--- /dev/null
+/* camellia.h */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef CAMELLIA_H_
+#define CAMELLIA_H_
+
+#include <stdint.h>
+
+typedef struct camellia128_ctx_s{
+ uint64_t klr;
+ uint64_t kll;
+ uint64_t kar;
+ uint64_t kal;
+}camellia128_ctx_t;
+
+
+void camellia128_init(const void* key, camellia128_ctx_t* s);
+void camellia128_enc(void* block, const camellia128_ctx_t* s);
+void camellia128_dec(void* block, const camellia128_ctx_t* s);
+
+
+#endif /*CAMELLIA_H_*/
--- /dev/null
+/* camellia_C.c */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ *
+ *
+ *
+ *
+ */
+
+#include <stdint.h>
+#include "camellia.h"
+#if 0
+ #include "cli.h"
+ #include "debug.h"
+ #include <util/delay.h>
+#endif
+/*****************************************************************************/
+
+static
+uint8_t rol(uint8_t a, uint8_t n){
+ return ((a<<n) | (a>>(8-n)));
+}
+
+/*****************************************************************************/
+
+static
+uint8_t ror(uint8_t a, uint8_t n){
+ return ((a<<(8-n)) | (a>>n));
+}
+
+/*****************************************************************************/
+
+static
+uint32_t rol32(uint32_t a, uint8_t n){
+ return ((a<<n)|(a>>(32-n)));
+}
+
+/*****************************************************************************/
+/*
+static
+uint64_t rol64(uint64_t a, uint8_t n){
+ return ((a<<n)|(a>>(64-n)));
+}
+*/
+/*****************************************************************************/
+
+static
+const uint8_t camellia_s1_table[256] = {
+ 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
+ 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
+ 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
+ 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
+ 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
+ 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
+ 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
+ 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
+ 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
+ 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
+ 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
+ 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
+ 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
+ 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
+ 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
+ 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
+};
+
+/*****************************************************************************/
+
+static
+uint8_t camellia_s1(uint8_t b){
+ return camellia_s1_table[b];
+}
+
+/*****************************************************************************/
+
+static
+uint8_t camellia_s2(uint8_t b){
+ return rol(camellia_s1_table[b], 1);
+}
+
+/*****************************************************************************/
+
+static
+uint8_t camellia_s3(uint8_t b){
+ return ror(camellia_s1_table[b], 1);
+}
+
+/*****************************************************************************/
+
+static
+uint8_t camellia_s4(uint8_t b){
+ return camellia_s1_table[rol(b, 1)];
+}
+
+/*****************************************************************************/
+
+static
+uint64_t camellia_s(uint64_t d){
+// cli_putstr("\n\r S von "); cli_hexdump(&(d), 8);
+ #define D ((uint8_t*)(&d))
+ D[7] = camellia_s1(D[7]);
+ D[6] = camellia_s2(D[6]);
+ D[5] = camellia_s3(D[5]);
