some fixes, mainly at rsaes-pkcs1v15

Makefile_main.inc

@@ -34,8 +34,7 @@ GLOBAL_INCDIR := ./ $(TESTSRC_DIR)
 
 #-------------------------------------------------------------------------------
 # inclusion of make stubs
-include mkfiles/0*.mk
+include $(sort $(wildcard mkfiles/*.mk))
-include mkfiles/*.mk
 
 #-------------------------------------------------------------------------------
 ALGORITHMS = $(BLOCK_CIPHERS) $(STREAM_CIPHERS) $(HASHES) $(PRNGS) $(MACS) \

Makefile_sys_conf.inc

@@ -27,7 +27,7 @@ STAT_DIR       = stats/$(BOARD_NAME)/#
 AUTOASM_DIR    = autoasm/$(BOARD_NAME)/#
 AUTOASM_OPT    = -S
 CC	           = avr-gcc
-CSTD           = c99
+CSTD           = gnu99
 
 SIZESTAT_FILE = sizestats.txt
 

bigint/bigint.c

@@ -291,26 +291,34 @@ int8_t bigint_cmp_u(const bigint_t* a, const bigint_t* b){
 
 void bigint_add_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
 	uint8_t s;
+	int8_t d = 0;
 	s  = GET_SIGN(a)?2:0;
 	s |= GET_SIGN(b)?1:0;
 	switch(s){
 		case 0: /* both positive */
+			d = 1;
 			bigint_add_u(dest, a,b);
-			SET_POS(dest);
 			break;
 		case 1: /* a positive, b negative */
+			d = bigint_cmp_u(a,b);
 			bigint_sub_u(dest, a, b);
 			break;
 		case 2: /* a negative, b positive */
+			d = bigint_cmp_u(b,a);
 			bigint_sub_u(dest, b, a);
 			break;
 		case 3: /* both negative */
+			d = -1;
 			bigint_add_u(dest, a, b);
-			SET_NEG(dest);
 			break;
 		default: /* how can this happen?*/
 			break;
 	}
+	if(d<0){
+		SET_NEG(dest);
+	}else{
+		SET_POS(dest);
+	}
 }
 
 /******************************************************************************/

blake/blake_large.c

@@ -146,21 +146,24 @@ void blake_large_lastBlock(blake_large_ctx_t* ctx, const void* msg, uint16_t len
 		msg = (uint8_t*)msg + BLAKE_LARGE_BLOCKSIZE_B;
 		length_b -= BLAKE_LARGE_BLOCKSIZE;
 	}
-	uint8_t buffer[128];
+	union {
+		uint8_t   v8[128];
+		uint64_t v64[ 16];
+	} buffer;
 	uint64_t v[16];
 	uint64_t ctr;
 	ctr = ctx->counter*1024+length_b;
-	memset(buffer, 0, 128);
+	memset(buffer.v8, 0, 128);
-	memcpy(buffer, msg, (length_b+7)/8);
+	memcpy(buffer.v8, msg, (length_b+7)/8);
-	buffer[length_b/8] |= 0x80 >> (length_b&0x7);
+	buffer.v8[length_b/8] |= 0x80 >> (length_b&0x7);
-	blake_large_changeendian(buffer, buffer);
+	blake_large_changeendian(buffer.v8, buffer.v8);
 	blake_large_expand(v, ctx);
 	if(length_b>1024-128-2){
 		v[12] ^= ctr;
 		v[13] ^= ctr;
-		blake_large_compress(v, buffer);
+		blake_large_compress(v, buffer.v8);
 		blake_large_collapse(ctx, v);
-		memset(buffer, 0, 128-8);
+		memset(buffer.v8, 0, 128-8);
 		blake_large_expand(v, ctx);
 	} else {
 		if(length_b){
@@ -169,9 +172,9 @@ void blake_large_lastBlock(blake_large_ctx_t* ctx, const void* msg, uint16_t len
 		}
 	}
 	if(ctx->appendone)
-		buffer[128-16-8] |= 0x01;
+		buffer.v8[128-16-8] |= 0x01;
-	*((uint64_t*)(&(buffer[128-8]))) = ctr;
+	buffer.v64[15] = ctr;
-	blake_large_compress(v, buffer);
+	blake_large_compress(v, buffer.v8);
 	blake_large_collapse(ctx, v);
 
 }

blake/blake_small.c

@@ -141,26 +141,29 @@ void blake_small_lastBlock(blake_small_ctx_t* ctx, const void* msg, uint16_t len
 		msg = (uint8_t*)msg + BLAKE_SMALL_BLOCKSIZE_B;
 		length_b -= BLAKE_SMALL_BLOCKSIZE;
 	}
-	uint8_t buffer[64];
+	union {
+		uint8_t   v8[64];
+		uint32_t v32[16];
+	} buffer;
 	uint32_t v[16];
 	union {
 		uint64_t v64;
 		uint32_t v32[2];
 	}ctr;
 	ctr.v64 = ctx->counter*512+length_b;
-	memset(buffer, 0, 64);
+	memset(buffer.v8, 0, 64);
-	memcpy(buffer, msg, (length_b+7)/8);
+	memcpy(buffer.v8, msg, (length_b+7)/8);
-	buffer[length_b/8] |= 0x80 >> (length_b&0x7);
+	buffer.v8[length_b/8] |= 0x80 >> (length_b&0x7);
-	blake_small_changeendian(buffer, buffer);
+	blake_small_changeendian(buffer.v8, buffer.v8);
 	blake_small_expand(v, ctx);
 	if(length_b>512-64-2){
 		v[12] ^= ctr.v32[0];
 		v[13] ^= ctr.v32[0];
 		v[14] ^= ctr.v32[1];
 		v[15] ^= ctr.v32[1];
-		blake_small_compress(v, buffer);
+		blake_small_compress(v, buffer.v8);
 		blake_small_collapse(ctx, v);
-		memset(buffer, 0, 64-8);
+		memset(buffer.v8, 0, 64-8);
 		blake_small_expand(v, ctx);
 	}else{
 		if(length_b){
@@ -171,10 +174,10 @@ void blake_small_lastBlock(blake_small_ctx_t* ctx, const void* msg, uint16_t len
 		}
 	}
 	if(ctx->appendone)
-		buffer[64-8-4] |= 0x01;
+		buffer.v8[64-8-4] |= 0x01;
-	*((uint32_t*)(&(buffer[64-8]))) = ctr.v32[1];
+	buffer.v32[14] = ctr.v32[1];
-	*((uint32_t*)(&(buffer[64-4]))) = ctr.v32[0];
+	buffer.v32[15] = ctr.v32[0];
-	blake_small_compress(v, buffer);
+	blake_small_compress(v, buffer.v8);
 	blake_small_collapse(ctx, v);
 
