3 This file is part of the ARM-Crypto-Lib.
4 Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "main-test-common.h"
26 #include "noekeon_prng.h"
28 #include "bigint_io.h"
29 #include "random_dummy.h"
30 #include "rsa_basic.h"
33 #include "performance_test.h"
35 const char* algo_name = "RSA-OAEP";
37 #define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t))
38 #define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
40 /*****************************************************************************
41 * additional validation-functions *
42 *****************************************************************************/
44 /* ==================================
45 * Example 1: A 1024-bit RSA Key Pair
46 * ================================== */
48 /* ------------------------------
49 * Components of the RSA Key Pair
50 * ------------------------------ */
53 const uint8_t modulus[] = {
54 0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
55 0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
56 0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
57 0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
58 0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
59 0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
60 0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
61 0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
64 /* RSA public exponent e: */
65 const uint8_t public_exponent[] = {
66 0x00, 0x01, 0x00, 0x01
69 /* RSA private exponent d: */
70 const uint8_t private_exponent[] = {
71 0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
72 0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
73 0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
74 0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
75 0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
76 0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
77 0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
78 0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
83 0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
84 0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
85 0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
86 0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
91 0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
92 0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
93 0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
94 0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
97 /* p's CRT exponent dP: */
98 const uint8_t dp[] = {
99 0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
100 0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
