From cc6b183296a5852449e3324737e2a2dece788786 Mon Sep 17 00:00:00 2001 From: bg Date: Wed, 18 Apr 2012 01:05:24 +0000 Subject: [PATCH] some fixes, mainly at rsaes-pkcs1v15 --- Makefile_main.inc | 3 +- Makefile_sys_conf.inc | 2 +- bigint/bigint.c | 12 +- blake/blake_large.c | 23 +-- blake/blake_small.c | 25 ++-- bmw/bmw_large.c | 31 ++-- bmw/bmw_small.c | 36 ++--- ..._pkcs15_check.rb => rsa_pkcs1v15_check.rb} | 49 ++++++- khazad/khazad.c | 10 +- md5/md5.c | 21 +-- mkfiles/{rsa_oaep.mk => rsaes_oaep.mk} | 6 +- mkfiles/{rsa_pkcs15.mk => rsaes_pkcs1v15.mk} | 6 +- noekeon/noekeon.c | 4 +- rsa/rsa_basic.c | 132 +++++++++++++++--- rsa/{rsa_oaep.c => rsaes_oaep.c} | 2 +- rsa/{rsa_oaep.h => rsaes_oaep.h} | 0 rsa/{rsa_pkcs15.c => rsaes_pkcs1v15.c} | 17 ++- rsa/{rsa_pkcs15.h => rsaes_pkcs1v15.h} | 14 +- salsa20/salsa20.c | 30 ++-- salsa20/salsa20.h | 5 +- test_src/config.h | 2 + ...rsa_oaep-test.c => main-rsaes_oaep-test.c} | 7 +- ...cs15-test.c => main-rsaes_pkcs1v15-test.c} | 98 +++++++++---- test_src/main-salsa20-test.c | 10 +- twister/twister-large.c | 6 +- whirlpool/whirlpool.c | 4 +- 26 files changed, 381 insertions(+), 174 deletions(-) rename host/{rsa_pkcs15_check.rb => rsa_pkcs1v15_check.rb} (86%) rename mkfiles/{rsa_oaep.mk => rsaes_oaep.mk} (61%) rename mkfiles/{rsa_pkcs15.mk => rsaes_pkcs1v15.mk} (63%) rename rsa/{rsa_oaep.c => rsaes_oaep.c} (99%) rename rsa/{rsa_oaep.h => rsaes_oaep.h} (100%) rename rsa/{rsa_pkcs15.c => rsaes_pkcs1v15.c} (86%) rename rsa/{rsa_pkcs15.h => rsaes_pkcs1v15.h} (72%) rename test_src/{main-rsa_oaep-test.c => main-rsaes_oaep-test.c} (99%) rename test_src/{main-rsa_pkcs15-test.c => main-rsaes_pkcs1v15-test.c} (91%) diff --git a/Makefile_main.inc b/Makefile_main.inc index 9a3f05f..9ace98f 100644 --- a/Makefile_main.inc +++ b/Makefile_main.inc @@ -34,8 +34,7 @@ GLOBAL_INCDIR := ./ $(TESTSRC_DIR) #------------------------------------------------------------------------------- # inclusion of make stubs -include mkfiles/0*.mk -include mkfiles/*.mk +include $(sort $(wildcard mkfiles/*.mk)) #------------------------------------------------------------------------------- ALGORITHMS = $(BLOCK_CIPHERS) $(STREAM_CIPHERS) $(HASHES) $(PRNGS) $(MACS) \ diff --git a/Makefile_sys_conf.inc b/Makefile_sys_conf.inc index bf7702a..b617523 100644 --- a/Makefile_sys_conf.inc +++ b/Makefile_sys_conf.inc @@ -27,7 +27,7 @@ STAT_DIR = stats/$(BOARD_NAME)/# AUTOASM_DIR = autoasm/$(BOARD_NAME)/# AUTOASM_OPT = -S CC = avr-gcc -CSTD = c99 +CSTD = gnu99 SIZESTAT_FILE = sizestats.txt diff --git a/bigint/bigint.c b/bigint/bigint.c index 6db0389..c69d42e 100644 --- a/bigint/bigint.c +++ b/bigint/bigint.c @@ -291,26 +291,34 @@ int8_t bigint_cmp_u(const bigint_t* a, const bigint_t* b){ void bigint_add_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){ uint8_t s; + int8_t d = 0; s = GET_SIGN(a)?2:0; s |= GET_SIGN(b)?1:0; switch(s){ case 0: /* both positive */ + d = 1; bigint_add_u(dest, a,b); - SET_POS(dest); break; case 1: /* a positive, b negative */ + d = bigint_cmp_u(a,b); bigint_sub_u(dest, a, b); break; case 2: /* a negative, b positive */ + d = bigint_cmp_u(b,a); bigint_sub_u(dest, b, a); break; case 3: /* both negative */ + d = -1; bigint_add_u(dest, a, b); - SET_NEG(dest); break; default: /* how can this happen?*/ break; } + if(d<0){ + SET_NEG(dest); + }else{ + SET_POS(dest); + } } /******************************************************************************/ diff --git a/blake/blake_large.c b/blake/blake_large.c index eb6511c..9dc118b 100644 --- a/blake/blake_large.c +++ b/blake/blake_large.c @@ -146,21 +146,24 @@ void blake_large_lastBlock(blake_large_ctx_t* ctx, const void* msg, uint16_t len msg = (uint8_t*)msg + BLAKE_LARGE_BLOCKSIZE_B; length_b -= BLAKE_LARGE_BLOCKSIZE; } - uint8_t buffer[128]; + union { + uint8_t v8[128]; + uint64_t v64[ 16]; + } buffer; uint64_t v[16]; uint64_t ctr; ctr = ctx->counter*1024+length_b; - memset(buffer, 0, 128); - memcpy(buffer, msg, (length_b+7)/8); - buffer[length_b/8] |= 0x80 >> (length_b&0x7); - blake_large_changeendian(buffer, buffer); + memset(buffer.v8, 0, 128); + memcpy(buffer.v8, msg, (length_b+7)/8); + buffer.v8[length_b/8] |= 0x80 >> (length_b&0x7); + blake_large_changeendian(buffer.v8, buffer.v8); blake_large_expand(v, ctx); if(length_b>1024-128-2){ v[12] ^= ctr; v[13] ^= ctr; - blake_large_compress(v, buffer); + blake_large_compress(v, buffer.v8); blake_large_collapse(ctx, v); - memset(buffer, 0, 128-8); + memset(buffer.v8, 0, 128-8); blake_large_expand(v, ctx); } else { if(length_b){ @@ -169,9 +172,9 @@ void blake_large_lastBlock(blake_large_ctx_t* ctx, const void* msg, uint16_t len } } if(ctx->appendone) - buffer[128-16-8] |= 0x01; - *((uint64_t*)(&(buffer[128-8]))) = ctr; - blake_large_compress(v, buffer); + buffer.v8[128-16-8] |= 0x01; + buffer.v64[15] = ctr; + blake_large_compress(v, buffer.v8); blake_large_collapse(ctx, v); } diff --git a/blake/blake_small.c b/blake/blake_small.c