= L;
L ^= R;
R ^= L;
permute((uint8_t*)inv_ip_permtab, data, (uint8_t*)out);
permute((uint8_t*)inv_ip_permtab, data.v8, (uint8_t*)out);
}
/******************************************************************************/
void des_dec(void* out, const void* in, const uint8_t* key){
#define R *((uint32_t*)&(data[4]))
#define L *((uint32_t*)&(data[0]))
uint8_t data[8],kr[6],k[7];
uint8_t kr[6],k[7];
union {
uint8_t v8[8];
uint32_t v32[2];
} data;
int8_t i;
permute((uint8_t*)ip_permtab, (uint8_t*)in, data);
permute((uint8_t*)ip_permtab, (uint8_t*)in, data.v8);
permute((uint8_t*)pc1_permtab, (const uint8_t*)key, k);
for(i=7; i>=0; --i){
@ -358,8 +362,7 @@ void des_dec(void* out, const void* in, const uint8_t* key){
R ^= L;
L ^= R;
R ^= L;
permute((uint8_t*)inv_ip_permtab, data, (uint8_t*)out);
permute((uint8_t*)inv_ip_permtab, data.v8, (uint8_t*)out);
}
/******************************************************************************/

13
echo/echo.c

@ -93,12 +93,15 @@ static void dump_state(void* s){
static void echo_compress(uint8_t* s, uint8_t iterations, uint64_t* c, void* salt){
uint8_t i, j;
uint8_t k[16];
union {
uint8_t v8[16];
uint64_t v64[2];
} k;
#if DEBUG
uint8_t round=0;
#endif
memcpy(k, c, 8);
memset(k+8, 0, 8);
memcpy(k.v8, c, 8);
memset(k.v8+8, 0, 8);
do{
/* BIG.SubWords */
#if DEBUG
@ -110,9 +113,9 @@ static void echo_compress(uint8_t* s, uint8_t iterations, uint64_t* c, void* sal
}
#endif
for(i=0; i<16; ++i){
aes_enc_round((aes_cipher_state_t*)(s+16*i), (aes_roundkey_t*)k);
aes_enc_round((aes_cipher_state_t*)(s+16*i), (aes_roundkey_t*)k.v8);
aes_enc_round((aes_cipher_state_t*)(s+16*i), (aes_roundkey_t*)salt);
*((uint64_t*)(k)) += 1;
k.v64[0] += 1;
}
#if DEBUG
if(round<DEBUG_DEPTH){