101 0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
102 0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
105 /* q's CRT exponent dQ: */
106 const uint8_t dq[] = {
107 0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
108 0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
109 0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
110 0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
113 /* CRT coefficient qInv: */
114 const uint8_t qinv[] = {
115 0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
116 0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
117 0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
118 0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1
121 /* ---------------------------------
122 * RSAES-OAEP Encryption Example 1.1
123 * --------------------------------- */
125 /* Message to be, encrypted: */
126 const uint8_t message[] = {
127 0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
128 0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
132 const uint8_t seed[] = {
133 0x18, 0xb7, 0x76, 0xea, 0x21, 0x06, 0x9d, 0x69, 0x77, 0x6a, 0x33, 0xe9, 0x6b, 0xad, 0x48, 0xe1,
134 0xdd, 0xa0, 0xa5, 0xef
138 const uint8_t encrypted[] = {
139 0x35, 0x4f, 0xe6, 0x7b, 0x4a, 0x12, 0x6d, 0x5d, 0x35, 0xfe, 0x36, 0xc7, 0x77, 0x79, 0x1a, 0x3f,
140 0x7b, 0xa1, 0x3d, 0xef, 0x48, 0x4e, 0x2d, 0x39, 0x08, 0xaf, 0xf7, 0x22, 0xfa, 0xd4, 0x68, 0xfb,
141 0x21, 0x69, 0x6d, 0xe9, 0x5d, 0x0b, 0xe9, 0x11, 0xc2, 0xd3, 0x17, 0x4f, 0x8a, 0xfc, 0xc2, 0x01,
142 0x03, 0x5f, 0x7b, 0x6d, 0x8e, 0x69, 0x40, 0x2d, 0xe5, 0x45, 0x16, 0x18, 0xc2, 0x1a, 0x53, 0x5f,
143 0xa9, 0xd7, 0xbf, 0xc5, 0xb8, 0xdd, 0x9f, 0xc2, 0x43, 0xf8, 0xcf, 0x92, 0x7d, 0xb3, 0x13, 0x22,
144 0xd6, 0xe8, 0x81, 0xea, 0xa9, 0x1a, 0x99, 0x61, 0x70, 0xe6, 0x57, 0xa0, 0x5a, 0x26, 0x64, 0x26,
145 0xd9, 0x8c, 0x88, 0x00, 0x3f, 0x84, 0x77, 0xc1, 0x22, 0x70, 0x94, 0xa0, 0xd9, 0xfa, 0x1e, 0x8c,
146 0x40, 0x24, 0x30, 0x9c, 0xe1, 0xec, 0xcc, 0xb5, 0x21, 0x00, 0x35, 0xd4, 0x7a, 0xc7, 0x2e, 0x8a
149 /* Message to be encrypted: */
150 const uint8_t message2[] = {
151 0x75, 0x0c, 0x40, 0x47, 0xf5, 0x47, 0xe8, 0xe4, 0x14, 0x11, 0x85, 0x65, 0x23, 0x29, 0x8a, 0xc9,
152 0xba, 0xe2, 0x45, 0xef, 0xaf, 0x13, 0x97, 0xfb, 0xe5, 0x6f, 0x9d, 0xd5
156 const uint8_t seed2[] = {
157 0x0c, 0xc7, 0x42, 0xce, 0x4a, 0x9b, 0x7f, 0x32, 0xf9, 0x51, 0xbc, 0xb2, 0x51, 0xef, 0xd9, 0x25,
158 0xfe, 0x4f, 0xe3, 0x5f
162 const uint8_t encrypted2[] = {
163 0x64, 0x0d, 0xb1, 0xac, 0xc5, 0x8e, 0x05, 0x68, 0xfe, 0x54, 0x07, 0xe5, 0xf9, 0xb7, 0x01, 0xdf,
164 0xf8, 0xc3, 0xc9, 0x1e, 0x71, 0x6c, 0x53, 0x6f, 0xc7, 0xfc, 0xec, 0x6c, 0xb5, 0xb7, 0x1c, 0x11,
