some fixes, mainly at rsaes-pkcs1v15
This commit is contained in:
parent
06d9213f13
commit
cc6b183296
|
@ -34,8 +34,7 @@ GLOBAL_INCDIR := ./ $(TESTSRC_DIR)
|
|||
|
||||
#-------------------------------------------------------------------------------
|
||||
# inclusion of make stubs
|
||||
include mkfiles/0*.mk
|
||||
include mkfiles/*.mk
|
||||
include $(sort $(wildcard mkfiles/*.mk))
|
||||
|
||||
#-------------------------------------------------------------------------------
|
||||
ALGORITHMS = $(BLOCK_CIPHERS) $(STREAM_CIPHERS) $(HASHES) $(PRNGS) $(MACS) \
|
||||
|
|
|
@ -27,7 +27,7 @@ STAT_DIR = stats/$(BOARD_NAME)/#
|
|||
AUTOASM_DIR = autoasm/$(BOARD_NAME)/#
|
||||
AUTOASM_OPT = -S
|
||||
CC = avr-gcc
|
||||
CSTD = c99
|
||||
CSTD = gnu99
|
||||
|
||||
SIZESTAT_FILE = sizestats.txt
|
||||
|
||||
|
|
|
@ -291,26 +291,34 @@ int8_t bigint_cmp_u(const bigint_t* a, const bigint_t* b){
|
|||
|
||||
void bigint_add_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
|
||||
uint8_t s;
|
||||
int8_t d = 0;
|
||||
s = GET_SIGN(a)?2:0;
|
||||
s |= GET_SIGN(b)?1:0;
|
||||
switch(s){
|
||||
case 0: /* both positive */
|
||||
d = 1;
|
||||
bigint_add_u(dest, a,b);
|
||||
SET_POS(dest);
|
||||
break;
|
||||
case 1: /* a positive, b negative */
|
||||
d = bigint_cmp_u(a,b);
|
||||
bigint_sub_u(dest, a, b);
|
||||
break;
|
||||
case 2: /* a negative, b positive */
|
||||
d = bigint_cmp_u(b,a);
|
||||
bigint_sub_u(dest, b, a);
|
||||
break;
|
||||
case 3: /* both negative */
|
||||
d = -1;
|
||||
bigint_add_u(dest, a, b);
|
||||
SET_NEG(dest);
|
||||
break;
|
||||
default: /* how can this happen?*/
|
||||
break;
|
||||
}
|
||||
if(d<0){
|
||||
SET_NEG(dest);
|
||||
}else{
|
||||
SET_POS(dest);
|
||||
}
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
|
|
|
@ -146,21 +146,24 @@ void blake_large_lastBlock(blake_large_ctx_t* ctx, const void* msg, uint16_t len
|
|||
msg = (uint8_t*)msg + BLAKE_LARGE_BLOCKSIZE_B;
|
||||
length_b -= BLAKE_LARGE_BLOCKSIZE;
|
||||
}
|
||||
uint8_t buffer[128];
|
||||
union {
|
||||
uint8_t v8[128];
|
||||
uint64_t v64[ 16];
|
||||
} buffer;
|
||||
uint64_t v[16];
|
||||
uint64_t ctr;
|
||||
ctr = ctx->counter*1024+length_b;
|
||||
memset(buffer, 0, 128);
|
||||
memcpy(buffer, msg, (length_b+7)/8);
|
||||
buffer[length_b/8] |= 0x80 >> (length_b&0x7);
|
||||
blake_large_changeendian(buffer, buffer);
|
||||
memset(buffer.v8, 0, 128);
|
||||
memcpy(buffer.v8, msg, (length_b+7)/8);
|
||||
buffer.v8[length_b/8] |= 0x80 >> (length_b&0x7);
|
||||
blake_large_changeendian(buffer.v8, buffer.v8);
|
||||
blake_large_expand(v, ctx);
|
||||
if(length_b>1024-128-2){
|
||||
v[12] ^= ctr;
|
||||
v[13] ^= ctr;
|
||||
blake_large_compress(v, buffer);
|
||||
blake_large_compress(v, buffer.v8);
|
||||
blake_large_collapse(ctx, v);
|
||||
memset(buffer, 0, 128-8);
|
||||
memset(buffer.v8, 0, 128-8);
|
||||
blake_large_expand(v, ctx);
|
||||
} else {
|
||||
if(length_b){
|
||||
|
@ -169,9 +172,9 @@ void blake_large_lastBlock(blake_large_ctx_t* ctx, const void* msg, uint16_t len
|
|||
}
|
||||
}
|
||||
if(ctx->appendone)
|
||||
buffer[128-16-8] |= 0x01;
|
||||
*((uint64_t*)(&(buffer[128-8]))) = ctr;
|
||||
blake_large_compress(v, buffer);
|
||||
buffer.v8[128-16-8] |= 0x01;
|
||||
buffer.v64[15] = ctr;
|
||||
blake_large_compress(v, buffer.v8);
|
||||
blake_large_collapse(ctx, v);
|
||||
|
||||
}
|
||||
|
|
|
@ -141,26 +141,29 @@ void blake_small_lastBlock(blake_small_ctx_t* ctx, const void* msg, uint16_t len
|
|||
msg = (uint8_t*)msg + BLAKE_SMALL_BLOCKSIZE_B;
|
||||
length_b -= BLAKE_SMALL_BLOCKSIZE;
|
||||
}
|
||||
uint8_t buffer[64];
|
||||
union {
|
||||
uint8_t v8[64];
|
||||
uint32_t v32[16];
|
||||
} buffer;
|
||||
uint32_t v[16];
|
||||
union {
|
||||
uint64_t v64;
|
||||
uint32_t v32[2];
|
||||
}ctr;
|
||||
ctr.v64 = ctx->counter*512+length_b;
|
||||
memset(buffer, 0, 64);
|
||||
memcpy(buffer, msg, (length_b+7)/8);
|
||||
buffer[length_b/8] |= 0x80 >> (length_b&0x7);
|
||||
blake_small_changeendian(buffer, buffer);
|
||||
memset(buffer.v8, 0, 64);
|
||||
memcpy(buffer.v8, msg, (length_b+7)/8);
|
||||
buffer.v8[length_b/8] |= 0x80 >> (length_b&0x7);
|
||||
blake_small_changeendian(buffer.v8, buffer.v8);
|
||||
blake_small_expand(v, ctx);
|
||||
if(length_b>512-64-2){
|
||||
v[12] ^= ctr.v32[0];
|
||||
v[13] ^= ctr.v32[0];
|
||||
v[14] ^= ctr.v32[1];
|
||||
v[15] ^= ctr.v32[1];
|
||||
blake_small_compress(v, buffer);
|
||||
blake_small_compress(v, buffer.v8);
|
||||
blake_small_collapse(ctx, v);
|
||||
memset(buffer, 0, 64-8);
|
||||
memset(buffer.v8, 0, 64-8);
|
||||
blake_small_expand(v, ctx);
|
||||
}else{
|
||||
if(length_b){
|
||||
|