index cc3f6d2..fafea39 100644 --- a/blake/blake_small.c +++ b/blake/blake_small.c @@ -141,26 +141,29 @@ void blake_small_lastBlock(blake_small_ctx_t* ctx, const void* msg, uint16_t len msg = (uint8_t*)msg + BLAKE_SMALL_BLOCKSIZE_B; length_b -= BLAKE_SMALL_BLOCKSIZE; } - uint8_t buffer[64]; + union { + uint8_t v8[64]; + uint32_t v32[16]; + } buffer; uint32_t v[16]; union { uint64_t v64; uint32_t v32[2]; }ctr; ctr.v64 = ctx->counter*512+length_b; - memset(buffer, 0, 64); - memcpy(buffer, msg, (length_b+7)/8); - buffer[length_b/8] |= 0x80 >> (length_b&0x7); - blake_small_changeendian(buffer, buffer); + memset(buffer.v8, 0, 64); + memcpy(buffer.v8, msg, (length_b+7)/8); + buffer.v8[length_b/8] |= 0x80 >> (length_b&0x7); + blake_small_changeendian(buffer.v8, buffer.v8); blake_small_expand(v, ctx); if(length_b>512-64-2){ v[12] ^= ctr.v32[0]; v[13] ^= ctr.v32[0]; v[14] ^= ctr.v32[1]; v[15] ^= ctr.v32[1]; - blake_small_compress(v, buffer); + blake_small_compress(v, buffer.v8); blake_small_collapse(ctx, v); - memset(buffer, 0, 64-8); + memset(buffer.v8, 0, 64-8); blake_small_expand(v, ctx); }else{ if(length_b){ @@ -171,10 +174,10 @@ void blake_small_lastBlock(blake_small_ctx_t* ctx, const void* msg, uint16_t len } } if(ctx->appendone) - buffer[64-8-4] |= 0x01; - *((uint32_t*)(&(buffer[64-8]))) = ctr.v32[1]; - *((uint32_t*)(&(buffer[64-4]))) = ctr.v32[0]; - blake_small_compress(v, buffer); + buffer.v8[64-8-4] |= 0x01; + buffer.v32[14] = ctr.v32[1]; + buffer.v32[15] = ctr.v32[0]; + blake_small_compress(v, buffer.v8); blake_small_collapse(ctx, v); } diff --git a/bmw/bmw_large.c b/bmw/bmw_large.c index 4b2b768..45a449f 100644 --- a/bmw/bmw_large.c +++ b/bmw/bmw_large.c @@ -523,33 +523,36 @@ void bmw_large_nextBlock(bmw_large_ctx_t* ctx, const void* block){ } void bmw_large_lastBlock(bmw_large_ctx_t* ctx, const void* block, uint16_t length_b){ - uint8_t buffer[128]; + union { + uint8_t v8[128]; + uint64_t v64[ 16]; + } buffer; while(length_b >= BMW_LARGE_BLOCKSIZE){ bmw_large_nextBlock(ctx, block); length_b -= BMW_LARGE_BLOCKSIZE; block = (uint8_t*)block + BMW_LARGE_BLOCKSIZE_B; } - memset(buffer, 0, 128); - memcpy(buffer, block, (length_b+7)/8); - buffer[length_b>>3] |= 0x80 >> (length_b&0x07); + memset(buffer.v8, 0, 128); + memcpy(buffer.v8, block, (length_b+7)/8); + buffer.v8[length_b>>3] |= 0x80 >> (length_b&0x07); if(length_b+1>128*8-64){ - bmw_large_nextBlock(ctx, buffer); - memset(buffer, 0, 128-8); + bmw_large_nextBlock(ctx, buffer.v8); + memset(buffer.v8, 0, 128-8); ctx->counter -= 1; } - *((uint64_t*)&(buffer[128-8])) = (uint64_t)(ctx->counter*1024LL)+(uint64_t)length_b; - bmw_large_nextBlock(ctx, buffer); + buffer.v64[15] = (uint64_t)(ctx->counter*1024LL)+(uint64_t)length_b; + bmw_large_nextBlock(ctx, buffer.v8); #if TWEAK uint8_t i; uint64_t q[32]; - memset(buffer, 0xaa, 128); + memset(buffer.v8, 0xaa, 128); for(i=0; i<16; ++i){ - buffer[8*i] = i + 0xa0; + buffer.v8[8*i] = i + 0xa0; } - bmw_large_f0(q, (uint64_t*)buffer, ctx->h); - bmw_large_f1(q, ctx->h, (uint64_t*)buffer); - bmw_large_f2((uint64_t*)buffer, q, ctx->h); - memcpy(ctx->h, buffer, 128); + bmw_large_f0(q, buffer.v64, ctx->h); + bmw_large_f1(q, ctx->h, buffer.v64); + bmw_large_f2(buffer.v64, q, ctx->h); + memcpy(ctx->h, buffer.v8, 128); #endif } diff --git a/bmw/bmw_small.c b/bmw/bmw_small.c index b7013f3..b41e923 100644 --- a/bmw/bmw_small.c +++ b/bmw/bmw_small.c @@ -499,38 +499,42 @@ void bmw_small_nextBlock(bmw_small_ctx_t* ctx, const void* block){ } void bmw_small_lastBlock(bmw_small_ctx_t* ctx, const void* block, uint16_t length_b){ - uint8_t buffer[64]; + union { + uint8_t v8[64]; + uint32_t v32[16]; + uint64_t v64[ 8]; + } buffer; while(length_b >= BMW_SMALL_BLOCKSIZE){ bmw_small_nextBlock(ctx, block); length_b -= BMW_SMALL_BLOCKSIZE; block = (uint8_t*)block + BMW_SMALL_BLOCKSIZE_B; } - memset(buffer, 0, 64); - memcpy(buffer, block, (length_b+7)/8); - buffer[length_b>>3] |= 0x80 >> (length_b&0x07); + memset(buffer.v8, 0, 64); + memcpy(buffer.v8, block, (length_b+7)/8); + buffer.v8[length_b>>3] |= 0x80 >> (length_b&0x07); if(length_b+1>64*8-64){ - bmw_small_nextBlock(ctx, buffer); - memset(buffer, 0, 64-8); + bmw_small_nextBlock(ctx, buffer.v8); + memset(buffer.v8, 0, 64-8); ctx->counter -= 1; } - *((uint64_t*)&(buffer[64-8])) = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b; - bmw_small_nextBlock(ctx, buffer); + buffer.v64[7] = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b; + bmw_small_nextBlock(ctx, buffer.v8); #if TWEAK uint8_t i; uint32_t q[32]; - memset(buffer, 0xaa, 64); + memset(buffer.v8, 0xaa, 64); for(i=0; i<16;++i){ - buffer[i*4] = i+0xa0; + buffer.v8[i*4] = i+0xa0; } -// dump_x(buffer, 16, 'A'); +// dump_x(buffer.v8, 16, 'A'); dump_x(ctx->h, 16, 'M'); - bmw_small_f0(q, (uint32_t*)buffer, ctx->h); - dump_x(buffer, 16, 'a'); + bmw_small_f0(q, buffer.v32, ctx->h); + dump_x(buffer.v8, 16, 'a'); dump_x(q, 16, 'Q'); - bmw_small_f1(q, ctx->h, (uint32_t*)buffer); + bmw_small_f1(q, ctx->h, buffer.v32); dump_x(q, 32, 'Q'); - bmw_small_f2((uint32_t*)buffer, q, ctx->h); - memcpy(ctx->h, buffer, 64); + bmw_small_f2(buffer.v32, q, ctx->h); + memcpy(ctx->h, buffer.v8, 64); #endif } diff --git a/host/rsa_pkcs15_check.rb b/host/rsa_pkcs1v15_check.rb similarity index 86% rename from host/rsa_pkcs15_check.rb rename to host/rsa_pkcs1v15_check.rb index cdafa8a..c8d51a6 100644 --- a/host/rsa_pkcs15_check.rb +++ b/host/rsa_pkcs1v15_check.rb @@ -1,5 +1,5 @@ #!