 }

bmw/bmw_large.c

@@ -523,33 +523,36 @@ void bmw_large_nextBlock(bmw_large_ctx_t* ctx, const void* block){
 }
 
 void bmw_large_lastBlock(bmw_large_ctx_t* ctx, const void* block, uint16_t length_b){
-	uint8_t buffer[128];
+	union {
+		uint8_t   v8[128];
+		uint64_t v64[ 16];
+	} buffer;
 	while(length_b >= BMW_LARGE_BLOCKSIZE){
 		bmw_large_nextBlock(ctx, block);
 		length_b -= BMW_LARGE_BLOCKSIZE;
 		block = (uint8_t*)block + BMW_LARGE_BLOCKSIZE_B;
 	}
-	memset(buffer, 0, 128);
+	memset(buffer.v8, 0, 128);
-	memcpy(buffer, block, (length_b+7)/8);
+	memcpy(buffer.v8, block, (length_b+7)/8);
-	buffer[length_b>>3] |= 0x80 >> (length_b&0x07);
+	buffer.v8[length_b>>3] |= 0x80 >> (length_b&0x07);
 	if(length_b+1>128*8-64){
-		bmw_large_nextBlock(ctx, buffer);
+		bmw_large_nextBlock(ctx, buffer.v8);
-		memset(buffer, 0, 128-8);
+		memset(buffer.v8, 0, 128-8);
 		ctx->counter -= 1;
 	}
-	*((uint64_t*)&(buffer[128-8])) = (uint64_t)(ctx->counter*1024LL)+(uint64_t)length_b;
+	buffer.v64[15] = (uint64_t)(ctx->counter*1024LL)+(uint64_t)length_b;
-	bmw_large_nextBlock(ctx, buffer);
+	bmw_large_nextBlock(ctx, buffer.v8);
 #if TWEAK
 	uint8_t i;
 	uint64_t q[32];
-	memset(buffer, 0xaa, 128);
+	memset(buffer.v8, 0xaa, 128);
 	for(i=0; i<16; ++i){
-		buffer[8*i] = i + 0xa0;
+		buffer.v8[8*i] = i + 0xa0;
 	}
-	bmw_large_f0(q, (uint64_t*)buffer, ctx->h);
+	bmw_large_f0(q, buffer.v64, ctx->h);
-	bmw_large_f1(q, ctx->h, (uint64_t*)buffer);
+	bmw_large_f1(q, ctx->h, buffer.v64);
-	bmw_large_f2((uint64_t*)buffer, q, ctx->h);
+	bmw_large_f2(buffer.v64, q, ctx->h);
-	memcpy(ctx->h, buffer, 128);
+	memcpy(ctx->h, buffer.v8, 128);
 #endif
 }
 

bmw/bmw_small.c

@@ -499,38 +499,42 @@ void bmw_small_nextBlock(bmw_small_ctx_t* ctx, const void* block){
 }
 
 void bmw_small_lastBlock(bmw_small_ctx_t* ctx, const void* block, uint16_t length_b){
-	uint8_t buffer[64];
+	union {
+		uint8_t   v8[64];
+		uint32_t v32[16];
+		uint64_t v64[ 8];
+	} buffer;
 	while(length_b >= BMW_SMALL_BLOCKSIZE){
 		bmw_small_nextBlock(ctx, block);
 		length_b -= BMW_SMALL_BLOCKSIZE;
 		block = (uint8_t*)block + BMW_SMALL_BLOCKSIZE_B;
 	}
-	memset(buffer, 0, 64);
+	memset(buffer.v8, 0, 64);
-	memcpy(buffer, block, (length_b+7)/8);
+	memcpy(buffer.v8, block, (length_b+7)/8);
-	buffer[length_b>>3] |= 0x80 >> (length_b&0x07);
+	buffer.v8[length_b>>3] |= 0x80 >> (length_b&0x07);
 	if(length_b+1>64*8-64){
-		bmw_small_nextBlock(ctx, buffer);
+		bmw_small_nextBlock(ctx, buffer.v8);
-		memset(buffer, 0, 64-8);
+		memset(buffer.v8, 0, 64-8);
 		ctx->counter -= 1;
 	}
-	*((uint64_t*)&(buffer[64-8])) = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b;
+	buffer.v64[7] = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b;
-	bmw_small_nextBlock(ctx, buffer);
+	bmw_small_nextBlock(ctx, buffer.v8);
 #if TWEAK
 	uint8_t i;
 	uint32_t q[32];
-	memset(buffer, 0xaa, 64);
+	memset(buffer.v8, 0xaa, 64);
 	for(i=0; i<16;++i){
-		buffer[i*4] = i+0xa0;
+		buffer.v8[i*4] = i+0xa0;
 	}
-//	dump_x(buffer, 16, 'A');
+//	dump_x(buffer.v8, 16, 'A');
 	dump_x(ctx->h, 16, 'M');
-	bmw_small_f0(q, (uint32_t*)buffer, ctx->h);
+	bmw_small_f0(q, buffer.v32, ctx->h);
-	dump_x(buffer, 16, 'a');
+	dump_x(buffer.v8, 16, 'a');
 	dump_x(q, 16, 'Q');
-	bmw_small_f1(q, ctx->h, (uint32_t*)buffer);
+	bmw_small_f1(q, ctx->h, buffer.v32);
 	dump_x(q, 32, 'Q');
-	bmw_small_f2((uint32_t*)buffer, q, ctx->h);
+	bmw_small_f2(buffer.v32, q, ctx->h);
-	memcpy(ctx->h, buffer, 64);
+	memcpy(ctx->h, buffer.v8, 64);
 #endif
 }
 

host/rsa_pkcs1v15_check.rb

@@ -1,5 +1,5 @@
 #!/usr/bin/ruby
-# rsa_pkcs15_check.rb
+# rsa_pkcs1v15_check.rb
 =begin
     This file is part of the AVR-Crypto-Lib.
     Copyright (C) 2008  Daniel Otte (daniel.otte@rub.de)
@@ -21,6 +21,7 @@
 require 'rubygems'
 require 'serialport'
 require 'getopt/std'
+require 'fileutils'
 