346
host/rsa_oaep_check.rb

@ -0,0 +1,346 @@
#!/usr/bin/ruby
# nessie_check.rb
=begin
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
require 'rubygems'
require 'serialport'
require 'getopt/std'
$buffer_size = 0 # set automatically in init_system
$conffile_check = Hash.new
$conffile_check.default = 0
################################################################################
# readconfigfile #
################################################################################
def read_line_from_device()
repeat_counter = 10000
l = nil
s = ''
begin
l = $sp.gets()
repeat_counter -= 1
end while !l && repeat_counter > 0
# printf("DBG: << %s\n", l.inspect)
return l
end
def readconfigfile(fname, conf)
return conf if $conffile_check[fname]==1
$conffile_check[fname]=1
section = "default"
if not File.exists?(fname)
return conf
end
file = File.open(fname, "r")
until file.eof
line = file.gets()
next if /[\s]*#/.match(line)
if m=/\[[\s]*([^\s]*)[\s]*\]/.match(line)
section=m[1]
conf[m[1]] = Hash.new
next
end
next if ! /=/.match(line)
m=/[\s]*([^\s]*)[\s]*=[\s]*([^\s]*)/.match(line)
if m[1]=="include"
Dir.glob(m[2]){ |fn| conf = readconfigfile(fn, conf) }
else
conf[section][m[1]] = m[2]
end
end
file.close()
return conf
end
################################################################################
# reset_system #
################################################################################
def reset_system
$sp.print("\r")
sleep 0.1
$sp.print("\r")
sleep 0.1
$sp.print("echo off\r")
sleep 0.1
end
def read_block(f)
d = Array.new
begin
l = f.gets
x = l.split.collect { |e| e.to_i(16) }
d += x
end while x.length == 16
return d
end
def goto_next_header(f)
while l = f.gets()
m = /^#\ (=|-)*[=-]{5}/.match(l)
t = :subblock if m && m[1] == '-'
t = :mainblock if m && m[1] == '='
if !m && n = /^#\ (.*)$/.match(l)
id = n[1]
id.sub!(/[\r\n]/,'')
return t,id
end
if !m && !id
t = nil
end
end
return nil,nil if !l
end
def skip_file_header(f)
while l = f.gets()
return if m = /^#\ [=]{40}/.match(l)
end
end
def test_parse(f)
skip_file_header(f)
loop do
a,b = goto_next_header(f)
if !b
puts(">>EOF<<")
return
end
if a
printf(">>%sblock: %s\n", a==:mainblock ? "main":"sub", b)
next
end
printf(">item: %s\n", b)
d = read_block(f)
printf(">length: %d (0x%x)\n>data:", d.length, d.length)
i = 0
d.each do |e|
printf("\n>") if i % 16 == 0
printf(" %02x", e)
i += 1
end
puts('')
end
end
=begin
>item: RSA modulus n:
>item: RSA public exponent e:
>item: RSA private exponent d:
>item: Prime p:
>item: Prime q:
>item: p's CRT exponent dP:
>item: q's CRT exponent dQ:
>item: CRT coefficient qInv:
=end
def read_key(f)
h = Hash.new
8.times do
q,id = goto_next_header(f)
d = read_block(f)
m = /[\ \t]([^\ \t]*):[\ \t]*$/.match(id)
if m
id = m[1]
end
h[id] = d
end
req_items = ['n', 'e', 'd', 'p', 'q', 'dP', 'dQ', 'qInv']
req_items.each do |e|
printf("ERROR: key component %s is missing!\n", e) if !h[e]
end
h.each_key do |e|
printf("ERROR: unknown item '%s'!\n", e) if !req_items.index(e)
end
return h
end
=begin
>item: Message to be encrypted:
>item: Seed:
>item: Encryption:
=end
def read_tv(f)
subst_hash = {
'Message to be encrypted:' => 'msg',
'Seed:' => 'seed',
'Encryption:' => 'enc'}
h = Hash.new
3.times do
q,id = goto_next_header(f)
d = read_block(f)
n = subst_hash[id]
printf("ERROR: unknown item '%s'!\n", id) if !n
h[n] = d
end
req_items = ['msg', 'seed', 'enc']
req_items.each do |e|
printf("ERROR: testvector component %s is missing!\n", e) if !h[e]
end
while h['enc'][0] == 0
h['enc'].delete_at(0)
end
return h
end
def load_bigint(d)
$sp.printf("%d\r", d.length)
while l = read_line_from_device()
break if /data:/.match(l)
end
printf "ERROR: got no answer from system!" if !l
d.each do |e|
$sp.printf(" %02x", e)
end
end
def load_key(k)
$sp.print("load-key\r")
sleep 0.1
v = ['n', 'e', 'p', 'q', 'dP', 'dQ', 'qInv']
v.each do |e|
load_bigint(k[e])
# printf("DBG: loaded %s\n", e)
end
while l = read_line_from_device()
break if />/.match(l)
end
end
def check_tv(tv)
sleep 0.1
$sp.print("seed-test\r")
sleep 0.1
load_bigint(tv['msg'])
# printf("DBG: loaded %s\n", 'msg')
sleep 0.1
tv['seed'].each { |e| $sp.printf(" %02x", e) }
while l = read_line_from_device()
break if /ciphertext:/.match(l)
end
test_enc = ''
loop do
l = read_line_from_device()
break if /decrypting/.match(l)
test_enc += l if l
end
test_enc_a = Array.new
test_enc = test_enc.split(/[\W\r\n]+/)
test_enc.each do |e|
v = e.sub(/[^0-9A-Fa-f]/, '')
test_enc_a << v if v.length == 2
end
test_enc_a.collect!{ |e| e.to_i(16) }
enc_ok = (test_enc_a == tv['enc'])
if !enc_ok
printf("DBG: ref = %s test = %s\n", tv['enc'].inspect , test_enc_a.inspect)
end
m = nil
loop do
l = read_line_from_device()
m = /(>>OK<<|ERROR)/.match(l)
break if m
end
return true if enc_ok && (m[1] == '>>OK<<')
return false
end
def run_test(f)
ok = 0
fail = 0
skip_file_header(f)
loop do
a,b = goto_next_header(f)
# printf("DBG: a=%s b=%s\n", a.inspect, b.inspect)
return ok,fail if !b
if a == :mainblock
# Example 1: A 1024-bit RSA Key Pair
b.sub!(/[\d]+:/) { |s| sprintf("%3d,", s.to_i)}
printf("\n>> %s: ", b)
# (35-b.length).times { putc(' ')}
end
if a == :subblock
if b == 'Components of the RSA Key Pair'
k = read_key(f)
load_key(k)
else
tv = read_tv(f)
r = check_tv(tv)
if r
ok += 1
putc('*')
else
fail += 1
putc('!')
end
end
end
end
end
########################################
# MAIN
########################################
opts = Getopt::Std.getopts("c:f:")
conf = Hash.new
conf = readconfigfile("/etc/testport.conf", conf)
conf = readconfigfile("~/.testport.conf", conf)
conf = readconfigfile("testport.conf", conf)
conf = readconfigfile(opts["c"], conf) if opts["c"]
#puts conf.inspect
puts("serial port interface version: " + SerialPort::VERSION);
$linewidth = 64
params = { "baud" => conf["PORT"]["baud"].to_i,
"data_bits" => conf["PORT"]["databits"].to_i,
"stop_bits" => conf["PORT"]["stopbits"].to_i,
"parity" => SerialPort::NONE }
params["paraty"] = SerialPort::ODD if conf["PORT"]["paraty"].downcase == "odd"
params["paraty"] = SerialPort::EVEN if conf["PORT"]["paraty"].downcase == "even"
params["paraty"] = SerialPort::MARK if conf["PORT"]["paraty"].downcase == "mark"
params["paraty"] = SerialPort::SPACE if conf["PORT"]["paraty"].downcase == "space"
puts("\nPort: "+conf["PORT"]["port"]+"@" +
params["baud"].to_s +
" " +
params["data_bits"].to_s +
conf["PORT"]["paraty"][0,1].upcase +
params["stop_bits"].to_s +
"\n")
$sp = SerialPort.new(conf["PORT"]["port"], params)
$sp.read_timeout=1000; # 5 minutes
$sp.flow_control = SerialPort::SOFT
reset_system()
f = File.open(opts['f'], "r")
exit if !f
ok,fail = run_test(f)
printf("\nOK: %d FAIL: %d :-%s\n",ok,fail, fail==0 ? ')':'(')