/usr/bin/ruby -# rsa_pkcs15_check.rb +# rsa_pkcs1v15_check.rb =begin This file is part of the AVR-Crypto-Lib. Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) @@ -21,6 +21,7 @@ require 'rubygems' require 'serialport' require 'getopt/std' +require 'fileutils' $buffer_size = 0 # set automatically in init_system $conffile_check = Hash.new @@ -94,10 +95,15 @@ end def read_block(f) d = Array.new begin + v = false l = f.gets - x = l.split.collect { |e| e.to_i(16) } + # x = l.split.collect { |e| e.to_i(16) } + t = l.split + t.each { |e| v = true if e.length != 2 } + x = [] + x = t.collect { |e| e.to_i(16) } if ! v d += x - end while x.length == 16 + end while x.length == 16 && ! v return d end @@ -300,7 +306,11 @@ def check_tv(tv) test_enc = '' loop do l = read_line_from_device() - break if ! /([0-9A-Fa-f]{2}\s*)+/.match(l) + t = l.split + v = false + t.each { |e| v = true if e.length != 2 } + x = t.collect { |e| e.to_i(16) } + break if v test_enc += l if l end test_enc_a = Array.new @@ -331,7 +341,7 @@ end ######################################## -opts = Getopt::Std.getopts('dc:f:il:s:') +opts = Getopt::Std.getopts('dc:f:il:s:n:') conf = Hash.new conf = readconfigfile("/etc/testport.conf", conf) @@ -367,14 +377,39 @@ $sp.flow_control = SerialPort::SOFT $debug = true if opts['d'] -if opts['l'] +if opts['l'] && ! opts['n'] $logfile = File.open(opts['l'], 'w') end +if opts['n'] + logfilename = conf['PORT']['testlogbase']+'rsa_pkcs1v15_' + opts['n'] + '.txt' + if File.exists?(logfilename) + i=1 + begin + logfilename = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',i,'.txt') + i+=1 + end while(File.exists?(logfilename)) + while(i>2) do + n1 = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',i-2,'.txt') + n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',i-1,'.txt') + File.rename(n1, n2) + printf("%s -> %s\n", n1, n2) + i-=1 + end + n1 = sprintf('%s%s', conf['PORT']['testlogbase'],'rsa_pkcs1v15_'+opts['n']+'.txt') + n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',1,'.txt') + File.rename(n1, n2) + printf("%s -> %s\n", n1, n2) + logfilename = conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'.txt' + end + printf("logging to %s", logfilename) + $logfile = File.open(logfilename, 'w') +end + $logfile = STDOUT if ! $logfile reset_system() -if opts['s'] && m = opts['s'].match(/([\d]+\.([\d]+))/) +if opts['s'] && ( m = opts['s'].match(/([\d]+)\.([\d]+)/) ) sk = m[1].to_i sv = m[2].to_i else diff --git a/khazad/khazad.c b/khazad/khazad.c index 045de13..9da7dea 100644 --- a/khazad/khazad.c +++ b/khazad/khazad.c @@ -92,7 +92,7 @@ uint8_t khazad_sbox(uint8_t a){ return b|c; } -static void gamma(uint8_t* a){ +static void gamma_1(uint8_t* a){ uint8_t i; for(i=0; i<8; ++i){ *a = khazad_sbox(*a); @@ -147,7 +147,7 @@ static void theta(uint8_t* a){ /******************************************************************************/ static void khazad_round(uint8_t* a, const uint8_t* k){ - gamma(a); + gamma_1(a); theta(a); memxor(a, k, 8); } @@ -188,7 +188,7 @@ void khazad_enc(void* buffer, const khazad_ctx_t* ctx){ for(r=1; r<8; ++r){ khazad_round(buffer, ctx->k[r]); } - gamma(buffer); + gamma_1(buffer); memxor(buffer, ctx->k[8], 8); } @@ -197,11 +197,11 @@ void khazad_enc(void* buffer, const khazad_ctx_t* ctx){ void khazad_dec(void* buffer, const khazad_ctx_t* ctx){ uint8_t r=7; memxor(buffer, ctx->k[8], 8); - gamma(buffer); + gamma_1(buffer); do{ memxor(buffer, ctx->k[r--], 8); theta(buffer); - gamma(buffer); + gamma_1(buffer); }while(r); memxor(buffer, ctx->k[0], 8); } diff --git a/md5/md5.c b/md5/md5.c index 003699e..3feddd6 100644 --- a/md5/md5.c +++ b/md5/md5.c @@ -139,32 +139,35 @@ void md5_nextBlock(md5_ctx_t *state, const void* block){ void md5_lastBlock(md5_ctx_t *state, const void* block, uint16_t length_b){ uint16_t l; - uint8_t b[64]; + union { + uint8_t v8[64]; + uint64_t v64[ 8]; + } buffer; while (length_b >= 512){ md5_nextBlock(state, block); length_b -= 512; block = ((uint8_t*)block) + 512/8; } - memset(b, 0, 64); - memcpy(b, block, length_b/8); + memset(buffer.v8, 0, 64); + memcpy(buffer.v8, block, length_b/8); /* insert padding one */ l=length_b/8; if(length_b%8){ uint8_t t; t = ((uint8_t*)block)[l]; t |= (0x80>>(length_b%8)); - b[l]=t; + buffer.v8[l]=t; }else{ - b[l]=0x80; + buffer.v8[l]=0x80; } /* insert length value */ if(l+sizeof(uint64_t) >= 512/8){ - md5_nextBlock(state, b); + md5_nextBlock(state, buffer.v8); state->counter--; - memset(b, 