 $buffer_size = 0 # set automatically in init_system
 $conffile_check = Hash.new
@@ -94,10 +95,15 @@ end
 def read_block(f)
   d = Array.new
   begin
+    v = false
     l = f.gets
-    x = l.split.collect { |e| e.to_i(16) }
+ #   x = l.split.collect { |e| e.to_i(16) }
+    t = l.split
+    t.each { |e| v = true if e.length != 2 }
+    x = []
+    x = t.collect { |e| e.to_i(16) } if ! v
     d += x
-  end while x.length == 16
+  end while x.length == 16 && ! v
   return d
 end
 
@@ -300,7 +306,11 @@ def check_tv(tv)
   test_enc = ''
   loop do 
     l = read_line_from_device()
-    break if ! /([0-9A-Fa-f]{2}\s*)+/.match(l)
+    t = l.split
+    v = false
+    t.each { |e| v = true if e.length != 2 }
+    x = t.collect { |e| e.to_i(16) }
+    break if v
     test_enc += l if l
   end
   test_enc_a = Array.new
@@ -331,7 +341,7 @@ end
 ########################################
 
 
-opts = Getopt::Std.getopts('dc:f:il:s:')
+opts = Getopt::Std.getopts('dc:f:il:s:n:')
 
 conf = Hash.new
 conf = readconfigfile("/etc/testport.conf", conf)
@@ -367,14 +377,39 @@ $sp.flow_control = SerialPort::SOFT
 
 $debug = true if opts['d']
 
-if opts['l']
+if opts['l'] && ! opts['n']
   $logfile = File.open(opts['l'], 'w')
 end
 
+if opts['n']
+  logfilename = conf['PORT']['testlogbase']+'rsa_pkcs1v15_' + opts['n'] + '.txt'
+  if File.exists?(logfilename)
+    i=1
+    begin
+      logfilename = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',i,'.txt')
+      i+=1
+    end while(File.exists?(logfilename))
+    while(i>2) do
+      n1 = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',i-2,'.txt')
+      n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',i-1,'.txt')
+      File.rename(n1, n2)
+      printf("%s -> %s\n", n1, n2)
+      i-=1
+    end
+    n1 = sprintf('%s%s', conf['PORT']['testlogbase'],'rsa_pkcs1v15_'+opts['n']+'.txt')
+    n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',1,'.txt')
+    File.rename(n1, n2)
+    printf("%s -> %s\n", n1, n2)
+    logfilename = conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'.txt'
+  end
+  printf("logging to %s", logfilename)
+  $logfile = File.open(logfilename, 'w')
+end
+
 $logfile = STDOUT if ! $logfile
 reset_system()
 
-if opts['s'] && m = opts['s'].match(/([\d]+\.([\d]+))/)
+if opts['s'] && ( m = opts['s'].match(/([\d]+)\.([\d]+)/) )
   sk = m[1].to_i
   sv = m[2].to_i
 else

khazad/khazad.c

@@ -92,7 +92,7 @@ uint8_t khazad_sbox(uint8_t a){
 	return b|c;
 }
 
-static void gamma(uint8_t* a){
+static void gamma_1(uint8_t* a){
 	uint8_t i;
 	for(i=0; i<8; ++i){
 		*a = khazad_sbox(*a);
@@ -147,7 +147,7 @@ static void theta(uint8_t* a){
 /******************************************************************************/
 
 static void khazad_round(uint8_t* a, const uint8_t* k){
-	gamma(a);
+	gamma_1(a);
 	theta(a);
 	memxor(a, k, 8);
 }
@@ -188,7 +188,7 @@ void khazad_enc(void* buffer, const khazad_ctx_t* ctx){
 	for(r=1; r<8; ++r){
 		khazad_round(buffer, ctx->k[r]);
 	}
-	gamma(buffer);
+	gamma_1(buffer);
 	memxor(buffer, ctx->k[8], 8);
 }
 
@@ -197,11 +197,11 @@ void khazad_enc(void* buffer, const khazad_ctx_t* ctx){
 void khazad_dec(void* buffer, const khazad_ctx_t* ctx){
 	uint8_t r=7;
 	memxor(buffer, ctx->k[8], 8);
-	gamma(buffer);
+	gamma_1(buffer);
 	do{
 		memxor(buffer, ctx->k[r--], 8);
 		theta(buffer);
-		gamma(buffer);
+		gamma_1(buffer);
 	}while(r);
 	memxor(buffer, ctx->k[0], 8);
 }

md5/md5.c

@@ -139,32 +139,35 @@ void md5_nextBlock(md5_ctx_t *state, const void* block){
 
 void md5_lastBlock(md5_ctx_t *state, const void* block, uint16_t length_b){
 	uint16_t l;
-	uint8_t b[64];
+	union {
+		uint8_t   v8[64];
+		uint64_t v64[ 8];
+	} buffer;
 	while (length_b >= 512){
 		md5_nextBlock(state, block);
 		length_b -= 512;
 		block = ((uint8_t*)block) + 512/8;
 	}
-	memset(b, 0, 64);
+	memset(buffer.v8, 0, 64);
-	memcpy(b, block, length_b/8);
+	memcpy(buffer.v8, block, length_b/8);
 	/* insert padding one */
 	l=length_b/8;
 	if(length_b%8){
 		uint8_t t;
 		t = ((uint8_t*)block)[l];
 		t |= (0x80>>(length_b%8));
-		b[l]=t;
+		buffer.v8[l]=t;
 	}else{
-		b[l]=0x80;
+		buffer.v8[l]=0x80;
 	}
 	/* insert length value */
 	if(l+sizeof(uint64_t) >= 512/8){
-		md5_nextBlock(state, b);
+		md5_nextBlock(state, buffer.v8);
 		state->counter--;
-		memset(b, 0, 64-8);
+		memset(buffer.v8, 0, 64-8);
 	}
-	*((uint64_t*)&b[64-sizeof(uint64_t)]) = (state->counter * 512) + length_b;
+	buffer.v64[7] = (state->counter * 512) + length_b;
-	md5_nextBlock(state, b);
+	md5_nextBlock(state, buffer.v8);
 }
 
 void md5_ctx2hash(md5_hash_t* dest, const md5_ctx_t* state){

mkfiles/rsaes_oaep.mk

@@ -1,13 +1,13 @@
 # Makefile for RSA
-ALGO_NAME := RSA_OAEP
+ALGO_NAME := RSAES_OAEP
 