@ -171,10 +174,10 @@ void blake_small_lastBlock(blake_small_ctx_t* ctx, const void* msg, uint16_t len
|
|||
}
|
||||
}
|
||||
if(ctx->appendone)
|
||||
buffer[64-8-4] |= 0x01;
|
||||
*((uint32_t*)(&(buffer[64-8]))) = ctr.v32[1];
|
||||
*((uint32_t*)(&(buffer[64-4]))) = ctr.v32[0];
|
||||
blake_small_compress(v, buffer);
|
||||
buffer.v8[64-8-4] |= 0x01;
|
||||
buffer.v32[14] = ctr.v32[1];
|
||||
buffer.v32[15] = ctr.v32[0];
|
||||
blake_small_compress(v, buffer.v8);
|
||||
blake_small_collapse(ctx, v);
|
||||
|
||||
}
|
||||
|
|
|
@ -523,33 +523,36 @@ void bmw_large_nextBlock(bmw_large_ctx_t* ctx, const void* block){
|
|||
}
|
||||
|
||||
void bmw_large_lastBlock(bmw_large_ctx_t* ctx, const void* block, uint16_t length_b){
|
||||
uint8_t buffer[128];
|
||||
union {
|
||||
uint8_t v8[128];
|
||||
uint64_t v64[ 16];
|
||||
} buffer;
|
||||
while(length_b >= BMW_LARGE_BLOCKSIZE){
|
||||
bmw_large_nextBlock(ctx, block);
|
||||
length_b -= BMW_LARGE_BLOCKSIZE;
|
||||
block = (uint8_t*)block + BMW_LARGE_BLOCKSIZE_B;
|
||||
}
|
||||
memset(buffer, 0, 128);
|
||||
memcpy(buffer, block, (length_b+7)/8);
|
||||
buffer[length_b>>3] |= 0x80 >> (length_b&0x07);
|
||||
memset(buffer.v8, 0, 128);
|
||||
memcpy(buffer.v8, block, (length_b+7)/8);
|
||||
buffer.v8[length_b>>3] |= 0x80 >> (length_b&0x07);
|
||||
if(length_b+1>128*8-64){
|
||||
bmw_large_nextBlock(ctx, buffer);
|
||||
memset(buffer, 0, 128-8);
|
||||
bmw_large_nextBlock(ctx, buffer.v8);
|
||||
memset(buffer.v8, 0, 128-8);
|
||||
ctx->counter -= 1;
|
||||
}
|
||||
*((uint64_t*)&(buffer[128-8])) = (uint64_t)(ctx->counter*1024LL)+(uint64_t)length_b;
|
||||
bmw_large_nextBlock(ctx, buffer);
|
||||
buffer.v64[15] = (uint64_t)(ctx->counter*1024LL)+(uint64_t)length_b;
|
||||
bmw_large_nextBlock(ctx, buffer.v8);
|
||||
#if TWEAK
|
||||
uint8_t i;
|
||||
uint64_t q[32];
|
||||
memset(buffer, 0xaa, 128);
|
||||
memset(buffer.v8, 0xaa, 128);
|
||||
for(i=0; i<16; ++i){
|
||||
buffer[8*i] = i + 0xa0;
|
||||
buffer.v8[8*i] = i + 0xa0;
|
||||
}
|
||||
bmw_large_f0(q, (uint64_t*)buffer, ctx->h);
|
||||
bmw_large_f1(q, ctx->h, (uint64_t*)buffer);
|
||||
bmw_large_f2((uint64_t*)buffer, q, ctx->h);
|
||||
memcpy(ctx->h, buffer, 128);
|
||||
bmw_large_f0(q, buffer.v64, ctx->h);
|
||||
bmw_large_f1(q, ctx->h, buffer.v64);
|
||||
bmw_large_f2(buffer.v64, q, ctx->h);
|
||||
memcpy(ctx->h, buffer.v8, 128);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
|
@ -499,38 +499,42 @@ void bmw_small_nextBlock(bmw_small_ctx_t* ctx, const void* block){
|
|||
}
|
||||
|
||||
void bmw_small_lastBlock(bmw_small_ctx_t* ctx, const void* block, uint16_t length_b){
|
||||
uint8_t buffer[64];
|
||||
union {
|
||||
uint8_t v8[64];
|
||||
uint32_t v32[16];
|
||||
uint64_t v64[ 8];
|
||||
} buffer;
|
||||
while(length_b >= BMW_SMALL_BLOCKSIZE){
|
||||
bmw_small_nextBlock(ctx, block);
|
||||
length_b -= BMW_SMALL_BLOCKSIZE;
|
||||
block = (uint8_t*)block + BMW_SMALL_BLOCKSIZE_B;
|
||||
}
|
||||
memset(buffer, 0, 64);
|
||||
memcpy(buffer, block, (length_b+7)/8);
|
||||
buffer[length_b>>3] |= 0x80 >> (length_b&0x07);
|
||||
memset(buffer.v8, 0, 64);
|
||||
memcpy(buffer.v8, block, (length_b+7)/8);
|
||||
buffer.v8[length_b>>3] |= 0x80 >> (length_b&0x07);
|
||||
if(length_b+1>64*8-64){
|
||||
bmw_small_nextBlock(ctx, buffer);
|
||||
memset(buffer, 0, 64-8);
|
||||
bmw_small_nextBlock(ctx, buffer.v8);
|
||||
memset(buffer.v8, 0, 64-8);
|
||||
ctx->counter -= 1;
|
||||
}
|
||||
*((uint64_t*)&(buffer[64-8])) = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b;
|
||||
bmw_small_nextBlock(ctx, buffer);
|
||||
buffer.v64[7] = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b;
|
||||
bmw_small_nextBlock(ctx, buffer.v8);
|
||||
#if TWEAK
|
||||
uint8_t i;
|
||||
uint32_t q[32];
|
||||
memset(buffer, 0xaa, 64);
|
||||
memset(buffer.v8, 0xaa, 64);
|
||||
for(i=0; i<16;++i){
|
||||
buffer[i*4] = i+0xa0;
|
||||
buffer.v8[i*4] = i+0xa0;
|
||||
}
|
||||
// dump_x(buffer, 16, 'A');
|
||||
// dump_x(buffer.v8, 16, 'A');
|
||||
dump_x(ctx->h, 16, 'M');
|
||||
bmw_small_f0(q, (uint32_t*)buffer, ctx->h);
|
||||
dump_x(buffer, 16, 'a');
|
||||
bmw_small_f0(q, buffer.v32, ctx->h);
|
||||
dump_x(buffer.v8, 16, 'a');
|
||||
dump_x(q, 16, 'Q');
|
||||
bmw_small_f1(q, ctx->h, (uint32_t*)buffer);
|
||||
bmw_small_f1(q, ctx->h, buffer.v32);
|
||||
dump_x(q, 32, 'Q');
|
||||
bmw_small_f2((uint32_t*)buffer, q, ctx->h);
|
||||
memcpy(ctx->h, buffer, 64);
|
||||
bmw_small_f2(buffer.v32, q, ctx->h);
|
||||
memcpy(ctx->h, buffer.v8, 64);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#!/usr/bin/ruby
|
||||
# rsa_pkcs15_check.rb
|
||||
# rsa_pkcs1v15_check.rb
|
||||
=begin
|
||||
This file is part of the AVR-Crypto-Lib.
