3 This file is part of the ARM-Crypto-Lib.
4 Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "main-test-common.h"
26 #include "noekeon_prng.h"
28 #include "bigint_io.h"
29 #include "random_dummy.h"
30 #include "rsa_basic.h"
33 #include "performance_test.h"
35 const char* algo_name = "RSA-OAEP";
37 /*****************************************************************************
38 * additional validation-functions *
39 *****************************************************************************/
41 /* ==================================
42 * Example 1: A 1024-bit RSA Key Pair
43 * ================================== */
45 /* ------------------------------
46 * Components of the RSA Key Pair
47 * ------------------------------ */
51 0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
52 0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
53 0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
54 0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
55 0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
56 0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
57 0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
58 0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
61 /* RSA public exponent e: */
62 uint8_t public_exponent[] = {
63 0x00, 0x01, 0x00, 0x01
66 /* RSA private exponent d: */
67 uint8_t private_exponent[] = {
68 0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
69 0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
70 0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
71 0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
72 0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
73 0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
74 0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
75 0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
80 0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
81 0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
82 0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
83 0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
88 0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
89 0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
90 0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
91 0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
94 /* p's CRT exponent dP: */
96 0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
97 0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
98 0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
99 0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
102 /* q's CRT exponent dQ: */
104 0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
105 0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
106 0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
107 0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
110 /* CRT coefficient qInv: */
112 0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
113 0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
114 0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
115 0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1
118 /* ---------------------------------
119 * RSAES-OAEP Encryption Example 1.1
120 * --------------------------------- */
122 /* Message to be, encrypted: */
123 uint8_t message[] = {
124 0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
125 0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
130 0x18, 0xb7, 0x76, 0xea, 0x21, 0x06, 0x9d, 0x69, 0x77, 0x6a, 0x33, 0xe9, 0x6b, 0xad, 0x48, 0xe1,
131 0xdd, 0xa0, 0xa5, 0xef
135 uint8_t encrypted[] = {
136 0x35, 0x4f, 0xe6, 0x7b, 0x4a, 0x12, 0x6d, 0x5d, 0x35, 0xfe, 0x36, 0xc7, 0x77, 0x79, 0x1a, 0x3f,
137 0x7b, 0xa1, 0x3d, 0xef, 0x48, 0x4e, 0x2d, 0x39, 0x08, 0xaf, 0xf7, 0x22, 0xfa, 0xd4, 0x68, 0xfb,
138 0x21, 0x69, 0x6d, 0xe9, 0x5d, 0x0b, 0xe9, 0x11, 0xc2, 0xd3, 0x17, 0x4f, 0x8a, 0xfc, 0xc2, 0x01,
139 0x03, 0x5f, 0x7b, 0x6d, 0x8e, 0x69, 0x40, 0x2d, 0xe5, 0x45, 0x16, 0x18, 0xc2, 0x1a, 0x53, 0x5f,
140 0xa9, 0xd7, 0xbf, 0xc5, 0xb8, 0xdd, 0x9f, 0xc2, 0x43, 0xf8, 0xcf, 0x92, 0x7d, 0xb3, 0x13, 0x22,