 # comment out the following line for removement of RSA from the build process
 PK_CIPHERS += $(ALGO_NAME)
 
 $(ALGO_NAME)_DIR      := rsa/
 $(ALGO_NAME)_INCDIR   := memxor/ bigint/ noekeon/ hfal/ sha1/ mgf1/
-$(ALGO_NAME)_OBJ      := bigint.o bigint_io.o rsa_basic.o rsa_oaep.o mgf1.o hfal-basic.o hfal_sha1.o sha1.o
+$(ALGO_NAME)_OBJ      := bigint.o bigint_io.o rsa_basic.o rsaes_oaep.o mgf1.o hfal-basic.o hfal_sha1.o sha1.o
-$(ALGO_NAME)_TESTBIN := main-rsa_oaep-test.o $(CLI_STD) random_dummy.o \
+$(ALGO_NAME)_TESTBIN := main-rsaes_oaep-test.o $(CLI_STD) random_dummy.o \
                          noekeon.o noekeon_prng.o memxor.o 
 			 
 $(ALGO_NAME)_PERFORMANCE_TEST := performance

mkfiles/rsaes_pkcs1v15.mk

@@ -1,13 +1,13 @@
 # Makefile for RSA
-ALGO_NAME := RSA_PKCS15
+ALGO_NAME := RSAES_PKCS1V15
 
 # comment out the following line for removement of RSA from the build process
 SIGNATURE += $(ALGO_NAME)
 
 $(ALGO_NAME)_DIR      := rsa/
 $(ALGO_NAME)_INCDIR   := memxor/ bigint/ noekeon/
-$(ALGO_NAME)_OBJ      := bigint.o bigint_io.o rsa_basic.o rsa_pkcs15.o 
+$(ALGO_NAME)_OBJ      := bigint.o bigint_io.o rsa_basic.o rsaes_pkcs1v15.o 
-$(ALGO_NAME)_TESTBIN := main-rsa_pkcs15-test.o $(CLI_STD) random_dummy.o \
+$(ALGO_NAME)_TESTBIN := main-rsaes_pkcs1v15-test.o $(CLI_STD) random_dummy.o \
                          noekeon.o noekeon_prng.o memxor.o 
 			 
 $(ALGO_NAME)_PERFORMANCE_TEST := performance

noekeon/noekeon.c

@@ -39,7 +39,7 @@
 #define RC_POS 0
 
 static
-void gamma(uint32_t* a){
+void gamma_1(uint32_t* a){
 	uint32_t tmp;
 	
 	a[1] ^= ~((a[3]) | (a[2]));
@@ -94,7 +94,7 @@ void noekeon_round(uint32_t* key, uint32_t* state, uint8_t const1, uint8_t const
 	theta(key, state);
 	((uint8_t*)state)[RC_POS] ^= const2;
 	pi1(state);
-	gamma(state);
+	gamma_1(state);
 	pi2(state);
 }
 

rsa/rsa_basic.c

@@ -52,50 +52,111 @@ m = m2 + q * h
 
 uint8_t rsa_dec_crt_mono(bigint_t* data, rsa_privatekey_t* key){
 	bigint_t m1, m2;
-	m1.wordv = malloc((key->modulus->length_B + 1) * sizeof(bigint_word_t));
+	m1.wordv = malloc((key->components[0]->length_B + 1) * sizeof(bigint_word_t));
-	m2.wordv = malloc(key->components[1]->length_B * sizeof(bigint_word_t));
+	m2.wordv = malloc((key->components[1]->length_B + 1) * sizeof(bigint_word_t));
 	if(!m1.wordv || !m2.wordv){
 #if DEBUG
-		cli_putstr_P(PSTR("\r\nERROR: OOM! (" __FILE__ ")"));
+		cli_putstr_P(PSTR("\r\nERROR: OOM!"));
 #endif
 		free(m1.wordv);
 		free(m2.wordv);
 		return 1;
 	}
 #if DEBUG
-		cli_putstr_P(PSTR("\r\nexp_mod a + b "));
+	cli_putstr_P(PSTR("\r\nDBG: expmod m1 ..."));
+	cli_putstr_P(PSTR("\r\nexpmod("));
+	bigint_print_hex(data);
+	cli_putc(',');
+	bigint_print_hex(key->components[2]);
+	cli_putc(',');
+	bigint_print_hex(key->components[0]);
+	cli_putstr_P(PSTR(") = "));
 #endif
 	bigint_expmod_u(&m1, data, key->components[2], key->components[0]);
+#if DEBUG
+	bigint_print_hex(&m1);
+	cli_putstr_P(PSTR("expmod m2 ..."));
+	cli_putstr_P(PSTR("\r\nexpmod("));
+	bigint_print_hex(data);
+	cli_putc(',');
+	bigint_print_hex(key->components[3]);
+	cli_putc(',');
+	bigint_print_hex(key->components[1]);
+	cli_putstr_P(PSTR(") = "));
+#endif
 	bigint_expmod_u(&m2, data, key->components[3], key->components[1]);
 #if DEBUG
-	cli_putstr_P(PSTR("[done] "));
+	bigint_print_hex(&m2);
+	cli_putstr_P(PSTR("\r\nDBG: sub ..."));
+	cli_putstr_P(PSTR("\r\nsub("));
+	bigint_print_hex(&m1);
+	cli_putc(',');
+	bigint_print_hex(&m2);
+	cli_putstr_P(PSTR(") = "));
 #endif
 	bigint_sub_s(&m1, &m1, &m2);
 #if DEBUG
-	cli_putstr_P(PSTR("[done2] "));
+	bigint_print_hex(&m1);
 #endif
 	while(BIGINT_NEG_MASK & m1.info){
 #if DEBUG
-		cli_putc(',');
+	cli_putstr_P(PSTR("\r\nDBG: adding "));
+	bigint_print_hex(key->components[0]);
+	cli_putstr_P(PSTR("\r\nDBG: to "));
+	bigint_print_hex(&m1);
 #endif
 		bigint_add_s(&m1, &m1, key->components[0]);
 	}
 #if DEBUG
-		cli_putstr_P(PSTR("\r\nreduce_mul "));
+	cli_putstr_P(PSTR("\r\nDBG: reduce-mul ..."));
+	cli_putstr_P(PSTR("\r\nreduce("));
+	bigint_print_hex(&m1);
+	cli_putc(',');
+	bigint_print_hex(key->components[0]);
+	cli_putstr_P(PSTR(") = "));
 #endif
 	bigint_reduce(&m1, key->components[0]);
-	bigint_mul_u(&m1, &m1, key->components[4]);
 #if DEBUG
-		cli_putstr_P(PSTR("[done]"));
+	bigint_print_hex(&m1);
+	cli_putstr_P(PSTR("\r\nmul("));
+	bigint_print_hex(&m1);
+	cli_putc(',');
+	bigint_print_hex(key->components[4]);
+	cli_putstr_P(PSTR(") = "));
 #endif
-	bigint_reduce(&m1, key->components[0]);
+	bigint_mul_u(data, &m1, key->components[4]);
-	bigint_mul_u(&m1, &m1, key->components[1]);
 #if DEBUG
-		cli_putstr_P(PSTR(" [done]"));
+	bigint_print_hex(data);
+	cli_putstr_P(PSTR("\r\nreduce("));
+	bigint_print_hex(data);
+	cli_putc(',');
+	bigint_print_hex(key->components[0]);
+	cli_putstr_P(PSTR(") = "));
+#endif
+	bigint_reduce(data, key->components[0]);
+#if DEBUG
+	bigint_print_hex(data);
+	cli_putstr_P(PSTR("\r\nmul("));
+	bigint_print_hex(data);
+	cli_putc(',');
+	bigint_print_hex(key->components[1]);
+	cli_putstr_P(PSTR(") = "));
+#endif
+	bigint_mul_u(data, data, key->components[1]);
+#if DEBUG
+	bigint_print_hex(data);
+	cli_putstr_P(PSTR("\r\nadd("));
+	bigint_print_hex(data);
+	cli_putc(',');
+	bigint_print_hex(&m2);
+	cli_putstr_P(PSTR(") = "));
+#endif
+	bigint_add_u(data, data, &m2);
+#if DEBUG
+	bigint_print_hex(data);
 #endif
-	bigint_add_u(data, &m1, &m2);
-	free(m1.wordv);
 	free(m2.wordv);
+	free(m1.wordv);
 	return 0;
 }
 