|
||||
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
|
||||
|
@ -21,6 +21,7 @@
|
|||
require 'rubygems'
|
||||
require 'serialport'
|
||||
require 'getopt/std'
|
||||
require 'fileutils'
|
||||
|
||||
$buffer_size = 0 # set automatically in init_system
|
||||
$conffile_check = Hash.new
|
||||
|
@ -94,10 +95,15 @@ end
|
|||
def read_block(f)
|
||||
d = Array.new
|
||||
begin
|
||||
v = false
|
||||
l = f.gets
|
||||
x = l.split.collect { |e| e.to_i(16) }
|
||||
# x = l.split.collect { |e| e.to_i(16) }
|
||||
t = l.split
|
||||
t.each { |e| v = true if e.length != 2 }
|
||||
x = []
|
||||
x = t.collect { |e| e.to_i(16) } if ! v
|
||||
d += x
|
||||
end while x.length == 16
|
||||
end while x.length == 16 && ! v
|
||||
return d
|
||||
end
|
||||
|
||||
|
@ -300,7 +306,11 @@ def check_tv(tv)
|
|||
test_enc = ''
|
||||
loop do
|
||||
l = read_line_from_device()
|
||||
break if ! /([0-9A-Fa-f]{2}\s*)+/.match(l)
|
||||
t = l.split
|
||||
v = false
|
||||
t.each { |e| v = true if e.length != 2 }
|
||||
x = t.collect { |e| e.to_i(16) }
|
||||
break if v
|
||||
test_enc += l if l
|
||||
end
|
||||
test_enc_a = Array.new
|
||||
|
@ -331,7 +341,7 @@ end
|
|||
########################################
|
||||
|
||||
|
||||
opts = Getopt::Std.getopts('dc:f:il:s:')
|
||||
opts = Getopt::Std.getopts('dc:f:il:s:n:')
|
||||
|
||||
conf = Hash.new
|
||||
conf = readconfigfile("/etc/testport.conf", conf)
|
||||
|
@ -367,14 +377,39 @@ $sp.flow_control = SerialPort::SOFT
|
|||
|
||||
$debug = true if opts['d']
|
||||
|
||||
if opts['l']
|
||||
if opts['l'] && ! opts['n']
|
||||
$logfile = File.open(opts['l'], 'w')
|
||||
end
|
||||
|
||||
if opts['n']
|
||||
logfilename = conf['PORT']['testlogbase']+'rsa_pkcs1v15_' + opts['n'] + '.txt'
|
||||
if File.exists?(logfilename)
|
||||
i=1
|
||||
begin
|
||||
logfilename = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',i,'.txt')
|
||||
i+=1
|
||||
end while(File.exists?(logfilename))
|
||||
while(i>2) do
|
||||
n1 = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',i-2,'.txt')
|
||||
n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',i-1,'.txt')
|
||||
File.rename(n1, n2)
|
||||
printf("%s -> %s\n", n1, n2)
|
||||
i-=1
|
||||
end
|
||||
n1 = sprintf('%s%s', conf['PORT']['testlogbase'],'rsa_pkcs1v15_'+opts['n']+'.txt')
|
||||
n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',1,'.txt')
|
||||
File.rename(n1, n2)
|
||||
printf("%s -> %s\n", n1, n2)
|
||||
logfilename = conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'.txt'
|
||||
end
|
||||
printf("logging to %s", logfilename)
|
||||
$logfile = File.open(logfilename, 'w')
|
||||
end
|
||||
|
||||
$logfile = STDOUT if ! $logfile
|
||||
reset_system()
|
||||
|
||||
if opts['s'] && m = opts['s'].match(/([\d]+\.([\d]+))/)
|
||||
if opts['s'] && ( m = opts['s'].match(/([\d]+)\.([\d]+)/) )
|
||||
sk = m[1].to_i
|
||||
sv = m[2].to_i
|
||||
else
|
|
@ -92,7 +92,7 @@ uint8_t khazad_sbox(uint8_t a){
|
|||
return b|c;
|
||||
}
|
||||
|
||||
static void gamma(uint8_t* a){
|
||||
static void gamma_1(uint8_t* a){
|
||||
uint8_t i;
|
||||
for(i=0; i<8; ++i){
|
||||
*a = khazad_sbox(*a);
|
||||
|
@ -147,7 +147,7 @@ static void theta(uint8_t* a){
|
|||
/******************************************************************************/
|
||||
|
||||
static void khazad_round(uint8_t* a, const uint8_t* k){
|
||||
gamma(a);
|
||||
gamma_1(a);
|
||||
theta(a);
|
||||
memxor(a, k, 8);
|
||||
}
|
||||
|
@ -188,7 +188,7 @@ void khazad_enc(void* buffer, const khazad_ctx_t* ctx){
|
|||
for(r=1; r<8; ++r){
|
||||
khazad_round(buffer, ctx->k[r]);
|
||||
}
|
||||
gamma(buffer);
|
||||
gamma_1(buffer);
|
||||
memxor(buffer, ctx->k[8], 8);
|
||||
}
|
||||
|
||||
|
@ -197,11 +197,11 @@ void khazad_enc(void* buffer, const khazad_ctx_t* ctx){
|
|||
void khazad_dec(void* buffer, const khazad_ctx_t* ctx){
|
||||
uint8_t r=7;
|
||||
memxor(buffer, ctx->k[8], 8);
|
||||
gamma(buffer);
|
||||
gamma_1(buffer);
|
||||
do{
|
||||
memxor(buffer, ctx->k[r--], 8);
|
||||
theta(buffer);
|
||||
gamma(buffer);
|
||||
gamma_1(buffer);
|
||||
}while(r);
|
||||
memxor(buffer, ctx->k[0], 8);
|
||||
}
|
||||
|
|
21
md5/md5.c
21
md5/md5.c
|
@ -139,32 +139,35 @@ void md5_nextBlock(md5_ctx_t *state, const void* block){
|
|||
|
||||
void md5_lastBlock(md5_ctx_t *state, const void* block, uint16_t length_b){
|
||||
uint16_t l;
|
||||
uint8_t b[64];
|
||||
union {
|
||||
uint8_t v8[64];
|
||||
uint64_t v64[ 8];
|
||||
} buffer;
|
||||
while (length_b >= 512){
|
||||
md5_nextBlock(state, block);
|
||||
length_b -= 512;
|
||||
block = ((uint8_t*)block) + 512/8;
|
||||
}
|
||||
memset(b, 0, 64);
|
||||
memcpy(b, block, length_b/8);
|
||||
memset(buffer.v8, 0, 64);
|
||||
memcpy(buffer.v8, block, length_b/8);
|
||||
/* insert padding one */
|
||||
l=length_b/8;
|
||||
if(length_b%8){
|
||||
uint8_t t;
|
||||
t = ((uint8_t*)block)[l];
|
||||
