introducing RSA-OAEP (can encrypt one message correctly)

This commit is contained in:
bg 2012-02-20 00:33:57 +01:00
parent f47523ef39
commit ad20a79e42
16 changed files with 5881 additions and 364 deletions

View File

@ -81,6 +81,21 @@ void bigint_adjust(bigint_t* a){
/******************************************************************************/
uint16_t bigint_length_b(bigint_t* a){
if(!a->length_B || a->length_B==0){
return 0;
}
return (a->length_B-1) * BIGINT_WORD_SIZE + GET_FBS(a);
}
/******************************************************************************/
uint16_t bigint_length_B(bigint_t* a){
return (bigint_length_b(a)+7)/8;
}
/******************************************************************************/
uint32_t bigint_get_first_set_bit(bigint_t* a){
if(a->length_B==0){
return (uint32_t)(-1);
@ -671,6 +686,9 @@ void bigint_reduce(bigint_t* a, const bigint_t* r){
uint16_t shift;
while(a->length_B > r->length_B){
shift = (a->length_B - r->length_B) * 8 * sizeof(bigint_word_t) + GET_FBS(a) - rfbs - 1;
if(a->wordv[a->length_B-1] > r->wordv[r->length_B-1]){
shift += 1;
}
// cli_putstr("\r\nDBG: (p) shift = "); cli_hexdump_rev(&shift, 2);
// cli_putstr(" a_len = "); cli_hexdump_rev(&a->length_B, 2);
// cli_putstr(" r_len = "); cli_hexdump_rev(&r->length_B, 2);

View File

@ -50,6 +50,8 @@ typedef struct{
void bigint_adjust(bigint_t* a);
uint32_t bigint_get_first_set_bit(bigint_t* a);
uint32_t bigint_get_last_set_bit(bigint_t* a);
uint16_t bigint_length_b(bigint_t* a);
uint16_t bigint_length_B(bigint_t* a);
void bigint_copy(bigint_t* dest, const bigint_t* src);
void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b);
void bigint_add_scale_u(bigint_t* dest, const bigint_t* a, uint16_t scale);

View File

@ -71,6 +71,10 @@ void hfal_hash_mem(const hfdesc_t* hash_descriptor, void* dest, const void* msg,
}
}
uint16_t hfal_hash_getCtxsize_B(const hfdesc_t* hash_descriptor){
return hash_descriptor->ctxsize_B;
}
uint16_t hfal_hash_getBlocksize(const hfdesc_t* hash_descriptor){
return hash_descriptor->blocksize_b;
}

View File

@ -28,6 +28,7 @@ void hfal_hash_lastBlock(hfgen_ctx_t* ctx, const void* block, uint16_t length_b)
void hfal_hash_ctx2hash(void* dest, hfgen_ctx_t* ctx);
void hfal_hash_free(hfgen_ctx_t* ctx);
void hfal_hash_mem(const hfdesc_t* hash_descriptor, void* dest, const void* msg, uint32_t length_b);
uint16_t hfal_hash_getCtxsize_B(const hfdesc_t* hash_descriptor);
uint16_t hfal_hash_getBlocksize(const hfdesc_t* hash_descriptor);
uint16_t hfal_hash_getHashsize(const hfdesc_t* hash_descriptor);

View File

@ -1,14 +0,0 @@
# Makefile for RSA
ALGO_NAME := RSA
# comment out the following line for removement of RSA from the build process
SIGNATURE += $(ALGO_NAME)
$(ALGO_NAME)_DIR := rsa/
$(ALGO_NAME)_INCDIR := memxor/ bigint/ noekeon/
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsa_pkcs15.o
$(ALGO_NAME)_TESTBIN := main-rsa-test.o $(CLI_STD) random_dummy.o \
noekeon.o noekeon_prng.o memxor.o
$(ALGO_NAME)_PERFORMANCE_TEST := performance

14
mkfiles/rsa_oaep.mk Normal file
View File

@ -0,0 +1,14 @@
# Makefile for RSA
ALGO_NAME := RSA_OAEP
# comment out the following line for removement of RSA from the build process
PK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := rsa/
$(ALGO_NAME)_INCDIR := memxor/ bigint/ noekeon/ hfal/ sha1/ mgf1/
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsa_oaep.o mgf1.o hfal-basic.o hfal_sha1.o sha1.o
$(ALGO_NAME)_TESTBIN := main-rsa_oaep-test.o $(CLI_STD) random_dummy.o \
noekeon.o noekeon_prng.o memxor.o
$(ALGO_NAME)_PERFORMANCE_TEST := performance

View File

@ -1,5 +1,5 @@
source [find /usr/share/openocd/scripts/interface/luminary-icdi.cfg]
source [find /usr/share/openocd/scripts/target/lm3s9b9x.cfg]
source [find /usr/share/openocd/scripts/target/stellaris.cfg]
# GDB can also flash my flash!
#gdb_memory_map enable
#gdb_flash_program enable

124
rsa/rsa_oaep.c Normal file
View File

@ -0,0 +1,124 @@
/* rsa_oaep.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2012 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "memxor.h"
#include "mgf1.h"
#include "bigint.h"
#include "rsa_basic.h"
#include "rsa_oaep.h"
#include "random_dummy.h"
#include "hfal/hfal_sha1.h"
#include "cli.h"
#include "uart_lowlevel.h"
mgf1_parameter_t mgf1_default_parameter = {
&sha1_desc
};
rsa_oaep_parameter_t rsa_oaep_default_parameter = {
mgf1,
&sha1_desc,
&mgf1_default_parameter
};
rsa_label_t rsa_oaep_default_label = {
0, NULL
};
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, const void* seed){
if(!p){
p = &rsa_oaep_default_parameter;
}
if(!label){
label = &rsa_oaep_default_label;
}
uint16_t hv_len = (hfal_hash_getHashsize(p->hf)+7)/8;
if(length_B > bigint_length_B(key->modulus) - 2*hv_len - 2){
/* message too long */
return 1;
}
uint16_t buffer_len = bigint_length_B(key->modulus);
uint8_t* buffer = (uint8_t*)dest;
uint8_t off;
/* the following needs some explanation:
* off is the offset which is used for compensating the effect of
* changeendian() when it operates on multi-byte words.
* */
off = (sizeof(bigint_word_t) -(bigint_get_first_set_bit(key->modulus)/8+1)%(sizeof(bigint_word_t)*8))
% (sizeof(bigint_word_t));
uart_flush(0);
buffer += off;
buffer_len -= off;
uint8_t* seed_buffer = buffer + 1;
uint16_t db_len = buffer_len - hv_len - 1;
uint8_t* db = seed_buffer + hv_len;
uint16_t maskbuffer_len = db_len>hv_len?db_len:hv_len;
uint8_t maskbuffer[maskbuffer_len];
bigint_t x;
memset(buffer, 0, seed_buffer - buffer);
memset(db + hv_len, 0, db_len - hv_len - length_B -1);
hfal_hash_mem(p->hf, db, label->label, label->length_b);
db[db_len - length_B - 1] = 0x01;
memcpy(db+db_len - length_B, src, length_B);
uart_flush(0);
if(seed){
memcpy(seed_buffer, seed, hv_len);
}else{
/* generate random seed */
if(!prng_get_byte){
return 2; /* ERROR: no random generator specified */
}
uint16_t i;
for(i=0; i<hv_len; ++i){
seed_buffer[i] = prng_get_byte();
}
}
//void mgf1(void* dest, const void* seed, uint16_t seed_len_B, uint16_t out_length_B, const mgf1_parameter_t* p);
cli_hexdump_block(dest, buffer_len+off, 4, 8);
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
memxor(db, maskbuffer, db_len);
p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter);
memxor(seed_buffer, maskbuffer, hv_len);
cli_putstr("\r\ngot to 112\r\n");
uart_flush(0);
x.wordv = dest;
x.length_B = key->modulus->length_B;
bigint_adjust(&x);
cli_putstr("\r\ngot to 118\r\n");
uart_flush(0);
rsa_os2ip(&x, NULL, key->modulus->length_B * sizeof(bigint_word_t));
rsa_enc(&x, key);
rsa_i2osp(NULL, &x, out_length);
return 0;
}