+ D[4] = camellia_s4(D[4]);
+
+ D[3] = camellia_s2(D[3]);
+ D[2] = camellia_s3(D[2]);
+ D[1] = camellia_s4(D[1]);
+ D[0] = camellia_s1(D[0]);
+ #undef D
+// cli_putstr(" ist "); cli_hexdump(&(d), 8);
+ return d;
+}
+
+/*****************************************************************************/
+
+static
+uint64_t camellia_p(uint64_t d){
+ uint64_t z=0;
+ #define D ((uint8_t*)(&d))
+ #define Z ((uint8_t*)(&z))
+/*
+ Z[0] = D[4] ^ D[3] ^ D[1];
+ Z[1] = D[5] ^ D[0] ^ D[2];
+ Z[2] = D[6] ^ D[1] ^ D[3];
+ Z[3] = D[7] ^ D[2] ^ D[0];
+ Z[4] = D[0] ^ D[6] ^ D[5];
+ Z[5] = D[1] ^ D[7] ^ D[6];
+ Z[6] = D[2] ^ D[4] ^ D[7];
+ Z[7] = D[3] ^ D[5] ^ D[4];
+*/
+// Z[7] = z1 z3 z4 z6 z7 z8
+// cli_putstr("\n\r P von "); cli_hexdump(&(d), 8);
+
+ Z[7] = D[7] ^ D[5] ^ D[4] ^ D[2] ^ D[1] ^ D[0];
+ Z[6] = D[7] ^ D[6] ^ D[4] ^ D[3] ^ D[1] ^ D[0];
+ Z[5] = D[7] ^ D[6] ^ D[5] ^ D[3] ^ D[2] ^ D[0];
+ Z[4] = D[6] ^ D[5] ^ D[4] ^ D[3] ^ D[2] ^ D[1] ;
+ Z[3] = D[7] ^ D[6] ^ D[2] ^ D[1] ^ D[0];
+ Z[2] = D[6] ^ D[5] ^ D[3] ^ D[1] ^ D[0];
+ Z[1] = D[5] ^ D[4] ^ D[3] ^ D[2] ^ D[0];
+ Z[0] = D[7] ^ D[4] ^ D[3] ^ D[2] ^ D[1] ;
+
+// cli_putstr(" ist "); cli_hexdump(&(z), 8);
+
+ #undef Z
+ #undef D
+ return z;
+}
+
+/*****************************************************************************/
+
+static
+uint64_t camellia_f(uint64_t x, uint64_t k){
+ uint64_t y;
+ y = camellia_p(camellia_s(x ^ k));
+ return y;
+}
+
+/*****************************************************************************/
+
+static
+uint64_t camellia_fl(uint64_t x, uint64_t k){
+// uint64_t lx, lk, y;
+ uint32_t lx[2], lk[2], yr, yl;
+ lx[0]=(uint32_t)x;
+ lx[1]=(uint32_t)(x>>32);
+ lk[0]=(uint32_t)k;
+ lk[1]=(uint32_t)(k>>32);
+ #define Y ((uint32_t*)y)
+ #define X ((uint32_t*)lx)
+ #define K ((uint32_t*)lk)
+
+ yr = rol32((X[1]) & (K[1]) ,1) ^ (X[0]); /* Yr */
+ yl = (yr | K[0]) ^ (X[1]); /* Yl */
+
+/*
+ cli_putstr("\r\nFL(");
+ cli_hexdump(&(x), 8);
+ cli_putstr(", ");
+ cli_hexdump(&(k), 8);
+ cli_putstr(") = ");
+ cli_hexdump(y, 8);
+*/
+ #undef K
+ #undef X
+ #undef Y
+ return (((uint64_t)yl)<<32 | yr);
+}
+
+/*****************************************************************************/
+
+static
+uint64_t camellia_fl_inv(uint64_t y, uint64_t k){
+//volatile uint32_t xl, xr;
+ uint32_t ly[2], lk[2], x[2];
+ ly[0]=(uint32_t)y;
+ ly[1]=(uint32_t)(y>>32);
+ lk[0]=(uint32_t)k;
+ lk[1]=(uint32_t)(k>>32);
+ #define Y ((uint32_t*)ly)
+ #define X ((uint32_t*)x)
+ #define K ((uint32_t*)lk)
+
+ X[1]=(Y[0] | K[0]) ^ Y[1];
+ X[0]=rol32((X[1] & K[1]),1) ^ Y[0];
+
+/*
+ cli_putstr("\r\nFL_inv(");
+ cli_hexdump(&(y), 8);
+ cli_putstr(", ");
+ cli_hexdump(&(k), 8);
+ cli_putstr(") = ");
+*/
+ #undef K
+ #undef X
+ #undef Y
+ return ((uint64_t)(x[1]))<<32 | x[0];
+}
+
+/*****************************************************************************/
+
+static
+const uint64_t camellia_sigma_table[6] = {
+ 0xA09E667F3BCC908BLL,
+ 0xB67AE8584CAA73B2LL,
+ 0xC6EF372FE94F82BELL,
+ 0x54FF53A5F1D36F1CLL,
+ 0x10E527FADE682D1DLL,
+ 0xB05688C2B3E6C1FDLL
+};
+
+/*****************************************************************************/
+#if 0
+void camellia128_ctx_dump(camellia128_ctx_t *s){
+ cli_putstr("\r\n==State Dump==");
+ cli_putstr("\n\rKAl: "); cli_hexdump(&(s->kal), 8);
+ cli_putstr("\n\rKAr: "); cli_hexdump(&(s->kar), 8);
+ cli_putstr("\n\rKLl: "); cli_hexdump(&(s->kll), 8);