t |= (0x80>>(length_b%8));
|
||||
b[l]=t;
|
||||
buffer.v8[l]=t;
|
||||
}else{
|
||||
b[l]=0x80;
|
||||
buffer.v8[l]=0x80;
|
||||
}
|
||||
/* insert length value */
|
||||
if(l+sizeof(uint64_t) >= 512/8){
|
||||
md5_nextBlock(state, b);
|
||||
md5_nextBlock(state, buffer.v8);
|
||||
state->counter--;
|
||||
memset(b, 0, 64-8);
|
||||
memset(buffer.v8, 0, 64-8);
|
||||
}
|
||||
*((uint64_t*)&b[64-sizeof(uint64_t)]) = (state->counter * 512) + length_b;
|
||||
md5_nextBlock(state, b);
|
||||
buffer.v64[7] = (state->counter * 512) + length_b;
|
||||
md5_nextBlock(state, buffer.v8);
|
||||
}
|
||||
|
||||
void md5_ctx2hash(md5_hash_t* dest, const md5_ctx_t* state){
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
# Makefile for RSA
|
||||
ALGO_NAME := RSA_OAEP
|
||||
ALGO_NAME := RSAES_OAEP
|
||||
|
||||
# comment out the following line for removement of RSA from the build process
|
||||
PK_CIPHERS += $(ALGO_NAME)
|
||||
|
||||
$(ALGO_NAME)_DIR := rsa/
|
||||
$(ALGO_NAME)_INCDIR := memxor/ bigint/ noekeon/ hfal/ sha1/ mgf1/
|
||||
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsa_oaep.o mgf1.o hfal-basic.o hfal_sha1.o sha1.o
|
||||
$(ALGO_NAME)_TESTBIN := main-rsa_oaep-test.o $(CLI_STD) random_dummy.o \
|
||||
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsaes_oaep.o mgf1.o hfal-basic.o hfal_sha1.o sha1.o
|
||||
$(ALGO_NAME)_TESTBIN := main-rsaes_oaep-test.o $(CLI_STD) random_dummy.o \
|
||||
noekeon.o noekeon_prng.o memxor.o
|
||||
|
||||
$(ALGO_NAME)_PERFORMANCE_TEST := performance
|
|
@ -1,13 +1,13 @@
|
|||
# Makefile for RSA
|
||||
ALGO_NAME := RSA_PKCS15
|
||||
ALGO_NAME := RSAES_PKCS1V15
|
||||
|
||||
# comment out the following line for removement of RSA from the build process
|
||||
SIGNATURE += $(ALGO_NAME)
|
||||
|
||||
$(ALGO_NAME)_DIR := rsa/
|
||||
$(ALGO_NAME)_INCDIR := memxor/ bigint/ noekeon/
|
||||
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsa_pkcs15.o
|
||||
$(ALGO_NAME)_TESTBIN := main-rsa_pkcs15-test.o $(CLI_STD) random_dummy.o \
|
||||
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsaes_pkcs1v15.o
|
||||
$(ALGO_NAME)_TESTBIN := main-rsaes_pkcs1v15-test.o $(CLI_STD) random_dummy.o \
|
||||
noekeon.o noekeon_prng.o memxor.o
|
||||
|
||||
$(ALGO_NAME)_PERFORMANCE_TEST := performance
|
|
@ -39,7 +39,7 @@
|
|||
#define RC_POS 0
|
||||
|
||||
static
|
||||
void gamma(uint32_t* a){
|
||||
void gamma_1(uint32_t* a){
|
||||
uint32_t tmp;
|
||||
|
||||
a[1] ^= ~((a[3]) | (a[2]));
|
||||
|
@ -94,7 +94,7 @@ void noekeon_round(uint32_t* key, uint32_t* state, uint8_t const1, uint8_t const
|
|||
theta(key, state);
|
||||
((uint8_t*)state)[RC_POS] ^= const2;
|
||||
pi1(state);
|
||||
gamma(state);
|
||||
gamma_1(state);
|
||||
pi2(state);
|
||||
}
|
||||
|
||||
|
|
132
rsa/rsa_basic.c
132
rsa/rsa_basic.c
|
@ -52,50 +52,111 @@ m = m2 + q * h
|
|||
|
||||
uint8_t rsa_dec_crt_mono(bigint_t* data, rsa_privatekey_t* key){
|
||||
bigint_t m1, m2;
|
||||
m1.wordv = malloc((key->modulus->length_B + 1) * sizeof(bigint_word_t));
|
||||
m2.wordv = malloc(key->components[1]->length_B * sizeof(bigint_word_t));
|
||||
m1.wordv = malloc((key->components[0]->length_B + 1) * sizeof(bigint_word_t));
|
||||
m2.wordv = malloc((key->components[1]->length_B + 1) * sizeof(bigint_word_t));
|
||||
if(!m1.wordv || !m2.wordv){
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\nERROR: OOM! (" __FILE__ ")"));
|
||||
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
|
||||
#endif
|
||||
free(m1.wordv);
|
||||
free(m2.wordv);
|
||||
return 1;
|
||||
}
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\nexp_mod a + b "));
|
||||
cli_putstr_P(PSTR("\r\nDBG: expmod m1 ..."));
|
||||
cli_putstr_P(PSTR("\r\nexpmod("));
|
||||
bigint_print_hex(data);
|
||||
cli_putc(',');
|
||||
bigint_print_hex(key->components[2]);
|
||||
cli_putc(',');
|
||||
bigint_print_hex(key->components[0]);
|
||||
cli_putstr_P(PSTR(") = "));
|
||||
#endif
|
||||
bigint_expmod_u(&m1, data, key->components[2], key->components[0]);
|
||||
#if DEBUG
|
||||
bigint_print_hex(&m1);
|
||||
cli_putstr_P(PSTR("expmod m2 ..."));
|
||||
cli_putstr_P(PSTR("\r\nexpmod("));
|
||||
bigint_print_hex(data);
|
||||
cli_putc(',');
|
||||
bigint_print_hex(key->components[3]);
|
||||
cli_putc(',');
|
||||
bigint_print_hex(key->components[1]);
|
||||
cli_putstr_P(PSTR(") = "));
|
||||
#endif
|
||||
bigint_expmod_u(&m2, data, key->components[3], key->components[1]);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("[done] "));
|
||||
bigint_print_hex(&m2);
|
||||
cli_putstr_P(PSTR("\r\nDBG: sub ..."));
|
||||
cli_putstr_P(PSTR("\r\nsub("));
|
||||
bigint_print_hex(&m1);
|
||||
cli_putc(',');
|
||||
bigint_print_hex(&m2);
|
||||
cli_putstr_P(PSTR(") = "));
|
||||
#endif
|
||||
bigint_sub_s(&m1, &m1, &m2);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("[done2] "));
|
||||
bigint_print_hex(&m1);
|
||||
#endif
|
||||