50
rsa/rsa_oaep.h Normal file
View File

@ -0,0 +1,50 @@
/* rsa_oaep.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2012 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef RSA_OAEP_H_
#define RSA_OAEP_H_
#include <stdint.h>
#include "mgf1.h"
void mgf1(void* dest, const void* seed, uint16_t seed_len_B, uint16_t out_length_B, const mgf1_parameter_t* p);
typedef struct {
void (*mgf)(void* dst, const void* seed, uint16_t slen_B, uint16_t dstlen_B, const mgf1_parameter_t* p);
const hfdesc_t* hf;
mgf1_parameter_t* mgf_parameter;
} rsa_oaep_parameter_t;
typedef struct {
uint16_t length_b;
const void* label;
} rsa_label_t;
extern rsa_oaep_parameter_t rsa_oaep_default_parameter;
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, const void* seed);
#endif /* RSA_OAEP_H_ */

View File

@ -1,349 +0,0 @@
/* main-dsa-test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* DSA test-suit
*
*/
#include "main-test-common.h"
#include "noekeon.h"
#include "noekeon_prng.h"
#include "bigint.h"
#include "bigint_io.h"
#include "random_dummy.h"
#include "rsa_basic.h"
#include "rsa_pkcs15.h"
#include "performance_test.h"
const char* algo_name = "RSA";
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
const uint8_t modulus[] = {
0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
};
const uint8_t public_exponent[] = {
0x00, 0x01, 0x00, 0x01
};
const uint8_t private_exponent[] = {
0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
};
const uint8_t p[] = {
0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
};
const uint8_t q[] = {
0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
};
const uint8_t dp[] = {
0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
};
const uint8_t dq[] = {
0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
};
const uint8_t qinv[] = {
0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1,
};
/*
# PKCS#1 v1.5 encryption of 20 random messages with random seeds
# ---------------------------------------------------------------------------
*/
const uint8_t message[] = {
0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
};
const uint8_t seed[] = {
0x01, 0x73, 0x41, 0xae, 0x38, 0x75, 0xd5, 0xf8, 0x71, 0x01, 0xf8, 0xcc, 0x4f, 0xa9, 0xb9, 0xbc,
0x15, 0x6b, 0xb0, 0x46, 0x28, 0xfc, 0xcd, 0xb2, 0xf4, 0xf1, 0x1e, 0x90, 0x5b, 0xd3, 0xa1, 0x55,
0xd3, 0x76, 0xf5, 0x93, 0xbd, 0x73, 0x04, 0x21, 0x08, 0x74, 0xeb, 0xa0, 0x8a, 0x5e, 0x22, 0xbc,
0xcc, 0xb4, 0xc9, 0xd3, 0x88, 0x2a, 0x93, 0xa5, 0x4d, 0xb0, 0x22, 0xf5, 0x03, 0xd1, 0x63, 0x38,
0xb6, 0xb7, 0xce, 0x16, 0xdc, 0x7f, 0x4b, 0xbf, 0x9a, 0x96, 0xb5, 0x97, 0x72, 0xd6, 0x60, 0x6e,
0x97, 0x47, 0xc7, 0x64, 0x9b, 0xf9, 0xe0, 0x83, 0xdb, 0x98, 0x18, 0x84, 0xa9, 0x54, 0xab, 0x3c,
0x6f
};
const uint8_t encrypted[] = {
0x50, 0xb4, 0xc1, 0x41, 0x36, 0xbd, 0x19, 0x8c, 0x2f, 0x3c, 0x3e, 0xd2, 0x43, 0xfc, 0xe0, 0x36,
0xe1, 0x68, 0xd5, 0x65, 0x17, 0x98, 0x4a, 0x26, 0x3c, 0xd6, 0x64, 0x92, 0xb8, 0x08, 0x04, 0xf1,
0x69, 0xd2, 0x10, 0xf2, 0xb9, 0xbd, 0xfb, 0x48, 0xb1, 0x2f, 0x9e, 0xa0, 0x50, 0x09, 0xc7, 0x7d,
0xa2, 0x57, 0xcc, 0x60, 0x0c, 0xce, 0xfe, 0x3a, 0x62, 0x83, 0x78, 0x9d, 0x8e, 0xa0, 0xe6, 0x07,
0xac, 0x58, 0xe2, 0x69, 0x0e, 0xc4, 0xeb, 0xc1, 0x01, 0x46, 0xe8, 0xcb, 0xaa, 0x5e, 0xd4, 0xd5,
0xcc, 0xe6, 0xfe, 0x7b, 0x0f, 0xf9, 0xef, 0xc1, 0xea, 0xbb, 0x56, 0x4d, 0xbf, 0x49, 0x82, 0x85,
0xf4, 0x49, 0xee, 0x61, 0xdd, 0x7b, 0x42, 0xee, 0x5b, 0x58, 0x92, 0xcb, 0x90, 0x60, 0x1f, 0x30,
0xcd, 0xa0, 0x7b, 0xf2, 0x64, 0x89, 0x31, 0x0b, 0xcd, 0x23, 0xb5, 0x28, 0xce, 0xab, 0x3c, 0x31
};
const uint8_t message1[] = {
0x75, 0x0c, 0x40, 0x47, 0xf5, 0x47, 0xe8, 0xe4, 0x14, 0x11, 0x85, 0x65, 0x23, 0x29, 0x8a, 0xc9,
0xba, 0xe2, 0x45, 0xef, 0xaf, 0x13, 0x97, 0xfb, 0xe5, 0x6f, 0x9d, 0xd5,
};
const uint8_t seed1[] = {
0xac, 0x47, 0x28, 0xa8, 0x42, 0x8c, 0x1e, 0x52, 0x24, 0x71, 0xa8, 0xdf, 0x73, 0x5a, 0x8e, 0x92,
0x92, 0xaf, 0x0d, 0x55, 0xbc, 0xb7, 0x3a, 0x12, 0xac, 0x32, 0xc2, 0x64, 0xf3, 0x88, 0x1c, 0x7c,
0x8a, 0x71, 0x0f, 0x70, 0xfe, 0xb1, 0x04, 0x85, 0xc8, 0x37, 0x0f, 0x78, 0x1f, 0xff, 0xd0, 0x21,
0x81, 0x6f, 0x05, 0x87, 0x39, 0x76, 0x6d, 0xa0, 0xa9, 0xc9, 0xdb, 0x0e, 0xae, 0x7e, 0x9a, 0x25,
0xb6, 0xc4, 0x33, 0x18, 0xd0, 0xca, 0xac, 0x23, 0x65, 0x22, 0xca, 0x31, 0x0f, 0x17, 0xfc, 0x52,
0xad, 0x42, 0x29, 0xc8, 0x3a, 0x24, 0xe9, 0xe5, 0x45, 0xeb, 0x35, 0xe9, 0x82, 0x6d, 0x55, 0x9f,
0x57
};
const uint8_t message2[] = {
0xd9, 0x4a, 0xe0, 0x83, 0x2e, 0x64, 0x45, 0xce, 0x42, 0x33, 0x1c, 0xb0, 0x6d, 0x53, 0x1a, 0x82,
0xb1, 0xdb, 0x4b, 0xaa, 0xd3, 0x0f, 0x74, 0x6d, 0xc9, 0x16, 0xdf, 0x24, 0xd4, 0xe3, 0xc2, 0x45,
0x1f, 0xff, 0x59, 0xa6, 0x42, 0x3e, 0xb0, 0xe1, 0xd0, 0x2d, 0x4f, 0xe6, 0x46, 0xcf, 0x69, 0x9d,
0xfd, 0x81, 0x8c, 0x6e, 0x97, 0xb0, 0x51
};
const uint8_t seed2[] = {
0xdd, 0x2d, 0x60, 0xa5, 0xe0, 0x08, 0xeb, 0xe1, 0xd0, 0xbe, 0x6f, 0x60, 0xdb, 0xc4, 0x3f, 0x29,
0x62, 0xef, 0x50, 0xbf, 0xde, 0x54, 0x2b, 0xbb, 0xe9, 0x8f, 0xed, 0xd1, 0xfe, 0xac, 0x05, 0x7e,
0x77, 0x1c, 0xf1, 0x5f, 0xc6, 0x32, 0xc8, 0xdb, 0x27, 0x2e, 0x28, 0xd2, 0x9b, 0x57, 0x93, 0xea,
0x6a, 0xb8, 0x06, 0x21, 0x8c, 0x53, 0x82, 0x39, 0xb9, 0x3a, 0x93, 0x5e, 0x65, 0xd2, 0x44, 0x16,