32
host/shavs_test2.rb

@ -48,7 +48,7 @@ def readconfigfile(fname, conf)
conf[m[1]] = Hash.new
next
end
next if not /=/.match(line)
next if ! /=/.match(line)
m=/[\s]*([^\s]*)[\s]*=[\s]*([^\s]*)/.match(line)
if m[1]=="include"
Dir.glob(m[2]){ |fn| conf = readconfigfile(fn, conf) }
@ -104,6 +104,7 @@ def init_system(algo_select)
line=$sp.gets()
end while not m=/buffer_size[\s]*=[\s]*0x([0-9A-Fa-f]*)/.match(line)
$buffer_size = m[1].to_i(16)
printf("buffer_size = %d\n", $buffer_size)
end
################################################################################
@ -113,8 +114,9 @@ end
def get_md
begin
line = $sp.gets()
puts("DBG got: " + line.inspect) if $debug
line = "" if line==nil
puts("DBG got: "+line) if $debug
# puts("DBG got: "+line) if $debug
end while not /[\s]*MD[\s]*=.*/.match(line)
return line
end
@ -137,19 +139,29 @@ end
=end
def send_md(md_string)
# puts 'DBG: send_md; md_string.length = '+md_string.length.to_s+'; buffer_size = '+$buffer_size.to_s
bs = $buffer_size
bs = $buffer_size*2
$sp.print("Msg = ")
for i in 0..((md_string.length-1)/bs)
$sp.print(md_string[0])
md_string = md_string[1..-1]
for i in 0..((md_string.length)/bs)
# puts 'DBG bulk send'
if(md_string.length-i*bs<=bs)
# puts "DBG: i="+i.to_s()
$sp.print(md_string[(i*bs)..-1])
t = md_string[(i*bs)..-1]
printf("sending final %d chars: %s\n", t.length, t[-10..-1]) if $debug
$sp.print(t)
return
end
$sp.print(md_string[(i*bs)..((i+1)*bs-1)])
# begin
# line=$sp.gets()
# end while not /\./.match(line)
t = md_string[(i*bs)..((i+1)*bs-1)]
printf("sending %d chars: %s\n", t.length, t[-10..-1]) if $debug
$sp.print(t)
sleep(0.1)
print("going to wait ... : ") if $debug
begin
line=$sp.gets()
puts(line.inspect) if $debug
line='' if !line
end while ! /\./.match(line)
end
end
@ -295,7 +307,7 @@ algo_tasks.each do |algoa|
next
else
i=0
i = opts["j"] if opts["j"]
i = opts["j"].to_i if opts["j"]
logfile=File.open(conf["PORT"]["testlogbase"]+algo+".txt", "a")
while conf[algo]["file_#{i}"] != nil
puts("Testing #{algo} with #{conf[algo]["file_#{i}"]}")

2
jh/jh_simple_small_core.c

@ -51,7 +51,7 @@ uint8_t jh_l(uint8_t v, uint8_t w){
static
void jh_round(uint8_t* a, const uint8_t* rc){
uint8_t b[128];
uint8_t i,r,x,y;
uint8_t i,r=0,x,y;
for(i=0; i<128; ++i){
if(i%4==0){
r = rc[i/4];

2
mkfiles/rabbit_c.mk

@ -7,7 +7,7 @@ STREAM_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := rabbit/
$(ALGO_NAME)_OBJ := rabbit_c.o
$(ALGO_NAME)_INCDIR := memxor/ bcal/ scal/
$(ALGO_NAME)_TESTBIN := main-rabbit-test.o $(CLI_STD) $(SCAL_STD) scal_rabbit.o
$(ALGO_NAME)_TESTBIN := main-rabbit-test.o $(CLI_STD) $(SCAL_STD) scal_rabbit.o
$(ALGO_NAME)_NESSIE_TEST := "nessie"
$(ALGO_NAME)_PERFORMANCE_TEST := "performance"
$(ALGO_NAME)_DEF := ESTREAM=0

