introducing RSA-OAEP (can encrypt one message correctly)
This commit is contained in:
parent
f47523ef39
commit
ad20a79e42
|
@ -81,6 +81,21 @@ void bigint_adjust(bigint_t* a){
|
|||
|
||||
/******************************************************************************/
|
||||
|
||||
uint16_t bigint_length_b(bigint_t* a){
|
||||
if(!a->length_B || a->length_B==0){
|
||||
return 0;
|
||||
}
|
||||
return (a->length_B-1) * BIGINT_WORD_SIZE + GET_FBS(a);
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
|
||||
uint16_t bigint_length_B(bigint_t* a){
|
||||
return (bigint_length_b(a)+7)/8;
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
|
||||
uint32_t bigint_get_first_set_bit(bigint_t* a){
|
||||
if(a->length_B==0){
|
||||
return (uint32_t)(-1);
|
||||
|
@ -671,6 +686,9 @@ void bigint_reduce(bigint_t* a, const bigint_t* r){
|
|||
uint16_t shift;
|
||||
while(a->length_B > r->length_B){
|
||||
shift = (a->length_B - r->length_B) * 8 * sizeof(bigint_word_t) + GET_FBS(a) - rfbs - 1;
|
||||
if(a->wordv[a->length_B-1] > r->wordv[r->length_B-1]){
|
||||
shift += 1;
|
||||
}
|
||||
// cli_putstr("\r\nDBG: (p) shift = "); cli_hexdump_rev(&shift, 2);
|
||||
// cli_putstr(" a_len = "); cli_hexdump_rev(&a->length_B, 2);
|
||||
// cli_putstr(" r_len = "); cli_hexdump_rev(&r->length_B, 2);
|
||||
|
|
|
@ -50,6 +50,8 @@ typedef struct{
|
|||
void bigint_adjust(bigint_t* a);
|
||||
uint32_t bigint_get_first_set_bit(bigint_t* a);
|
||||
uint32_t bigint_get_last_set_bit(bigint_t* a);
|
||||
uint16_t bigint_length_b(bigint_t* a);
|
||||
uint16_t bigint_length_B(bigint_t* a);
|
||||
void bigint_copy(bigint_t* dest, const bigint_t* src);
|
||||
void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b);
|
||||
void bigint_add_scale_u(bigint_t* dest, const bigint_t* a, uint16_t scale);
|
||||
|
|
|
@ -71,6 +71,10 @@ void hfal_hash_mem(const hfdesc_t* hash_descriptor, void* dest, const void* msg,
|
|||
}
|
||||
}
|
||||
|
||||
uint16_t hfal_hash_getCtxsize_B(const hfdesc_t* hash_descriptor){
|
||||
return hash_descriptor->ctxsize_B;
|
||||
}
|
||||
|
||||
uint16_t hfal_hash_getBlocksize(const hfdesc_t* hash_descriptor){
|
||||
return hash_descriptor->blocksize_b;
|
||||
}
|
||||
|
|
|
@ -28,6 +28,7 @@ void hfal_hash_lastBlock(hfgen_ctx_t* ctx, const void* block, uint16_t length_b)
|
|||
void hfal_hash_ctx2hash(void* dest, hfgen_ctx_t* ctx);
|
||||
void hfal_hash_free(hfgen_ctx_t* ctx);
|
||||
void hfal_hash_mem(const hfdesc_t* hash_descriptor, void* dest, const void* msg, uint32_t length_b);
|
||||
uint16_t hfal_hash_getCtxsize_B(const hfdesc_t* hash_descriptor);
|
||||
uint16_t hfal_hash_getBlocksize(const hfdesc_t* hash_descriptor);
|
||||
uint16_t hfal_hash_getHashsize(const hfdesc_t* hash_descriptor);
|
||||
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
# Makefile for RSA
|
||||
ALGO_NAME := RSA
|
||||
|
||||
# comment out the following line for removement of RSA from the build process
|
||||
SIGNATURE += $(ALGO_NAME)
|
||||
|
||||
$(ALGO_NAME)_DIR := rsa/
|
||||
$(ALGO_NAME)_INCDIR := memxor/ bigint/ noekeon/
|
||||
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsa_pkcs15.o
|
||||
$(ALGO_NAME)_TESTBIN := main-rsa-test.o $(CLI_STD) random_dummy.o \
|
||||
noekeon.o noekeon_prng.o memxor.o
|
||||
|
||||
$(ALGO_NAME)_PERFORMANCE_TEST := performance
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
# Makefile for RSA
|
||||
ALGO_NAME := RSA_OAEP
|
||||
|
||||
# comment out the following line for removement of RSA from the build process
|
||||
PK_CIPHERS += $(ALGO_NAME)
|
||||
|
||||
$(ALGO_NAME)_DIR := rsa/
|
||||
$(ALGO_NAME)_INCDIR := memxor/ bigint/ noekeon/ hfal/ sha1/ mgf1/
|
||||
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsa_oaep.o mgf1.o hfal-basic.o hfal_sha1.o sha1.o
|
||||
$(ALGO_NAME)_TESTBIN := main-rsa_oaep-test.o $(CLI_STD) random_dummy.o \
|
||||
noekeon.o noekeon_prng.o memxor.o
|
||||
|
||||
$(ALGO_NAME)_PERFORMANCE_TEST := performance
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
source [find /usr/share/openocd/scripts/interface/luminary-icdi.cfg]
|
||||
source [find /usr/share/openocd/scripts/target/lm3s9b9x.cfg]
|
||||
source [find /usr/share/openocd/scripts/target/stellaris.cfg]
|
||||
# GDB can also flash my flash!
|
||||
#gdb_memory_map enable
|
||||
#gdb_flash_program enable
|
||||
|
|
|
@ -0,0 +1,124 @@
|
|||
|
||||
/* rsa_oaep.c */
|
||||
/*
|
||||
This file is part of the ARM-Crypto-Lib.
|
||||
Copyright (C) 2006-2012 Daniel Otte (daniel.otte@rub.de)
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "memxor.h"
|
||||
#include "mgf1.h"
|
||||
#include "bigint.h"
|
||||
#include "rsa_basic.h"
|
||||
#include "rsa_oaep.h"
|
||||
|
||||
#include "random_dummy.h"
|
||||
|
||||
#include "hfal/hfal_sha1.h"
|
||||
|
||||
#include "cli.h"
|
||||
#include "uart_lowlevel.h"
|
||||
|
||||
mgf1_parameter_t mgf1_default_parameter = {
|
||||
&sha1_desc
|
||||
};
|
||||
|
||||
rsa_oaep_parameter_t rsa_oaep_default_parameter = {
|
||||
mgf1,
|
||||
&sha1_desc,
|
||||
&mgf1_default_parameter
|
||||
};
|
||||
|
||||
rsa_label_t rsa_oaep_default_label = {
|
||||
0, NULL
|
||||
};
|
||||
|
||||
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
|
||||
const void* src, uint16_t length_B,
|
||||
rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
|
||||
const rsa_label_t* label, const void* seed){
|
||||
|
||||
if(!p){
|
||||
p = &rsa_oaep_default_parameter;
|
||||
}
|
||||
if(!label){
|
||||
label = &rsa_oaep_default_label;
|
||||
}
|
||||
uint16_t hv_len = (hfal_hash_getHashsize(p->hf)+7)/8;
|
||||
if(length_B > bigint_length_B(key->modulus) - 2*hv_len - 2){
|
||||
/* message too long */
|
||||
return 1;
|
||||
}
|
||||
uint16_t buffer_len = bigint_length_B(key->modulus);
|
||||
uint8_t* buffer = (uint8_t*)dest;
|
||||
uint8_t off;
|
||||
/* the following needs some explanation:
|
||||
* off is the offset which is used for compensating the effect of
|
||||
* changeendian() when it operates on multi-byte words.
|
||||
* */
|
||||
off = (sizeof(bigint_word_t) -(bigint_get_first_set_bit(key->modulus)/8+1)%(sizeof(bigint_word_t)*8))
|
||||
% (sizeof(bigint_word_t));
|
||||
uart_flush(0);
|
||||
buffer += off;
|
||||
buffer_len -= off;
|
||||
uint8_t* seed_buffer = buffer + 1;
|
||||
uint16_t db_len = buffer_len - hv_len - 1;
|
||||
uint8_t* db = seed_buffer + hv_len;
|
||||
uint16_t maskbuffer_len = db_len>hv_len?db_len:hv_len;
|
||||
uint8_t maskbuffer[maskbuffer_len];
|
||||
bigint_t x;
|
||||
|
||||
memset(buffer, 0, seed_buffer - buffer);
|
||||
memset(db + hv_len, 0, db_len - hv_len - length_B -1);
|
||||
hfal_hash_mem(p->hf, db, label->label, label->length_b);
|
||||
db[db_len - length_B - 1] = 0x01;
|
||||
memcpy(db+db_len - length_B, src, length_B);
|
||||
uart_flush(0);
|
||||
if(seed){
|
||||
memcpy(seed_buffer, seed, hv_len);
|
||||
}else{
|
||||
/* generate random seed */
|
||||
if(!prng_get_byte){
|
||||
return 2; /* ERROR: no random generator specified */
|
||||
}
|
||||
uint16_t i;
|
||||
for(i=0; i<hv_len; ++i){
|
||||
seed_buffer[i] = prng_get_byte();
|
||||
}
|
||||
}
|
||||
|
||||
//void mgf1(void* dest, const void* seed, uint16_t seed_len_B, uint16_t out_length_B, const mgf1_parameter_t* p);
|
||||
cli_hexdump_block(dest, buffer_len+off, 4, 8);
|
||||
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
|
||||
memxor(db, maskbuffer, db_len);
|
||||
p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter);
|
||||
memxor(seed_buffer, maskbuffer, hv_len);
|
||||
cli_putstr("\r\ngot to 112\r\n");
|
||||
uart_flush(0);
|
||||
|
||||
x.wordv = dest;
|
||||
x.length_B = key->modulus->length_B;
|
||||
bigint_adjust(&x);
|
||||
cli_putstr("\r\ngot to 118\r\n");
|
||||
uart_flush(0);
|
||||
|
||||
rsa_os2ip(&x, NULL, key->modulus->length_B * sizeof(bigint_word_t));
|
||||
rsa_enc(&x, key);
|
||||
rsa_i2osp(NULL, &x, out_length);
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,50 @@
|
|||
/* rsa_oaep.h */
|
||||
/*
|
||||
This file is part of the AVR-Crypto-Lib.