0xec, 0x6c, 0x6e, 0x99, 0xae, 0x04
};
const uint8_t message3[] = {
0x52, 0xe6, 0x50, 0xd9, 0x8e, 0x7f, 0x2a, 0x04, 0x8b, 0x4f, 0x86, 0x85, 0x21, 0x53, 0xb9, 0x7e,
0x01, 0xdd, 0x31, 0x6f, 0x34, 0x6a, 0x19, 0xf6, 0x7a, 0x85
};
const uint8_t seed3[] = {
0x26, 0x29, 0xa7, 0xaa, 0xc0, 0xc3, 0x90, 0x5e, 0x83, 0x1e, 0xb6, 0x02, 0x38, 0x8c, 0x54, 0x5a,
0xf5, 0x54, 0xb9, 0x6b, 0x2a, 0xe5, 0x15, 0x32, 0xe9, 0xcc, 0xdb, 0x89, 0x72, 0xef, 0x30, 0xb6,
0x4a, 0x2f, 0x98, 0xc6, 0x95, 0x29, 0x7a, 0x01, 0xc5, 0x81, 0x2a, 0x2c, 0x40, 0x15, 0x82, 0xf3,
0x7b, 0x14, 0x4a, 0x3e, 0x90, 0xe5, 0x9d, 0x81, 0xb6, 0x90, 0x39, 0xc6, 0x4b, 0x84, 0x4b, 0x02,
0x8c, 0x10, 0x5c, 0x8e, 0x68, 0x36, 0x15, 0xaf, 0xb6, 0x58, 0xb6, 0xc4, 0xd9, 0xf3, 0x82, 0x38,
0xa7, 0x63, 0x01, 0xbb, 0x14, 0x44, 0x91, 0x13, 0xb6, 0x9d, 0xe1, 0x26, 0x04, 0x5e, 0x26, 0xf1,
0x3e, 0xe6, 0xd7
};
rsa_publickey_t pub_key;
rsa_privatekey_t priv_key;
void load_priv_conventional(void){
bigint_t *epriv;
epriv = malloc(sizeof(bigint_t));
if(!epriv){
cli_putstr("\r\nERROR: OOM!");
return;
}
epriv->length_B = (sizeof(private_exponent) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
epriv->wordv = malloc(epriv->length_B * sizeof(bigint_word_t));
if(!epriv->wordv){
cli_putstr("\r\nERROR: OOM!");
return;
}
memcpy(epriv->wordv, private_exponent, sizeof(private_exponent));
priv_key.components = malloc(sizeof(bigint_t*));
priv_key.components[0] = epriv;
priv_key.n = 1;
bigint_changeendianess(epriv);
bigint_adjust(epriv);
}
void load_priv_crt_mono(void){
bigint_t **v;
const uint8_t *bv[5] = {p,q,dp,dq,qinv};
uint16_t sv[5] = {sizeof(p), sizeof(q), sizeof(dp), sizeof(dq), sizeof(qinv)};
uint8_t i;
v = malloc(5 * sizeof(bigint_t));
if(!v){
cli_putstr("\r\nERROR: OOM!");
return;
}
priv_key.components = malloc(5*sizeof(bigint_t*));
if(!priv_key.components){
cli_putstr("\r\nERROR: OOM!");
return;
}
priv_key.n = 5;
for(i=0; i<5; ++i){
v[i] = malloc(sizeof(bigint_t));
v[i]->info = 0;
v[i]->length_B = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
v[i]->wordv = calloc(v[i]->length_B , sizeof(bigint_word_t));
if(!v[i]->wordv){
cli_putstr("\r\nERROR: OOM!");
return;
}
memcpy(v[i]->wordv, bv[i], sv[i]);
bigint_changeendianess(v[i]);
bigint_adjust(v[i]);
priv_key.components[i] = v[i];
}
}
void load_fix_rsa(void){
bigint_t *m, *epub;
m = malloc(sizeof(bigint_t));
epub = malloc(sizeof(bigint_t));
if(!m || !epub){
cli_putstr("\r\nOOM!\r\n");
return;
}
m->length_B = (sizeof(modulus) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
epub->length_B = (sizeof(public_exponent) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
m->wordv = malloc(m->length_B * sizeof(bigint_word_t));
epub->wordv = malloc(epub->length_B * sizeof(bigint_word_t));
if(!m->wordv || !epub->wordv){
cli_putstr("\r\nOOM!\r\n");
return;
}
memcpy(m->wordv, modulus, sizeof(modulus));
memcpy(epub->wordv, public_exponent, sizeof(public_exponent));
pub_key.modulus = priv_key.modulus = m;
pub_key.exponent = epub;
bigint_changeendianess(m);
bigint_adjust(m);
bigint_changeendianess(epub);
bigint_adjust(epub);
// load_priv_conventional();
load_priv_crt_mono();
}
#define MSG message3
#define SEED seed3
void quick_test(void){
uint8_t *ciphertext, *plaintext, rc;
uint16_t clen, plen;
ciphertext = malloc(clen = pub_key.modulus->length_B * sizeof(bigint_word_t));
plaintext = malloc(pub_key.modulus->length_B * sizeof(bigint_word_t));
// memcpy(ciphertext, message1, sizeof(message1));
cli_putstr("\r\nplaintext:");
cli_hexdump_block(MSG, sizeof(MSG), 4, 8);
rc = rsa_encrypt_pkcs15(ciphertext, &clen, MSG, sizeof(MSG), &pub_key, SEED);
if(rc){
cli_putstr("\r\nERROR: rsa_encrypt_pkcs15 returned: ");
cli_hexdump_byte(rc);
return;
}
cli_putstr("\r\n\r\nciphertext:");
cli_hexdump_block(ciphertext, clen, 4, 8);
uart_flush(0);
rc = rsa_decrypt_pkcs15(plaintext, &plen, ciphertext, clen, &priv_key, NULL);
if(rc){
cli_putstr("\r\nERROR: rsa_encrypt_pkcs15 returned: ");
cli_hexdump_byte(rc);
return;
}
cli_putstr("\r\n\r\nplaintext:");
cli_hexdump_block(plaintext, plen, 4, 8);
free(ciphertext);
free(plaintext);
}
void reset_prng(void){
uint8_t buf[16];
memset(buf, 0, 16);
random_seed(buf);
cli_putstr("\r\nPRNG reset");
}
void rsa_init(void){
load_fix_rsa();
prng_get_byte = random8;
}
/*****************************************************************************
* main *
*****************************************************************************/
const char echo_test_str[] = "echo-test";
const char reset_prng_str[] = "reset-prng";
const char quick_test_str[] = "quick-test";
const char performance_str[] = "performance";
const char echo_str[] = "echo";
cmdlist_entry_t cmdlist[] = {
{ reset_prng_str, NULL, reset_prng },
{ quick_test_str, NULL, quick_test },
// { performance_str, NULL, testrun_performance_bigint },
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
{ NULL, NULL, NULL }
};
void dump_sp(void){
uint8_t x;
uint8_t *xa = &x;
cli_putstr("\r\nstack pointer: ~");
cli_hexdump_rev(&xa, 4);
}
int main (void){
main_setup();
for(;;){
welcome_msg(algo_name);
rsa_init();
cmd_interface(cmdlist);
}
}