33
present/present.c

@ -72,26 +72,31 @@ static void p_inv(uint8_t* o, uint8_t* i){
}
void present_init(const uint8_t* key, uint8_t keysize_b, present_ctx_t* ctx){
uint8_t buffer[10], tmp[2];
uint8_t tmp[2];
union {
uint8_t v8[10];
uint64_t v64;
uint16_t v16[5];
} b;
uint8_t i;
memcpy(buffer, key, 10);
memcpy(&(ctx->k[0]), buffer+2, 8);
memcpy(b.v8, key, 10);
memcpy(&(ctx->k[0]), b.v8+2, 8);
for(i=1; i<32; ++i){
/* rotate buffer 19 right */
memcpy(tmp, buffer, 2);
memmove(buffer, buffer+2, 8);
memcpy(buffer+8, tmp, 2);
memcpy(tmp, b.v8, 2);
memmove(b.v8, b.v8+2, 8);
memcpy(b.v8+8, tmp, 2);
/* three shifts to do*/
tmp[1]=buffer[0];
*((uint64_t*)buffer)>>=3;
*((uint16_t*)(buffer+8))>>=3;
buffer[9] |= tmp[1]<<5;
buffer[7] |= tmp[0]<<5;
tmp[1]=b.v8[0];
b.v64 >>= 3;
b.v16[4] >>= 3;
b.v8[9] |= tmp[1]<<5;
b.v8[7] |= tmp[0]<<5;
/* rotating done now substitution */
buffer[9] = (sbox(buffer[9])&0xF0) | ((buffer[9])&0x0F);
b.v8[9] = (sbox(b.v8[9])&0xF0) | ((b.v8[9])&0x0F);
/* xor with round counter */
*((uint16_t*)(buffer+1)) ^= (uint16_t)i<<7;
memcpy(&(ctx->k[i]), buffer+2, 8);
*((uint16_t*)(b.v8+1)) ^= (uint16_t)i<<7;
memcpy(&(ctx->k[i]), b.v8+2, 8);
}
}

24
rabbit/rabbit_c.c

@ -141,24 +141,28 @@ static
void ivsetup(rabbit_ctx_t* ctx, const void* iv){
uint8_t i;
uint32_t t;
uint8_t t_iv[8];
union __attribute__((packed)){
uint8_t v8[8];
uint16_t v16[4];
uint32_t v32[2];
}t_iv;
i=0;
#if ESTREAM
memcpy(t_iv, iv, 8);
memcpy(t_iv.v8, iv, 8);
#else
do{
t_iv[i] = ((uint8_t*)iv)[7-i];
t_iv[7-i] = ((uint8_t*)iv)[i];
t_iv.v8[i] = ((uint8_t*)iv)[7-i];
t_iv.v8[7-i] = ((uint8_t*)iv)[i];
}while(++i<4);
#endif
ctx->c[0] ^= *((uint32_t*)t_iv);
ctx->c[4] ^= *((uint32_t*)t_iv);
ctx->c[2] ^= ((uint32_t*)t_iv)[1];
ctx->c[6] ^= ((uint32_t*)t_iv)[1];
t = (( (uint32_t)((uint16_t*)t_iv)[3])<<16) | (((uint16_t*)t_iv)[1]);
ctx->c[0] ^= t_iv.v32[0];
ctx->c[4] ^= t_iv.v32[0];
ctx->c[2] ^= t_iv.v32[1];
ctx->c[6] ^= t_iv.v32[1];
t = ( ((uint32_t)(t_iv.v16[3]))<<16) | (t_iv.v16[1]);
ctx->c[1] ^= t;
ctx->c[5] ^= t;
t = (( (uint32_t)((uint16_t*)t_iv)[2])<<16) | (((uint16_t*)t_iv)[0]);
t = ( ((uint32_t)(t_iv.v16[2]))<<16) | (t_iv.v16[0]);
ctx->c[3] ^= t;
ctx->c[7] ^= t;
i=4;

10
rsa/rsa_basic.c

@ -28,12 +28,14 @@
#include "uart_lowlevel.h"
void rsa_enc(bigint_t* data, rsa_publickey_t* key){
/*
cli_putstr("\r\n -->rsa_enc()\r\n m = ");
bigint_print_hex(data);
cli_putstr("\r\n e = ");
bigint_print_hex(key->exponent);
cli_putstr("\r\n n = ");
bigint_print_hex(key->modulus);
*/
bigint_expmod_u(data, data, key->exponent, key->modulus);
}
@ -47,8 +49,6 @@ m = m2 + q * h
uint8_t rsa_dec_crt_mono(bigint_t* data, rsa_privatekey_t* key){
bigint_t m1, m2;
cli_putstr("\r\n --> rsa_dec_crt_mono()");
uart_flush(0);
m1.wordv = malloc(key->components[0]->length_B * sizeof(bigint_word_t));
m2.wordv = malloc(key->components[1]->length_B * sizeof(bigint_word_t));
if(!m1.wordv || !m2.wordv){
@ -57,24 +57,18 @@ uint8_t rsa_dec_crt_mono(bigint_t* data, rsa_privatekey_t* key){
free(m2.wordv);
return 1;
}
cli_putc('a'); uart_flush(0);
bigint_expmod_u(&m1, data, key->components[2], key->components[0]);
cli_putc('f'); uart_flush(0);
bigint_expmod_u(&m2, data, key->components[3], key->components[1]);
cli_putc('b'); uart_flush(0);
bigint_sub_s(&m1, &m1, &m2);
while(BIGINT_NEG_MASK & m1.info){
bigint_add_s(&m1, &m1, key->components[0]);
}
cli_putc('c'); uart_flush(0);
bigint_reduce(&m1, key->components[0]);
bigint_mul_u(data, &m1, key->components[4]);
cli_putc('d'); uart_flush(0);
bigint_reduce(data, key->components[0]);
bigint_mul_u(data, data, key->components[1]);
bigint_add_u(data, data, &m2);
cli_putc('e'); uart_flush(0);
free(m1.wordv);
free(m2.wordv);
return 0;