141 0xd6, 0xe8, 0x81, 0xea, 0xa9, 0x1a, 0x99, 0x61, 0x70, 0xe6, 0x57, 0xa0, 0x5a, 0x26, 0x64, 0x26,
142 0xd9, 0x8c, 0x88, 0x00, 0x3f, 0x84, 0x77, 0xc1, 0x22, 0x70, 0x94, 0xa0, 0xd9, 0xfa, 0x1e, 0x8c,
143 0x40, 0x24, 0x30, 0x9c, 0xe1, 0xec, 0xcc, 0xb5, 0x21, 0x00, 0x35, 0xd4, 0x7a, 0xc7, 0x2e, 0x8a
146 rsa_publickey_t pub_key;
147 rsa_privatekey_t priv_key;
149 void load_priv_conventional(void){
151 epriv = malloc(sizeof(bigint_t));
153 cli_putstr("\r\nERROR: OOM!");
156 epriv->length_B = (sizeof(private_exponent) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
157 epriv->wordv = malloc(epriv->length_B * sizeof(bigint_word_t));
159 cli_putstr("\r\nERROR: OOM!");
162 memcpy(epriv->wordv, private_exponent, sizeof(private_exponent));
163 priv_key.components = malloc(sizeof(bigint_t*));
164 priv_key.components[0] = epriv;
166 bigint_changeendianess(epriv);
167 bigint_adjust(epriv);
171 void load_priv_crt_mono(void){
173 const uint8_t *bv[5] = {p,q,dp,dq,qinv};
174 uint16_t sv[5] = {sizeof(p), sizeof(q), sizeof(dp), sizeof(dq), sizeof(qinv)};
176 v = malloc(5 * sizeof(bigint_t));
178 cli_putstr("\r\nERROR: OOM!");
181 priv_key.components = malloc(5*sizeof(bigint_t*));
182 if(!priv_key.components){
183 cli_putstr("\r\nERROR: OOM!");
188 v[i] = malloc(sizeof(bigint_t));
190 v[i]->length_B = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
191 v[i]->wordv = calloc(v[i]->length_B , sizeof(bigint_word_t));
193 cli_putstr("\r\nERROR: OOM!");
196 memcpy(v[i]->wordv, bv[i], sv[i]);
197 bigint_changeendianess(v[i]);
199 priv_key.components[i] = v[i];
204 void load_fix_rsa(void){
206 m = malloc(sizeof(bigint_t));
207 epub = malloc(sizeof(bigint_t));
209 cli_putstr("\r\nOOM!\r\n");
213 m->length_B = (sizeof(modulus) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
214 epub->length_B = (sizeof(public_exponent) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
216 m->wordv = malloc(m->length_B * sizeof(bigint_word_t));
217 epub->wordv = malloc(epub->length_B * sizeof(bigint_word_t));
219 if(!m->wordv || !epub->wordv){
220 cli_putstr("\r\nOOM!\r\n");
224 memcpy(m->wordv, modulus, sizeof(modulus));
225 memcpy(epub->wordv, public_exponent, sizeof(public_exponent));
227 pub_key.modulus = priv_key.modulus = m;
228 pub_key.exponent = epub;
230 bigint_changeendianess(m);
232 bigint_changeendianess(epub);
235 // load_priv_conventional();
236 load_priv_crt_mono();
243 void quick_test(void){
244 uint8_t *ciphertext, *plaintext, rc;
245 uint16_t clen; //, plen;
246 ciphertext = malloc(clen = pub_key.modulus->length_B * sizeof(bigint_word_t));
247 plaintext = malloc(pub_key.modulus->length_B * sizeof(bigint_word_t));
248 // memcpy(ciphertext, message1, sizeof(message1));
249 cli_putstr("\r\nplaintext:");
250 cli_hexdump_block(MSG, sizeof(MSG), 4, 8);
252 rc = rsa_encrypt_oaep(ciphertext, &clen, MSG, sizeof(MSG), &pub_key, NULL, NULL, SEED);
254 cli_putstr("\r\nERROR: rsa_encrypt_oaep returned: ");
255 cli_hexdump_byte(rc);
259 cli_putstr("\r\n\r\nciphertext:");
260 cli_hexdump_block(ciphertext, clen, 4, 8);
263 rc = rsa_decrypt_pkcs15(plaintext, &plen, ciphertext, clen, &priv_key, NULL);
265 cli_putstr("\r\nERROR: rsa_encrypt_pkcs15 returned: ");
266 cli_hexdump_byte(rc);
269 cli_putstr("\r\n\r\nplaintext:");
270 cli_hexdump_block(plaintext, plen, 4, 8);
276 void reset_prng(void){
280 cli_putstr("\r\nPRNG reset");
285 prng_get_byte = random8;
288 /*****************************************************************************
290 *****************************************************************************/
292 const char echo_test_str[] = "echo-test";
293 const char reset_prng_str[] = "reset-prng";
294 const char quick_test_str[] = "quick-test";
295 const char performance_str[] = "performance";
296 const char echo_str[] = "echo";
298 cmdlist_entry_t cmdlist[] = {
299 { reset_prng_str, NULL, reset_prng },
300 { quick_test_str, NULL, quick_test },
301 // { performance_str, NULL, testrun_performance_bigint },
302 { echo_str, (void*)1, (void_fpt)echo_ctrl },
309 cli_putstr("\r\nstack pointer: ~");
310 cli_hexdump_rev(&xa, 4);
317 welcome_msg(algo_name);
319 cmd_interface(cmdlist);