while(BIGINT_NEG_MASK & m1.info){
|
||||
#if DEBUG
|
||||
cli_putc(',');
|
||||
cli_putstr_P(PSTR("\r\nDBG: adding "));
|
||||
bigint_print_hex(key->components[0]);
|
||||
cli_putstr_P(PSTR("\r\nDBG: to "));
|
||||
bigint_print_hex(&m1);
|
||||
#endif
|
||||
bigint_add_s(&m1, &m1, key->components[0]);
|
||||
}
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\nreduce_mul "));
|
||||
cli_putstr_P(PSTR("\r\nDBG: reduce-mul ..."));
|
||||
cli_putstr_P(PSTR("\r\nreduce("));
|
||||
bigint_print_hex(&m1);
|
||||
cli_putc(',');
|
||||
bigint_print_hex(key->components[0]);
|
||||
cli_putstr_P(PSTR(") = "));
|
||||
#endif
|
||||
bigint_reduce(&m1, key->components[0]);
|
||||
bigint_mul_u(&m1, &m1, key->components[4]);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("[done]"));
|
||||
bigint_print_hex(&m1);
|
||||
cli_putstr_P(PSTR("\r\nmul("));
|
||||
bigint_print_hex(&m1);
|
||||
cli_putc(',');
|
||||
bigint_print_hex(key->components[4]);
|
||||
cli_putstr_P(PSTR(") = "));
|
||||
#endif
|
||||
bigint_reduce(&m1, key->components[0]);
|
||||
bigint_mul_u(&m1, &m1, key->components[1]);
|
||||
bigint_mul_u(data, &m1, key->components[4]);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR(" [done]"));
|
||||
bigint_print_hex(data);
|
||||
cli_putstr_P(PSTR("\r\nreduce("));
|
||||
bigint_print_hex(data);
|
||||
cli_putc(',');
|
||||
bigint_print_hex(key->components[0]);
|
||||
cli_putstr_P(PSTR(") = "));
|
||||
#endif
|
||||
bigint_reduce(data, key->components[0]);
|
||||
#if DEBUG
|
||||
bigint_print_hex(data);
|
||||
cli_putstr_P(PSTR("\r\nmul("));
|
||||
bigint_print_hex(data);
|
||||
cli_putc(',');
|
||||
bigint_print_hex(key->components[1]);
|
||||
cli_putstr_P(PSTR(") = "));
|
||||
#endif
|
||||
bigint_mul_u(data, data, key->components[1]);
|
||||
#if DEBUG
|
||||
bigint_print_hex(data);
|
||||
cli_putstr_P(PSTR("\r\nadd("));
|
||||
bigint_print_hex(data);
|
||||
cli_putc(',');
|
||||
bigint_print_hex(&m2);
|
||||
cli_putstr_P(PSTR(") = "));
|
||||
#endif
|
||||
bigint_add_u(data, data, &m2);
|
||||
#if DEBUG
|
||||
bigint_print_hex(data);
|
||||
#endif
|
||||
bigint_add_u(data, &m1, &m2);
|
||||
free(m1.wordv);
|
||||
free(m2.wordv);
|
||||
free(m1.wordv);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -118,8 +179,18 @@ uint8_t rsa_dec(bigint_t* data, rsa_privatekey_t* key){
|
|||
}
|
||||
|
||||
void rsa_os2ip(bigint_t* dest, const void* data, uint32_t length_B){
|
||||
#if BIGINT_WORD_SIZE == 8
|
||||
if(data){
|
||||
memcpy(dest->wordv, data, length_B);
|
||||
}
|
||||
dest->length_B = length_B;
|
||||
#else
|
||||
uint8_t off;
|
||||
off = length_B % sizeof(bigint_word_t);
|
||||
off = (sizeof(bigint_word_t) - length_B % sizeof(bigint_word_t)) % sizeof(bigint_word_t);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\nDBG: off = 0x"));
|
||||
cli_hexdump_byte(off);
|
||||
#endif
|
||||
if(!data){
|
||||
if(off){
|
||||
dest->wordv = realloc(dest->wordv, length_B + sizeof(bigint_word_t) - off);
|
||||
|
@ -127,19 +198,37 @@ void rsa_os2ip(bigint_t* dest, const void* data, uint32_t length_B){
|
|||
memset(dest->wordv, 0, off);
|
||||
}
|
||||
}else{
|
||||
memcpy((uint8_t*)dest->wordv + off, data, length_B);
|
||||
if(off){
|
||||
memcpy((uint8_t*)dest->wordv + off, data, length_B);
|
||||
memset(dest, 0, off);
|
||||
}else{
|
||||
memcpy(dest->wordv, data, length_B);
|
||||
memset(dest->wordv, 0, off);
|
||||
}
|
||||
}
|
||||
dest->length_B = (length_B + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||
dest->length_B = (length_B + off) / sizeof(bigint_word_t);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\nDBG: dest->length_B = 0x"));
|
||||
cli_hexdump_rev(&(dest->length_B), 2);
|
||||
#endif
|
||||
#endif
|
||||
dest->info = 0;
|
||||
bigint_changeendianess(dest);
|
||||
bigint_adjust(dest);
|
||||
}
|
||||
|
||||
void rsa_i2osp(void* dest, bigint_t* src, uint16_t* out_length_B){
|
||||
#if BIGINT_WORD_SIZE == 8
|
||||
if(dest){
|
||||
uint8_t *e = src->wordv + src->length_B;
|
||||
uint16_t i;
|
||||
for(i=src->length_B; i>0; --i){
|
||||
*((uint8_t*)dest) = *--e;
|
||||
dest = (uint8_t*)dest + 1;
|
||||
}
|
||||
}else{
|
||||
bigint_changeendianess(src);
|
||||
}
|
||||
|
||||
*out_length_B = src->length_B;
|
||||
#else
|
||||
*out_length_B = bigint_get_first_set_bit(src) / 8 + 1;
|
||||
if(dest){
|
||||
uint16_t i;
|
||||
|
@ -157,5 +246,6 @@ void rsa_i2osp(void* dest, bigint_t* src, uint16_t* out_length_B){
|
|||
memmove(src->wordv, (uint8_t*)src->wordv+off, *out_length_B);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
#include "mgf1.h"
|
||||
#include "bigint.h"
|
||||
#include "rsa_basic.h"
|
||||
#include "rsa_oaep.h"
|
||||
#include "rsaes_oaep.h"
|
||||
|
||||
#include "random_dummy.h"
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
/* rsa_pkcs15.c */
|
||||
/* rsa_pkcs1v15.c */
|
||||
/*
|
||||
This file is part of the ARM-Crypto-Lib.