@@ -118,8 +179,18 @@ uint8_t rsa_dec(bigint_t* data, rsa_privatekey_t* key){
 }
 
 void rsa_os2ip(bigint_t* dest, const void* data, uint32_t length_B){
+#if BIGINT_WORD_SIZE == 8
+	if(data){
+		memcpy(dest->wordv, data, length_B);
+	}
+	dest->length_B = length_B;
+#else
 	uint8_t off;
-	off = length_B % sizeof(bigint_word_t);
+	off = (sizeof(bigint_word_t) - length_B % sizeof(bigint_word_t)) % sizeof(bigint_word_t);
+#if DEBUG
+	cli_putstr_P(PSTR("\r\nDBG: off = 0x"));
+	cli_hexdump_byte(off);
+#endif
 	if(!data){
 		if(off){
 			dest->wordv = realloc(dest->wordv, length_B + sizeof(bigint_word_t) - off);
@@ -127,19 +198,37 @@ void rsa_os2ip(bigint_t* dest, const void* data, uint32_t length_B){
 			memset(dest->wordv, 0, off);
 		}
 	}else{
+		memcpy((uint8_t*)dest->wordv + off, data, length_B);
 		if(off){
-			memcpy((uint8_t*)dest->wordv + off, data, length_B);
+			memset(dest->wordv, 0, off);
-			memset(dest, 0, off);
-		}else{
-			memcpy(dest->wordv, data, length_B);
 		}
 	}
-	dest->length_B = (length_B + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
+	dest->length_B = (length_B + off) / sizeof(bigint_word_t);
+#if DEBUG
+	cli_putstr_P(PSTR("\r\nDBG: dest->length_B = 0x"));
+	cli_hexdump_rev(&(dest->length_B), 2);
+#endif
+#endif
+	dest->info = 0;
 	bigint_changeendianess(dest);
 	bigint_adjust(dest);
 }
 
 void rsa_i2osp(void* dest, bigint_t* src, uint16_t* out_length_B){
+#if BIGINT_WORD_SIZE == 8
+	if(dest){
+		uint8_t *e = src->wordv + src->length_B;
+		uint16_t i;
+		for(i=src->length_B; i>0; --i){
+			*((uint8_t*)dest) = *--e;
+			dest = (uint8_t*)dest + 1;
+		}
+	}else{
+		bigint_changeendianess(src);
+	}
+
+	*out_length_B = src->length_B;
+#else
 	*out_length_B = bigint_get_first_set_bit(src) / 8 + 1;
 	if(dest){
 		uint16_t i;
@@ -157,5 +246,6 @@ void rsa_i2osp(void* dest, bigint_t* src, uint16_t* out_length_B){
 			memmove(src->wordv, (uint8_t*)src->wordv+off, *out_length_B);
 		}
 	}
+#endif
 }
 

rsa/rsaes_oaep.c

@@ -25,7 +25,7 @@
 #include "mgf1.h"
 #include "bigint.h"
 #include "rsa_basic.h"
-#include "rsa_oaep.h"
+#include "rsaes_oaep.h"
 
 #include "random_dummy.h"
 

rsa/rsaes_pkcs1v15.c

@@ -1,4 +1,4 @@
-/* rsa_pkcs15.c */
+/* rsa_pkcs1v15.c */
 /*
     This file is part of the ARM-Crypto-Lib.
     Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
@@ -22,6 +22,7 @@
 #include <string.h>
 #include "bigint.h"
 #include "rsa_basic.h"
+#include "rsaes_pkcs1v15.h"
 
 #define DEBUG 0
 
@@ -32,15 +33,15 @@
 
 #include "random_dummy.h"
 
-uint16_t rsa_pkcs15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B){
+uint16_t rsa_pkcs1v15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B){
 	return bigint_get_first_set_bit(modulus) / 8 + 1 - msg_length_B - 3;
 }
 
-uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
+uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
 	uint16_t length_B, rsa_publickey_t* key, const void* pad){
 	int16_t pad_length;
 	bigint_t x;
-	pad_length = rsa_pkcs15_compute_padlength_B(key->modulus, length_B);
+	pad_length = rsa_pkcs1v15_compute_padlength_B(key->modulus, length_B);
 	if(pad_length<8){
 #if DEBUG
 		cli_putstr_P(PSTR("\r\nERROR: pad_length<8; pad_length: "));
@@ -84,18 +85,20 @@ uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
 	return 0;
 }
 