0, 64-8); + memset(buffer.v8, 0, 64-8); } - *((uint64_t*)&b[64-sizeof(uint64_t)]) = (state->counter * 512) + length_b; - md5_nextBlock(state, b); + buffer.v64[7] = (state->counter * 512) + length_b; + md5_nextBlock(state, buffer.v8); } void md5_ctx2hash(md5_hash_t* dest, const md5_ctx_t* state){ diff --git a/mkfiles/rsa_oaep.mk b/mkfiles/rsaes_oaep.mk similarity index 61% rename from mkfiles/rsa_oaep.mk rename to mkfiles/rsaes_oaep.mk index 59c1a39..0b0b682 100644 --- a/mkfiles/rsa_oaep.mk +++ b/mkfiles/rsaes_oaep.mk @@ -1,13 +1,13 @@ # Makefile for RSA -ALGO_NAME := RSA_OAEP +ALGO_NAME := RSAES_OAEP # comment out the following line for removement of RSA from the build process PK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := rsa/ $(ALGO_NAME)_INCDIR := memxor/ bigint/ noekeon/ hfal/ sha1/ mgf1/ -$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsa_oaep.o mgf1.o hfal-basic.o hfal_sha1.o sha1.o -$(ALGO_NAME)_TESTBIN := main-rsa_oaep-test.o $(CLI_STD) random_dummy.o \ +$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsaes_oaep.o mgf1.o hfal-basic.o hfal_sha1.o sha1.o +$(ALGO_NAME)_TESTBIN := main-rsaes_oaep-test.o $(CLI_STD) random_dummy.o \ noekeon.o noekeon_prng.o memxor.o $(ALGO_NAME)_PERFORMANCE_TEST := performance diff --git a/mkfiles/rsa_pkcs15.mk b/mkfiles/rsaes_pkcs1v15.mk similarity index 63% rename from mkfiles/rsa_pkcs15.mk rename to mkfiles/rsaes_pkcs1v15.mk index 89c9fb1..8d15289 100644 --- a/mkfiles/rsa_pkcs15.mk +++ b/mkfiles/rsaes_pkcs1v15.mk @@ -1,13 +1,13 @@ # Makefile for RSA -ALGO_NAME := RSA_PKCS15 +ALGO_NAME := RSAES_PKCS1V15 # comment out the following line for removement of RSA from the build process SIGNATURE += $(ALGO_NAME) $(ALGO_NAME)_DIR := rsa/ $(ALGO_NAME)_INCDIR := memxor/ bigint/ noekeon/ -$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsa_pkcs15.o -$(ALGO_NAME)_TESTBIN := main-rsa_pkcs15-test.o $(CLI_STD) random_dummy.o \ +$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsaes_pkcs1v15.o +$(ALGO_NAME)_TESTBIN := main-rsaes_pkcs1v15-test.o $(CLI_STD) random_dummy.o \ noekeon.o noekeon_prng.o memxor.o $(ALGO_NAME)_PERFORMANCE_TEST := performance diff --git a/noekeon/noekeon.c b/noekeon/noekeon.c index 8c4d6be..0fbdcf9 100644 --- a/noekeon/noekeon.c +++ b/noekeon/noekeon.c @@ -39,7 +39,7 @@ #define RC_POS 0 static -void gamma(uint32_t* a){ +void gamma_1(uint32_t* a){ uint32_t tmp; a[1] ^= ~((a[3]) | (a[2])); @@ -94,7 +94,7 @@ void noekeon_round(uint32_t* key, uint32_t* state, uint8_t const1, uint8_t const theta(key, state); ((uint8_t*)state)[RC_POS] ^= const2; pi1(state); - gamma(state); + gamma_1(state); pi2(state); } diff --git a/rsa/rsa_basic.c b/rsa/rsa_basic.c index b0ef12b..98cdfb2 100644 --- a/rsa/rsa_basic.c +++ b/rsa/rsa_basic.c @@ -52,50 +52,111 @@ m = m2 + q * h uint8_t rsa_dec_crt_mono(bigint_t* data, rsa_privatekey_t* key){ bigint_t m1, m2; - m1.wordv = malloc((key->modulus->length_B + 1) * sizeof(bigint_word_t)); - m2.wordv = malloc(key->components[1]->length_B * sizeof(bigint_word_t)); + m1.wordv = malloc((key->components[0]->length_B + 1) * sizeof(bigint_word_t)); + m2.wordv = malloc((key->components[1]->length_B + 1) * sizeof(bigint_word_t)); if(!m1.wordv || !m2.wordv){ #if DEBUG - cli_putstr_P(PSTR("\r\nERROR: OOM! (" __FILE__ ")")); + cli_putstr_P(PSTR("\r\nERROR: OOM!")); #endif free(m1.wordv); free(m2.wordv); return 1; } #if DEBUG - cli_putstr_P(PSTR("\r\nexp_mod a + b ")); + cli_putstr_P(PSTR("\r\nDBG: expmod m1 ...")); + cli_putstr_P(PSTR("\r\nexpmod(")); + bigint_print_hex(data); + cli_putc(','); + bigint_print_hex(key->components[2]); + cli_putc(','); + bigint_print_hex(key->components[0]); + cli_putstr_P(PSTR(") = ")); #endif bigint_expmod_u(&m1, data, key->components[2], key->components[0]); +#if DEBUG + bigint_print_hex(&m1); + cli_putstr_P(PSTR("expmod m2 ...")); + cli_putstr_P(PSTR("\r\nexpmod(")); + bigint_print_hex(data); + cli_putc(','); + bigint_print_hex(key->components[3]); + cli_putc(','); + bigint_print_hex(key->components[1]); + cli_putstr_P(PSTR(") = ")); +#endif bigint_expmod_u(&m2, data, key->components[3], key->components[1]); #if DEBUG - cli_putstr_P(PSTR("[done] ")); + bigint_print_hex(&m2); + cli_putstr_P(PSTR("\r\nDBG: sub ...")); + cli_putstr_P(PSTR("\r\nsub(")); + bigint_print_hex(&m1); + cli_putc(','); + bigint_print_hex(&m2); + cli_putstr_P(PSTR(") = ")); #endif bigint_sub_s(&m1, &m1, &m2); #if DEBUG - cli_putstr_P(PSTR("[done2] ")); + bigint_print_hex(&m1); #endif while(BIGINT_NEG_MASK & m1.info){ #if DEBUG - cli_putc(','); + cli_putstr_P(PSTR("\r\nDBG: adding ")); + bigint_print_hex(key->components[0]); + cli_putstr_P(PSTR("\r\nDBG: to ")); + bigint_print_hex(&m1); #endif bigint_add_s(&m1, &m1, key->components[0]); } #if DEBUG - cli_putstr_P(PSTR("\r\nreduce_mul ")); + cli_putstr_P(PSTR("\r\nDBG: reduce-mul ...")); + cli_putstr_P(PSTR("\r\nreduce(")); + bigint_print_hex(&m1); + cli_putc(','); + bigint_print_hex(key->components[0]); + cli_putstr_P(PSTR(") = ")); #endif