|
||||
Copyright (C) 2012 Daniel Otte (daniel.otte@rub.de)
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#ifndef RSA_OAEP_H_
|
||||
#define RSA_OAEP_H_
|
||||
|
||||
#include <stdint.h>
|
||||
#include "mgf1.h"
|
||||
|
||||
|
||||
void mgf1(void* dest, const void* seed, uint16_t seed_len_B, uint16_t out_length_B, const mgf1_parameter_t* p);
|
||||
|
||||
|
||||
typedef struct {
|
||||
void (*mgf)(void* dst, const void* seed, uint16_t slen_B, uint16_t dstlen_B, const mgf1_parameter_t* p);
|
||||
const hfdesc_t* hf;
|
||||
mgf1_parameter_t* mgf_parameter;
|
||||
} rsa_oaep_parameter_t;
|
||||
|
||||
typedef struct {
|
||||
uint16_t length_b;
|
||||
const void* label;
|
||||
} rsa_label_t;
|
||||
|
||||
extern rsa_oaep_parameter_t rsa_oaep_default_parameter;
|
||||
|
||||
|
||||
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
|
||||
const void* src, uint16_t length_B,
|
||||
rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
|
||||
const rsa_label_t* label, const void* seed);
|
||||
|
||||
|
||||
#endif /* RSA_OAEP_H_ */
|
|
@ -1,349 +0,0 @@
|
|||
/* main-dsa-test.c */
|
||||
/*
|
||||
This file is part of the ARM-Crypto-Lib.
|
||||
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
/*
|
||||
* DSA test-suit
|
||||
*
|
||||
*/
|
||||
#include "main-test-common.h"
|
||||
|
||||
#include "noekeon.h"
|
||||
#include "noekeon_prng.h"
|
||||
#include "bigint.h"
|
||||
#include "bigint_io.h"
|
||||
#include "random_dummy.h"
|
||||
#include "rsa_basic.h"
|
||||
#include "rsa_pkcs15.h"
|
||||
|
||||
#include "performance_test.h"
|
||||
|
||||
const char* algo_name = "RSA";
|
||||
|
||||
/*****************************************************************************
|
||||
* additional validation-functions *
|
||||
*****************************************************************************/
|
||||
|
||||
const uint8_t modulus[] = {
|
||||
0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
|
||||
0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
|
||||
0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
|
||||
0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
|
||||
0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
|
||||
0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
|
||||
0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
|
||||
0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
|
||||
};
|
||||
|
||||
const uint8_t public_exponent[] = {
|
||||
0x00, 0x01, 0x00, 0x01
|
||||
};
|
||||
|
||||
const uint8_t private_exponent[] = {
|
||||
0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
|
||||
0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
|
||||
0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
|
||||
0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
|
||||
0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
|
||||
0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
|
||||
0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
|
||||
0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
|
||||
};
|
||||
|
||||
const uint8_t p[] = {
|
||||
0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
|
||||
0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
|
||||
0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
|
||||
0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
|
||||
};
|
||||
|
||||
const uint8_t q[] = {
|
||||
0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
|
||||
0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
|
||||
0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
|
||||
0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
|
||||
};
|
||||
|
||||
const uint8_t dp[] = {
|
||||
0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
|
||||
0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
|
||||
0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
|
||||
0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
|
||||
};
|
||||
|
||||
const uint8_t dq[] = {
|
||||
0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
|
||||
0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
|
||||
0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
|
||||
0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
|
||||
};
|
||||
|
||||
const uint8_t qinv[] = {
|
||||
0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
|
||||
0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
|
||||
0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
|
||||
0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1,
|
||||
};
|
||||
|
||||
/*
|
||||
# PKCS#1 v1.5 encryption of 20 random messages with random seeds
|
||||
# ---------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
const uint8_t message[] = {
|
||||
0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
|
||||
0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
|
||||
};
|
||||
|
||||
const uint8_t seed[] = {
|
||||
0x01, 0x73, 0x41, 0xae, 0x38, 0x75, 0xd5, 0xf8, 0x71, 0x01, 0xf8, 0xcc, 0x4f, 0xa9, 0xb9, 0xbc,
|
||||
0x15, 0x6b, 0xb0, 0x46, 0x28, 0xfc, 0xcd, 0xb2, 0xf4, 0xf1, 0x1e, 0x90, 0x5b, 0xd3, 0xa1, 0x55,
|
||||
0xd3, 0x76, 0xf5, 0x93, 0xbd, 0x73, 0x04, 0x21, 0x08, 0x74, 0xeb, 0xa0, 0x8a, 0x5e, 0x22, 0xbc,
|
||||
0xcc, 0xb4, 0xc9, 0xd3, 0x88, 0x2a, 0x93, 0xa5, 0x4d, 0xb0, 0x22, 0xf5, 0x03, 0xd1, 0x63, 0x38,
|
||||
0xb6, 0xb7, 0xce, 0x16, 0xdc, 0x7f, 0x4b, 0xbf, 0x9a, 0x96, 0xb5, 0x97, 0x72, 0xd6, 0x60, 0x6e,
|
||||
0x97, 0x47, 0xc7, 0x64, 0x9b, 0xf9, 0xe0, 0x83, 0xdb, 0x98, 0x18, 0x84, 0xa9, 0x54, 0xab, 0x3c,
|
||||
0x6f
|
||||
};
|
||||
|
||||
const uint8_t encrypted[] = {
|
||||
0x50, 0xb4, 0xc1, 0x41, 0x36, 0xbd, 0x19, 0x8c, 0x2f, 0x3c, 0x3e, 0xd2, 0x43, 0xfc, 0xe0, 0x36,
|
||||
0xe1, 0x68, 0xd5, 0x65, 0x17, 0x98, 0x4a, 0x26, 0x3c, 0xd6, 0x64, 0x92, 0xb8, 0x08, 0x04, 0xf1,
|
||||
0x69, 0xd2, 0x10, 0xf2, 0xb9, 0xbd, 0xfb, 0x48, 0xb1, 0x2f, 0x9e, 0xa0, 0x50, 0x09, 0xc7, 0x7d,
|
||||
0xa2, 0x57, 0xcc, 0x60, 0x0c, 0xce, 0xfe, 0x3a, 0x62, 0x83, 0x78, 0x9d, 0x8e, 0xa0, 0xe6, 0x07,
|
||||
0xac, 0x58, 0xe2, 0x69, 0x0e, 0xc4, 0xeb, 0xc1, 0x01, 0x46, 0xe8, 0xcb, 0xaa, 0x5e, 0xd4, 0xd5,
|
||||
0xcc, 0xe6, 0xfe, 0x7b, 0x0f, 0xf9, 0xef, 0xc1, 0xea, 0xbb, 0x56, 0x4d, 0xbf, 0x49, 0x82, 0x85,
|
||||
0xf4, 0x49, 0xee, 0x61, 0xdd, 0x7b, 0x42, 0xee, 0x5b, 0x58, 0x92, 0xcb, 0x90, 0x60, 0x1f, 0x30,
|
||||
0xcd, 0xa0, 0x7b, 0xf2, 0x64, 0x89, 0x31, 0x0b, 0xcd, 0x23, 0xb5, 0x28, 0xce, 0xab, 0x3c, 0x31
|
||||
};
|
||||
|
||||
const uint8_t message1[] = {
|
||||
0x75, 0x0c, 0x40, 0x47, 0xf5, 0x47, 0xe8, 0xe4, 0x14, 0x11, 0x85, 0x65, 0x23, 0x29, 0x8a, 0xc9,
|
||||
0xba, 0xe2, 0x45, 0xef, 0xaf, 0x13, 0x97, 0xfb, 0xe5, 0x6f, 0x9d, 0xd5,
|
||||
};
|
||||
|
||||
const uint8_t seed1[] = {
|
||||
0xac, 0x47, 0x28, 0xa8, 0x42, 0x8c, 0x1e, 0x52, 0x24, 0x71, 0xa8, 0xdf, 0x73, 0x5a, 0x8e, 0x92,
|
||||
0x92, 0xaf, 0x0d, 0x55, 0xbc, 0xb7, 0x3a, 0x12, 0xac, 0x32, 0xc2, 0x64, 0xf3, 0x88, 0x1c, 0x7c,
|
||||
0x8a, 0x71, 0x0f, 0x70, 0xfe, 0xb1, 0x04, 0x85, 0xc8, 0x37, 0x0f, 0x78, 0x1f, 0xff, 0xd0, 0x21,
|
||||
0x81, 0x6f, 0x05, 0x87, 0x39, 0x76, 0x6d, 0xa0, 0xa9, 0xc9, 0xdb, 0x0e, 0xae, 0x7e, 0x9a, 0x25,
|
||||
0xb6, 0xc4, 0x33, 0x18, 0xd0, 0xca, 0xac, 0x23, 0x65, 0x22, 0xca, 0x31, 0x0f, 0x17, 0xfc, 0x52,
|
||||
0xad, 0x42, 0x29, 0xc8, 0x3a, 0x24, 0xe9, 0xe5, 0x45, 0xeb, 0x35, 0xe9, 0x82, 0x6d, 0x55, 0x9f,
|
||||
0x57
|
||||
};
|
||||
|
||||
const uint8_t message2[] = {
|
||||
0xd9, 0x4a, 0xe0, 0x83, 0x2e, 0x64, 0x45, 0xce, 0x42, 0x33, 0x1c, 0xb0, 0x6d, 0x53, 0x1a, 0x82,
|
||||
0xb1, 0xdb, 0x4b, 0xaa, 0xd3, 0x0f, 0x74, 0x6d, 0xc9, 0x16, 0xdf, 0x24, 0xd4, 0xe3, 0xc2, 0x45,
|
||||
0x1f, 0xff, 0x59, 0xa6, 0x42, 0x3e, 0xb0, 0xe1, 0xd0, 0x2d, 0x4f, 0xe6, 0x46, 0xcf, 0x69, 0x9d,
|
||||
0xfd, 0x81, 0x8c, 0x6e, 0x97, 0xb0, 0x51
|
||||
};
|
||||
|
||||
const uint8_t seed2[] = {
|
||||
0xdd, 0x2d, 0x60, 0xa5, 0xe0, 0x08, 0xeb, 0xe1, 0xd0, 0xbe, 0x6f, 0x60, 0xdb, 0xc4, 0x3f, 0x29,
|
||||
0x62, 0xef, 0x50, 0xbf, 0xde, 0x54, 0x2b, 0xbb, 0xe9, 0x8f, 0xed, 0xd1, 0xfe, 0xac, 0x05, 0x7e,
|
||||
0x77, 0x1c, 0xf1, 0x5f, 0xc6, 0x32, 0xc8, 0xdb, 0x27, 0x2e, 0x28, 0xd2, 0x9b, 0x57, 0x93, 0xea,
|
||||
0x6a, 0xb8, 0x06, 0x21, 0x8c, 0x53, 0x82, 0x39, 0xb9, 0x3a, 0x93, 0x5e, 0x65, 0xd2, 0x44, 0x16,
|
||||
0xec, 0x6c, 0x6e, 0x99, 0xae, 0x04
|
||||
};
|
||||
|
||||
const uint8_t message3[] = {
|
||||
0x52, 0xe6, 0x50, 0xd9, 0x8e, 0x7f, 0x2a, 0x04, 0x8b, 0x4f, 0x86, 0x85, 0x21, 0x53, 0xb9, 0x7e,
|
||||
0x01, 0xdd, 0x31, 0x6f, 0x34, 0x6a, 0x19, 0xf6, 0x7a, 0x85
|
||||
};
|
||||
|
||||
const uint8_t seed3[] = {
|
||||