165 0x65, 0x98, 0x8d, 0x4a, 0x27, 0x9e, 0x15, 0x77, 0xd7, 0x30, 0xfc, 0x7a, 0x29, 0x93, 0x2e, 0x3f,
166 0x00, 0xc8, 0x15, 0x15, 0x23, 0x6d, 0x8d, 0x8e, 0x31, 0x01, 0x7a, 0x7a, 0x09, 0xdf, 0x43, 0x52,
167 0xd9, 0x04, 0xcd, 0xeb, 0x79, 0xaa, 0x58, 0x3a, 0xdc, 0xc3, 0x1e, 0xa6, 0x98, 0xa4, 0xc0, 0x52,
168 0x83, 0xda, 0xba, 0x90, 0x89, 0xbe, 0x54, 0x91, 0xf6, 0x7c, 0x1a, 0x4e, 0xe4, 0x8d, 0xc7, 0x4b,
169 0xbb, 0xe6, 0x64, 0x3a, 0xef, 0x84, 0x66, 0x79, 0xb4, 0xcb, 0x39, 0x5a, 0x35, 0x2d, 0x5e, 0xd1,
170 0x15, 0x91, 0x2d, 0xf6, 0x96, 0xff, 0xe0, 0x70, 0x29, 0x32, 0x94, 0x6d, 0x71, 0x49, 0x2b, 0x44
173 /**********************************************************************************************/
174 /* ---------------------------------
175 * RSAES-OAEP Encryption Example 2.1
176 * --------------------------------- */
178 /* Message to be encrypted: */
179 const uint8_t message3[] = {
180 0x8f, 0xf0, 0x0c, 0xaa, 0x60, 0x5c, 0x70, 0x28, 0x30, 0x63, 0x4d, 0x9a, 0x6c, 0x3d, 0x42, 0xc6,
181 0x52, 0xb5, 0x8c, 0xf1, 0xd9, 0x2f, 0xec, 0x57, 0x0b, 0xee, 0xe7
185 const uint8_t seed3[] = {
186 0x8c, 0x40, 0x7b, 0x5e, 0xc2, 0x89, 0x9e, 0x50, 0x99, 0xc5, 0x3e, 0x8c, 0xe7, 0x93, 0xbf, 0x94,
187 0xe7, 0x1b, 0x17, 0x82
191 const uint8_t encrypted3[] = {
192 0x01, 0x81, 0xaf, 0x89, 0x22, 0xb9, 0xfc, 0xb4, 0xd7, 0x9d, 0x92, 0xeb, 0xe1, 0x98, 0x15, 0x99,
193 0x2f, 0xc0, 0xc1, 0x43, 0x9d, 0x8b, 0xcd, 0x49, 0x13, 0x98, 0xa0, 0xf4, 0xad, 0x3a, 0x32, 0x9a,
194 0x5b, 0xd9, 0x38, 0x55, 0x60, 0xdb, 0x53, 0x26, 0x83, 0xc8, 0xb7, 0xda, 0x04, 0xe4, 0xb1, 0x2a,
195 0xed, 0x6a, 0xac, 0xdf, 0x47, 0x1c, 0x34, 0xc9, 0xcd, 0xa8, 0x91, 0xad, 0xdc, 0xc2, 0xdf, 0x34,
196 0x56, 0x65, 0x3a, 0xa6, 0x38, 0x2e, 0x9a, 0xe5, 0x9b, 0x54, 0x45, 0x52, 0x57, 0xeb, 0x09, 0x9d,
197 0x56, 0x2b, 0xbe, 0x10, 0x45, 0x3f, 0x2b, 0x6d, 0x13, 0xc5, 0x9c, 0x02, 0xe1, 0x0f, 0x1f, 0x8a,
198 0xbb, 0x5d, 0xa0, 0xd0, 0x57, 0x09, 0x32, 0xda, 0xcf, 0x2d, 0x09, 0x01, 0xdb, 0x72, 0x9d, 0x0f,
199 0xef, 0xcc, 0x05, 0x4e, 0x70, 0x96, 0x8e, 0xa5, 0x40, 0xc8, 0x1b, 0x04, 0xbc, 0xae, 0xfe, 0x72,
203 /**********************************************************************************************/
206 const uint8_t modulus2[] = {
207 0x01, 0x94, 0x7c, 0x7f, 0xce, 0x90, 0x42, 0x5f, 0x47, 0x27, 0x9e, 0x70, 0x85, 0x1f, 0x25, 0xd5,
208 0xe6, 0x23, 0x16, 0xfe, 0x8a, 0x1d, 0xf1, 0x93, 0x71, 0xe3, 0xe6, 0x28, 0xe2, 0x60, 0x54, 0x3e,
209 0x49, 0x01, 0xef, 0x60, 0x81, 0xf6, 0x8c, 0x0b, 0x81, 0x41, 0x19, 0x0d, 0x2a, 0xe8, 0xda, 0xba,
210 0x7d, 0x12, 0x50, 0xec, 0x6d, 0xb6, 0x36, 0xe9, 0x44, 0xec, 0x37, 0x22, 0x87, 0x7c, 0x7c, 0x1d,
211 0x0a, 0x67, 0xf1, 0x4b, 0x16, 0x94, 0xc5, 0xf0, 0x37, 0x94, 0x51, 0xa4, 0x3e, 0x49, 0xa3, 0x2d,