bigint_reduce(&m1, key->components[0]); - bigint_mul_u(&m1, &m1, key->components[4]); #if DEBUG - cli_putstr_P(PSTR("[done]")); + bigint_print_hex(&m1); + cli_putstr_P(PSTR("\r\nmul(")); + bigint_print_hex(&m1); + cli_putc(','); + bigint_print_hex(key->components[4]); + cli_putstr_P(PSTR(") = ")); #endif - bigint_reduce(&m1, key->components[0]); - bigint_mul_u(&m1, &m1, key->components[1]); + bigint_mul_u(data, &m1, key->components[4]); #if DEBUG - cli_putstr_P(PSTR(" [done]")); + bigint_print_hex(data); + cli_putstr_P(PSTR("\r\nreduce(")); + bigint_print_hex(data); + cli_putc(','); + bigint_print_hex(key->components[0]); + cli_putstr_P(PSTR(") = ")); +#endif + bigint_reduce(data, key->components[0]); +#if DEBUG + bigint_print_hex(data); + cli_putstr_P(PSTR("\r\nmul(")); + bigint_print_hex(data); + cli_putc(','); + bigint_print_hex(key->components[1]); + cli_putstr_P(PSTR(") = ")); +#endif + bigint_mul_u(data, data, key->components[1]); +#if DEBUG + bigint_print_hex(data); + cli_putstr_P(PSTR("\r\nadd(")); + bigint_print_hex(data); + cli_putc(','); + bigint_print_hex(&m2); + cli_putstr_P(PSTR(") = ")); +#endif + bigint_add_u(data, data, &m2); +#if DEBUG + bigint_print_hex(data); #endif - bigint_add_u(data, &m1, &m2); - free(m1.wordv); free(m2.wordv); + free(m1.wordv); return 0; } @@ -118,8 +179,18 @@ uint8_t rsa_dec(bigint_t* data, rsa_privatekey_t* key){ } void rsa_os2ip(bigint_t* dest, const void* data, uint32_t length_B){ +#if BIGINT_WORD_SIZE == 8 + if(data){ + memcpy(dest->wordv, data, length_B); + } + dest->length_B = length_B; +#else uint8_t off; - off = length_B % sizeof(bigint_word_t); + off = (sizeof(bigint_word_t) - length_B % sizeof(bigint_word_t)) % sizeof(bigint_word_t); +#if DEBUG + cli_putstr_P(PSTR("\r\nDBG: off = 0x")); + cli_hexdump_byte(off); +#endif if(!data){ if(off){ dest->wordv = realloc(dest->wordv, length_B + sizeof(bigint_word_t) - off); @@ -127,19 +198,37 @@ void rsa_os2ip(bigint_t* dest, const void* data, uint32_t length_B){ memset(dest->wordv, 0, off); } }else{ + memcpy((uint8_t*)dest->wordv + off, data, length_B); if(off){ - memcpy((uint8_t*)dest->wordv + off, data, length_B); - memset(dest, 0, off); - }else{ - memcpy(dest->wordv, data, length_B); + memset(dest->wordv, 0, off); } } - dest->length_B = (length_B + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t); + dest->length_B = (length_B + off) / sizeof(bigint_word_t); +#if DEBUG + cli_putstr_P(PSTR("\r\nDBG: dest->length_B = 0x")); + cli_hexdump_rev(&(dest->length_B), 2); +#endif +#endif + dest->info = 0; bigint_changeendianess(dest); bigint_adjust(dest); } void rsa_i2osp(void* dest, bigint_t* src, uint16_t* out_length_B){ +#if BIGINT_WORD_SIZE == 8 + if(dest){ + uint8_t *e = src->wordv + src->length_B; + uint16_t i; + for(i=src->length_B; i>0; --i){ + *((uint8_t*)dest) = *--e; + dest = (uint8_t*)dest + 1; + } + }else{ + bigint_changeendianess(src); + } + + *out_length_B = src->length_B; +#else *out_length_B = bigint_get_first_set_bit(src) / 8 + 1; if(dest){ uint16_t i; @@ -157,5 +246,6 @@ void rsa_i2osp(void* dest, bigint_t* src, uint16_t* out_length_B){ memmove(src->wordv, (uint8_t*)src->wordv+off, *out_length_B); } } +#endif } diff --git a/rsa/rsa_oaep.c b/rsa/rsaes_oaep.c similarity index 99% rename from rsa/rsa_oaep.c rename to rsa/rsaes_oaep.c index 96d1a92..0fc0c04 100644 --- a/rsa/rsa_oaep.c +++ b/rsa/rsaes_oaep.c @@ -25,7 +25,7 @@ #include "mgf1.h" #include "bigint.h" #include "rsa_basic.h" -#include "rsa_oaep.h" +#include "rsaes_oaep.h" #include "random_dummy.h" diff --git a/rsa/rsa_oaep.h b/rsa/rsaes_oaep.h similarity index 100% rename from rsa/rsa_oaep.h rename to rsa/rsaes_oaep.h diff --git a/rsa/rsa_pkcs15.c b/rsa/rsaes_pkcs1v15.c similarity index 86% rename from rsa/rsa_pkcs15.c rename to rsa/rsaes_pkcs1v15.c index b1ec7ca..459c62b 100644 --- a/rsa/rsa_pkcs15.c +++ b/rsa/rsaes_pkcs1v15.c @@ -1,4 +1,4 @@ -/* rsa_pkcs15.c */ +/* rsa_pkcs1v15.c */ /* This file is part of the ARM-Crypto-Lib. Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de) @@ -22,6 +22,7 @@ #include #include "bigint.h" #include "rsa_basic.h" +#include "rsaes_pkcs1v15.h" #define DEBUG 0 @@ -32,15 +33,15 @@ #include "random_dummy.h" -uint16_t rsa_pkcs15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B){ +uint16_t rsa_pkcs1v15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B){ return bigint_get_first_set_bit(modulus) / 8 + 1 - msg_length_B - 3; } -uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src, +uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src, uint16_t length_B, rsa_publickey_t* key, const void* pad){ int16_t pad_length; bigint_t x; - pad_length = rsa_pkcs15_compute_padlength_B(key->modulus, length_B); + pad_length = rsa_pkcs1v15_compute_padlength_B(key->modulus, length_B); if(pad_length<8){ #if DEBUG cli_putstr_P(PSTR("\r\nERROR: pad_length<8; pad_length: ")); @@ -84,18 +85,20 @@ uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src, return 0; } -uint8_t rsa_decrypt_pkcs15(void* dest, uint16_t* out_length, const void* src, +uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src, uint16_t length_B, rsa_privatekey_t* key, void* pad){ bigint_t x; uint16_t m_length, pad_length=0, idx=0; x.wordv = dest; rsa_os2ip(&x, src, length_B); #if DEBUG - cli_putstr_P(PSTR("\r\ncalling rsa_dec() ...")); + cli_putstr_P(PSTR("\r\ncalling rsa_dec() with bigint:")); + bigint_print_hex(&x); #endif rsa_dec(&x, key); #if DEBUG - cli_putstr_P(PSTR("\r\nfinished rsa_dec() ...")); + cli_putstr_P(PSTR("\r\nfinished rsa_dec() bigint:")); + bigint_print_hex(&x); #endif rsa_i2osp(NULL, &x, &m_length); #if DEBUG diff --git a/rsa/rsa_pkcs15.h b/rsa/rsaes_pkcs1v15.h similarity index 72% rename from rsa/rsa_pkcs15.h rename to rsa/rsaes_pkcs1v15.h index ff1b26d..cb12740 100644 --- a/rsa/rsa_pkcs15.h +++ b/rsa/rsaes_pkcs1v15.h @@ -1,4 +1,4 @@ -/* rsa_pkcs15.h */ +/* rsa_pkcs1v15.h */ /* This file is part of the AVR-Crypto-Lib. Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de) @@ -17,19 +17,19 @@ along with this program. If not, see . */ -#ifndef RSA_PKCS15_H_ -#define RSA_PKCS15_H_ +#ifndef RSA_PKCS1V15_H_ +#define RSA_PKCS1V15_H_ #include #include "bigint.h" -uint16_t rsa_pkcs15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B); +uint16_t rsa_pkcs1v15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B); -uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src, +uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src, uint16_t length_B, rsa_publickey_t* key, const void* pad); -uint8_t rsa_decrypt_pkcs15(void* dest, uint16_t* out_length, const void* src, +uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src, uint16_t length_B, rsa_privatekey_t* key, void* pad); -#endif /* RSA_PKCS15_H_ */ +#endif /* RSA_PKCS1V15_H_ */ diff --git a/salsa20/salsa20.c b/salsa20/salsa20.c index 4e994db..95a38d5 100644 --- a/salsa20/salsa20.c +++ b/salsa20/salsa20.c @@ -111,31 +111,31 @@ void salsa20_genBlock128(void* dest, const void* k, const void* iv, uint64_t i){ void salsa20_init(void* key, uint16_t keylength_b, void* iv, salsa20_ctx_t* ctx){ if(keylength_b==256){ - memcpy_P((ctx->a+ 0), sigma+ 0, 4); - memcpy_P((ctx->a+20), sigma+ 4, 4); - memcpy_P((ctx->a+40), sigma+ 8, 4); - memcpy( (ctx->a+44), (uint8_t*)key+16, 16); - memcpy_P((ctx->a+60), sigma+12, 4); + memcpy_P((ctx->a.v8+ 0), sigma+ 0, 4); + memcpy_P((ctx->a.v8+20), sigma+ 4, 4); + memcpy_P((ctx->a.v8+40), sigma+ 8, 4); + memcpy( (ctx->a.v8+44), (uint8_t*)key+16, 16); + memcpy_P((ctx->a.v8+60), sigma+12, 4); }else{ - memcpy_P((ctx->a+ 0), theta+ 0, 4); - memcpy_P((ctx->a+20), theta+ 4, 4); - memcpy_P((ctx->a+40), theta+ 8, 4); - memcpy( (ctx->a+44), (uint8_t*)key+ 0, 16); - memcpy_P((ctx->a+60), theta+12, 4); + memcpy_P((ctx->a.v8+ 0), theta+ 0, 4); + memcpy_P((ctx->a.v8+20), theta+ 4, 4); + memcpy_P((ctx->a.v8+40), theta+ 8, 4); + memcpy( (ctx->a.v8+44), (uint8_t*)key+ 0, 16); + memcpy_P((ctx->a.v8+60), theta+12, 4); } - memcpy( (ctx->a+ 4), key, 16); - memset( (ctx->a+24), 0, 16); + memcpy( (ctx->a.v8+ 4), key, 16); + memset( (ctx->a.v8+24), 0, 16); if(iv){ - memcpy( (ctx->a+24), iv, 8); + memcpy( (ctx->a.v8+24), iv, 8); } ctx->buffer_idx=64; } uint8_t salsa20_gen(salsa20_ctx_t* ctx){ if(ctx->buffer_idx==64){ - memcpy(ctx->buffer, ctx->a, 64); + memcpy(ctx->buffer, ctx->a.v8, 64); salsa20_hash((uint32_t*)(ctx->buffer)); - *((uint64_t*)(ctx->a+32)) += 1; + ctx->a.v64[4] += 1; ctx->buffer_idx = 0; } return ctx->buffer[ctx->buffer_idx++]; diff --git a/salsa20/salsa20.h b/salsa20/salsa20.h index 29e7e81..fe33228 100644 --- a/salsa20/salsa20.h +++ b/salsa20/salsa20.h @@ -23,7 +23,10 @@ #include typedef struct{ - uint8_t a[64]; + union{ + uint8_t v8[64]; + uint64_t v64[ 8]; + } a; uint8_t buffer[64]; uint8_t buffer_idx; } salsa20_ctx_t; diff --git a/test_src/config.h b/test_src/config.h index b0d669e..0a985df 100644 --- a/test_src/config.h +++ b/test_src/config.h @@ -28,7 +28,9 @@ #include "uart_defs.h" #define UART0_I 1 +#ifndef UART0_BAUD_RATE #define UART0_BAUD_RATE 115200 +#endif #define UART0_PARATY UART_PARATY_NONE #define UART0_STOPBITS UART_STOPBITS_1 #define UART0_DATABITS UART_DATABITS_8 diff --git a/test_src/main-rsa_oaep-test.c b/test_src/main-rsaes_oaep-test.c similarity index 99% rename from test_src/main-rsa_oaep-test.c rename to test_src/main-rsaes_oaep-test.c index 40ec9ad..f319975 100644 --- a/test_src/main-rsa_oaep-test.c +++ b/test_src/main-rsaes_oaep-test.c @@ -28,11 +28,11 @@ #include "bigint_io.h" #include "random_dummy.h" #include "rsa_basic.h" -#include "rsa_oaep.h" +#include "rsaes_oaep.h" #include "performance_test.h" -const char* algo_name = "RSA-OAEP"; +const char* algo_name = "RSAES-OAEP"; #define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t)) #define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t)) @@ -423,6 +423,7 @@ uint8_t read_bigint(bigint_t* a, char* prompt){ } a->wordv = (bigint_word_t*)buffer; a->length_B = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t); + a->info = 0; bigint_changeendianess(a); bigint_adjust(a); return 0; @@ -685,7 +686,7 @@ void run_seed_test(void){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); return; } - msg_ = malloc(bigint_length_B(pub_key.modulus)); + msg_ = malloc(bigint_length_B(pub_key.modulus) + sizeof(bigint_word_t)); if(!msg_){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); return; diff --git a/test_src/main-rsa_pkcs15-test.c b/test_src/main-rsaes_pkcs1v15-test.c similarity index 91% rename from test_src/main-rsa_pkcs15-test.c rename to test_src/main-rsaes_pkcs1v15-test.c index 9d6471e..efea72c 100644 --- a/test_src/main-rsa_pkcs15-test.c +++ b/test_src/main-rsaes_pkcs1v15-test.c @@ -28,11 +28,13 @@ #include "bigint_io.h" #include "random_dummy.h" #include "rsa_basic.h" -#include "rsa_pkcs15.h" +#include "rsaes_pkcs1v15.h" #include "performance_test.h" -const char* algo_name = "RSA-PKCS15"; +#define DEBUG 0 + +const char* algo_name = "RSAES-PKCS1V15"; #define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t)) #define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t)) @@ -239,6 +241,7 @@ uint8_t read_bigint(bigint_t* a, char* prompt){ } a->wordv = (bigint_word_t*)buffer; a->length_B = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t); + a->info = 0; bigint_changeendianess(a); bigint_adjust(a); return 0; @@ -249,25 +252,25 @@ uint8_t pre_alloc_key_crt(void){ pub_key.modulus = malloc(sizeof(bigint_t)); if(!pub_key.modulus){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); - return 2; + return 6; } priv_key.modulus = pub_key.modulus; priv_key.n = 5; priv_key.components = malloc(5 * sizeof(bigint_t*)); if(!priv_key.components){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); - return 2; + return 3; } pub_key.exponent = malloc(sizeof(bigint_t)); if(!pub_key.exponent){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); - return 2; + return 4; } for(c=0; c<5; ++c){ priv_key.components[c] = malloc(sizeof(bigint_t)); if(!priv_key.components[c]){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); - return 2; + return 7+c; } } return 0; @@ -275,18 +278,22 @@ uint8_t pre_alloc_key_crt(void){ void free_key(void){ uint8_t c; - free(pub_key.modulus->wordv); + for(c = priv_key.n; c > 0 ; --c){ + free(priv_key.components[c - 1]->wordv); + } free(pub_key.exponent->wordv); - free(pub_key.modulus); - pub_key.modulus = priv_key.modulus = NULL; + free(pub_key.modulus->wordv); + + for(c = priv_key.n; c > 0 ; --c){ + free(priv_key.components[c - 1]); + } free(pub_key.exponent); pub_key.exponent = NULL; - for(c = 0; c < priv_key.n; ++c){ - free(priv_key.components[c]->wordv); - free(priv_key.components[c]); - } free(priv_key.components); priv_key.components = NULL; + free(pub_key.modulus); + pub_key.modulus = priv_key.modulus = NULL; + keys_allocated = 0; } uint8_t read_key_crt(void){ @@ -307,7 +314,8 @@ uint8_t read_key_crt(void){ r = read_bigint(priv_key.components[3],"\r\n = dq (q's exponent) ="); if(r) return r; r = read_bigint(priv_key.components[4],"\r\n = qInv (q' coefficient) ="); -/* + +#if DEBUG cli_putstr_P(PSTR("\r\nmodulus:")); bigint_print_hex(pub_key.modulus); cli_putstr_P(PSTR("\r\npublic exponent:")); @@ -322,7 +330,7 @@ uint8_t read_key_crt(void){ bigint_print_hex(priv_key.components[3]); cli_putstr_P(PSTR("\r\nqInv:")); bigint_print_hex(priv_key.components[4]); -*/ +#endif return r; } @@ -469,9 +477,9 @@ void quick_test(void){ cli_hexdump_block(seed, sizeof(SEED), 4, 16); cli_putstr_P(PSTR("\r\nencrypting: ...")); - rc = rsa_encrypt_pkcs15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed); + rc = rsa_encrypt_pkcs1v15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed); if(rc){ - cli_putstr_P(PSTR("\r\nERROR: rsa_encrypt_pkcs15 returned: ")); + cli_putstr_P(PSTR("\r\nERROR: rsa_encrypt_pkcs1v15 returned: ")); cli_hexdump_byte(rc); return; @@ -490,9 +498,9 @@ void quick_test(void){ } cli_putstr_P(PSTR("\r\ndecrypting: ...")); - rc = rsa_decrypt_pkcs15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out); + rc = rsa_decrypt_pkcs1v15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out); if(rc){ - cli_putstr_P(PSTR("\r\nERROR: rsa_decrypt_pkcs15 returned: ")); + cli_putstr_P(PSTR("\r\nERROR: rsa_decrypt_pkcs1v15 returned: ")); cli_hexdump_byte(rc); return; } @@ -507,7 +515,8 @@ void quick_test(void){ void run_seed_test(void){ uint8_t *msg, *ciph, *msg_; - uint16_t msg_len, ciph_len, msg_len_; + uint16_t ciph_len, msg_len; + uint16_t msg_len_; uint16_t seed_len; uint8_t *seed, *seed_out; char read_int_str[18]; @@ -516,28 +525,48 @@ void run_seed_test(void){ cli_putstr_P(PSTR("\r\n length: ")); cli_getsn(read_int_str, 16); msg_len = own_atou(read_int_str); - seed_len = rsa_pkcs15_compute_padlength_B(pub_key.modulus, msg_len); + seed_len = rsa_pkcs1v15_compute_padlength_B(pub_key.modulus, msg_len); seed = malloc(seed_len); +#if DEBUG + cli_putstr_P(PSTR("\r\nDBG: @seed: 0x")); + cli_hexdump_rev(&seed, 2); +#endif if(!seed){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); return; } seed_out = malloc(seed_len); +#if DEBUG + cli_putstr_P(PSTR("\r\nDBG: @seed_out: 0x")); + cli_hexdump_rev(&seed_out, 2); +#endif if(!seed_out){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); return; } msg = malloc(msg_len); +#if DEBUG + cli_putstr_P(PSTR("\r\nDBG: @msg: 0x")); + cli_hexdump_rev(&msg, 2); +#endif if(!msg){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); return; } ciph = malloc(bigint_length_B(pub_key.modulus)); +#if DEBUG + cli_putstr_P(PSTR("\r\nDBG: @ciph: 0x")); + cli_hexdump_rev(&ciph, 2); +#endif if(!ciph){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); return; } - msg_ = malloc(bigint_length_B(pub_key.modulus)); + msg_ = malloc(bigint_length_B(pub_key.modulus) + sizeof(bigint_word_t)); +#if DEBUG + cli_putstr_P(PSTR("\r\nDBG: @msg_: 0x")); + cli_hexdump_rev(&msg_, 2); +#endif if(!msg_){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); return; @@ -556,11 +585,21 @@ void run_seed_test(void){ cli_putstr_P(PSTR("\r\n seed:")); cli_hexdump_block(seed, seed_len, 4, 16); */ - rsa_encrypt_pkcs15(ciph, &ciph_len, msg, msg_len, &pub_key, seed); +#if DEBUG + cli_putstr_P(PSTR("\r\n first prime:")); + bigint_print_hex(priv_key.components[0]); +#endif + rsa_encrypt_pkcs1v15(ciph, &ciph_len, msg, msg_len, &pub_key, seed); cli_putstr_P(PSTR("\r\n ciphertext:")); cli_hexdump_block(ciph, ciph_len, 4, 16); +#if DEBUG + cli_putstr_P(PSTR("\r\n first prime:")); + bigint_print_hex(priv_key.components[0]); +#endif cli_putstr_P(PSTR("\r\n decrypting ... ")); - rsa_decrypt_pkcs15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out); + + rsa_decrypt_pkcs1v15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out); + cli_putstr_P(PSTR("[done]")); if(msg_len != msg_len_){ char tstr[16]; @@ -588,10 +627,11 @@ void run_seed_test(void){ cli_hexdump_block(seed, seed_len, 4, 16); goto end; } + cli_putstr_P(PSTR("\r\n >>OK<<")); end: - free(ciph); free(msg_); + free(ciph); free(msg); free(seed_out); free(seed); @@ -609,11 +649,17 @@ void rsa_init(void){ } void load_key(void){ + uint8_t r; if(keys_allocated){ + cli_putstr_P(PSTR("\r\nDBG: freeing old keys")); free_key(); } keys_allocated = 1; - read_key_crt(); + r = read_key_crt(); + if(r){ + cli_putstr_P(PSTR("\r\nERROR: read_key_crt returned 0x")); + cli_hexdump_byte(r); + } } void test_dump(void){ diff --git a/test_src/main-salsa20-test.c b/test_src/main-salsa20-test.c index 0332457..9e8bb2f 100644 --- a/test_src/main-salsa20-test.c +++ b/test_src/main-salsa20-test.c @@ -51,10 +51,10 @@ void nessie_first(void){ cli_hexdump(key, 16); salsa20_init(key, 128, NULL, &ctx); cli_putstr_P(PSTR("\r\n internal state: ")); - cli_hexdump_block(ctx.a, 64, 4, 16); + cli_hexdump_block(ctx.a.v8, 64, 4, 16); salsa20_gen(&ctx); cli_putstr_P(PSTR("\r\n internal state: ")); - cli_hexdump_block(ctx.a, 64, 4, 16); + cli_hexdump_block(ctx.a.v8, 64, 4, 16); cli_putstr_P(PSTR("\r\n data: ")); cli_hexdump_block(ctx.buffer, 64, 4, 16); @@ -63,13 +63,13 @@ void nessie_first(void){ key[15] = 0x01; cli_putstr_P(PSTR("\r\n testing with key: ")); cli_hexdump(key, 16); - cli_hexdump_block(ctx.a, 64, 4, 16); + cli_hexdump_block(ctx.a.v8, 64, 4, 16); salsa20_init(key, 128, NULL, &ctx); cli_putstr_P(PSTR("\r\n internal state: ")); - cli_hexdump_block(ctx.a, 64, 4, 16); + cli_hexdump_block(ctx.a.v8, 64, 4, 16); salsa20_gen(&ctx); cli_putstr_P(PSTR("\r\n internal state: ")); - cli_hexdump_block(ctx.a, 64, 4, 16); + cli_hexdump_block(ctx.a.v8, 64, 4, 16); cli_putstr_P(PSTR("\r\n data: ")); cli_hexdump_block(ctx.buffer, 64, 4, 16); } diff --git a/twister/twister-large.c b/twister/twister-large.c index 1775488..36506be 100644 --- a/twister/twister-large.c +++ b/twister/twister-large.c @@ -109,7 +109,11 @@ void twister_large_nextBlock(twister_large_ctx_t* ctx, const void* msg){ /*********************************************************************/ void twister_inject_chksum(twister_large_ctx_t* ctx, uint8_t col){ - *((uint64_t*)(&ctx->state.s[7][0])) ^= *((uint64_t*)(&ctx->checksum[col][0])); + uint8_t i=7; + do{ + ctx->state.s[7][i] ^= ctx->checksum[col][i]; + + }while(i--); twister_blank_round(&ctx->state); } diff --git a/whirlpool/whirlpool.c b/whirlpool/whirlpool.c index e975b28..2565b70 100644 --- a/whirlpool/whirlpool.c +++ b/whirlpool/whirlpool.c @@ -111,7 +111,7 @@ static const uint8_t sbox[256] PROGMEM = { #endif -static void gamma(uint8_t* a){ +static void gamma_1(uint8_t* a){ uint8_t i; for(i=0; i<64; ++i){ *a = whirlpool_sbox(*a); @@ -161,7 +161,7 @@ static void theta(uint8_t* a){ } static void w_round(uint8_t* a, const uint8_t* k){ - gamma(a); + gamma_1(a); #if DEBUG cli_putstr_P(PSTR("\r\n pre-pi:")); cli_hexdump_block(a, 64, 4, 8); -- 2.39.2