0x26, 0x29, 0xa7, 0xaa, 0xc0, 0xc3, 0x90, 0x5e, 0x83, 0x1e, 0xb6, 0x02, 0x38, 0x8c, 0x54, 0x5a,
|
||||
0xf5, 0x54, 0xb9, 0x6b, 0x2a, 0xe5, 0x15, 0x32, 0xe9, 0xcc, 0xdb, 0x89, 0x72, 0xef, 0x30, 0xb6,
|
||||
0x4a, 0x2f, 0x98, 0xc6, 0x95, 0x29, 0x7a, 0x01, 0xc5, 0x81, 0x2a, 0x2c, 0x40, 0x15, 0x82, 0xf3,
|
||||
0x7b, 0x14, 0x4a, 0x3e, 0x90, 0xe5, 0x9d, 0x81, 0xb6, 0x90, 0x39, 0xc6, 0x4b, 0x84, 0x4b, 0x02,
|
||||
0x8c, 0x10, 0x5c, 0x8e, 0x68, 0x36, 0x15, 0xaf, 0xb6, 0x58, 0xb6, 0xc4, 0xd9, 0xf3, 0x82, 0x38,
|
||||
0xa7, 0x63, 0x01, 0xbb, 0x14, 0x44, 0x91, 0x13, 0xb6, 0x9d, 0xe1, 0x26, 0x04, 0x5e, 0x26, 0xf1,
|
||||
0x3e, 0xe6, 0xd7
|
||||
};
|
||||
|
||||
rsa_publickey_t pub_key;
|
||||
rsa_privatekey_t priv_key;
|
||||
|
||||
void load_priv_conventional(void){
|
||||
bigint_t *epriv;
|
||||
epriv = malloc(sizeof(bigint_t));
|
||||
if(!epriv){
|
||||
cli_putstr("\r\nERROR: OOM!");
|
||||
return;
|
||||
}
|
||||
epriv->length_B = (sizeof(private_exponent) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||
epriv->wordv = malloc(epriv->length_B * sizeof(bigint_word_t));
|
||||
if(!epriv->wordv){
|
||||
cli_putstr("\r\nERROR: OOM!");
|
||||
return;
|
||||
}
|
||||
memcpy(epriv->wordv, private_exponent, sizeof(private_exponent));
|
||||
priv_key.components = malloc(sizeof(bigint_t*));
|
||||
priv_key.components[0] = epriv;
|
||||
priv_key.n = 1;
|
||||
bigint_changeendianess(epriv);
|
||||
bigint_adjust(epriv);
|
||||
}
|
||||
|
||||
|
||||
void load_priv_crt_mono(void){
|
||||
bigint_t **v;
|
||||
const uint8_t *bv[5] = {p,q,dp,dq,qinv};
|
||||
uint16_t sv[5] = {sizeof(p), sizeof(q), sizeof(dp), sizeof(dq), sizeof(qinv)};
|
||||
uint8_t i;
|
||||
v = malloc(5 * sizeof(bigint_t));
|
||||
if(!v){
|
||||
cli_putstr("\r\nERROR: OOM!");
|
||||
return;
|
||||
}
|
||||
priv_key.components = malloc(5*sizeof(bigint_t*));
|
||||
if(!priv_key.components){
|
||||
cli_putstr("\r\nERROR: OOM!");
|
||||
return;
|
||||
}
|
||||
priv_key.n = 5;
|
||||
for(i=0; i<5; ++i){
|
||||
v[i] = malloc(sizeof(bigint_t));
|
||||
v[i]->info = 0;
|
||||
v[i]->length_B = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||
v[i]->wordv = calloc(v[i]->length_B , sizeof(bigint_word_t));
|
||||
if(!v[i]->wordv){
|
||||
cli_putstr("\r\nERROR: OOM!");
|
||||
return;
|
||||
}
|
||||
memcpy(v[i]->wordv, bv[i], sv[i]);
|
||||
bigint_changeendianess(v[i]);
|
||||
bigint_adjust(v[i]);
|
||||
priv_key.components[i] = v[i];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void load_fix_rsa(void){
|
||||
bigint_t *m, *epub;
|
||||
m = malloc(sizeof(bigint_t));
|
||||
epub = malloc(sizeof(bigint_t));
|
||||
if(!m || !epub){
|
||||
cli_putstr("\r\nOOM!\r\n");
|
||||
return;
|
||||
}
|
||||
|
||||
m->length_B = (sizeof(modulus) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||
epub->length_B = (sizeof(public_exponent) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||
|
||||
m->wordv = malloc(m->length_B * sizeof(bigint_word_t));
|
||||
epub->wordv = malloc(epub->length_B * sizeof(bigint_word_t));
|
||||
|
||||
if(!m->wordv || !epub->wordv){
|
||||
cli_putstr("\r\nOOM!\r\n");
|
||||
return;
|
||||
}
|
||||
|
||||
memcpy(m->wordv, modulus, sizeof(modulus));
|
||||
memcpy(epub->wordv, public_exponent, sizeof(public_exponent));
|
||||
|
||||
pub_key.modulus = priv_key.modulus = m;
|
||||
pub_key.exponent = epub;
|
||||
|
||||
bigint_changeendianess(m);
|
||||
bigint_adjust(m);
|
||||
bigint_changeendianess(epub);
|
||||
bigint_adjust(epub);
|
||||
|
||||
// load_priv_conventional();
|
||||
load_priv_crt_mono();
|
||||
}
|
||||
|
||||
|
||||
#define MSG message3
|
||||
#define SEED seed3
|
||||
|
||||
void quick_test(void){
|
||||
uint8_t *ciphertext, *plaintext, rc;
|
||||
uint16_t clen, plen;
|
||||
ciphertext = malloc(clen = pub_key.modulus->length_B * sizeof(bigint_word_t));
|
||||
plaintext = malloc(pub_key.modulus->length_B * sizeof(bigint_word_t));
|
||||
// memcpy(ciphertext, message1, sizeof(message1));
|
||||
cli_putstr("\r\nplaintext:");
|
||||
cli_hexdump_block(MSG, sizeof(MSG), 4, 8);
|
||||
rc = rsa_encrypt_pkcs15(ciphertext, &clen, MSG, sizeof(MSG), &pub_key, SEED);
|
||||
if(rc){
|
||||
cli_putstr("\r\nERROR: rsa_encrypt_pkcs15 returned: ");
|
||||
cli_hexdump_byte(rc);
|
||||
return;
|
||||
}
|
||||
cli_putstr("\r\n\r\nciphertext:");
|
||||
cli_hexdump_block(ciphertext, clen, 4, 8);
|
||||
uart_flush(0);
|
||||
rc = rsa_decrypt_pkcs15(plaintext, &plen, ciphertext, clen, &priv_key, NULL);
|
||||
if(rc){
|
||||
cli_putstr("\r\nERROR: rsa_encrypt_pkcs15 returned: ");
|
||||
cli_hexdump_byte(rc);
|
||||
return;
|
||||
}
|
||||
cli_putstr("\r\n\r\nplaintext:");
|
||||
cli_hexdump_block(plaintext, plen, 4, 8);
|
||||
free(ciphertext);
|
||||
free(plaintext);
|
||||
}
|
||||
|
||||
void reset_prng(void){
|
||||
uint8_t buf[16];
|
||||
memset(buf, 0, 16);
|
||||
random_seed(buf);
|
||||
cli_putstr("\r\nPRNG reset");
|
||||
}
|
||||
|
||||
void rsa_init(void){
|
||||
load_fix_rsa();
|
||||
prng_get_byte = random8;
|
||||
}
|
||||
|
||||
/*****************************************************************************
|
||||
* main *
|
||||
*****************************************************************************/
|
||||
|
||||
const char echo_test_str[] = "echo-test";
|
||||
const char reset_prng_str[] = "reset-prng";
|
||||
const char quick_test_str[] = "quick-test";
|
||||
const char performance_str[] = "performance";
|
||||
const char echo_str[] = "echo";
|
||||
|
||||
cmdlist_entry_t cmdlist[] = {
|
||||
{ reset_prng_str, NULL, reset_prng },
|
||||
{ quick_test_str, NULL, quick_test },
|
||||
// { performance_str, NULL, testrun_performance_bigint },
|
||||
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
|
||||
{ NULL, NULL, NULL }
|
||||
};
|
||||
|
||||
void dump_sp(void){
|
||||
uint8_t x;
|
||||
uint8_t *xa = &x;
|
||||
cli_putstr("\r\nstack pointer: ~");
|
||||
cli_hexdump_rev(&xa, 4);
|
||||
}
|
||||
|
||||
int main (void){
|
||||
main_setup();
|
||||
|
||||
for(;;){
|
||||
welcome_msg(algo_name);
|
||||
rsa_init();
|
||||
cmd_interface(cmdlist);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,321 @@
|
|||
/* main-dsa-test.c */
|
||||
/*
|
||||
This file is part of the ARM-Crypto-Lib.
|
||||
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
/*
|
||||
* RSA test-suit
|
||||
*
|
||||
*/
|
||||
#include "main-test-common.h"
|
||||
|
||||
#include "noekeon.h"
|
||||
#include "noekeon_prng.h"
|
||||
#include "bigint.h"
|
||||
#include "bigint_io.h"
|
||||
#include "random_dummy.h"
|
||||
#include "rsa_basic.h"
|
||||
#include "rsa_oaep.h"
|
||||
|
||||
#include "performance_test.h"
|
||||
|
||||
const char* algo_name = "RSA-OAEP";
|
||||
|
||||
/*****************************************************************************
|
||||
* additional validation-functions *
|
||||
*****************************************************************************/
|
||||
|
||||
/* ==================================
|
||||
* Example 1: A 1024-bit RSA Key Pair
|
||||
* ================================== */
|
||||
|
||||
/* ------------------------------
|
||||
* Components of the RSA Key Pair
|
||||
* ------------------------------ */
|
||||
|
||||
/* RSA modulus n: */
|
||||
uint8_t modulus[] = {
|
||||
0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
|
||||
0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
|
||||
0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
|
||||
0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
|
||||
0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
|
||||
0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
|
||||
0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
|
||||
0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
|
||||
};
|
||||
|
||||
/* RSA public exponent e: */
|
||||
uint8_t public_exponent[] = {
|
||||
0x00, 0x01, 0x00, 0x01
|
||||
};
|
||||
|
||||
/* RSA private exponent d: */
|
||||
uint8_t private_exponent[] = {
|
||||
0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
|
||||
0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
|
||||
0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
|
||||
0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
|
||||
0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
|
||||
0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
|
||||
0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
|
||||
0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
|
||||
};
|
||||
|
||||
/* Prime p: */
|
||||
uint8_t p[] = {
|
||||