212 0xde, 0x83, 0x67, 0x0b, 0x73, 0xda, 0x91, 0xa1, 0xc9, 0x9b, 0xc2, 0x3b, 0x43, 0x6a, 0x60, 0x05,
213 0x5c, 0x61, 0x0f, 0x0b, 0xaf, 0x99, 0xc1, 0xa0, 0x79, 0x56, 0x5b, 0x95, 0xa3, 0xf1, 0x52, 0x66,
214 0x32, 0xd1, 0xd4, 0xda, 0x60, 0xf2, 0x0e, 0xda, 0x25, 0xe6, 0x53, 0xc4, 0xf0, 0x02, 0x76, 0x6f,
218 /* RSA public exponent e: */
219 const uint8_t public_exponent2[] = {
223 /* RSA private exponent d: */
224 const uint8_t private_exponent2[] = {
225 0x08, 0x23, 0xf2, 0x0f, 0xad, 0xb5, 0xda, 0x89, 0x08, 0x8a, 0x9d, 0x00, 0x89, 0x3e, 0x21, 0xfa,
226 0x4a, 0x1b, 0x11, 0xfb, 0xc9, 0x3c, 0x64, 0xa3, 0xbe, 0x0b, 0xaa, 0xea, 0x97, 0xfb, 0x3b, 0x93,
227 0xc3, 0xff, 0x71, 0x37, 0x04, 0xc1, 0x9c, 0x96, 0x3c, 0x1d, 0x10, 0x7a, 0xae, 0x99, 0x05, 0x47,
228 0x39, 0xf7, 0x9e, 0x02, 0xe1, 0x86, 0xde, 0x86, 0xf8, 0x7a, 0x6d, 0xde, 0xfe, 0xa6, 0xd8, 0xcc,
229 0xd1, 0xd3, 0xc8, 0x1a, 0x47, 0xbf, 0xa7, 0x25, 0x5b, 0xe2, 0x06, 0x01, 0xa4, 0xa4, 0xb2, 0xf0,
230 0x8a, 0x16, 0x7b, 0x5e, 0x27, 0x9d, 0x71, 0x5b, 0x1b, 0x45, 0x5b, 0xdd, 0x7e, 0xab, 0x24, 0x59,
231 0x41, 0xd9, 0x76, 0x8b, 0x9a, 0xce, 0xfb, 0x3c, 0xcd, 0xa5, 0x95, 0x2d, 0xa3, 0xce, 0xe7, 0x25,
232 0x25, 0xb4, 0x50, 0x16, 0x63, 0xa8, 0xee, 0x15, 0xc9, 0xe9, 0x92, 0xd9, 0x24, 0x62, 0xfe, 0x39
236 const uint8_t p2[] = {
237 0x01, 0x59, 0xdb, 0xde, 0x04, 0xa3, 0x3e, 0xf0, 0x6f, 0xb6, 0x08, 0xb8, 0x0b, 0x19, 0x0f, 0x4d,
238 0x3e, 0x22, 0xbc, 0xc1, 0x3a, 0xc8, 0xe4, 0xa0, 0x81, 0x03, 0x3a, 0xbf, 0xa4, 0x16, 0xed, 0xb0,
239 0xb3, 0x38, 0xaa, 0x08, 0xb5, 0x73, 0x09, 0xea, 0x5a, 0x52, 0x40, 0xe7, 0xdc, 0x6e, 0x54, 0x37,
240 0x8c, 0x69, 0x41, 0x4c, 0x31, 0xd9, 0x7d, 0xdb, 0x1f, 0x40, 0x6d, 0xb3, 0x76, 0x9c, 0xc4, 0x1a,
245 const uint8_t q2[] = {
246 0x01, 0x2b, 0x65, 0x2f, 0x30, 0x40, 0x3b, 0x38, 0xb4, 0x09, 0x95, 0xfd, 0x6f, 0xf4, 0x1a, 0x1a,
247 0xcc, 0x8a, 0xda, 0x70, 0x37, 0x32, 0x36, 0xb7, 0x20, 0x2d, 0x39, 0xb2, 0xee, 0x30, 0xcf, 0xb4,
248 0x6d, 0xb0, 0x95, 0x11, 0xf6, 0xf3, 0x07, 0xcc, 0x61, 0xcc, 0x21, 0x60, 0x6c, 0x18, 0xa7, 0x5b,
249 0x8a, 0x62, 0xf8, 0x22, 0xdf, 0x03, 0x1b, 0xa0, 0xdf, 0x0d, 0xaf, 0xd5, 0x50, 0x6f, 0x56, 0x8b,
253 /* p's CRT exponent dP: */
254 const uint8_t dp2[] = {
255 0x43, 0x6e, 0xf5, 0x08, 0xde, 0x73, 0x65, 0x19, 0xc2, 0xda, 0x4c, 0x58, 0x0d, 0x98, 0xc8, 0x2c,
256 0xb7, 0x45, 0x2a, 0x3f, 0xb5, 0xef, 0xad, 0xc3, 0xb9, 0xc7, 0x78, 0x9a, 0x1b, 0xc6, 0x58, 0x4f,
257 0x79, 0x5a, 0xdd, 0xbb, 0xd3, 0x24, 0x39, 0xc7, 0x46, 0x86, 0x55, 0x2e, 0xcb, 0x6c, 0x2c, 0x30,
258 0x7a, 0x4d, 0x3a, 0xf7, 0xf5, 0x39, 0xee, 0xc1, 0x57, 0x24, 0x8c, 0x7b, 0x31, 0xf1, 0xa2, 0x55
261 /* q's CRT exponent dQ: */
262 const uint8_t dq2[] = {