47
rsa/rsa_oaep.c

@ -65,10 +65,12 @@ uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
return 1;
}
uint16_t buffer_len = bigint_length_B(key->modulus);
/*
cli_putstr("\r\n buffer_len = ");
cli_hexdump_rev(&buffer_len, 2);
cli_putstr("\r\n modulus_len = ");
cli_hexdump_rev(&key->modulus->length_B, 2);
*/
uint8_t* buffer = (uint8_t*)dest;
uint8_t off;
/* the following needs some explanation:
@ -79,8 +81,8 @@ uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
% (sizeof(bigint_word_t));
buffer += off;
buffer_len -= off;
cli_putstr("\r\n off = ");
cli_hexdump_byte(off);
// cli_putstr("\r\n off = ");
// cli_hexdump_byte(off);
uint8_t* seed_buffer = buffer + 1;
uint16_t db_len = buffer_len - hv_len - 1;
uint8_t* db = seed_buffer + hv_len;
@ -105,14 +107,14 @@ uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
seed_buffer[i] = prng_get_byte();
}
}
cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
// cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
memxor(db, maskbuffer, db_len);
p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter);
memxor(seed_buffer, maskbuffer, hv_len);
cli_putstr("\r\n msg (raw, post-feistel):\r\n");
cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
// cli_putstr("\r\n msg (raw, post-feistel):\r\n");
// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
x.wordv = dest;
x.length_B = key->modulus->length_B;
@ -129,7 +131,7 @@ uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
rsa_privatekey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, void* seed){
cli_putstr("\r\n -->rsa_decrypt_oaep()"); uart_flush(0);
// cli_putstr("\r\n -->rsa_decrypt_oaep()"); uart_flush(0);
if(!label){
label = &rsa_oaep_default_label;
}
@ -151,7 +153,7 @@ uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
memset(dest, 0, bigint_length_B(key->modulus) - length_B);
memcpy((uint8_t*)dest + bigint_length_B(key->modulus) - length_B, src, length_B);
cli_putc('a'); uart_flush(0);
// cli_putc('a'); uart_flush(0);
x.wordv = dest;
x.length_B = key->modulus->length_B;
@ -159,52 +161,47 @@ uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
bigint_adjust(&x);
cli_putc('b'); uart_flush(0);
// cli_putc('b'); uart_flush(0);
rsa_os2ip(&x, NULL, bigint_length_B(key->modulus));
cli_putc('c'); uart_flush(0);
// cli_putc('c'); uart_flush(0);
rsa_dec(&x, key);
cli_putc('d'); uart_flush(0);
// cli_putc('d'); uart_flush(0);
rsa_i2osp(NULL, &x, &data_len);
cli_putstr("\r\n msg (raw, pre-move):\r\n");
cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
// cli_putstr("\r\n msg (raw, pre-move):\r\n");
// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
if(data_len > x_len){
return 7;
}
/*
cli_putstr("\r\n moving some bytes; x_len = ");
cli_hexdump_rev(&x_len, 2);
cli_putstr(" data_len = ");
cli_hexdump_rev(&data_len, 2);
uart_flush(0);
*/
if(x_len != data_len){
memmove((uint8_t*)dest + x_len - data_len, dest, data_len);
cli_putstr(" (oh, not dead yet?!)");
uart_flush(0);
// cli_putstr(" (oh, not dead yet?!)");
// uart_flush(0);
memset(dest, 0, x_len - data_len);
}
hfal_hash_mem(p->hf, label_hv, label->label, label->length_b);
/*
if(buffer[0] != 0){
return 1;
}
*/
cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
cli_hexdump_block(seed_buffer, bigint_length_B(key->modulus), 4, 16);
uart_flush(0);
*/
p->mgf(maskbuffer, db_buffer, db_len, hv_len, p->mgf_parameter);
memxor(seed_buffer, maskbuffer, hv_len);
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
memxor(db_buffer, maskbuffer, db_len);
if(memcmp(label_hv, db_buffer, hv_len)){
cli_putstr("\r\nDBG: DB:\r\n");
cli_hexdump_block(db_buffer, db_len, 4, 16);
// cli_putstr("\r\nDBG: DB:\r\n");
// cli_hexdump_block(db_buffer, db_len, 4, 16);
return 2;
}

4
salsa20/salsa20.c

@ -96,14 +96,14 @@ void salsa_k16(uint32_t* dest, const uint32_t* k, const uint32_t* n){
void salsa20_genBlock256(void* dest, const void* k, const void* iv, uint64_t i){
uint32_t n[4];
memcpy(n, iv, 8);
memcpy(n+8, &i, 8);
//? memcpy(n+8, &i, 8);
salsa_k32((uint32_t*)dest, (uint32_t*)k, n);
}
void salsa20_genBlock128(void* dest, const void* k, const void* iv, uint64_t i){
uint32_t n[4];
memcpy(n, iv, 8);
memcpy(n+8, &i, 8);
//? memcpy(n+8, &i, 8);
salsa_k16((uint32_t*)dest, (uint32_t*)k, n);
}