|
||||
Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
|
||||
|
@ -22,6 +22,7 @@
|
|||
#include <string.h>
|
||||
#include "bigint.h"
|
||||
#include "rsa_basic.h"
|
||||
#include "rsaes_pkcs1v15.h"
|
||||
|
||||
#define DEBUG 0
|
||||
|
||||
|
@ -32,15 +33,15 @@
|
|||
|
||||
#include "random_dummy.h"
|
||||
|
||||
uint16_t rsa_pkcs15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B){
|
||||
uint16_t rsa_pkcs1v15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B){
|
||||
return bigint_get_first_set_bit(modulus) / 8 + 1 - msg_length_B - 3;
|
||||
}
|
||||
|
||||
uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
|
||||
uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
|
||||
uint16_t length_B, rsa_publickey_t* key, const void* pad){
|
||||
int16_t pad_length;
|
||||
bigint_t x;
|
||||
pad_length = rsa_pkcs15_compute_padlength_B(key->modulus, length_B);
|
||||
pad_length = rsa_pkcs1v15_compute_padlength_B(key->modulus, length_B);
|
||||
if(pad_length<8){
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\nERROR: pad_length<8; pad_length: "));
|
||||
|
@ -84,18 +85,20 @@ uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
|
|||
return 0;
|
||||
}
|
||||
|
||||
uint8_t rsa_decrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
|
||||
uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
|
||||
uint16_t length_B, rsa_privatekey_t* key, void* pad){
|
||||
bigint_t x;
|
||||
uint16_t m_length, pad_length=0, idx=0;
|
||||
x.wordv = dest;
|
||||
rsa_os2ip(&x, src, length_B);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\ncalling rsa_dec() ..."));
|
||||
cli_putstr_P(PSTR("\r\ncalling rsa_dec() with bigint:"));
|
||||
bigint_print_hex(&x);
|
||||
#endif
|
||||
rsa_dec(&x, key);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\nfinished rsa_dec() ..."));
|
||||
cli_putstr_P(PSTR("\r\nfinished rsa_dec() bigint:"));
|
||||
bigint_print_hex(&x);
|
||||
#endif
|
||||
rsa_i2osp(NULL, &x, &m_length);
|
||||
#if DEBUG
|
|
@ -1,4 +1,4 @@
|
|||
/* rsa_pkcs15.h */
|
||||
/* rsa_pkcs1v15.h */
|
||||
/*
|
||||
This file is part of the AVR-Crypto-Lib.
|
||||
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
|
||||
|
@ -17,19 +17,19 @@
|
|||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#ifndef RSA_PKCS15_H_
|
||||
#define RSA_PKCS15_H_
|
||||
#ifndef RSA_PKCS1V15_H_
|
||||
#define RSA_PKCS1V15_H_
|
||||
|
||||
#include <stdint.h>
|
||||
#include "bigint.h"
|
||||
|
||||
uint16_t rsa_pkcs15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B);
|
||||
uint16_t rsa_pkcs1v15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B);
|
||||
|
||||
|
||||
uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
|
||||
uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
|
||||
uint16_t length_B, rsa_publickey_t* key, const void* pad);
|
||||
|
||||
uint8_t rsa_decrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
|
||||
uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
|
||||
uint16_t length_B, rsa_privatekey_t* key, void* pad);
|
||||
|
||||
#endif /* RSA_PKCS15_H_ */
|
||||
#endif /* RSA_PKCS1V15_H_ */
|
|
@ -111,31 +111,31 @@ void salsa20_genBlock128(void* dest, const void* k, const void* iv, uint64_t i){
|
|||
|
||||
void salsa20_init(void* key, uint16_t keylength_b, void* iv, salsa20_ctx_t* ctx){
|
||||
if(keylength_b==256){
|
||||
memcpy_P((ctx->a+ 0), sigma+ 0, 4);
|
||||
memcpy_P((ctx->a+20), sigma+ 4, 4);
|
||||
memcpy_P((ctx->a+40), sigma+ 8, 4);
|
||||
memcpy( (ctx->a+44), (uint8_t*)key+16, 16);
|
||||
memcpy_P((ctx->a+60), sigma+12, 4);
|
||||
memcpy_P((ctx->a.v8+ 0), sigma+ 0, 4);
|
||||
memcpy_P((ctx->a.v8+20), sigma+ 4, 4);
|
||||
memcpy_P((ctx->a.v8+40), sigma+ 8, 4);
|
||||
memcpy( (ctx->a.v8+44), (uint8_t*)key+16, 16);
|
||||
memcpy_P((ctx->a.v8+60), sigma+12, 4);
|
||||
}else{
|
||||
memcpy_P((ctx->a+ 0), theta+ 0, 4);
|
||||
memcpy_P((ctx->a+20), theta+ 4, 4);
|
||||
memcpy_P((ctx->a+40), theta+ 8, 4);
|
||||
memcpy( (ctx->a+44), (uint8_t*)key+ 0, 16);
|
||||
memcpy_P((ctx->a+60), theta+12, 4);
|
||||
memcpy_P((ctx->a.v8+ 0), theta+ 0, 4);
|
||||
memcpy_P((ctx->a.v8+20), theta+ 4, 4);
|
||||
memcpy_P((ctx->a.v8+40), theta+ 8, 4);
|
||||
memcpy( (ctx->a.v8+44), (uint8_t*)key+ 0, 16);
|
||||
memcpy_P((ctx->a.v8+60), theta+12, 4);
|
||||
}
|
||||
memcpy( (ctx->a+ 4), key, 16);
|
||||
memset( (ctx->a+24), 0, 16);
|
||||
memcpy( (ctx->a.v8+ 4), key, 16);
|
||||
memset( (ctx->a.v8+24), 0, 16);
|
||||
if(iv){
|
||||
memcpy( (ctx->a+24), iv, 8);
|
||||
memcpy( (ctx->a.v8+24), iv, 8);
|
||||
}
|
||||
ctx->buffer_idx=64;
|
||||
}
|
||||
|
||||
uint8_t salsa20_gen(salsa20_ctx_t* ctx){
|
||||
if(ctx->buffer_idx==64){
|
||||
memcpy(ctx->buffer, ctx->a, 64);
|
||||
memcpy(ctx->buffer, ctx->a.v8, 64);
|
||||
salsa20_hash((uint32_t*)(ctx->buffer));
|
||||
*((uint64_t*)(ctx->a+32)) += 1;
|
||||
ctx->a.v64[4] += 1;
|
||||
ctx->buffer_idx = 0;
|
||||
}
|
||||
return ctx->buffer[ctx->buffer_idx++];
|
||||
|
|
|
@ -23,7 +23,10 @@
|
|||
#include <stdint.h>
|
||||
|
||||
typedef struct{
|
||||
uint8_t a[64];
|
||||
union{
|
||||
uint8_t v8[64];
|
||||
uint64_t v64[ 8];
|
||||
} a;
|
||||
uint8_t buffer[64];
|
||||
uint8_t buffer_idx;
|
||||
} salsa20_ctx_t;
|
||||
|
|
|
@ -28,7 +28,9 @@
|
|||
#include "uart_defs.h"
|
||||
|
||||
#define UART0_I 1
|
||||
#ifndef UART0_BAUD_RATE
|
||||
#define UART0_BAUD_RATE 115200
|
||||
#endif
|
||||
#define UART0_PARATY UART_PARATY_NONE
|
||||
#define UART0_STOPBITS UART_STOPBITS_1
|
||||
#define UART0_DATABITS UART_DATABITS_8
|
||||
|
|
|
@ -28,11 +28,11 @@
|
|||
#include "bigint_io.h"
|
||||
#include "random_dummy.h"
|
||||
#include "rsa_basic.h"
|
||||
#include "rsa_oaep.h"
|
||||
#include "rsaes_oaep.h"
|
||||
|
||||
#include "performance_test.h"
|
||||
|
||||