0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
|
||||
0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
|
||||
0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
|
||||
0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
|
||||
};
|
||||
|
||||
/* Prime q: */
|
||||
uint8_t q[] = {
|
||||
0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
|
||||
0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
|
||||
0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
|
||||
0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
|
||||
};
|
||||
|
||||
/* p's CRT exponent dP: */
|
||||
uint8_t dp[] = {
|
||||
0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
|
||||
0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
|
||||
0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
|
||||
0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
|
||||
};
|
||||
|
||||
/* q's CRT exponent dQ: */
|
||||
uint8_t dq[] = {
|
||||
0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
|
||||
0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
|
||||
0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
|
||||
0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
|
||||
};
|
||||
|
||||
/* CRT coefficient qInv: */
|
||||
uint8_t qinv[] = {
|
||||
0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
|
||||
0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
|
||||
0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
|
||||
0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1
|
||||
};
|
||||
|
||||
/* ---------------------------------
|
||||
* RSAES-OAEP Encryption Example 1.1
|
||||
* --------------------------------- */
|
||||
|
||||
/* Message to be, encrypted: */
|
||||
uint8_t message[] = {
|
||||
0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
|
||||
0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
|
||||
};
|
||||
|
||||
/* Seed: */
|
||||
uint8_t seed[] = {
|
||||
0x18, 0xb7, 0x76, 0xea, 0x21, 0x06, 0x9d, 0x69, 0x77, 0x6a, 0x33, 0xe9, 0x6b, 0xad, 0x48, 0xe1,
|
||||
0xdd, 0xa0, 0xa5, 0xef
|
||||
};
|
||||
|
||||
/* Encryption: */
|
||||
uint8_t encrypted[] = {
|
||||
0x35, 0x4f, 0xe6, 0x7b, 0x4a, 0x12, 0x6d, 0x5d, 0x35, 0xfe, 0x36, 0xc7, 0x77, 0x79, 0x1a, 0x3f,
|
||||
0x7b, 0xa1, 0x3d, 0xef, 0x48, 0x4e, 0x2d, 0x39, 0x08, 0xaf, 0xf7, 0x22, 0xfa, 0xd4, 0x68, 0xfb,
|
||||
0x21, 0x69, 0x6d, 0xe9, 0x5d, 0x0b, 0xe9, 0x11, 0xc2, 0xd3, 0x17, 0x4f, 0x8a, 0xfc, 0xc2, 0x01,
|
||||
0x03, 0x5f, 0x7b, 0x6d, 0x8e, 0x69, 0x40, 0x2d, 0xe5, 0x45, 0x16, 0x18, 0xc2, 0x1a, 0x53, 0x5f,
|
||||
0xa9, 0xd7, 0xbf, 0xc5, 0xb8, 0xdd, 0x9f, 0xc2, 0x43, 0xf8, 0xcf, 0x92, 0x7d, 0xb3, 0x13, 0x22,
|
||||
0xd6, 0xe8, 0x81, 0xea, 0xa9, 0x1a, 0x99, 0x61, 0x70, 0xe6, 0x57, 0xa0, 0x5a, 0x26, 0x64, 0x26,
|
||||
0xd9, 0x8c, 0x88, 0x00, 0x3f, 0x84, 0x77, 0xc1, 0x22, 0x70, 0x94, 0xa0, 0xd9, 0xfa, 0x1e, 0x8c,
|
||||
0x40, 0x24, 0x30, 0x9c, 0xe1, 0xec, 0xcc, 0xb5, 0x21, 0x00, 0x35, 0xd4, 0x7a, 0xc7, 0x2e, 0x8a
|
||||
};
|
||||
|
||||
rsa_publickey_t pub_key;
|
||||
rsa_privatekey_t priv_key;
|
||||
|
||||
void load_priv_conventional(void){
|
||||
bigint_t *epriv;
|
||||
epriv = malloc(sizeof(bigint_t));
|
||||
if(!epriv){
|
||||
cli_putstr("\r\nERROR: OOM!");
|
||||
return;
|
||||
}
|
||||
epriv->length_B = (sizeof(private_exponent) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||
epriv->wordv = malloc(epriv->length_B * sizeof(bigint_word_t));
|
||||
if(!epriv->wordv){
|
||||
cli_putstr("\r\nERROR: OOM!");
|
||||
return;
|
||||
}
|
||||
memcpy(epriv->wordv, private_exponent, sizeof(private_exponent));
|
||||
priv_key.components = malloc(sizeof(bigint_t*));
|
||||
priv_key.components[0] = epriv;
|
||||
priv_key.n = 1;
|
||||
bigint_changeendianess(epriv);
|
||||
bigint_adjust(epriv);
|
||||
}
|
||||
|
||||
|
||||
void load_priv_crt_mono(void){
|
||||
bigint_t **v;
|
||||
const uint8_t *bv[5] = {p,q,dp,dq,qinv};
|
||||
uint16_t sv[5] = {sizeof(p), sizeof(q), sizeof(dp), sizeof(dq), sizeof(qinv)};
|
||||
uint8_t i;
|
||||
v = malloc(5 * sizeof(bigint_t));
|
||||
if(!v){
|
||||
cli_putstr("\r\nERROR: OOM!");
|
||||
return;
|
||||
}
|
||||
priv_key.components = malloc(5*sizeof(bigint_t*));
|
||||
if(!priv_key.components){
|
||||
cli_putstr("\r\nERROR: OOM!");
|
||||
return;
|
||||
}
|
||||
priv_key.n = 5;
|
||||
for(i=0; i<5; ++i){
|
||||
v[i] = malloc(sizeof(bigint_t));
|
||||
v[i]->info = 0;
|
||||
v[i]->length_B = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||
v[i]->wordv = calloc(v[i]->length_B , sizeof(bigint_word_t));
|
||||
if(!v[i]->wordv){
|
||||
cli_putstr("\r\nERROR: OOM!");
|
||||
return;
|
||||
}
|
||||
memcpy(v[i]->wordv, bv[i], sv[i]);
|
||||
bigint_changeendianess(v[i]);
|
||||
bigint_adjust(v[i]);
|
||||
priv_key.components[i] = v[i];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void load_fix_rsa(void){
|
||||
bigint_t *m, *epub;
|
||||
m = malloc(sizeof(bigint_t));
|
||||
epub = malloc(sizeof(bigint_t));
|
||||
if(!m || !epub){
|
||||
cli_putstr("\r\nOOM!\r\n");
|
||||
return;
|
||||
}
|
||||
|
||||
m->length_B = (sizeof(modulus) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||
epub->length_B = (sizeof(public_exponent) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||
|
||||
m->wordv = malloc(m->length_B * sizeof(bigint_word_t));
|
||||
epub->wordv = malloc(epub->length_B * sizeof(bigint_word_t));
|
||||
|
||||
if(!m->wordv || !epub->wordv){
|
||||
cli_putstr("\r\nOOM!\r\n");
|
||||
return;
|
||||
}
|
||||
|
||||
memcpy(m->wordv, modulus, sizeof(modulus));
|
||||
memcpy(epub->wordv, public_exponent, sizeof(public_exponent));
|
||||
|
||||
pub_key.modulus = priv_key.modulus = m;
|
||||
pub_key.exponent = epub;
|
||||
|
||||
bigint_changeendianess(m);
|
||||
bigint_adjust(m);
|
||||
bigint_changeendianess(epub);
|
||||
bigint_adjust(epub);
|
||||
|
||||
// load_priv_conventional();
|
||||
load_priv_crt_mono();
|
||||
}
|
||||
|
||||
|
||||
#define MSG message
|
||||
#define SEED seed
|
||||
|
||||
void quick_test(void){
|
||||
uint8_t *ciphertext, *plaintext, rc;
|
||||
uint16_t clen; //, plen;
|
||||
ciphertext = malloc(clen = pub_key.modulus->length_B * sizeof(bigint_word_t));
|
||||
plaintext = malloc(pub_key.modulus->length_B * sizeof(bigint_word_t));
|
||||
// memcpy(ciphertext, message1, sizeof(message1));
|
||||
cli_putstr("\r\nplaintext:");
|
||||
cli_hexdump_block(MSG, sizeof(MSG), 4, 8);
|
||||
uart_flush(0);
|
||||
rc = rsa_encrypt_oaep(ciphertext, &clen, MSG, sizeof(MSG), &pub_key, NULL, NULL, SEED);
|
||||
if(rc){
|
||||
cli_putstr("\r\nERROR: rsa_encrypt_oaep returned: ");
|
||||
cli_hexdump_byte(rc);
|
||||
return;
|
||||
|
||||
}
|
||||
cli_putstr("\r\n\r\nciphertext:");
|
||||
cli_hexdump_block(ciphertext, clen, 4, 8);
|
||||
uart_flush(0);
|
||||
/*
|
||||
rc = rsa_decrypt_pkcs15(plaintext, &plen, ciphertext, clen, &priv_key, NULL);
|
||||
if(rc){
|
||||
cli_putstr("\r\nERROR: rsa_encrypt_pkcs15 returned: ");
|
||||
cli_hexdump_byte(rc);
|
||||
return;
|
||||
}
|
||||
cli_putstr("\r\n\r\nplaintext:");
|
||||
cli_hexdump_block(plaintext, plen, 4, 8);
|
||||
*/
|
||||
free(ciphertext);
|
||||
free(plaintext);
|
||||
}
|
||||
|
||||
void reset_prng(void){
|
||||
uint8_t buf[16];
|
||||
memset(buf, 0, 16);
|
||||
random_seed(buf);
|
||||
cli_putstr("\r\nPRNG reset");
|
||||
}
|
||||
|
||||
void rsa_init(void){
|
||||
load_fix_rsa();
|
||||
prng_get_byte = random8;
|
||||
}
|
||||
|
||||
/*****************************************************************************
|
||||
* main *
|
||||
*****************************************************************************/
|
||||
|
||||
const char echo_test_str[] = "echo-test";
|
||||
const char reset_prng_str[] = "reset-prng";
|
||||
const char quick_test_str[] = "quick-test";
|
||||
const char performance_str[] = "performance";
|
||||
const char echo_str[] = "echo";
|
||||
|
||||
cmdlist_entry_t cmdlist[] = {
|
||||
{ reset_prng_str, NULL, reset_prng },
|
||||
{ quick_test_str, NULL, quick_test },
|
||||
// { performance_str, NULL, testrun_performance_bigint },
|
||||
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
|
||||
{ NULL, NULL, NULL }
|
||||
};
|
||||
|
||||
void dump_sp(void){
|
||||
uint8_t x;
|
||||
uint8_t *xa = &x;
|
||||
cli_putstr("\r\nstack pointer: ~");
|
||||
cli_hexdump_rev(&xa, 4);
|
||||
}
|
||||
|
||||
int main (void){
|
||||
main_setup();
|
||||
|
||||
for(;;){
|
||||
welcome_msg(algo_name);
|
||||
rsa_init();
|
||||
cmd_interface(cmdlist);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,369 @@