View File

@ -0,0 +1,321 @@
/* main-dsa-test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* RSA test-suit
*
*/
#include "main-test-common.h"
#include "noekeon.h"
#include "noekeon_prng.h"
#include "bigint.h"
#include "bigint_io.h"
#include "random_dummy.h"
#include "rsa_basic.h"
#include "rsa_oaep.h"
#include "performance_test.h"
const char* algo_name = "RSA-OAEP";
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
/* ==================================
* Example 1: A 1024-bit RSA Key Pair
* ================================== */
/* ------------------------------
* Components of the RSA Key Pair
* ------------------------------ */
/* RSA modulus n: */
uint8_t modulus[] = {
0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
};
/* RSA public exponent e: */
uint8_t public_exponent[] = {
0x00, 0x01, 0x00, 0x01
};
/* RSA private exponent d: */
uint8_t private_exponent[] = {
0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
};
/* Prime p: */
uint8_t p[] = {
0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
};
/* Prime q: */
uint8_t q[] = {
0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
};
/* p's CRT exponent dP: */
uint8_t dp[] = {
0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
};
/* q's CRT exponent dQ: */
uint8_t dq[] = {
0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
};
/* CRT coefficient qInv: */
uint8_t qinv[] = {
0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1
};
/* ---------------------------------
* RSAES-OAEP Encryption Example 1.1
* --------------------------------- */
/* Message to be, encrypted: */
uint8_t message[] = {
0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
};
/* Seed: */
uint8_t seed[] = {
0x18, 0xb7, 0x76, 0xea, 0x21, 0x06, 0x9d, 0x69, 0x77, 0x6a, 0x33, 0xe9, 0x6b, 0xad, 0x48, 0xe1,
0xdd, 0xa0, 0xa5, 0xef
};
/* Encryption: */
uint8_t encrypted[] = {
0x35, 0x4f, 0xe6, 0x7b, 0x4a, 0x12, 0x6d, 0x5d, 0x35, 0xfe, 0x36, 0xc7, 0x77, 0x79, 0x1a, 0x3f,
0x7b, 0xa1, 0x3d, 0xef, 0x48, 0x4e, 0x2d, 0x39, 0x08, 0xaf, 0xf7, 0x22, 0xfa, 0xd4, 0x68, 0xfb,
0x21, 0x69, 0x6d, 0xe9, 0x5d, 0x0b, 0xe9, 0x11, 0xc2, 0xd3, 0x17, 0x4f, 0x8a, 0xfc, 0xc2, 0x01,
0x03, 0x5f, 0x7b, 0x6d, 0x8e, 0x69, 0x40, 0x2d, 0xe5, 0x45, 0x16, 0x18, 0xc2, 0x1a, 0x53, 0x5f,
0xa9, 0xd7, 0xbf, 0xc5, 0xb8, 0xdd, 0x9f, 0xc2, 0x43, 0xf8, 0xcf, 0x92, 0x7d, 0xb3, 0x13, 0x22,
0xd6, 0xe8, 0x81, 0xea, 0xa9, 0x1a, 0x99, 0x61, 0x70, 0xe6, 0x57, 0xa0, 0x5a, 0x26, 0x64, 0x26,
0xd9, 0x8c, 0x88, 0x00, 0x3f, 0x84, 0x77, 0xc1, 0x22, 0x70, 0x94, 0xa0, 0xd9, 0xfa, 0x1e, 0x8c,
0x40, 0x24, 0x30, 0x9c, 0xe1, 0xec, 0xcc, 0xb5, 0x21, 0x00, 0x35, 0xd4, 0x7a, 0xc7, 0x2e, 0x8a
};
rsa_publickey_t pub_key;
rsa_privatekey_t priv_key;
void load_priv_conventional(void){
bigint_t *epriv;
epriv = malloc(sizeof(bigint_t));
if(!epriv){
cli_putstr("\r\nERROR: OOM!");
return;
}
epriv->length_B = (sizeof(private_exponent) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
epriv->wordv = malloc(epriv->length_B * sizeof(bigint_word_t));
if(!epriv->wordv){
cli_putstr("\r\nERROR: OOM!");
return;
}
memcpy(epriv->wordv, private_exponent, sizeof(private_exponent));
priv_key.components = malloc(sizeof(bigint_t*));
priv_key.components[0] = epriv;
priv_key.n = 1;
bigint_changeendianess(epriv);
bigint_adjust(epriv);
}
void load_priv_crt_mono(void){
bigint_t **v;
const uint8_t *bv[5] = {p,q,dp,dq,qinv};
uint16_t sv[5] = {sizeof(p), sizeof(q), sizeof(dp), sizeof(dq), sizeof(qinv)};
uint8_t i;
v = malloc(5 * sizeof(bigint_t));
if(!v){
cli_putstr("\r\nERROR: OOM!");
return;
}
priv_key.components = malloc(5*sizeof(bigint_t*));
if(!priv_key.components){
cli_putstr("\r\nERROR: OOM!");
return;
}
priv_key.n = 5;
for(i=0; i<5; ++i){
v[i] = malloc(sizeof(bigint_t));
v[i]->info = 0;
v[i]->length_B = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
v[i]->wordv = calloc(v[i]->length_B , sizeof(bigint_word_t));
if(!v[i]->wordv){
cli_putstr("\r\nERROR: OOM!");
return;
}
memcpy(v[i]->wordv, bv[i], sv[i]);
bigint_changeendianess(v[i]);
bigint_adjust(v[i]);
priv_key.components[i] = v[i];
}
}
void load_fix_rsa(void){
bigint_t *m, *epub;
m = malloc(sizeof(bigint_t));
epub = malloc(sizeof(bigint_t));
if(!m || !epub){
cli_putstr("\r\nOOM!\r\n");
return;
}
m->length_B = (sizeof(modulus) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
epub->length_B = (sizeof(public_exponent) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
m->wordv = malloc(m->length_B * sizeof(bigint_word_t));
epub->wordv = malloc(epub->length_B * sizeof(bigint_word_t));
if(!m->wordv || !epub->wordv){
cli_putstr("\r\nOOM!\r\n");
return;
}
memcpy(m->wordv, modulus, sizeof(modulus));
memcpy(epub->wordv, public_exponent, sizeof(public_exponent));
pub_key.modulus = priv_key.modulus = m;
pub_key.exponent = epub;
bigint_changeendianess(m);
bigint_adjust(m);
bigint_changeendianess(epub);
bigint_adjust(epub);
// load_priv_conventional();
load_priv_crt_mono();
}
#define MSG message
#define SEED seed
void quick_test(void){
uint8_t *ciphertext, *plaintext, rc;
uint16_t clen; //, plen;
ciphertext = malloc(clen = pub_key.modulus->length_B * sizeof(bigint_word_t));
plaintext = malloc(pub_key.modulus->length_B * sizeof(bigint_word_t));
// memcpy(ciphertext, message1, sizeof(message1));
cli_putstr("\r\nplaintext:");
cli_hexdump_block(MSG, sizeof(MSG), 4, 8);
uart_flush(0);
rc = rsa_encrypt_oaep(ciphertext, &clen, MSG, sizeof(MSG), &pub_key, NULL, NULL, SEED);
if(rc){
cli_putstr("\r\nERROR: rsa_encrypt_oaep returned: ");
cli_hexdump_byte(rc);
return;
}
cli_putstr("\r\n\r\nciphertext:");
cli_hexdump_block(ciphertext, clen, 4, 8);
uart_flush(0);
/*
rc = rsa_decrypt_pkcs15(plaintext, &plen, ciphertext, clen, &priv_key, NULL);
if(rc){
cli_putstr("\r\nERROR: rsa_encrypt_pkcs15 returned: ");
cli_hexdump_byte(rc);
return;
}
cli_putstr("\r\n\r\nplaintext:");
cli_hexdump_block(plaintext, plen, 4, 8);
*/
free(ciphertext);
free(plaintext);
}
void reset_prng(void){
uint8_t buf[16];
memset(buf, 0, 16);
random_seed(buf);
cli_putstr("\r\nPRNG reset");
}
void rsa_init(void){
load_fix_rsa();
prng_get_byte = random8;
}
/*****************************************************************************
* main *
*****************************************************************************/
const char echo_test_str[] = "echo-test";
const char reset_prng_str[] = "reset-prng";
const char quick_test_str[] = "quick-test";
const char performance_str[] = "performance";
const char echo_str[] = "echo";
cmdlist_entry_t cmdlist[] = {
{ reset_prng_str, NULL, reset_prng },
{ quick_test_str, NULL, quick_test },
// { performance_str, NULL, testrun_performance_bigint },
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
{ NULL, NULL, NULL }
};
void dump_sp(void){
uint8_t x;
uint8_t *xa = &x;
cli_putstr("\r\nstack pointer: ~");
cli_hexdump_rev(&xa, 4);
}
int main (void){
main_setup();
for(;;){
welcome_msg(algo_name);
rsa_init();
cmd_interface(cmdlist);
}
}