const char* algo_name = "RSA-OAEP";
|
||||
const char* algo_name = "RSAES-OAEP";
|
||||
|
||||
#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t))
|
||||
#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
|
||||
|
@ -423,6 +423,7 @@ uint8_t read_bigint(bigint_t* a, char* prompt){
|
|||
}
|
||||
a->wordv = (bigint_word_t*)buffer;
|
||||
a->length_B = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||
a->info = 0;
|
||||
bigint_changeendianess(a);
|
||||
bigint_adjust(a);
|
||||
return 0;
|
||||
|
@ -685,7 +686,7 @@ void run_seed_test(void){
|
|||
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
|
||||
return;
|
||||
}
|
||||
msg_ = malloc(bigint_length_B(pub_key.modulus));
|
||||
msg_ = malloc(bigint_length_B(pub_key.modulus) + sizeof(bigint_word_t));
|
||||
if(!msg_){
|
||||
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
|
||||
return;
|
|
@ -28,11 +28,13 @@
|
|||
#include "bigint_io.h"
|
||||
#include "random_dummy.h"
|
||||
#include "rsa_basic.h"
|
||||
#include "rsa_pkcs15.h"
|
||||
#include "rsaes_pkcs1v15.h"
|
||||
|
||||
#include "performance_test.h"
|
||||
|
||||
const char* algo_name = "RSA-PKCS15";
|
||||
#define DEBUG 0
|
||||
|
||||
const char* algo_name = "RSAES-PKCS1V15";
|
||||
|
||||
#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t))
|
||||
#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
|
||||
|
@ -239,6 +241,7 @@ uint8_t read_bigint(bigint_t* a, char* prompt){
|
|||
}
|
||||
a->wordv = (bigint_word_t*)buffer;
|
||||
a->length_B = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
|
||||
a->info = 0;
|
||||
bigint_changeendianess(a);
|
||||
bigint_adjust(a);
|
||||
return 0;
|
||||
|
@ -249,25 +252,25 @@ uint8_t pre_alloc_key_crt(void){
|
|||
pub_key.modulus = malloc(sizeof(bigint_t));
|
||||
if(!pub_key.modulus){
|
||||
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
|
||||
return 2;
|
||||
return 6;
|
||||
}
|
||||
priv_key.modulus = pub_key.modulus;
|
||||
priv_key.n = 5;
|
||||
priv_key.components = malloc(5 * sizeof(bigint_t*));
|
||||
if(!priv_key.components){
|
||||
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
|
||||
return 2;
|
||||
return 3;
|
||||
}
|
||||
pub_key.exponent = malloc(sizeof(bigint_t));
|
||||
if(!pub_key.exponent){
|
||||
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
|
||||
return 2;
|
||||
return 4;
|
||||
}
|
||||
for(c=0; c<5; ++c){
|
||||
priv_key.components[c] = malloc(sizeof(bigint_t));
|
||||
if(!priv_key.components[c]){
|
||||
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
|
||||
return 2;
|
||||
return 7+c;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
|
@ -275,18 +278,22 @@ uint8_t pre_alloc_key_crt(void){
|
|||
|
||||
void free_key(void){
|
||||
uint8_t c;
|
||||
free(pub_key.modulus->wordv);
|
||||
for(c = priv_key.n; c > 0 ; --c){
|
||||
free(priv_key.components[c - 1]->wordv);
|
||||
}
|
||||
free(pub_key.exponent->wordv);
|
||||
free(pub_key.modulus);
|
||||
pub_key.modulus = priv_key.modulus = NULL;
|
||||
free(pub_key.modulus->wordv);
|
||||
|
||||
for(c = priv_key.n; c > 0 ; --c){
|
||||
free(priv_key.components[c - 1]);
|
||||
}
|
||||
free(pub_key.exponent);
|
||||
pub_key.exponent = NULL;
|
||||
for(c = 0; c < priv_key.n; ++c){
|
||||
free(priv_key.components[c]->wordv);
|
||||
free(priv_key.components[c]);
|
||||
}
|
||||
free(priv_key.components);
|
||||
priv_key.components = NULL;
|
||||
free(pub_key.modulus);
|
||||
pub_key.modulus = priv_key.modulus = NULL;
|
||||
keys_allocated = 0;
|
||||
}
|
||||
|
||||
uint8_t read_key_crt(void){
|
||||
|
@ -307,7 +314,8 @@ uint8_t read_key_crt(void){
|
|||
r = read_bigint(priv_key.components[3],"\r\n = dq (q's exponent) =");
|
||||
if(r) return r;
|
||||
r = read_bigint(priv_key.components[4],"\r\n = qInv (q' coefficient) =");
|
||||
/*
|
||||
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\nmodulus:"));
|
||||
bigint_print_hex(pub_key.modulus);
|
||||
cli_putstr_P(PSTR("\r\npublic exponent:"));
|
||||
|
@ -322,7 +330,7 @@ uint8_t read_key_crt(void){
|
|||
bigint_print_hex(priv_key.components[3]);
|
||||
cli_putstr_P(PSTR("\r\nqInv:"));
|
||||
bigint_print_hex(priv_key.components[4]);
|
||||
*/
|
||||
#endif
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -469,9 +477,9 @@ void quick_test(void){
|
|||
cli_hexdump_block(seed, sizeof(SEED), 4, 16);
|
||||
cli_putstr_P(PSTR("\r\nencrypting: ..."));
|
||||
|
||||
rc = rsa_encrypt_pkcs15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed);
|
||||
rc = rsa_encrypt_pkcs1v15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed);
|
||||
if(rc){
|
||||
cli_putstr_P(PSTR("\r\nERROR: rsa_encrypt_pkcs15 returned: "));
|
||||
cli_putstr_P(PSTR("\r\nERROR: rsa_encrypt_pkcs1v15 returned: "));
|
||||
cli_hexdump_byte(rc);
|
||||
return;
|
||||
|
||||
|
@ -490,9 +498,9 @@ void quick_test(void){
|
|||
}
|
||||
|
||||
cli_putstr_P(PSTR("\r\ndecrypting: ..."));
|
||||
rc = rsa_decrypt_pkcs15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out);
|
||||
rc = rsa_decrypt_pkcs1v15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out);
|
||||
if(rc){
|
||||
cli_putstr_P(PSTR("\r\nERROR: rsa_decrypt_pkcs15 returned: "));
|
||||
cli_putstr_P(PSTR("\r\nERROR: rsa_decrypt_pkcs1v15 returned: "));
|
||||
cli_hexdump_byte(rc);
|
||||
return;
|
||||
}
|
||||
|
@ -507,7 +515,8 @@ void quick_test(void){
|
|||
|
||||
void run_seed_test(void){
|
||||
uint8_t *msg, *ciph, *msg_;
|
||||
uint16_t msg_len, ciph_len, msg_len_;
|
||||
uint16_t ciph_len, msg_len;
|
||||
uint16_t msg_len_;
|
||||
uint16_t seed_len;
|
||||
uint8_t *seed, *seed_out;
|
||||
char read_int_str[18];
|
||||
|
@ -516,28 +525,48 @@ void run_seed_test(void){
|
|||
cli_putstr_P(PSTR("\r\n length: "));
|
||||
cli_getsn(read_int_str, 16);
|
||||