|
|||
# =================================
|
||||
# WORKED-OUT EXAMPLE FOR RSAES-OAEP
|
||||
# =================================
|
||||
#
|
||||
# This file gives an example of the process of
|
||||
# encrypting and decrypting a message with
|
||||
# RSAES-OAEP as specified in PKCS #1 v2.1.
|
||||
#
|
||||
# The message is a bit string of length 128,
|
||||
# while the size of the modulus in the public
|
||||
# key is 1024 bits. The second representation
|
||||
# of the private key is used, which means that
|
||||
# CRT is applied in the decryption process.
|
||||
#
|
||||
# The underlying hash function is SHA-1; the
|
||||
# mask generation function is MGF1 with SHA-1
|
||||
# as specified in PKCS #1 v2.1.
|
||||
#
|
||||
# This file also contains a demonstration of
|
||||
# the RSADP decryption primitive with CRT.
|
||||
# Finally, DER encodings of the RSA keys are
|
||||
# given at the end of the file.
|
||||
#
|
||||
#
|
||||
# Integers are represented by strings of octets
|
||||
# with the leftmost octet being the most
|
||||
# significant octet. For example,
|
||||
#
|
||||
# 9,202,000 = (0x)8c 69 50.
|
||||
#
|
||||
# =============================================
|
||||
|
||||
# ------------------------------
|
||||
# Components of the RSA Key Pair
|
||||
# ------------------------------
|
||||
|
||||
# RSA modulus n:
|
||||
bb f8 2f 09 06 82 ce 9c 23 38 ac 2b 9d a8 71 f7
|
||||
36 8d 07 ee d4 10 43 a4 40 d6 b6 f0 74 54 f5 1f
|
||||
b8 df ba af 03 5c 02 ab 61 ea 48 ce eb 6f cd 48
|
||||
76 ed 52 0d 60 e1 ec 46 19 71 9d 8a 5b 8b 80 7f
|
||||
af b8 e0 a3 df c7 37 72 3e e6 b4 b7 d9 3a 25 84
|
||||
ee 6a 64 9d 06 09 53 74 88 34 b2 45 45 98 39 4e
|
||||
e0 aa b1 2d 7b 61 a5 1f 52 7a 9a 41 f6 c1 68 7f
|
||||
e2 53 72 98 ca 2a 8f 59 46 f8 e5 fd 09 1d bd cb
|
||||
|
||||
# RSA public exponent e:
|
||||
(0x)11
|
||||
|
||||
# Prime p:
|
||||
ee cf ae 81 b1 b9 b3 c9 08 81 0b 10 a1 b5 60 01
|
||||
99 eb 9f 44 ae f4 fd a4 93 b8 1a 9e 3d 84 f6 32
|
||||
12 4e f0 23 6e 5d 1e 3b 7e 28 fa e7 aa 04 0a 2d
|
||||
5b 25 21 76 45 9d 1f 39 75 41 ba 2a 58 fb 65 99
|
||||
|
||||
# Prime q:
|
||||
c9 7f b1 f0 27 f4 53 f6 34 12 33 ea aa d1 d9 35
|
||||
3f 6c 42 d0 88 66 b1 d0 5a 0f 20 35 02 8b 9d 86
|
||||
98 40 b4 16 66 b4 2e 92 ea 0d a3 b4 32 04 b5 cf
|
||||
ce 33 52 52 4d 04 16 a5 a4 41 e7 00 af 46 15 03
|
||||
|
||||
# p's CRT exponent dP:
|
||||
54 49 4c a6 3e ba 03 37 e4 e2 40 23 fc d6 9a 5a
|
||||
eb 07 dd dc 01 83 a4 d0 ac 9b 54 b0 51 f2 b1 3e
|
||||
d9 49 09 75 ea b7 74 14 ff 59 c1 f7 69 2e 9a 2e
|
||||
20 2b 38 fc 91 0a 47 41 74 ad c9 3c 1f 67 c9 81
|
||||
|
||||
# q's CRT exponent dQ:
|
||||
47 1e 02 90 ff 0a f0 75 03 51 b7 f8 78 86 4c a9
|
||||
61 ad bd 3a 8a 7e 99 1c 5c 05 56 a9 4c 31 46 a7
|
||||
f9 80 3f 8f 6f 8a e3 42 e9 31 fd 8a e4 7a 22 0d
|
||||
1b 99 a4 95 84 98 07 fe 39 f9 24 5a 98 36 da 3d
|
||||
|
||||
# CRT coefficient qInv:
|
||||
b0 6c 4f da bb 63 01 19 8d 26 5b db ae 94 23 b3
|
||||
80 f2 71 f7 34 53 88 50 93 07 7f cd 39 e2 11 9f
|
||||
c9 86 32 15 4f 58 83 b1 67 a9 67 bf 40 2b 4e 9e
|
||||
2e 0f 96 56 e6 98 ea 36 66 ed fb 25 79 80 39 f7
|
||||
|
||||
# ----------------------------------
|
||||
# Step-by-step RSAES-OAEP Encryption
|
||||
# ----------------------------------
|
||||
|
||||
# Message M to be encrypted:
|
||||
d4 36 e9 95 69 fd 32 a7 c8 a0 5b bc 90 d3 2c 49
|
||||
|
||||
# Label L:
|
||||
(the empty string)