View File

@ -0,0 +1,369 @@
# =================================
# WORKED-OUT EXAMPLE FOR RSAES-OAEP
# =================================
#
# This file gives an example of the process of
# encrypting and decrypting a message with
# RSAES-OAEP as specified in PKCS #1 v2.1.
#
# The message is a bit string of length 128,
# while the size of the modulus in the public
# key is 1024 bits. The second representation
# of the private key is used, which means that
# CRT is applied in the decryption process.
#
# The underlying hash function is SHA-1; the
# mask generation function is MGF1 with SHA-1
# as specified in PKCS #1 v2.1.
#
# This file also contains a demonstration of
# the RSADP decryption primitive with CRT.
# Finally, DER encodings of the RSA keys are
# given at the end of the file.
#
#
# Integers are represented by strings of octets
# with the leftmost octet being the most
# significant octet. For example,
#
# 9,202,000 = (0x)8c 69 50.
#
# =============================================
# ------------------------------
# Components of the RSA Key Pair
# ------------------------------
# RSA modulus n:
bb f8 2f 09 06 82 ce 9c 23 38 ac 2b 9d a8 71 f7
36 8d 07 ee d4 10 43 a4 40 d6 b6 f0 74 54 f5 1f
b8 df ba af 03 5c 02 ab 61 ea 48 ce eb 6f cd 48
76 ed 52 0d 60 e1 ec 46 19 71 9d 8a 5b 8b 80 7f
af b8 e0 a3 df c7 37 72 3e e6 b4 b7 d9 3a 25 84
ee 6a 64 9d 06 09 53 74 88 34 b2 45 45 98 39 4e
e0 aa b1 2d 7b 61 a5 1f 52 7a 9a 41 f6 c1 68 7f
e2 53 72 98 ca 2a 8f 59 46 f8 e5 fd 09 1d bd cb
# RSA public exponent e:
(0x)11
# Prime p:
ee cf ae 81 b1 b9 b3 c9 08 81 0b 10 a1 b5 60 01
99 eb 9f 44 ae f4 fd a4 93 b8 1a 9e 3d 84 f6 32
12 4e f0 23 6e 5d 1e 3b 7e 28 fa e7 aa 04 0a 2d
5b 25 21 76 45 9d 1f 39 75 41 ba 2a 58 fb 65 99
# Prime q:
c9 7f b1 f0 27 f4 53 f6 34 12 33 ea aa d1 d9 35
3f 6c 42 d0 88 66 b1 d0 5a 0f 20 35 02 8b 9d 86
98 40 b4 16 66 b4 2e 92 ea 0d a3 b4 32 04 b5 cf
ce 33 52 52 4d 04 16 a5 a4 41 e7 00 af 46 15 03
# p's CRT exponent dP:
54 49 4c a6 3e ba 03 37 e4 e2 40 23 fc d6 9a 5a
eb 07 dd dc 01 83 a4 d0 ac 9b 54 b0 51 f2 b1 3e
d9 49 09 75 ea b7 74 14 ff 59 c1 f7 69 2e 9a 2e
20 2b 38 fc 91 0a 47 41 74 ad c9 3c 1f 67 c9 81
# q's CRT exponent dQ:
47 1e 02 90 ff 0a f0 75 03 51 b7 f8 78 86 4c a9
61 ad bd 3a 8a 7e 99 1c 5c 05 56 a9 4c 31 46 a7
f9 80 3f 8f 6f 8a e3 42 e9 31 fd 8a e4 7a 22 0d
1b 99 a4 95 84 98 07 fe 39 f9 24 5a 98 36 da 3d
# CRT coefficient qInv:
b0 6c 4f da bb 63 01 19 8d 26 5b db ae 94 23 b3
80 f2 71 f7 34 53 88 50 93 07 7f cd 39 e2 11 9f
c9 86 32 15 4f 58 83 b1 67 a9 67 bf 40 2b 4e 9e
2e 0f 96 56 e6 98 ea 36 66 ed fb 25 79 80 39 f7
# ----------------------------------
# Step-by-step RSAES-OAEP Encryption
# ----------------------------------
# Message M to be encrypted:
d4 36 e9 95 69 fd 32 a7 c8 a0 5b bc 90 d3 2c 49
# Label L:
(the empty string)
# lHash = Hash(L)
# DB = lHash || Padding || M
# seed = random string of octets
# dbMask = MGF(seed, length(DB))
# maskedDB = DB xor dbMask
# seedMask = MGF(maskedDB, length(seed))
# maskedSeed = seed xor seedMask
# EM = 0x00 || maskedSeed || maskedDB
# lHash:
da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90
af d8 07 09
# DB:
da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90
af d8 07 09 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 01 d4 36 e9 95 69