21
skein/ubi.h

@ -49,17 +49,32 @@
typedef struct{
uint8_t tweak[16];
union {
uint8_t v8[16];
uint16_t v16[8];
uint32_t v32[4];
uint64_t v64[2];
} tweak;
uint8_t g[32];
}ubi256_ctx_t;
typedef struct{
uint8_t tweak[16];
union {
uint8_t v8[16];
uint16_t v16[8];
uint32_t v32[4];
uint64_t v64[2];
} tweak;
uint8_t g[64];
}ubi512_ctx_t;
typedef struct{
uint8_t tweak[16];
union {
uint8_t v8[16];
uint16_t v16[8];
uint32_t v32[4];
uint64_t v64[2];
} tweak;
uint8_t g[128];
}ubi1024_ctx_t;

18
skein/ubi1024.c

@ -31,19 +31,19 @@
#include "ubi.h"
void ubi1024_init(ubi1024_ctx_t* ctx, const void* g, uint8_t type){
memset(ctx->tweak, 0, 15);
ctx->tweak[15] = 0x40+type;
memset(ctx->tweak.v8, 0, 15);
ctx->tweak.v8[15] = 0x40+type;
memcpy(ctx->g, g, UBI1024_BLOCKSIZE_B);
}
void ubi1024_nextBlock(ubi1024_ctx_t* ctx, const void* block){
threefish1024_ctx_t tfctx;
((uint64_t*)(ctx->tweak))[0] += UBI1024_BLOCKSIZE_B;
threefish1024_init(ctx->g, ctx->tweak, &tfctx);
ctx->tweak.v64[0] += UBI1024_BLOCKSIZE_B;
threefish1024_init(ctx->g, ctx->tweak.v8, &tfctx);
memcpy(ctx->g, block, UBI1024_BLOCKSIZE_B);
threefish1024_enc(ctx->g, &tfctx);
memxor(ctx->g, block, UBI1024_BLOCKSIZE_B);
ctx->tweak[15] &= (uint8_t)~0x40;
ctx->tweak.v8[15] &= (uint8_t)~0x40;
}
@ -54,11 +54,11 @@ void ubi1024_lastBlock(ubi1024_ctx_t* ctx, const void* block, uint16_t length_b)
block = (uint8_t*)block + UBI1024_BLOCKSIZE_B;
length_b -= UBI1024_BLOCKSIZE;
}
ctx->tweak[15] |= 0x80;
((uint64_t*)(ctx->tweak))[0] += (length_b+7)/8;
ctx->tweak.v8[15] |= 0x80;
ctx->tweak.v64[0] += (length_b+7)/8;
if(length_b & 0x07)
ctx->tweak[14] |= 0x80;
threefish1024_init(ctx->g, ctx->tweak, &tfctx);
ctx->tweak.v8[14] |= 0x80;
threefish1024_init(ctx->g, ctx->tweak.v8, &tfctx);
memset(ctx->g, 0, UBI1024_BLOCKSIZE_B);
memcpy(ctx->g, block, (length_b+7)/8);
if(length_b & 0x07)

18
skein/ubi256.c

@ -31,19 +31,19 @@
#include "ubi.h"
void ubi256_init(ubi256_ctx_t* ctx, const void* g, uint8_t type){
memset(ctx->tweak, 0, 15);
ctx->tweak[15] = 0x40+type;
memset(ctx->tweak.v8, 0, 15);
ctx->tweak.v8[15] = 0x40+type;
memcpy(ctx->g, g, 32);
}
void ubi256_nextBlock(ubi256_ctx_t* ctx, const void* block){
threefish256_ctx_t tfctx;
((uint64_t*)(ctx->tweak))[0] += UBI256_BLOCKSIZE_B;
threefish256_init(ctx->g, ctx->tweak, &tfctx);
ctx->tweak.v64[0] += UBI256_BLOCKSIZE_B;
threefish256_init(ctx->g, ctx->tweak.v8, &tfctx);
memcpy(ctx->g, block, UBI256_BLOCKSIZE_B);
threefish256_enc(ctx->g, &tfctx);
memxor(ctx->g, block, UBI256_BLOCKSIZE_B);
ctx->tweak[15] &= (uint8_t)~0x40;
ctx->tweak.v8[15] &= (uint8_t)~0x40;
}
@ -54,12 +54,12 @@ void ubi256_lastBlock(ubi256_ctx_t* ctx, const void* block, uint16_t length_b){
block = (uint8_t*)block + UBI256_BLOCKSIZE_B;
length_b -= UBI256_BLOCKSIZE;
}
ctx->tweak[15] |= 0x80;
((uint64_t*)(ctx->tweak))[0] += (length_b+7)/8;
ctx->tweak.v8[15] |= 0x80;
ctx->tweak.v64[0] += (length_b+7)/8;
if(length_b & 0x07){
ctx->tweak[14] |= 0x80;
ctx->tweak.v8[14] |= 0x80;
}
threefish256_init(ctx->g, ctx->tweak, &tfctx);
threefish256_init(ctx->g, ctx->tweak.v8, &tfctx);
memset(ctx->g, 0, UBI256_BLOCKSIZE_B);
memcpy(ctx->g, block, (length_b+7)/8);
if(length_b & 0x07){