|
||||
|
||||
# lHash = Hash(L)
|
||||
# DB = lHash || Padding || M
|
||||
# seed = random string of octets
|
||||
# dbMask = MGF(seed, length(DB))
|
||||
# maskedDB = DB xor dbMask
|
||||
# seedMask = MGF(maskedDB, length(seed))
|
||||
# maskedSeed = seed xor seedMask
|
||||
# EM = 0x00 || maskedSeed || maskedDB
|
||||
|
||||
# lHash:
|
||||
da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90
|
||||
af d8 07 09
|
||||
|
||||
# DB:
|
||||
da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90
|
||||
af d8 07 09 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
00 00 00 00 00 00 00 00 00 00 01 d4 36 e9 95 69
|
||||
fd 32 a7 c8 a0 5b bc 90 d3 2c 49
|
||||
|
||||
# seed:
|
||||
aa fd 12 f6 59 ca e6 34 89 b4 79 e5 07 6d de c2
|
||||
f0 6c b5 8f
|
||||
|
||||
# dbMask:
|
||||
06 e1 de b2 36 9a a5 a5 c7 07 d8 2c 8e 4e 93 24
|
||||
8a c7 83 de e0 b2 c0 46 26 f5 af f9 3e dc fb 25
|
||||
c9 c2 b3 ff 8a e1 0e 83 9a 2d db 4c dc fe 4f f4
|
||||
77 28 b4 a1 b7 c1 36 2b aa d2 9a b4 8d 28 69 d5
|
||||
02 41 21 43 58 11 59 1b e3 92 f9 82 fb 3e 87 d0
|
||||
95 ae b4 04 48 db 97 2f 3a c1 4e af f4 9c 8c 3b
|
||||
7c fc 95 1a 51 ec d1 dd e6 12 64
|
||||
|
||||
# maskedDB:
|
||||
dc d8 7d 5c 68 f1 ee a8 f5 52 67 c3 1b 2e 8b b4
|
||||
25 1f 84 d7 e0 b2 c0 46 26 f5 af f9 3e dc fb 25
|
||||
c9 c2 b3 ff 8a e1 0e 83 9a 2d db 4c dc fe 4f f4
|
||||
77 28 b4 a1 b7 c1 36 2b aa d2 9a b4 8d 28 69 d5
|
||||
02 41 21 43 58 11 59 1b e3 92 f9 82 fb 3e 87 d0
|
||||
95 ae b4 04 48 db 97 2f 3a c1 4f 7b c2 75 19 52
|
||||
81 ce 32 d2 f1 b7 6d 4d 35 3e 2d
|
||||
|
||||
# seedMask:
|
||||
41 87 0b 5a b0 29 e6 57 d9 57 50 b5 4c 28 3c 08
|
||||
72 5d be a9
|
||||
|
||||
# maskedSeed:
|
||||
eb 7a 19 ac e9 e3 00 63 50 e3 29 50 4b 45 e2 ca
|
||||
82 31 0b 26
|
||||
|
||||
# EM = 00 || maskedSeed || maskedDB:
|
||||
00 eb 7a 19 ac e9 e3 00 63 50 e3 29 50 4b 45 e2
|
||||
ca 82 31 0b 26 dc d8 7d 5c 68 f1 ee a8 f5 52 67
|
||||
c3 1b 2e 8b b4 25 1f 84 d7 e0 b2 c0 46 26 f5 af
|
||||
f9 3e dc fb 25 c9 c2 b3 ff 8a e1 0e 83 9a 2d db
|
||||
4c dc fe 4f f4 77 28 b4 a1 b7 c1 36 2b aa d2 9a
|
||||
b4 8d 28 69 d5 02 41 21 43 58 11 59 1b e3 92 f9
|
||||
82 fb 3e 87 d0 95 ae b4 04 48 db 97 2f 3a c1 4f
|
||||
7b c2 75 19 52 81 ce 32 d2 f1 b7 6d 4d 35 3e 2d
|
||||
|
||||
# Ciphertext, the RSA encryption of EM:
|
||||
12 53 e0 4d c0 a5 39 7b b4 4a 7a b8 7e 9b f2 a0
|
||||
39 a3 3d 1e 99 6f c8 2a 94 cc d3 00 74 c9 5d f7
|
||||
63 72 20 17 06 9e 52 68 da 5d 1c 0b 4f 87 2c f6
|
||||
53 c1 1d f8 23 14 a6 79 68 df ea e2 8d ef 04 bb
|
||||
6d 84 b1 c3 1d 65 4a 19 70 e5 78 3b d6 eb 96 a0
|
||||
24 c2 ca 2f 4a 90 fe 9f 2e f5 c9 c1 40 e5 bb 48
|
||||
da 95 36 ad 87 00 c8 4f c9 13 0a de a7 4e 55 8d
|
||||
51 a7 4d df 85 d8 b5 0d e9 68 38 d6 06 3e 09 55
|
||||
|
||||
# --------------------------------------------
|
||||
# Step-by-step RSAES-OAEP Decryption Using CRT
|
||||
# --------------------------------------------
|
||||
|
||||
# c = the integer value of C above
|
||||
# m1 = c^dP mod p = (c mod p)^dP mod p
|
||||
# m2 = c^dQ mod q = (c mod q)^dQ mod q
|
||||
# h = (m1-m2)*qInv mod p
|
||||
# m = m2 + q*h = the integer value of EM above
|
||||
|
||||
# c mod p:
|
||||
de 63 d4 72 35 66 fa a7 59 bf e4 08 82 1d d5 25
|
||||
72 ec 92 85 4d df 87 a2 b6 64 d4 4d aa 37 ca 34
|
||||
6a 05 20 3d 82 ff 2d e8 e3 6c ec 1d 34 f9 8e b6
|
||||
05 e2 a7 d2 6d e7 af 36 9c e4 ec ae 14 e3 56 33
|
||||
|
||||
# c mod q:
|
||||
a2 d9 24 de d9 c3 6d 62 3e d9 a6 5b 5d 86 2c fb
|
||||
ec 8b 19 9c 64 27 9c 54 14 e6 41 19 6e f1 c9 3c
|
||||
50 7a 9b 52 13 88 1a ad 05 b4 cc fa 02 8a c1 ec
|
||||
61 42 09 74 bf 16 25 83 6b 0b 7d 05 fb b7 53 36
|
||||
|
||||
# m1:
|
||||
89 6c a2 6c d7 e4 87 1c 7f c9 68 a8 ed ea 11 e2
|
||||
71 82 4f 0e 03 65 52 17 94 f1 e9 e9 43 b4 a4 4b
|
||||
57 c9 e3 95 a1 46 74 78 f5 26 49 6b 4b b9 1f 1c
|
||||
ba ea 90 0f fc 60 2c f0 c6 63 6e ba 84 fc 9f f7
|
||||
|
||||
# m2:
|
||||
4e bb 22 75 85 f0 c1 31 2d ca 19 e0 b5 41 db 14
|
||||
99 fb f1 4e 27 0e 69 8e 23 9a 8c 27 a9 6c da 9a
|
||||
74 09 74 de 93 7b 5c 9c 93 ea d9 46 2c 65 75 02
|
||||
1a 23 d4 64 99 dc 9f 6b 35 89 75 59 60 8f 19 be
|
||||
|
||||
# h:
|
||||
01 2b 2b 24 15 0e 76 e1 59 bd 8d db 42 76 e0 7b
|
||||
fa c1 88 e0 8d 60 47 cf 0e fb 8a e2 ae bd f2 51
|
||||
c4 0e bc 23 dc fd 4a 34 42 43 94 ad a9 2c fc be
|
||||
1b 2e ff bb 60 fd fb 03 35 9a 95 36 8d 98 09 25
|
||||
|
||||
# m:
|
||||
00 eb 7a 19 ac e9 e3 00 63 50 e3 29 50 4b 45 e2
|
||||
ca 82 31 0b 26 dc d8 7d 5c 68 f1 ee a8 f5 52 67
|
||||
c3 1b 2e 8b b4 25 1f 84 d7 e0 b2 c0 46 26 f5 af
|
||||
f9 3e dc fb 25 c9 c2 b3 ff 8a e1 0e 83 9a 2d db
|
||||
4c dc fe 4f f4 77 28 b4 a1 b7 c1 36 2b aa d2 9a
|
||||
b4 8d 28 69 d5 02 41 21 43 58 11 59 1b e3 92 f9
|
||||
82 fb 3e 87 d0 95 ae b4 04 48 db 97 2f 3a c1 4f
|
||||
7b c2 75 19 52 81 ce 32 d2 f1 b7 6d 4d 35 3e 2d
|
||||
|
||||
# The intermediate values in the remaining
|
||||
# decryption process are the same as during
|
||||
# RSAES-OAEP encryption of M.
|
||||
|
||||
# =============================================
|
||||
|
||||
# ========================
|
||||
# DER Encoding of RSA Keys
|
||||
# ========================
|
||||
|
||||
# ------------
|
||||
# RSAPublicKey
|
||||
# ------------
|
||||
30 81 87
|
||||
# modulus
|
||||
02 81 81
|
||||
00 bb f8 2f 09 06 82 ce
|
||||
9c 23 38 ac 2b 9d a8 71
|
||||
f7 36 8d 07 ee d4 10 43
|
||||
a4 40 d6 b6 f0 74 54 f5
|
||||
1f b8 df ba af 03 5c 02