fd 32 a7 c8 a0 5b bc 90 d3 2c 49
# seed:
aa fd 12 f6 59 ca e6 34 89 b4 79 e5 07 6d de c2
f0 6c b5 8f
# dbMask:
06 e1 de b2 36 9a a5 a5 c7 07 d8 2c 8e 4e 93 24
8a c7 83 de e0 b2 c0 46 26 f5 af f9 3e dc fb 25
c9 c2 b3 ff 8a e1 0e 83 9a 2d db 4c dc fe 4f f4
77 28 b4 a1 b7 c1 36 2b aa d2 9a b4 8d 28 69 d5
02 41 21 43 58 11 59 1b e3 92 f9 82 fb 3e 87 d0
95 ae b4 04 48 db 97 2f 3a c1 4e af f4 9c 8c 3b
7c fc 95 1a 51 ec d1 dd e6 12 64
# maskedDB:
dc d8 7d 5c 68 f1 ee a8 f5 52 67 c3 1b 2e 8b b4
25 1f 84 d7 e0 b2 c0 46 26 f5 af f9 3e dc fb 25
c9 c2 b3 ff 8a e1 0e 83 9a 2d db 4c dc fe 4f f4
77 28 b4 a1 b7 c1 36 2b aa d2 9a b4 8d 28 69 d5
02 41 21 43 58 11 59 1b e3 92 f9 82 fb 3e 87 d0
95 ae b4 04 48 db 97 2f 3a c1 4f 7b c2 75 19 52
81 ce 32 d2 f1 b7 6d 4d 35 3e 2d
# seedMask:
41 87 0b 5a b0 29 e6 57 d9 57 50 b5 4c 28 3c 08
72 5d be a9
# maskedSeed:
eb 7a 19 ac e9 e3 00 63 50 e3 29 50 4b 45 e2 ca
82 31 0b 26
# EM = 00 || maskedSeed || maskedDB:
00 eb 7a 19 ac e9 e3 00 63 50 e3 29 50 4b 45 e2
ca 82 31 0b 26 dc d8 7d 5c 68 f1 ee a8 f5 52 67
c3 1b 2e 8b b4 25 1f 84 d7 e0 b2 c0 46 26 f5 af
f9 3e dc fb 25 c9 c2 b3 ff 8a e1 0e 83 9a 2d db
4c dc fe 4f f4 77 28 b4 a1 b7 c1 36 2b aa d2 9a
b4 8d 28 69 d5 02 41 21 43 58 11 59 1b e3 92 f9
82 fb 3e 87 d0 95 ae b4 04 48 db 97 2f 3a c1 4f
7b c2 75 19 52 81 ce 32 d2 f1 b7 6d 4d 35 3e 2d
# Ciphertext, the RSA encryption of EM:
12 53 e0 4d c0 a5 39 7b b4 4a 7a b8 7e 9b f2 a0
39 a3 3d 1e 99 6f c8 2a 94 cc d3 00 74 c9 5d f7
63 72 20 17 06 9e 52 68 da 5d 1c 0b 4f 87 2c f6
53 c1 1d f8 23 14 a6 79 68 df ea e2 8d ef 04 bb
6d 84 b1 c3 1d 65 4a 19 70 e5 78 3b d6 eb 96 a0
24 c2 ca 2f 4a 90 fe 9f 2e f5 c9 c1 40 e5 bb 48
da 95 36 ad 87 00 c8 4f c9 13 0a de a7 4e 55 8d
51 a7 4d df 85 d8 b5 0d e9 68 38 d6 06 3e 09 55
# --------------------------------------------
# Step-by-step RSAES-OAEP Decryption Using CRT
# --------------------------------------------
# c = the integer value of C above
# m1 = c^dP mod p = (c mod p)^dP mod p
# m2 = c^dQ mod q = (c mod q)^dQ mod q
# h = (m1-m2)*qInv mod p
# m = m2 + q*h = the integer value of EM above
# c mod p:
de 63 d4 72 35 66 fa a7 59 bf e4 08 82 1d d5 25
72 ec 92 85 4d df 87 a2 b6 64 d4 4d aa 37 ca 34
6a 05 20 3d 82 ff 2d e8 e3 6c ec 1d 34 f9 8e b6
05 e2 a7 d2 6d e7 af 36 9c e4 ec ae 14 e3 56 33
# c mod q:
a2 d9 24 de d9 c3 6d 62 3e d9 a6 5b 5d 86 2c fb
ec 8b 19 9c 64 27 9c 54 14 e6 41 19 6e f1 c9 3c
50 7a 9b 52 13 88 1a ad 05 b4 cc fa 02 8a c1 ec
61 42 09 74 bf 16 25 83 6b 0b 7d 05 fb b7 53 36
# m1:
89 6c a2 6c d7 e4 87 1c 7f c9 68 a8 ed ea 11 e2
71 82 4f 0e 03 65 52 17 94 f1 e9 e9 43 b4 a4 4b
57 c9 e3 95 a1 46 74 78 f5 26 49 6b 4b b9 1f 1c
ba ea 90 0f fc 60 2c f0 c6 63 6e ba 84 fc 9f f7
# m2:
4e bb 22 75 85 f0 c1 31 2d ca 19 e0 b5 41 db 14
99 fb f1 4e 27 0e 69 8e 23 9a 8c 27 a9 6c da 9a
74 09 74 de 93 7b 5c 9c 93 ea d9 46 2c 65 75 02
1a 23 d4 64 99 dc 9f 6b 35 89 75 59 60 8f 19 be
# h:
01 2b 2b 24 15 0e 76 e1 59 bd 8d db 42 76 e0 7b
fa c1 88 e0 8d 60 47 cf 0e fb 8a e2 ae bd f2 51
c4 0e bc 23 dc fd 4a 34 42 43 94 ad a9 2c fc be
1b 2e ff bb 60 fd fb 03 35 9a 95 36 8d 98 09 25
# m:
00 eb 7a 19 ac e9 e3 00 63 50 e3 29 50 4b 45 e2
ca 82 31 0b 26 dc d8 7d 5c 68 f1 ee a8 f5 52 67
c3 1b 2e 8b b4 25 1f 84 d7 e0 b2 c0 46 26 f5 af
f9 3e dc fb 25 c9 c2 b3 ff 8a e1 0e 83 9a 2d db