18
skein/ubi512.c

@ -31,19 +31,19 @@
#include "ubi.h"
void ubi512_init(ubi512_ctx_t* ctx, const void* g, uint8_t type){
memset(ctx->tweak, 0, 15);
ctx->tweak[15] = 0x40+type;
memset(ctx->tweak.v8, 0, 15);
ctx->tweak.v8[15] = 0x40+type;
memcpy(ctx->g, g, UBI512_BLOCKSIZE_B);
}
void ubi512_nextBlock(ubi512_ctx_t* ctx, const void* block){
threefish512_ctx_t tfctx;
((uint64_t*)(ctx->tweak))[0] += UBI512_BLOCKSIZE_B;
threefish512_init(ctx->g, ctx->tweak, &tfctx);
ctx->tweak.v64[0] += UBI512_BLOCKSIZE_B;
threefish512_init(ctx->g, ctx->tweak.v8, &tfctx);
memcpy(ctx->g, block, UBI512_BLOCKSIZE_B);
threefish512_enc(ctx->g, &tfctx);
memxor(ctx->g, block, UBI512_BLOCKSIZE_B);
ctx->tweak[15] &= (uint8_t)~0x40;
ctx->tweak.v8[15] &= (uint8_t)~0x40;
}
@ -54,11 +54,11 @@ void ubi512_lastBlock(ubi512_ctx_t* ctx, const void* block, uint16_t length_b){
block = (uint8_t*)block + UBI512_BLOCKSIZE_B;
length_b -= UBI512_BLOCKSIZE;
}
ctx->tweak[15] |= 0x80;
((uint64_t*)(ctx->tweak))[0] += (length_b+7)/8;
ctx->tweak.v8[15] |= 0x80;
ctx->tweak.v64[0] += (length_b+7)/8;
if(length_b & 0x07)
ctx->tweak[14] |= 0x80;
threefish512_init(ctx->g, ctx->tweak, &tfctx);
ctx->tweak.v8[14] |= 0x80;
threefish512_init(ctx->g, ctx->tweak.v8, &tfctx);
memset(ctx->g, 0, UBI512_BLOCKSIZE_B);
memcpy(ctx->g, block, (length_b+7)/8);
if(length_b & 0x07)

13
test_src/main-aes-test.c

@ -196,6 +196,18 @@ void testrun_testkey_aes256(void){
}
}
void crypto_test(void){
uint8_t test_data[16], test_key[32];
aes256_ctx_t ctx;
memset(test_key, 0xA5, 32);
memset(test_data, 0, 16);
aes256_init(test_key, &ctx);
aes256_enc(test_data, &ctx);
cli_putstr("\r\ncrypto test data:\r\n");
cli_hexdump_block(test_data, 16, 4, 8);
}
void testrun_testkey_aes(void){
testrun_testkey_aes128();
testrun_testkey_aes192();
@ -698,6 +710,7 @@ const cmdlist_entry_t cmdlist[] = {
{ "testcmac72", NULL, testrun_aes128_cmac72 },
{ "testcmac0", NULL, testrun_aes192_cmac0 },
{ "testeax", NULL, testrun_aes128_eax },
{ "quick-test", NULL, crypto_test },
{ "cmacvs_list", NULL, cmacvs_listalgos },
{ "cmacvs_set", (void*)1, (void_fpt)cmacvs_setalgo },
{ "cmacvs_test1", NULL, cmacvs_test1 },