263 0x01, 0x2b, 0x15, 0xa8, 0x9f, 0x3d, 0xfb, 0x2b, 0x39, 0x07, 0x3e, 0x73, 0xf0, 0x2b, 0xdd, 0x0c,
264 0x1a, 0x7b, 0x37, 0x9d, 0xd4, 0x35, 0xf0, 0x5c, 0xdd, 0xe2, 0xef, 0xf9, 0xe4, 0x62, 0x94, 0x8b,
265 0x7c, 0xec, 0x62, 0xee, 0x90, 0x50, 0xd5, 0xe0, 0x81, 0x6e, 0x07, 0x85, 0xa8, 0x56, 0xb4, 0x91,
266 0x08, 0xdc, 0xb7, 0x5f, 0x36, 0x83, 0x87, 0x4d, 0x1c, 0xa6, 0x32, 0x9a, 0x19, 0x01, 0x30, 0x66,
270 /* CRT coefficient qInv: */
271 const uint8_t qinv2[] = {
272 0x02, 0x70, 0xdb, 0x17, 0xd5, 0x91, 0x4b, 0x01, 0x8d, 0x76, 0x11, 0x8b, 0x24, 0x38, 0x9a, 0x73,
273 0x50, 0xec, 0x83, 0x6b, 0x00, 0x63, 0xa2, 0x17, 0x21, 0x23, 0x6f, 0xd8, 0xed, 0xb6, 0xd8, 0x9b,
274 0x51, 0xe7, 0xee, 0xb8, 0x7b, 0x61, 0x1b, 0x71, 0x32, 0xcb, 0x7e, 0xa7, 0x35, 0x6c, 0x23, 0x15,
275 0x1c, 0x1e, 0x77, 0x51, 0x50, 0x7c, 0x78, 0x6d, 0x9e, 0xe1, 0x79, 0x41, 0x70, 0xa8, 0xc8, 0xe8
278 /**********************************************************************************************/
281 uint8_t keys_allocated = 0;
282 rsa_publickey_t pub_key;
283 rsa_privatekey_t priv_key;
288 #define ENCRYPTED encrypted
289 #define MODULUS modulus
290 #define PUB_EXPONENT public_exponent
291 #define PRIV_EXPONENT private_exponent
300 #define ENCRYPTED encrypted3
301 #define MODULUS modulus2
302 #define PUB_EXPONENT public_exponent2
303 #define PRIV_EXPONENT private_exponent2
312 uint8_t convert_nibble(uint8_t c){
313 if(c>='0' && c<='9'){
317 if(c>='a' && c<='f'){
323 const char *block_ignore_string=" \t\r\n,;";
325 uint16_t read_os(void* dst, uint16_t length, const char* ignore_string){
326 uint16_t counter = 0;
328 uint8_t v, tmp = 0, idx = 0;
330 ignore_string = block_ignore_string;
332 while(counter < length){
337 if(strchr(ignore_string, c)){
340 v = convert_nibble(c);
345 ((uint8_t*)dst)[counter++] = (tmp << 4) | v;
355 uint16_t own_atou(const char* str){
357 while(*str && *str >= '0' && *str <= '9'){
364 uint8_t read_bigint(bigint_t* a, char* prompt){
365 uint16_t read_length, actual_length;
368 char read_int_str[18];
370 cli_putstr("\r\n length: ");
371 cli_getsn(read_int_str, 16);
372 read_length = own_atou(read_int_str);
373 off = (sizeof(bigint_word_t) - (read_length % sizeof(bigint_word_t))) % sizeof(bigint_word_t);
374 buffer = malloc(((read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t));
376 cli_putstr("\r\nERROR: OOM!");
379 cli_putstr("\r\n data: ");
380 memset(buffer, 0, sizeof(bigint_word_t));
381 actual_length = read_os(buffer + off, read_length, NULL);
382 if(actual_length != read_length){
383 cli_putstr("\r\nERROR: unexpected end of data!");
387 a->wordv = (bigint_word_t*)buffer;
388 a->length_B = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
389 bigint_changeendianess(a);