-uint8_t rsa_decrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
+uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
 	uint16_t length_B, rsa_privatekey_t* key, void* pad){
 	bigint_t x;
 	uint16_t m_length, pad_length=0, idx=0;
 	x.wordv = dest;
 	rsa_os2ip(&x, src, length_B);
 #if DEBUG
-	cli_putstr_P(PSTR("\r\ncalling rsa_dec() ..."));
+	cli_putstr_P(PSTR("\r\ncalling rsa_dec() with bigint:"));
+	bigint_print_hex(&x);
 #endif
 	rsa_dec(&x, key);
 #if DEBUG
-	cli_putstr_P(PSTR("\r\nfinished rsa_dec() ..."));
+	cli_putstr_P(PSTR("\r\nfinished rsa_dec() bigint:"));
+	bigint_print_hex(&x);
 #endif
 	rsa_i2osp(NULL, &x, &m_length);
 #if DEBUG

rsa/rsaes_pkcs1v15.h

@@ -1,4 +1,4 @@
-/* rsa_pkcs15.h */
+/* rsa_pkcs1v15.h */
 /*
     This file is part of the AVR-Crypto-Lib.
     Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
@@ -17,19 +17,19 @@
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#ifndef RSA_PKCS15_H_
+#ifndef RSA_PKCS1V15_H_
-#define RSA_PKCS15_H_
+#define RSA_PKCS1V15_H_
 
 #include <stdint.h>
 #include "bigint.h"
 
-uint16_t rsa_pkcs15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B);
+uint16_t rsa_pkcs1v15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B);
 
 
-uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
+uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
 		uint16_t length_B, rsa_publickey_t* key, const void* pad);
 
-uint8_t rsa_decrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
+uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
 		uint16_t length_B, rsa_privatekey_t* key, void* pad);
 
-#endif /* RSA_PKCS15_H_ */
+#endif /* RSA_PKCS1V15_H_ */

salsa20/salsa20.c

@@ -111,31 +111,31 @@ void salsa20_genBlock128(void* dest, const void* k, const void* iv, uint64_t i){
 
 void salsa20_init(void* key, uint16_t keylength_b, void* iv, salsa20_ctx_t* ctx){
 	if(keylength_b==256){
-		memcpy_P((ctx->a+ 0), sigma+ 0, 4);
+		memcpy_P((ctx->a.v8+ 0), sigma+ 0, 4);
-		memcpy_P((ctx->a+20), sigma+ 4, 4);
+		memcpy_P((ctx->a.v8+20), sigma+ 4, 4);
-		memcpy_P((ctx->a+40), sigma+ 8, 4);
+		memcpy_P((ctx->a.v8+40), sigma+ 8, 4);
-		memcpy(  (ctx->a+44), (uint8_t*)key+16, 16);
+		memcpy(  (ctx->a.v8+44), (uint8_t*)key+16, 16);
-		memcpy_P((ctx->a+60), sigma+12, 4);
+		memcpy_P((ctx->a.v8+60), sigma+12, 4);
 	}else{
-		memcpy_P((ctx->a+ 0), theta+ 0, 4);
+		memcpy_P((ctx->a.v8+ 0), theta+ 0, 4);
-		memcpy_P((ctx->a+20), theta+ 4, 4);
+		memcpy_P((ctx->a.v8+20), theta+ 4, 4);
-		memcpy_P((ctx->a+40), theta+ 8, 4);
+		memcpy_P((ctx->a.v8+40), theta+ 8, 4);
-		memcpy(  (ctx->a+44), (uint8_t*)key+ 0, 16);
+		memcpy(  (ctx->a.v8+44), (uint8_t*)key+ 0, 16);
-		memcpy_P((ctx->a+60), theta+12, 4);
+		memcpy_P((ctx->a.v8+60), theta+12, 4);
 	}
-	memcpy(  (ctx->a+ 4), key, 16);
+	memcpy(  (ctx->a.v8+ 4), key, 16);
-	memset(  (ctx->a+24), 0, 16);
+	memset(  (ctx->a.v8+24), 0, 16);
 	if(iv){
-		memcpy(  (ctx->a+24), iv, 8);
+		memcpy(  (ctx->a.v8+24), iv, 8);
 	}
 	ctx->buffer_idx=64;
 }
 
 uint8_t salsa20_gen(salsa20_ctx_t* ctx){
 	if(ctx->buffer_idx==64){
-		memcpy(ctx->buffer, ctx->a, 64);
+		memcpy(ctx->buffer, ctx->a.v8, 64);
 		salsa20_hash((uint32_t*)(ctx->buffer));
-		*((uint64_t*)(ctx->a+32)) += 1;
+		ctx->a.v64[4] += 1;
 		ctx->buffer_idx = 0;
 	}
 	return ctx->buffer[ctx->buffer_idx++];

salsa20/salsa20.h

@@ -23,7 +23,10 @@
 #include <stdint.h>
 
 typedef struct{
-	uint8_t a[64];
+	union{
+		uint8_t   v8[64];
+		uint64_t v64[ 8];
+	} a;
 	uint8_t buffer[64];
 	uint8_t buffer_idx;
 } salsa20_ctx_t;

test_src/config.h

@@ -28,7 +28,9 @@
 #include "uart_defs.h"
 
 #define UART0_I 1
+#ifndef UART0_BAUD_RATE
 #define UART0_BAUD_RATE  115200
+#endif
 #define UART0_PARATY     UART_PARATY_NONE
 #define UART0_STOPBITS   UART_STOPBITS_1
 #define UART0_DATABITS   UART_DATABITS_8

test_src/main-rsaes_oaep-test.c

@@ -28,11 +28,11 @@
 #include "bigint_io.h"
 #include "random_dummy.h"
 #include "rsa_basic.h"
-#include "rsa_oaep.h"
+#include "rsaes_oaep.h"
 
 #include "performance_test.h"
 
-const char* algo_name = "RSA-OAEP";
+const char* algo_name = "RSAES-OAEP";
 
 #define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) *  sizeof(bigint_word_t))
 #define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
@@ -423,6 +423,7 @@ uint8_t read_bigint(bigint_t* a, char* prompt){
 	}
 	a->wordv = (bigint_word_t*)buffer;
 	a->length_B = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
+	a->info = 0;
 	bigint_changeendianess(a);
 	bigint_adjust(a);
 	return 0;
@@ -685,7 +686,7 @@ void run_seed_test(void){
 		cli_putstr_P(PSTR("\r\nERROR: OOM!"));
 		return;
 	}
-	msg_ = malloc(bigint_length_B(pub_key.modulus));
+	msg_ = malloc(bigint_length_B(pub_key.modulus) + sizeof(bigint_word_t));
 	if(!msg_){
 		cli_putstr_P(PSTR("\r\nERROR: OOM!"));
 		return;

test_src/main-rsaes_pkcs1v15-test.c

@@ -28,11 +28,13 @@
 #include "bigint_io.h"
 #include "random_dummy.h"
 #include "rsa_basic.h"
-#include "rsa_pkcs15.h"
+#include "rsaes_pkcs1v15.h"
 