39
test_src/main-rsa_oaep-test.c

@ -202,6 +202,39 @@ const uint8_t encrypted3[] = {
/**********************************************************************************************/
/* ---------------------------------
* RSAES-OAEP Encryption Example 2.4
* --------------------------------- */
/* Message to be encrypted: */
const uint8_t message4[] = {
0xa7, 0xeb, 0x2a, 0x50, 0x36, 0x93, 0x1d, 0x27, 0xd4, 0xe8, 0x91, 0x32, 0x6d, 0x99, 0x69, 0x2f,
0xfa, 0xdd, 0xa9, 0xbf, 0x7e, 0xfd, 0x3e, 0x34, 0xe6, 0x22, 0xc4, 0xad, 0xc0, 0x85, 0xf7, 0x21,
0xdf, 0xe8, 0x85, 0x07, 0x2c, 0x78, 0xa2, 0x03, 0xb1, 0x51, 0x73, 0x9b, 0xe5, 0x40, 0xfa, 0x8c,
0x15, 0x3a, 0x10, 0xf0, 0x0a
};
/* Seed: */
const uint8_t seed4[] = {
0x9a, 0x7b, 0x3b, 0x0e, 0x70, 0x8b, 0xd9, 0x6f, 0x81, 0x90, 0xec, 0xab, 0x4f, 0xb9, 0xb2, 0xb3,
0x80, 0x5a, 0x81, 0x56
};
/* Encryption: */
const uint8_t encrypted4[] = {
0x00, 0xa4, 0x57, 0x8c, 0xbc, 0x17, 0x63, 0x18, 0xa6, 0x38, 0xfb, 0xa7, 0xd0, 0x1d, 0xf1, 0x57,
0x46, 0xaf, 0x44, 0xd4, 0xf6, 0xcd, 0x96, 0xd7, 0xe7, 0xc4, 0x95, 0xcb, 0xf4, 0x25, 0xb0, 0x9c,
0x64, 0x9d, 0x32, 0xbf, 0x88, 0x6d, 0xa4, 0x8f, 0xba, 0xf9, 0x89, 0xa2, 0x11, 0x71, 0x87, 0xca,
0xfb, 0x1f, 0xb5, 0x80, 0x31, 0x76, 0x90, 0xe3, 0xcc, 0xd4, 0x46, 0x92, 0x0b, 0x7a, 0xf8, 0x2b,
0x31, 0xdb, 0x58, 0x04, 0xd8, 0x7d, 0x01, 0x51, 0x4a, 0xcb, 0xfa, 0x91, 0x56, 0xe7, 0x82, 0xf8,
0x67, 0xf6, 0xbe, 0xd9, 0x44, 0x9e, 0x0e, 0x9a, 0x2c, 0x09, 0xbc, 0xec, 0xc6, 0xaa, 0x08, 0x76,
0x36, 0x96, 0x5e, 0x34, 0xb3, 0xec, 0x76, 0x6f, 0x2f, 0xe2, 0xe4, 0x30, 0x18, 0xa2, 0xfd, 0xde,
0xb1, 0x40, 0x61, 0x6a, 0x0e, 0x9d, 0x82, 0xe5, 0x33, 0x10, 0x24, 0xee, 0x06, 0x52, 0xfc, 0x76,
0x41
};
/**********************************************************************************************/
/* RSA modulus n: */
const uint8_t modulus2[] = {
0x01, 0x94, 0x7c, 0x7f, 0xce, 0x90, 0x42, 0x5f, 0x47, 0x27, 0x9e, 0x70, 0x85, 0x1f, 0x25, 0xd5,
@ -295,9 +328,9 @@ rsa_privatekey_t priv_key;
#define DQ dq
#define QINV qinv
#else
#define MSG message3
#define SEED seed3
#define ENCRYPTED encrypted3
#define MSG message4
#define SEED seed4
#define ENCRYPTED encrypted4
#define MODULUS modulus2
#define PUB_EXPONENT public_exponent2
#define PRIV_EXPONENT private_exponent2

16
test_src/shavs.c

@ -117,9 +117,7 @@ uint8_t buffer_add(char c){
hfal_hash_nextBlock(&(shavs_ctx.ctx), shavs_ctx.buffer);
++shavs_ctx.blocks;
shavs_ctx.buffer_idx=0;
shavs_ctx.in_byte=0;
cli_putc('.');
memset(shavs_ctx.buffer, 0, shavs_ctx.buffersize_B);
}
if(c>='0' && c<='9'){
v=c-'0';
@ -134,12 +132,12 @@ uint8_t buffer_add(char c){
t=shavs_ctx.buffer[shavs_ctx.buffer_idx];
if(shavs_ctx.in_byte){
t |= v;
shavs_ctx.buffer[shavs_ctx.buffer_idx]=t;
shavs_ctx.buffer[shavs_ctx.buffer_idx] = t;
shavs_ctx.buffer_idx++;
shavs_ctx.in_byte = 0;
}else{
t |= v<<4;
shavs_ctx.buffer[shavs_ctx.buffer_idx]=t;
t = v<<4;
shavs_ctx.buffer[shavs_ctx.buffer_idx] = t;
shavs_ctx.in_byte = 1;
}
return 0;
@ -226,7 +224,7 @@ void shavs_test1(void){ /* KAT tests */
if(length==0){
expect_input=2;
}else{
expect_input=((length+7)>>2)&(~1L);
expect_input=((length + 7) >> 2) & (~1L);
}
#if DEBUG
cli_putstr("\r\nexpected_input == ");
@ -309,7 +307,7 @@ void shavs_test1(void){ /* KAT tests */
cli_putstr("\r\nBuffer-A:");
cli_hexdump_block(buffer, shavs_ctx.buffersize_B, 5, 8);
cli_putstr("\r\n starting finalisation");
cli_putstr("\r\n starting finalization");
cli_putstr("\r\n\tblocks == ");
cli_hexdump_rev(&(shavs_ctx.blocks),4);
cli_putstr("\r\n\tbuffer_idx == ");
@ -325,14 +323,10 @@ void shavs_test1(void){ /* KAT tests */
uint16_t temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
cli_putstr("\r\n\t (temp) == ");
cli_hexdump_rev(&temp,2);
temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
#else
uint16_t temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
#endif
/* cli_putstr("\r\n\t (temp) == ");
cli_hexdump_rev(&temp,2); */
hfal_hash_lastBlock( &(shavs_ctx.ctx), buffer, /* be aware of freaking compilers!!! */
// length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8));
temp );
#if DEBUG
cli_putstr("\r\n starting ctx2hash");

2
testport.conf

@ -1,7 +1,7 @@
# configfile for shavs tests
[PORT]
port = /dev/ttyUSB1
port = /dev/ttyUSB0
baud = 115200
databits = 8
stopbits = 1

2170
testvectors/salsa20-128.64-verified.test-vectors

File diff suppressed because it is too large

2605
testvectors/salsa20-256.64-verified.test-vectors

File diff suppressed because it is too large
Loading…
Cancel
Save