394 uint8_t pre_alloc_key_crt(void){
396 pub_key.modulus = malloc(sizeof(bigint_t));
397 if(!pub_key.modulus){
398 cli_putstr("\r\nERROR: OOM!");
401 priv_key.modulus = pub_key.modulus;
403 priv_key.components = malloc(5 * sizeof(bigint_t*));
404 if(!priv_key.components){
405 cli_putstr("\r\nERROR: OOM!");
408 pub_key.exponent = malloc(sizeof(bigint_t));
409 if(!pub_key.exponent){
410 cli_putstr("\r\nERROR: OOM!");
414 priv_key.components[c] = malloc(sizeof(bigint_t));
415 if(!priv_key.components[c]){
416 cli_putstr("\r\nERROR: OOM!");
425 free(pub_key.modulus->wordv);
426 free(pub_key.exponent->wordv);
427 free(pub_key.modulus);
428 pub_key.modulus = priv_key.modulus = NULL;
429 free(pub_key.exponent);
430 pub_key.exponent = NULL;
431 for(c = 0; c < priv_key.n; ++c){
432 free(priv_key.components[c]->wordv);
433 free(priv_key.components[c]);
435 free(priv_key.components);
436 priv_key.components = NULL;
439 uint8_t read_key_crt(void){
441 cli_putstr("\r\n== reading key (crt) ==");
442 r = pre_alloc_key_crt();
444 r = read_bigint(pub_key.modulus,"\r\n = module =");
446 r = read_bigint(pub_key.exponent,"\r\n = public exponent =");
448 r = read_bigint(priv_key.components[0],"\r\n = p (first prime) =");
450 r = read_bigint(priv_key.components[1],"\r\n = q (second prime) =");
452 r = read_bigint(priv_key.components[2],"\r\n = dp (p's exponent) =");
454 r = read_bigint(priv_key.components[3],"\r\n = dq (q's exponent) =");
456 r = read_bigint(priv_key.components[4],"\r\n = qInv (q' coefficient) =");
460 uint8_t read_key_conv(void){
462 cli_putstr("\r\n== reading key (crt) ==");
463 pub_key.modulus = malloc(sizeof(bigint_t));
464 if(!pub_key.modulus){
465 cli_putstr("\r\nERROR: OOM!");
468 r = read_bigint(pub_key.modulus,"\r\n = module =");
470 priv_key.modulus = pub_key.modulus;
472 pub_key.exponent = malloc(sizeof(bigint_t));
473 if(!pub_key.exponent){
474 cli_putstr("\r\nERROR: OOM!");
477 priv_key.components = malloc(sizeof(bigint_t*));
478 if(!priv_key.components){
479 cli_putstr("\r\nERROR: OOM!");
482 priv_key.components[0] = malloc(sizeof(bigint_t));
483 if(!priv_key.components[0]){
484 cli_putstr("\r\nERROR: OOM!");
487 r = read_bigint(pub_key.exponent,"\r\n = public exponent =");
489 r = read_bigint(priv_key.components[0],"\r\n = private exponent =");
493 void load_priv_conventional(void){
495 epriv = malloc(sizeof(bigint_t));
497 cli_putstr("\r\nERROR: OOM!");
500 epriv->length_B = (sizeof(private_exponent) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
501 epriv->wordv = malloc(epriv->length_B * sizeof(bigint_word_t));
503 cli_putstr("\r\nERROR: OOM!");
506 memcpy(epriv->wordv, private_exponent, sizeof(private_exponent));