|
||||
ab 61 ea 48 ce eb 6f cd
|
||||
48 76 ed 52 0d 60 e1 ec
|
||||
46 19 71 9d 8a 5b 8b 80
|
||||
7f af b8 e0 a3 df c7 37
|
||||
72 3e e6 b4 b7 d9 3a 25
|
||||
84 ee 6a 64 9d 06 09 53
|
||||
74 88 34 b2 45 45 98 39
|
||||
4e e0 aa b1 2d 7b 61 a5
|
||||
1f 52 7a 9a 41 f6 c1 68
|
||||
7f e2 53 72 98 ca 2a 8f
|
||||
59 46 f8 e5 fd 09 1d bd
|
||||
cb
|
||||
# publicExponent
|
||||
02 01
|
||||
11
|
||||
|
||||
# -------------
|
||||
# RSAPrivateKey
|
||||
# -------------
|
||||
30 82 02 5b
|
||||
# version
|
||||
02 01
|
||||
00
|
||||
# modulus
|
||||
02 81 81
|
||||
00 bb f8 2f 09 06 82 ce
|
||||
9c 23 38 ac 2b 9d a8 71
|
||||
f7 36 8d 07 ee d4 10 43
|
||||
a4 40 d6 b6 f0 74 54 f5
|
||||
1f b8 df ba af 03 5c 02
|
||||
ab 61 ea 48 ce eb 6f cd
|
||||
48 76 ed 52 0d 60 e1 ec
|
||||
46 19 71 9d 8a 5b 8b 80
|
||||
7f af b8 e0 a3 df c7 37
|
||||
72 3e e6 b4 b7 d9 3a 25
|
||||
84 ee 6a 64 9d 06 09 53
|
||||
74 88 34 b2 45 45 98 39
|
||||
4e e0 aa b1 2d 7b 61 a5
|
||||
1f 52 7a 9a 41 f6 c1 68
|
||||
7f e2 53 72 98 ca 2a 8f
|
||||
59 46 f8 e5 fd 09 1d bd
|
||||
cb
|
||||
# publicExponent
|
||||
02 01
|
||||
11
|
||||
# privateExponent
|
||||
02 81 81
|
||||
00 a5 da fc 53 41 fa f2
|
||||
89 c4 b9 88 db 30 c1 cd
|
||||
f8 3f 31 25 1e 06 68 b4
|
||||
27 84 81 38 01 57 96 41
|
||||
b2 94 10 b3 c7 99 8d 6b
|
||||
c4 65 74 5e 5c 39 26 69
|
||||
d6 87 0d a2 c0 82 a9 39
|
||||
e3 7f dc b8 2e c9 3e da
|
||||
c9 7f f3 ad 59 50 ac cf
|
||||
bc 11 1c 76 f1 a9 52 94
|
||||
44 e5 6a af 68 c5 6c 09
|
||||
2c d3 8d c3 be f5 d2 0a
|
||||
93 99 26 ed 4f 74 a1 3e
|
||||
dd fb e1 a1 ce cc 48 94
|
||||
af 94 28 c2 b7 b8 88 3f
|
||||
e4 46 3a 4b c8 5b 1c b3
|
||||
c1
|
||||
# prime1
|
||||
02 41
|
||||
00 ee cf ae 81 b1 b9 b3
|
||||
c9 08 81 0b 10 a1 b5 60
|
||||
01 99 eb 9f 44 ae f4 fd
|
||||
a4 93 b8 1a 9e 3d 84 f6
|
||||
32 12 4e f0 23 6e 5d 1e
|
||||
3b 7e 28 fa e7 aa 04 0a
|
||||
2d 5b 25 21 76 45 9d 1f
|
||||
39 75 41 ba 2a 58 fb 65
|
||||
99
|
||||
# prime2
|
||||
02 41
|
||||
00 c9 7f b1 f0 27 f4 53
|
||||
f6 34 12 33 ea aa d1 d9
|
||||
35 3f 6c 42 d0 88 66 b1
|
||||
d0 5a 0f 20 35 02 8b 9d
|
||||
86 98 40 b4 16 66 b4 2e
|
||||
92 ea 0d a3 b4 32 04 b5
|
||||
cf ce 33 52 52 4d 04 16
|
||||
a5 a4 41 e7 00 af 46 15
|
||||
03
|
||||
# exponent1
|
||||
02 40
|
||||
54 49 4c a6 3e ba 03 37
|
||||
e4 e2 40 23 fc d6 9a 5a
|
||||
eb 07 dd dc 01 83 a4 d0
|
||||
ac 9b 54 b0 51 f2 b1 3e
|
||||
d9 49 09 75 ea b7 74 14
|
||||
ff 59 c1 f7 69 2e 9a 2e
|
||||
20 2b 38 fc 91 0a 47 41
|
||||
74 ad c9 3c 1f 67 c9 81
|
||||
# exponent2
|
||||
02 40
|
||||
47 1e 02 90 ff 0a f0 75
|
||||
03 51 b7 f8 78 86 4c a9
|
||||
61 ad bd 3a 8a 7e 99 1c
|
||||
5c 05 56 a9 4c 31 46 a7
|
||||
f9 80 3f 8f 6f 8a e3 42
|
||||
e9 31 fd 8a e4 7a 22 0d
|
||||
1b 99 a4 95 84 98 07 fe
|
||||
39 f9 24 5a 98 36 da 3d
|
||||
# coefficient
|
||||
02 41
|
||||
00 b0 6c 4f da bb 63 01
|
||||
19 8d 26 5b db ae 94 23
|
||||
b3 80 f2 71 f7 34 53 88
|
||||
50 93 07 7f cd 39 e2 11
|
||||
9f c9 86 32 15 4f 58 83
|
||||
b1 67 a9 67 bf 40 2b 4e
|
||||
9e 2e 0f 96 56 e6 98 ea
|
||||
36 66 ed fb 25 79 80 39
|
||||
f7
|
||||
|
||||
# ------------------------
|
||||
# PrivateKeyInfo (PKCS #8)
|
||||
# ------------------------
|
||||
30 82 02 75
|
||||
# version
|
||||
02 01
|
||||
00
|
||||
# privateKeyAlgorithmIdentifier
|
||||
30 0d
|
||||
06 09
|
||||
2a 86 48 86 f7 0d 01 01 01
|
||||
# parameters
|
||||
05 00
|
||||
# privateKey = RSAPrivateKey encoding
|
||||
04 82 02 5f
|
||||
# DER encoding of RSAPrivateKey structure
|
||||
30 82 02 5b ... 79 80 39 f7
|
||||
|
||||
# =============================================
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,162 @@
|
|||
# =================================
|
||||
# WORKED-OUT EXAMPLE FOR RSASSA-PSS
|
||||
# =================================
|
||||
#
|
||||
# This file gives an example of the process of
|
||||
# signing a message with RSASSA-PSS as
|
||||
# specified in PKCS #1 v2.1.
|
||||
#
|
||||
# The message is an octet string of length 114,
|
||||
# while the size of the modulus in the public
|
||||
# key is 1024 bits. The message is signed via a
|
||||
# random salt of length 20 octets
|
||||
#
|
||||
# The underlying hash function in the EMSA-PSS
|
||||
# encoding method is SHA-1; the mask generation
|
||||
# function is MGF1 with SHA-1 as specified in
|
||||
# PKCS #1 v2.1.
|
||||
#
|
||||
# Integers are represented by strings of octets
|
||||
# with the leftmost octet being the most
|
||||
# significant octet. For example,
|
||||
#
|
||||
# 9,202,000 = (0x)8c 69 50.
|
||||
#
|
||||
# =============================================
|
||||
|
||||
# ------------------------------
|
||||
# Components of the RSA Key Pair
|
||||
# ------------------------------
|
||||
|
||||
# RSA modulus n:
|
||||
a2 ba 40 ee 07 e3 b2 bd 2f 02 ce 22 7f 36 a1 95
|
||||
02 44 86 e4 9c 19 cb 41 bb bd fb ba 98 b2 2b 0e
|
||||
57 7c 2e ea ff a2 0d 88 3a 76 e6 5e 39 4c 69 d4
|
||||
b3 c0 5a 1e 8f ad da 27 ed b2 a4 2b c0 00 fe 88
|
||||
8b 9b 32 c2 2d 15 ad d0 cd 76 b3 e7 93 6e 19 95
|
||||
5b 22 0d d1 7d 4e a9 04 b1 ec 10 2b 2e 4d e7 75
|
||||
12 22 aa 99 15 10 24 c7 cb 41 cc 5e a2 1d 00 ee
|
||||
b4 1f 7c 80 08 34 d2 c6 e0 6b ce 3b ce 7e a9 a5
|
||||
|
||||
# RSA public exponent e:
|
||||
01 00 01
|
||||
|
||||
# Prime p:
|
||||
d1 7f 65 5b f2 7c 8b 16 d3 54 62 c9 05 cc 04 a2
|
||||
6f 37 e2 a6 7f a9 c0 ce 0d ce d4 72 39 4a 0d f7