4c dc fe 4f f4 77 28 b4 a1 b7 c1 36 2b aa d2 9a
b4 8d 28 69 d5 02 41 21 43 58 11 59 1b e3 92 f9
82 fb 3e 87 d0 95 ae b4 04 48 db 97 2f 3a c1 4f
7b c2 75 19 52 81 ce 32 d2 f1 b7 6d 4d 35 3e 2d
# The intermediate values in the remaining
# decryption process are the same as during
# RSAES-OAEP encryption of M.
# =============================================
# ========================
# DER Encoding of RSA Keys
# ========================
# ------------
# RSAPublicKey
# ------------
30 81 87
# modulus
02 81 81
00 bb f8 2f 09 06 82 ce
9c 23 38 ac 2b 9d a8 71
f7 36 8d 07 ee d4 10 43
a4 40 d6 b6 f0 74 54 f5
1f b8 df ba af 03 5c 02
ab 61 ea 48 ce eb 6f cd
48 76 ed 52 0d 60 e1 ec
46 19 71 9d 8a 5b 8b 80
7f af b8 e0 a3 df c7 37
72 3e e6 b4 b7 d9 3a 25
84 ee 6a 64 9d 06 09 53
74 88 34 b2 45 45 98 39
4e e0 aa b1 2d 7b 61 a5
1f 52 7a 9a 41 f6 c1 68
7f e2 53 72 98 ca 2a 8f
59 46 f8 e5 fd 09 1d bd
cb
# publicExponent
02 01
11
# -------------
# RSAPrivateKey
# -------------
30 82 02 5b
# version
02 01
00
# modulus
02 81 81
00 bb f8 2f 09 06 82 ce
9c 23 38 ac 2b 9d a8 71
f7 36 8d 07 ee d4 10 43
a4 40 d6 b6 f0 74 54 f5
1f b8 df ba af 03 5c 02
ab 61 ea 48 ce eb 6f cd
48 76 ed 52 0d 60 e1 ec
46 19 71 9d 8a 5b 8b 80
7f af b8 e0 a3 df c7 37
72 3e e6 b4 b7 d9 3a 25
84 ee 6a 64 9d 06 09 53
74 88 34 b2 45 45 98 39
4e e0 aa b1 2d 7b 61 a5
1f 52 7a 9a 41 f6 c1 68
7f e2 53 72 98 ca 2a 8f
59 46 f8 e5 fd 09 1d bd
cb
# publicExponent
02 01
11
# privateExponent
02 81 81
00 a5 da fc 53 41 fa f2
89 c4 b9 88 db 30 c1 cd
f8 3f 31 25 1e 06 68 b4
27 84 81 38 01 57 96 41
b2 94 10 b3 c7 99 8d 6b
c4 65 74 5e 5c 39 26 69
d6 87 0d a2 c0 82 a9 39
e3 7f dc b8 2e c9 3e da
c9 7f f3 ad 59 50 ac cf
bc 11 1c 76 f1 a9 52 94
44 e5 6a af 68 c5 6c 09
2c d3 8d c3 be f5 d2 0a
93 99 26 ed 4f 74 a1 3e
dd fb e1 a1 ce cc 48 94
af 94 28 c2 b7 b8 88 3f
e4 46 3a 4b c8 5b 1c b3
c1
# prime1
02 41
00 ee cf ae 81 b1 b9 b3
c9 08 81 0b 10 a1 b5 60
01 99 eb 9f 44 ae f4 fd
a4 93 b8 1a 9e 3d 84 f6
32 12 4e f0 23 6e 5d 1e
3b 7e 28 fa e7 aa 04 0a
2d 5b 25 21 76 45 9d 1f
39 75 41 ba 2a 58 fb 65
99
# prime2
02 41
00 c9 7f b1 f0 27 f4 53
f6 34 12 33 ea aa d1 d9
35 3f 6c 42 d0 88 66 b1
d0 5a 0f 20 35 02 8b 9d
86 98 40 b4 16 66 b4 2e
92 ea 0d a3 b4 32 04 b5
cf ce 33 52 52 4d 04 16
a5 a4 41 e7 00 af 46 15
03
# exponent1
02 40
54 49 4c a6 3e ba 03 37
e4 e2 40 23 fc d6 9a 5a
eb 07 dd dc 01 83 a4 d0
ac 9b 54 b0 51 f2 b1 3e
d9 49 09 75 ea b7 74 14
ff 59 c1 f7 69 2e 9a 2e
20 2b 38 fc 91 0a 47 41
74 ad c9 3c 1f 67 c9 81
# exponent2
02 40
47 1e 02 90 ff 0a f0 75
03 51 b7 f8 78 86 4c a9
61 ad bd 3a 8a 7e 99 1c
5c 05 56 a9 4c 31 46 a7
f9 80 3f 8f 6f 8a e3 42
e9 31 fd 8a e4 7a 22 0d
1b 99 a4 95 84 98 07 fe
39 f9 24 5a 98 36 da 3d
# coefficient
02 41
00 b0 6c 4f da bb 63 01
19 8d 26 5b db ae 94 23
b3 80 f2 71 f7 34 53 88
50 93 07 7f cd 39 e2 11
9f c9 86 32 15 4f 58 83
b1 67 a9 67 bf 40 2b 4e
9e 2e 0f 96 56 e6 98 ea
36 66 ed fb 25 79 80 39
f7
# ------------------------
# PrivateKeyInfo (PKCS #8)
# ------------------------
30 82 02 75
# version
02 01
00
# privateKeyAlgorithmIdentifier
30 0d
06 09
2a 86 48 86 f7 0d 01 01 01
# parameters
05 00
# privateKey = RSAPrivateKey encoding
04 82 02 5f
# DER encoding of RSAPrivateKey structure
30 82 02 5b ... 79 80 39 f7
# =============================================