507 priv_key.components = malloc(sizeof(bigint_t*));
508 priv_key.components[0] = epriv;
510 bigint_changeendianess(epriv);
511 bigint_adjust(epriv);
515 void load_priv_crt_mono(void){
517 const uint8_t *bv[5] = {p,q,dp,dq,qinv};
518 uint16_t sv[5] = {sizeof(p), sizeof(q), sizeof(dp), sizeof(dq), sizeof(qinv)};
520 v = malloc(5 * sizeof(bigint_t));
522 cli_putstr("\r\nERROR: OOM!");
525 priv_key.components = malloc(5*sizeof(bigint_t*));
526 if(!priv_key.components){
527 cli_putstr("\r\nERROR: OOM!");
532 v[i] = malloc(sizeof(bigint_t));
534 v[i]->length_B = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
535 v[i]->wordv = calloc(v[i]->length_B , sizeof(bigint_word_t));
537 cli_putstr("\r\nERROR: OOM!");
540 memcpy(v[i]->wordv, bv[i], sv[i]);
541 bigint_changeendianess(v[i]);
543 priv_key.components[i] = v[i];
547 uint8_t load_bigint_from_os(bigint_t* a, const void* os, uint16_t length_B){
548 a->length_B = BIGINT_CEIL(length_B) / sizeof(bigint_word_t);
549 a->wordv = malloc(BIGINT_CEIL(length_B));
551 cli_putstr("\r\nOOM!\r\n");
554 memset(a->wordv, 0, sizeof(bigint_word_t));
555 memcpy((uint8_t*)a->wordv + BIGINT_OFF(length_B), os, length_B);
557 bigint_changeendianess(a);
562 void load_fix_rsa(void){
568 if(pre_alloc_key_crt()){
569 cli_putstr("\r\nOOM!\r\n");
573 load_bigint_from_os(pub_key.modulus, MODULUS, sizeof(MODULUS));
574 load_bigint_from_os(pub_key.exponent, PUB_EXPONENT, sizeof(PUB_EXPONENT));
576 load_bigint_from_os(priv_key.components[0], P, sizeof(P));
577 load_bigint_from_os(priv_key.components[1], Q, sizeof(Q));
578 load_bigint_from_os(priv_key.components[2], DP, sizeof(DP));
579 load_bigint_from_os(priv_key.components[3], DQ, sizeof(DQ));
580 load_bigint_from_os(priv_key.components[4], QINV, sizeof(QINV));
582 // load_priv_conventional();
583 // load_priv_crt_mono();
586 void quick_test(void){
587 uint8_t *ciphertext, *plaintext, rc;
589 ciphertext = malloc(clen = pub_key.modulus->length_B * sizeof(bigint_word_t));
590 plaintext = malloc(pub_key.modulus->length_B * sizeof(bigint_word_t));
591 // memcpy(ciphertext, message1, sizeof(message1));
592 cli_putstr("\r\nplaintext:");
593 cli_hexdump_block(MSG, sizeof(MSG), 4, 8);
595 rc = rsa_encrypt_oaep(ciphertext, &clen, MSG, sizeof(MSG), &pub_key, NULL, NULL, SEED);
597 cli_putstr("\r\nERROR: rsa_encrypt_oaep returned: ");
598 cli_hexdump_byte(rc);
602 cli_putstr("\r\n\r\nciphertext:");
603 cli_hexdump_block(ciphertext, clen, 4, 8);
604 if(clen!=sizeof(ENCRYPTED) || memcmp(ENCRYPTED, ciphertext, clen)){
605 cli_putstr("\r\n>>FAIL<<");
607 cli_putstr("\r\n>>OK<<");
612 rc = rsa_decrypt_oaep(plaintext, &plen, ciphertext, clen, &priv_key, NULL, NULL, NULL);