|
||||
43 fe 7f 92 9e 37 8e fd b3 68 ed df f4 53 cf 00
|
||||
7a f6 d9 48 e0 ad e7 57 37 1f 8a 71 1e 27 8f 6b
|
||||
|
||||
# Prime q:
|
||||
c6 d9 2b 6f ee 74 14 d1 35 8c e1 54 6f b6 29 87
|
||||
53 0b 90 bd 15 e0 f1 49 63 a5 e2 63 5a db 69 34
|
||||
7e c0 c0 1b 2a b1 76 3f d8 ac 1a 59 2f b2 27 57
|
||||
46 3a 98 24 25 bb 97 a3 a4 37 c5 bf 86 d0 3f 2f
|
||||
|
||||
# p's CRT exponent dP:
|
||||
9d 0d bf 83 e5 ce 9e 4b 17 54 dc d5 cd 05 bc b7
|
||||
b5 5f 15 08 33 0e a4 9f 14 d4 e8 89 55 0f 82 56
|
||||
cb 5f 80 6d ff 34 b1 7a da 44 20 88 53 57 7d 08
|
||||
e4 26 28 90 ac f7 52 46 1c ea 05 54 76 01 bc 4f
|
||||
|
||||
# q's CRT exponent dQ:
|
||||
12 91 a5 24 c6 b7 c0 59 e9 0e 46 dc 83 b2 17 1e
|
||||
b3 fa 98 81 8f d1 79 b6 c8 bf 6c ec aa 47 63 03
|
||||
ab f2 83 fe 05 76 9c fc 49 57 88 fe 5b 1d df de
|
||||
9e 88 4a 3c d5 e9 36 b7 e9 55 eb f9 7e b5 63 b1
|
||||
|
||||
# CRT coefficient qInv:
|
||||
a6 3f 1d a3 8b 95 0c 9a d1 c6 7c e0 d6 77 ec 29
|
||||
14 cd 7d 40 06 2d f4 2a 67 eb 19 8a 17 6f 97 42
|
||||
aa c7 c5 fe a1 4f 22 97 66 2b 84 81 2c 4d ef c4
|
||||
9a 80 25 ab 43 82 28 6b e4 c0 37 88 dd 01 d6 9f
|
||||
|
||||
# ---------------------------------
|
||||
# Step-by-step RSASSA-PSS Signature
|
||||
# ---------------------------------
|
||||
|
||||
# Message M to be signed:
|
||||
85 9e ef 2f d7 8a ca 00 30 8b dc 47 11 93 bf 55
|
||||
bf 9d 78 db 8f 8a 67 2b 48 46 34 f3 c9 c2 6e 64
|
||||
78 ae 10 26 0f e0 dd 8c 08 2e 53 a5 29 3a f2 17
|
||||
3c d5 0c 6d 5d 35 4f eb f7 8b 26 02 1c 25 c0 27
|
||||
12 e7 8c d4 69 4c 9f 46 97 77 e4 51 e7 f8 e9 e0
|
||||
4c d3 73 9c 6b bf ed ae 48 7f b5 56 44 e9 ca 74
|
||||
ff 77 a5 3c b7 29 80 2f 6e d4 a5 ff a8 ba 15 98
|
||||
90 fc
|
||||
|
||||
# mHash = Hash(M)
|
||||
# salt = random string of octets
|
||||
# M' = Padding || mHash || salt
|
||||
# H = Hash(M')
|
||||
# DB = Padding || salt
|
||||
# dbMask = MGF(H, length(DB))
|
||||
# maskedDB = DB xor dbMask (leftmost bit set to
|
||||
# zero)
|
||||
# EM = maskedDB || H || 0xbc
|
||||
|
||||
# mHash:
|
||||
37 b6 6a e0 44 58 43 35 3d 47 ec b0 b4 fd 14 c1
|
||||
10 e6 2d 6a
|
||||
|
||||
# salt:
|
||||
e3 b5 d5 d0 02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8
|
||||
3b ce 7e 61
|
||||
|
||||
# M':
|
||||
00 00 00 00 00 00 00 00 37 b6 6a e0 44 58 43 35
|
||||
3d 47 ec b0 b4 fd 14 c1 10 e6 2d 6a e3 b5 d5 d0
|
||||
02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8 3b ce 7e 61
|
||||
|
||||
# H:
|
||||
df 1a 89 6f 9d 8b c8 16 d9 7c d7 a2 c4 3b ad 54
|
||||
6f be 8c fe
|
||||
|
||||
# DB:
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
00 00 00 00 00 00 01 e3 b5 d5 d0 02 c1 bc e5 0c
|
||||
2b 65 ef 88 a1 88 d8 3b ce 7e 61
|
||||
|
||||
# dbMask:
|
||||
66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67
|
||||
d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af
|
||||
50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4
|
||||
d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1
|
||||
e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec
|
||||
d3 18 3a 31 1f c8 97 39 a9 66 43 13 6e 8b 0f 46
|
||||
5e 87 a4 53 5c d4 c5 9b 10 02 8d
|
||||
|
||||
# maskedDB:
|
||||
66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67
|
||||
d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af
|
||||
50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4
|
||||
d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1
|
||||
e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec
|
||||
d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a
|
||||
75 e2 4b db fd 5c 1d a0 de 7c ec
|
||||
|
||||
# Encoded message EM:
|
||||
66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67
|
||||
d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af
|
||||
50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4
|
||||
d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1
|
||||
e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec
|
||||
d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a
|
||||
75 e2 4b db fd 5c 1d a0 de 7c ec df 1a 89 6f 9d
|
||||
8b c8 16 d9 7c d7 a2 c4 3b ad 54 6f be 8c fe bc
|
||||
|
||||
# Signature S, the RSA decryption of EM:
|
||||
8d aa 62 7d 3d e7 59 5d 63 05 6c 7e c6 59 e5 44
|
||||
06 f1 06 10 12 8b aa e8 21 c8 b2 a0 f3 93 6d 54
|
||||
dc 3b dc e4 66 89 f6 b7 95 1b b1 8e 84 05 42 76
|
||||
97 18 d5 71 5d 21 0d 85 ef bb 59 61 92 03 2c 42
|
||||
be 4c 29 97 2c 85 62 75 eb 6d 5a 45 f0 5f 51 87
|
||||
6f c6 74 3d ed dd 28 ca ec 9b b3 0e a9 9e 02 c3
|
||||
48 82 69 60 4f e4 97 f7 4c cd 7c 7f ca 16 71 89
|
||||
71 23 cb d3 0d ef 5d 54 a2 b5 53 6a d9 0a 74 7e
|
||||
|
||||
# =============================================
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,22 @@
|
|||
====================
|
||||
pkcs-1v2-1-vec.zip
|
||||
====================
|
||||
|
||||
This directory contains test vectors for RSAES-OAEP and
|
||||
RSASSA-PSS as defined in PKCS #1 v2.1.
|
||||
|
||||
The files:
|
||||
|
||||
readme.txt This file.
|
||||
|
||||
oaep-vect.txt Test vectors for RSAES-OAEP encryption.
|
||||
|
||||
oaep-int.txt Intermediate values for RSAES-OAEP
|
||||
encryption and RSA decryption with CRT.
|
||||
Also, DER-encoded RSAPrivateKey and
|
||||
RSAPublicKey types.
|
||||
|
||||
pss-vect.txt Test vectors for RSASSA-PSS signing.
|
||||
|
||||
pss-int.txt Intermediate values for RSASSA-PSS
|
||||
signing.
|
Loading…
Reference in New Issue