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,162 @@
# =================================
# WORKED-OUT EXAMPLE FOR RSASSA-PSS
# =================================
#
# This file gives an example of the process of
# signing a message with RSASSA-PSS as
# specified in PKCS #1 v2.1.
#
# The message is an octet string of length 114,
# while the size of the modulus in the public
# key is 1024 bits. The message is signed via a
# random salt of length 20 octets
#
# The underlying hash function in the EMSA-PSS
# encoding method is SHA-1; the mask generation
# function is MGF1 with SHA-1 as specified in
# PKCS #1 v2.1.
#
# Integers are represented by strings of octets
# with the leftmost octet being the most
# significant octet. For example,
#
# 9,202,000 = (0x)8c 69 50.
#
# =============================================
# ------------------------------
# Components of the RSA Key Pair
# ------------------------------
# RSA modulus n:
a2 ba 40 ee 07 e3 b2 bd 2f 02 ce 22 7f 36 a1 95
02 44 86 e4 9c 19 cb 41 bb bd fb ba 98 b2 2b 0e
57 7c 2e ea ff a2 0d 88 3a 76 e6 5e 39 4c 69 d4
b3 c0 5a 1e 8f ad da 27 ed b2 a4 2b c0 00 fe 88
8b 9b 32 c2 2d 15 ad d0 cd 76 b3 e7 93 6e 19 95
5b 22 0d d1 7d 4e a9 04 b1 ec 10 2b 2e 4d e7 75
12 22 aa 99 15 10 24 c7 cb 41 cc 5e a2 1d 00 ee
b4 1f 7c 80 08 34 d2 c6 e0 6b ce 3b ce 7e a9 a5
# RSA public exponent e:
01 00 01
# Prime p:
d1 7f 65 5b f2 7c 8b 16 d3 54 62 c9 05 cc 04 a2
6f 37 e2 a6 7f a9 c0 ce 0d ce d4 72 39 4a 0d f7
43 fe 7f 92 9e 37 8e fd b3 68 ed df f4 53 cf 00
7a f6 d9 48 e0 ad e7 57 37 1f 8a 71 1e 27 8f 6b
# Prime q:
c6 d9 2b 6f ee 74 14 d1 35 8c e1 54 6f b6 29 87
53 0b 90 bd 15 e0 f1 49 63 a5 e2 63 5a db 69 34
7e c0 c0 1b 2a b1 76 3f d8 ac 1a 59 2f b2 27 57
46 3a 98 24 25 bb 97 a3 a4 37 c5 bf 86 d0 3f 2f
# p's CRT exponent dP:
9d 0d bf 83 e5 ce 9e 4b 17 54 dc d5 cd 05 bc b7
b5 5f 15 08 33 0e a4 9f 14 d4 e8 89 55 0f 82 56
cb 5f 80 6d ff 34 b1 7a da 44 20 88 53 57 7d 08
e4 26 28 90 ac f7 52 46 1c ea 05 54 76 01 bc 4f
# q's CRT exponent dQ:
12 91 a5 24 c6 b7 c0 59 e9 0e 46 dc 83 b2 17 1e
b3 fa 98 81 8f d1 79 b6 c8 bf 6c ec aa 47 63 03
ab f2 83 fe 05 76 9c fc 49 57 88 fe 5b 1d df de
9e 88 4a 3c d5 e9 36 b7 e9 55 eb f9 7e b5 63 b1
# CRT coefficient qInv:
a6 3f 1d a3 8b 95 0c 9a d1 c6 7c e0 d6 77 ec 29
14 cd 7d 40 06 2d f4 2a 67 eb 19 8a 17 6f 97 42
aa c7 c5 fe a1 4f 22 97 66 2b 84 81 2c 4d ef c4
9a 80 25 ab 43 82 28 6b e4 c0 37 88 dd 01 d6 9f
# ---------------------------------
# Step-by-step RSASSA-PSS Signature
# ---------------------------------
# Message M to be signed:
85 9e ef 2f d7 8a ca 00 30 8b dc 47 11 93 bf 55
bf 9d 78 db 8f 8a 67 2b 48 46 34 f3 c9 c2 6e 64
78 ae 10 26 0f e0 dd 8c 08 2e 53 a5 29 3a f2 17
3c d5 0c 6d 5d 35 4f eb f7 8b 26 02 1c 25 c0 27
12 e7 8c d4 69 4c 9f 46 97 77 e4 51 e7 f8 e9 e0
4c d3 73 9c 6b bf ed ae 48 7f b5 56 44 e9 ca 74
ff 77 a5 3c b7 29 80 2f 6e d4 a5 ff a8 ba 15 98
90 fc
# mHash = Hash(M)
# salt = random string of octets
# M' = Padding || mHash || salt
# H = Hash(M')
# DB = Padding || salt
# dbMask = MGF(H, length(DB))
# maskedDB = DB xor dbMask (leftmost bit set to
# zero)
# EM = maskedDB || H || 0xbc
# mHash:
37 b6 6a e0 44 58 43 35 3d 47 ec b0 b4 fd 14 c1
10 e6 2d 6a
# salt:
e3 b5 d5 d0 02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8
3b ce 7e 61
# M':
00 00 00 00 00 00 00 00 37 b6 6a e0 44 58 43 35
3d 47 ec b0 b4 fd 14 c1 10 e6 2d 6a e3 b5 d5 d0
02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8 3b ce 7e 61
# H:
df 1a 89 6f 9d 8b c8 16 d9 7c d7 a2 c4 3b ad 54
6f be 8c fe
# DB:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 01 e3 b5 d5 d0 02 c1 bc e5 0c
2b 65 ef 88 a1 88 d8 3b ce 7e 61
# dbMask:
66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67
d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af
50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4
d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1
e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec
d3 18 3a 31 1f c8 97 39 a9 66 43 13 6e 8b 0f 46
5e 87 a4 53 5c d4 c5 9b 10 02 8d
# maskedDB:
66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67
d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af
50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4
d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1
e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec
d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a
75 e2 4b db fd 5c 1d a0 de 7c ec
# Encoded message EM:
66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67
d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af
50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4
d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1
e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec
d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a
75 e2 4b db fd 5c 1d a0 de 7c ec df 1a 89 6f 9d
8b c8 16 d9 7c d7 a2 c4 3b ad 54 6f be 8c fe bc
# Signature S, the RSA decryption of EM:
8d aa 62 7d 3d e7 59 5d 63 05 6c 7e c6 59 e5 44
06 f1 06 10 12 8b aa e8 21 c8 b2 a0 f3 93 6d 54
dc 3b dc e4 66 89 f6 b7 95 1b b1 8e 84 05 42 76
97 18 d5 71 5d 21 0d 85 ef bb 59 61 92 03 2c 42
be 4c 29 97 2c 85 62 75 eb 6d 5a 45 f0 5f 51 87
6f c6 74 3d ed dd 28 ca ec 9b b3 0e a9 9e 02 c3
48 82 69 60 4f e4 97 f7 4c cd 7c 7f ca 16 71 89
71 23 cb d3 0d ef 5d 54 a2 b5 53 6a d9 0a 74 7e
# =============================================

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,22 @@
====================
pkcs-1v2-1-vec.zip
====================
This directory contains test vectors for RSAES-OAEP and
RSASSA-PSS as defined in PKCS #1 v2.1.
The files:
readme.txt This file.
oaep-vect.txt Test vectors for RSAES-OAEP encryption.
oaep-int.txt Intermediate values for RSAES-OAEP
encryption and RSA decryption with CRT.
Also, DER-encoded RSAPrivateKey and
RSAPublicKey types.
pss-vect.txt Test vectors for RSASSA-PSS signing.
pss-int.txt Intermediate values for RSASSA-PSS
signing.