614 cli_putstr("\r\nERROR: rsa_decrypt_oaep returned: ");
615 cli_hexdump_byte(rc);
618 cli_putstr("\r\n\r\nplaintext:");
619 cli_hexdump_block(plaintext, plen, 4, 8);
625 void run_seed_test(void){
626 uint8_t *msg, *ciph, *msg_;
627 uint16_t msg_len, ciph_len, msg_len_;
628 uint8_t seed[20], seed_out[20];
629 char read_int_str[18];
630 cli_putstr("\r\n== test with given seed ==");
631 cli_putstr("\r\n = message =");
632 cli_putstr("\r\n length: ");
633 cli_getsn(read_int_str, 16);
634 msg_len = own_atou(read_int_str);
635 msg = malloc(msg_len);
637 cli_putstr("\r\nERROR: OOM!");
640 ciph = malloc(bigint_length_B(pub_key.modulus));
642 cli_putstr("\r\nERROR: OOM!");
645 msg_ = malloc(bigint_length_B(pub_key.modulus));
647 cli_putstr("\r\nERROR: OOM!");
650 cli_putstr("\r\n data: ");
651 read_os(msg, msg_len, NULL);
652 cli_putstr("\r\n seed (20 bytes): ");
653 read_os(seed, 20, NULL);
655 cli_putstr("\r\n encrypting ...");
656 rsa_encrypt_oaep(ciph, &ciph_len, msg, msg_len, &pub_key, NULL, NULL, seed);
657 cli_putstr("\r\n ciphertext:");
658 cli_hexdump_block(ciph, ciph_len, 4, 16);
659 cli_putstr("\r\n decrypting ...");
661 rsa_decrypt_oaep(msg_, &msg_len_, ciph, ciph_len, &priv_key, NULL, NULL, seed_out);
662 if(msg_len != msg_len_){
663 cli_putstr("\r\nERROR: wrong decryted message length");
666 if(memcmp(msg, msg_, msg_len)){
667 cli_putstr("\r\nERROR: wrong decryted message");
671 if(memcmp(seed, seed_out, 20)){
672 cli_putstr("\r\nERROR: wrong decryted seed");
675 cli_putstr("\r\n >>OK<<");
678 void reset_prng(void){
682 cli_putstr("\r\nPRNG reset");
686 prng_get_byte = random8;
697 /*****************************************************************************
699 *****************************************************************************/
701 const char echo_test_str[] = "echo-test";
702 const char reset_prng_str[] = "reset-prng";
703 const char load_key_str[] = "load-key";
704 const char load_fix_key_str[] = "load-fix-key";
705 const char quick_test_str[] = "quick-test";
706 const char seed_test_str[] = "seed-test";
707 const char performance_str[] = "performance";
708 const char echo_str[] = "echo";
710 cmdlist_entry_t cmdlist[] = {
711 { reset_prng_str, NULL, reset_prng },
712 { load_key_str, NULL, load_key },
713 { load_fix_key_str, NULL, load_fix_rsa },
714 { quick_test_str, NULL, quick_test },
715 { seed_test_str, NULL, run_seed_test },
716 // { performance_str, NULL, testrun_performance_bigint },
717 { echo_str, (void*)1, (void_fpt)echo_ctrl },
724 cli_putstr("\r\nstack pointer: ~");
725 cli_hexdump_rev(&xa, 4);
732 welcome_msg(algo_name);
734 cmd_interface(cmdlist);