 #include "performance_test.h"
 
-const char* algo_name = "RSA-PKCS15";
+#define DEBUG 0
+
+const char* algo_name = "RSAES-PKCS1V15";
 
 #define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) *  sizeof(bigint_word_t))
 #define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
@@ -239,6 +241,7 @@ uint8_t read_bigint(bigint_t* a, char* prompt){
 	}
 	a->wordv = (bigint_word_t*)buffer;
 	a->length_B = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
+	a->info = 0;
 	bigint_changeendianess(a);
 	bigint_adjust(a);
 	return 0;
@@ -249,25 +252,25 @@ uint8_t pre_alloc_key_crt(void){
 	pub_key.modulus = malloc(sizeof(bigint_t));
 	if(!pub_key.modulus){
 		cli_putstr_P(PSTR("\r\nERROR: OOM!"));
-		return 2;
+		return 6;
 	}
 	priv_key.modulus = pub_key.modulus;
 	priv_key.n = 5;
 	priv_key.components = malloc(5 * sizeof(bigint_t*));
 	if(!priv_key.components){
 		cli_putstr_P(PSTR("\r\nERROR: OOM!"));
-		return 2;
+		return 3;
 	}
 	pub_key.exponent = malloc(sizeof(bigint_t));
 	if(!pub_key.exponent){
 		cli_putstr_P(PSTR("\r\nERROR: OOM!"));
-		return 2;
+		return 4;
 	}
 	for(c=0; c<5; ++c){
 		priv_key.components[c] = malloc(sizeof(bigint_t));
 		if(!priv_key.components[c]){
 			cli_putstr_P(PSTR("\r\nERROR: OOM!"));
-			return 2;
+			return 7+c;
 		}
 	}
 	return 0;
@@ -275,18 +278,22 @@ uint8_t pre_alloc_key_crt(void){
 
 void free_key(void){
 	uint8_t c;
-	free(pub_key.modulus->wordv);
+	for(c = priv_key.n; c > 0 ; --c){
+		free(priv_key.components[c - 1]->wordv);
+	}
 	free(pub_key.exponent->wordv);
-	free(pub_key.modulus);
+	free(pub_key.modulus->wordv);
-	pub_key.modulus = priv_key.modulus = NULL;
+
+	for(c = priv_key.n; c > 0 ; --c){
+		free(priv_key.components[c - 1]);
+	}
 	free(pub_key.exponent);
 	pub_key.exponent = NULL;
-	for(c = 0; c < priv_key.n; ++c){
-		free(priv_key.components[c]->wordv);
-		free(priv_key.components[c]);
-	}
 	free(priv_key.components);
 	priv_key.components = NULL;
+	free(pub_key.modulus);
+	pub_key.modulus = priv_key.modulus = NULL;
+	keys_allocated = 0;
 }
 
 uint8_t read_key_crt(void){
@@ -307,7 +314,8 @@ uint8_t read_key_crt(void){
 	r = read_bigint(priv_key.components[3],"\r\n = dq (q's exponent) =");
 	if(r) return r;
 	r = read_bigint(priv_key.components[4],"\r\n = qInv (q' coefficient) =");
-/*
+
+#if DEBUG
 	cli_putstr_P(PSTR("\r\nmodulus:"));
 	bigint_print_hex(pub_key.modulus);
 	cli_putstr_P(PSTR("\r\npublic exponent:"));
@@ -322,7 +330,7 @@ uint8_t read_key_crt(void){
 	bigint_print_hex(priv_key.components[3]);
 	cli_putstr_P(PSTR("\r\nqInv:"));
 	bigint_print_hex(priv_key.components[4]);
-*/
+#endif
 	return r;
 }
 
@@ -469,9 +477,9 @@ void quick_test(void){
 	cli_hexdump_block(seed, sizeof(SEED), 4, 16);
 	cli_putstr_P(PSTR("\r\nencrypting: ..."));
 
-	rc = rsa_encrypt_pkcs15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed);
+	rc = rsa_encrypt_pkcs1v15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed);
 	if(rc){
-		cli_putstr_P(PSTR("\r\nERROR: rsa_encrypt_pkcs15 returned: "));
+		cli_putstr_P(PSTR("\r\nERROR: rsa_encrypt_pkcs1v15 returned: "));
 		cli_hexdump_byte(rc);
 		return;
 
@@ -490,9 +498,9 @@ void quick_test(void){
 	}
 
 	cli_putstr_P(PSTR("\r\ndecrypting: ..."));
-	rc = rsa_decrypt_pkcs15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out);
+	rc = rsa_decrypt_pkcs1v15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out);
 	if(rc){
-		cli_putstr_P(PSTR("\r\nERROR: rsa_decrypt_pkcs15 returned: "));
+		cli_putstr_P(PSTR("\r\nERROR: rsa_decrypt_pkcs1v15 returned: "));
 		cli_hexdump_byte(rc);
 		return;
 	}
@@ -507,7 +515,8 @@ void quick_test(void){
 