msg_len = own_atou(read_int_str);
|
||||
seed_len = rsa_pkcs15_compute_padlength_B(pub_key.modulus, msg_len);
|
||||
seed_len = rsa_pkcs1v15_compute_padlength_B(pub_key.modulus, msg_len);
|
||||
seed = malloc(seed_len);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\nDBG: @seed: 0x"));
|
||||
cli_hexdump_rev(&seed, 2);
|
||||
#endif
|
||||
if(!seed){
|
||||
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
|
||||
return;
|
||||
}
|
||||
seed_out = malloc(seed_len);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\nDBG: @seed_out: 0x"));
|
||||
cli_hexdump_rev(&seed_out, 2);
|
||||
#endif
|
||||
if(!seed_out){
|
||||
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
|
||||
return;
|
||||
}
|
||||
msg = malloc(msg_len);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\nDBG: @msg: 0x"));
|
||||
cli_hexdump_rev(&msg, 2);
|
||||
#endif
|
||||
if(!msg){
|
||||
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
|
||||
return;
|
||||
}
|
||||
ciph = malloc(bigint_length_B(pub_key.modulus));
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\nDBG: @ciph: 0x"));
|
||||
cli_hexdump_rev(&ciph, 2);
|
||||
#endif
|
||||
if(!ciph){
|
||||
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
|
||||
return;
|
||||
}
|
||||
msg_ = malloc(bigint_length_B(pub_key.modulus));
|
||||
msg_ = malloc(bigint_length_B(pub_key.modulus) + sizeof(bigint_word_t));
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\nDBG: @msg_: 0x"));
|
||||
cli_hexdump_rev(&msg_, 2);
|
||||
#endif
|
||||
if(!msg_){
|
||||
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
|
||||
return;
|
||||
|
@ -556,11 +585,21 @@ void run_seed_test(void){
|
|||
cli_putstr_P(PSTR("\r\n seed:"));
|
||||
cli_hexdump_block(seed, seed_len, 4, 16);
|
||||
*/
|
||||
rsa_encrypt_pkcs15(ciph, &ciph_len, msg, msg_len, &pub_key, seed);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\n first prime:"));
|
||||
bigint_print_hex(priv_key.components[0]);
|
||||
#endif
|
||||
rsa_encrypt_pkcs1v15(ciph, &ciph_len, msg, msg_len, &pub_key, seed);
|
||||
cli_putstr_P(PSTR("\r\n ciphertext:"));
|
||||
cli_hexdump_block(ciph, ciph_len, 4, 16);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\n first prime:"));
|
||||
bigint_print_hex(priv_key.components[0]);
|
||||
#endif
|
||||
cli_putstr_P(PSTR("\r\n decrypting ... "));
|
||||
rsa_decrypt_pkcs15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out);
|
||||
|
||||
rsa_decrypt_pkcs1v15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out);
|
||||
|
||||
cli_putstr_P(PSTR("[done]"));
|
||||
if(msg_len != msg_len_){
|
||||
char tstr[16];
|
||||
|
@ -588,10 +627,11 @@ void run_seed_test(void){
|
|||
cli_hexdump_block(seed, seed_len, 4, 16);
|
||||
goto end;
|
||||
}
|
||||
|
||||
cli_putstr_P(PSTR("\r\n >>OK<<"));
|
||||
end:
|
||||
free(ciph);
|
||||
free(msg_);
|
||||
free(ciph);
|
||||
free(msg);
|
||||
free(seed_out);
|
||||
free(seed);
|
||||
|
@ -609,11 +649,17 @@ void rsa_init(void){
|
|||
}
|
||||
|
||||
void load_key(void){
|
||||
uint8_t r;
|
||||
if(keys_allocated){
|
||||
cli_putstr_P(PSTR("\r\nDBG: freeing old keys"));
|
||||
free_key();
|
||||
}
|
||||
keys_allocated = 1;
|
||||
read_key_crt();
|
||||
r = read_key_crt();
|
||||
if(r){
|
||||
cli_putstr_P(PSTR("\r\nERROR: read_key_crt returned 0x"));
|
||||
cli_hexdump_byte(r);
|
||||
}
|
||||
}
|
||||
|
||||
void test_dump(void){
|
|
@ -51,10 +51,10 @@ void nessie_first(void){
|
|||
cli_hexdump(key, 16);
|
||||
salsa20_init(key, 128, NULL, &ctx);
|
||||
cli_putstr_P(PSTR("\r\n internal state: "));
|
||||
cli_hexdump_block(ctx.a, 64, 4, 16);
|
||||
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
|
||||
salsa20_gen(&ctx);
|
||||
cli_putstr_P(PSTR("\r\n internal state: "));
|
||||
cli_hexdump_block(ctx.a, 64, 4, 16);
|
||||
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
|
||||
cli_putstr_P(PSTR("\r\n data: "));
|
||||
cli_hexdump_block(ctx.buffer, 64, 4, 16);
|
||||
|
||||
|
@ -63,13 +63,13 @@ void nessie_first(void){
|
|||
key[15] = 0x01;
|
||||
cli_putstr_P(PSTR("\r\n testing with key: "));
|
||||
cli_hexdump(key, 16);
|
||||
cli_hexdump_block(ctx.a, 64, 4, 16);
|
||||
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
|
||||
salsa20_init(key, 128, NULL, &ctx);
|
||||
cli_putstr_P(PSTR("\r\n internal state: "));
|
||||
cli_hexdump_block(ctx.a, 64, 4, 16);
|
||||
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
|
||||
salsa20_gen(&ctx);
|
||||
cli_putstr_P(PSTR("\r\n internal state: "));
|
||||
cli_hexdump_block(ctx.a, 64, 4, 16);
|
||||
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
|
||||
cli_putstr_P(PSTR("\r\n data: "));
|
||||
cli_hexdump_block(ctx.buffer, 64, 4, 16);
|
||||
}
|
||||
|
|
|
@ -109,7 +109,11 @@ void twister_large_nextBlock(twister_large_ctx_t* ctx, const void* msg){
|
|||
/*********************************************************************/
|
||||
|
||||
void twister_inject_chksum(twister_large_ctx_t* ctx, uint8_t col){
|
||||
*((uint64_t*)(&ctx->state.s[7][0])) ^= *((uint64_t*)(&ctx->checksum[col][0]));
|
||||
uint8_t i=7;
|
||||
do{
|
||||
ctx->state.s[7][i] ^= ctx->checksum[col][i];
|
||||
|
||||
}while(i--);
|
||||
twister_blank_round(&ctx->state);
|
||||
}
|
||||
|
||||
|
|
|
@ -111,7 +111,7 @@ static const uint8_t sbox[256] PROGMEM = {
|
|||
|
||||
#endif
|
||||
|
||||
static void gamma(uint8_t* a){
|
||||
static void gamma_1(uint8_t* a){
|
||||
uint8_t i;
|
||||
for(i=0; i<64; ++i){
|
||||
*a = whirlpool_sbox(*a);
|
||||
|
@ -161,7 +161,7 @@ static void theta(uint8_t* a){
|
|||
}
|
||||
|
||||
static void w_round(uint8_t* a, const uint8_t* k){
|
||||
gamma(a);
|
||||
gamma_1(a);
|
||||
#if DEBUG
|
||||
cli_putstr_P(PSTR("\r\n pre-pi:"));
|
||||
cli_hexdump_block(a, 64, 4, 8);
|
||||
|
|
Loading…
Reference in New Issue