 void run_seed_test(void){
 	uint8_t *msg, *ciph, *msg_;
-	uint16_t msg_len, ciph_len, msg_len_;
+	uint16_t ciph_len, msg_len;
+	uint16_t msg_len_;
 	uint16_t seed_len;
 	uint8_t *seed, *seed_out;
 	char read_int_str[18];
@@ -516,28 +525,48 @@ void run_seed_test(void){
 	cli_putstr_P(PSTR("\r\n  length: "));
 	cli_getsn(read_int_str, 16);
 	msg_len = own_atou(read_int_str);
-	seed_len = rsa_pkcs15_compute_padlength_B(pub_key.modulus, msg_len);
+	seed_len = rsa_pkcs1v15_compute_padlength_B(pub_key.modulus, msg_len);
 	seed = malloc(seed_len);
+#if DEBUG
+	cli_putstr_P(PSTR("\r\nDBG: @seed: 0x"));
+	cli_hexdump_rev(&seed, 2);
+#endif
 	if(!seed){
 		cli_putstr_P(PSTR("\r\nERROR: OOM!"));
 		return;
 	}
 	seed_out = malloc(seed_len);
+#if DEBUG
+	cli_putstr_P(PSTR("\r\nDBG: @seed_out: 0x"));
+	cli_hexdump_rev(&seed_out, 2);
+#endif
 	if(!seed_out){
 		cli_putstr_P(PSTR("\r\nERROR: OOM!"));
 		return;
 	}
 	msg = malloc(msg_len);
+#if DEBUG
+	cli_putstr_P(PSTR("\r\nDBG: @msg: 0x"));
+	cli_hexdump_rev(&msg, 2);
+#endif
 	if(!msg){
 		cli_putstr_P(PSTR("\r\nERROR: OOM!"));
 		return;
 	}
 	ciph = malloc(bigint_length_B(pub_key.modulus));
+#if DEBUG
+	cli_putstr_P(PSTR("\r\nDBG: @ciph: 0x"));
+	cli_hexdump_rev(&ciph, 2);
+#endif
 	if(!ciph){
 		cli_putstr_P(PSTR("\r\nERROR: OOM!"));
 		return;
 	}
-	msg_ = malloc(bigint_length_B(pub_key.modulus));
+	msg_ = malloc(bigint_length_B(pub_key.modulus) + sizeof(bigint_word_t));
+#if DEBUG
+	cli_putstr_P(PSTR("\r\nDBG: @msg_: 0x"));
+	cli_hexdump_rev(&msg_, 2);
+#endif
 	if(!msg_){
 		cli_putstr_P(PSTR("\r\nERROR: OOM!"));
 		return;
@@ -556,11 +585,21 @@ void run_seed_test(void){
 	cli_putstr_P(PSTR("\r\n seed:"));
 	cli_hexdump_block(seed, seed_len, 4, 16);
 */
-	rsa_encrypt_pkcs15(ciph, &ciph_len, msg, msg_len, &pub_key, seed);
+#if DEBUG
+	cli_putstr_P(PSTR("\r\n  first prime:"));
+	bigint_print_hex(priv_key.components[0]);
+#endif
+	rsa_encrypt_pkcs1v15(ciph, &ciph_len, msg, msg_len, &pub_key, seed);
 	cli_putstr_P(PSTR("\r\n  ciphertext:"));
 	cli_hexdump_block(ciph, ciph_len, 4, 16);
+#if DEBUG
+	cli_putstr_P(PSTR("\r\n  first prime:"));
+	bigint_print_hex(priv_key.components[0]);
+#endif
 	cli_putstr_P(PSTR("\r\n  decrypting ... "));
-	rsa_decrypt_pkcs15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out);
+
+	rsa_decrypt_pkcs1v15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out);
+
 	cli_putstr_P(PSTR("[done]"));
 	if(msg_len != msg_len_){
 		char tstr[16];
@@ -588,10 +627,11 @@ void run_seed_test(void){
 		cli_hexdump_block(seed, seed_len, 4, 16);
 		goto end;
 	}
+
 	cli_putstr_P(PSTR("\r\n  >>OK<<"));
 end:
-	free(ciph);
 	free(msg_);
+	free(ciph);
 	free(msg);
 	free(seed_out);
 	free(seed);
@@ -609,11 +649,17 @@ void rsa_init(void){
 }
 
 void load_key(void){
+	uint8_t r;
 	if(keys_allocated){
+		cli_putstr_P(PSTR("\r\nDBG: freeing old keys"));
 		free_key();
 	}
 	keys_allocated = 1;
-	read_key_crt();
+	r = read_key_crt();
+	if(r){
+		cli_putstr_P(PSTR("\r\nERROR: read_key_crt returned 0x"));
+		cli_hexdump_byte(r);
+	}
 }
 
 void test_dump(void){

test_src/main-salsa20-test.c

@@ -51,10 +51,10 @@ void nessie_first(void){
 	cli_hexdump(key, 16);
 	salsa20_init(key, 128, NULL, &ctx);
 	cli_putstr_P(PSTR("\r\n internal state: "));
-	cli_hexdump_block(ctx.a, 64, 4, 16);
+	cli_hexdump_block(ctx.a.v8, 64, 4, 16);
 	salsa20_gen(&ctx);
 	cli_putstr_P(PSTR("\r\n internal state: "));
-	cli_hexdump_block(ctx.a, 64, 4, 16);
+	cli_hexdump_block(ctx.a.v8, 64, 4, 16);
 	cli_putstr_P(PSTR("\r\n data: "));
 	cli_hexdump_block(ctx.buffer, 64, 4, 16);
 
@@ -63,13 +63,13 @@ void nessie_first(void){
 	key[15] = 0x01;
 	cli_putstr_P(PSTR("\r\n testing with key: "));
 	cli_hexdump(key, 16);
-	cli_hexdump_block(ctx.a, 64, 4, 16);
+	cli_hexdump_block(ctx.a.v8, 64, 4, 16);
 	salsa20_init(key, 128, NULL, &ctx);
 	cli_putstr_P(PSTR("\r\n internal state: "));
-	cli_hexdump_block(ctx.a, 64, 4, 16);
+	cli_hexdump_block(ctx.a.v8, 64, 4, 16);
 	salsa20_gen(&ctx);
 	cli_putstr_P(PSTR("\r\n internal state: "));
-	cli_hexdump_block(ctx.a, 64, 4, 16);
+	cli_hexdump_block(ctx.a.v8, 64, 4, 16);
 	cli_putstr_P(PSTR("\r\n data: "));
 	cli_hexdump_block(ctx.buffer, 64, 4, 16);
 }

twister/twister-large.c

@@ -109,7 +109,11 @@ void twister_large_nextBlock(twister_large_ctx_t* ctx, const void* msg){
 /*********************************************************************/
 
 void twister_inject_chksum(twister_large_ctx_t* ctx, uint8_t col){
-	*((uint64_t*)(&ctx->state.s[7][0])) ^= *((uint64_t*)(&ctx->checksum[col][0]));
+	uint8_t i=7;
+	do{
+		ctx->state.s[7][i] ^= ctx->checksum[col][i];
+
+	}while(i--);
 	twister_blank_round(&ctx->state);
 }
 

whirlpool/whirlpool.c

@@ -111,7 +111,7 @@ static const uint8_t sbox[256] PROGMEM = {
 
 #endif
 
-static void gamma(uint8_t* a){
+static void gamma_1(uint8_t* a){
 	uint8_t i;
 	for(i=0; i<64; ++i){
 		*a = whirlpool_sbox(*a);
@@ -161,7 +161,7 @@ static void theta(uint8_t* a){
 }
 
 static void w_round(uint8_t* a, const uint8_t* k){
-	gamma(a);
+	gamma_1(a);
 #if DEBUG
 	cli_putstr_P(PSTR("\r\n pre-pi:"));
 	cli_hexdump_block(a, 64, 4, 8);