+ cli_putstr("\n\rKLr: "); cli_hexdump(&(s->klr), 8);
+ return;
+}
+#endif
+/*****************************************************************************/
+
+void camellia128_init(const void* key, camellia128_ctx_t* s){
+ uint8_t i;
+ s->kll = 0; //((uint64_t*)key)[0];
+
+ /* load the key, endian-adjusted, to kll,klr */
+ for(i=0; i<8; ++i){
+ s->kll <<= 8;
+ s->kll |= *((uint8_t*)key);
+ key = (uint8_t*)key+1;
+ }
+ for(i=0; i<8; ++i){
+ s->klr <<= 8;
+ s->klr |= *((uint8_t*)key);
+ key = (uint8_t*)key+1;
+ }
+
+ s->kal = s->kll;
+ s->kar = s->klr;
+
+ s->kar ^= camellia_f(s->kal, camellia_sigma_table[0]);
+ s->kal ^= camellia_f(s->kar, camellia_sigma_table[1]);
+
+ s->kal ^= s->kll;
+ s->kar ^= s->klr;
+
+ s->kar ^= camellia_f(s->kal, camellia_sigma_table[2]);
+ s->kal ^= camellia_f(s->kar, camellia_sigma_table[3]);
+ /**/
+// cli_putstr("\n\r----------------init finished--------------------");
+}
+
+/*****************************************************************************/
+
+static
+void camellia128_keyop(camellia128_ctx_t* s, int8_t q){
+ /* first we do 16 bit left-rols for kl and ka (128bit each) */
+ uint32_t temp;
+
+ temp = (s->kal)>>(64-16-q);
+ s->kal = s->kal<<(16+q) | s->kar>>(64-16-q);
+ s->kar = s->kar<<(16+q) | temp;
+
+ temp = (s->kll)>>(64-16-q);
+ s->kll = s->kll<<(16+q) | s->klr>>(64-16-q);
+ s->klr = s->klr<<(16+q) | temp;
+ /* after doing the 16-bit rol we have to rol 1 bit left or rigth depending on q */
+}
+
+/*****************************************************************************/
+
+static
+void camellia128_keyop_inv(camellia128_ctx_t* s, int8_t q){
+ /* first we do 16 bit right-rols for kl and ka (128bit each) */
+ uint32_t temp;
+
+ temp = (s->kar)&(0xffffff>>(24-16-q));
+ s->kar = s->kar>>(16+q) | s->kal<<(64-16-q);
+ s->kal = s->kal>>(16+q) | ((uint64_t)temp)<<(64-16-q);
+
+ temp = (s->klr)&(0xffffff>>(24-16-q));
+ s->klr = s->klr>>(16+q) | s->kll<<(64-16-q);
+ s->kll = s->kll>>(16+q) | ((uint64_t)temp)<<(64-16-q);
+ /* after doing the 16-bit rol we have to rol 1 bit left or rigth depending on q */
+}
+
+/*****************************************************************************/
+
+#define SEL_KA 1
+#define SEL_KL 0
+
+#define KEY_POSTC1 0x00
+#define KEY_POSTC2 0x01
+#define KEY_INC2 0x02
+
+#define KEY_DIR 0x04
+#define KEY_DIR_NORM 0x00
+#define KEY_DIR_INV 0x04
+
+#define KEY_AMMOUNT 0x08
+#define KEY_ROL17 0x08
+#define KEY_ROL15 0x00
+
+static
+void camellia_6rounds(const camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, uint8_t roundop, uint8_t keychoice){
+ uint8_t i;
+ uint64_t* k[4];
+ k[0] = &(((camellia128_ctx_t*)s)->kll);
+ k[1] = &(((camellia128_ctx_t*)s)->klr);
+ k[2] = &(((camellia128_ctx_t*)s)->kal);
+ k[3] = &(((camellia128_ctx_t*)s)->kar);
+ for(i=0; i<3; ++i){ /* each cycle */
+ br[0] ^= camellia_f(bl[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?1:0)]));
+ keychoice >>= 1;
+
+ if((i == 1) && (roundop&KEY_INC2)){
+ ((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(((camellia128_ctx_t*)s),(roundop&KEY_AMMOUNT)?1:-1);
+ }
+
+ bl[0] ^= camellia_f(br[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?0:1)]));
+ keychoice >>= 1;
+
+ /* check if we should do some keyop */
+ if((i == (roundop&1)) && (!(roundop&KEY_INC2)) ){
+ ((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(((camellia128_ctx_t*)s),(roundop&KEY_AMMOUNT)?1:-1);
+ /* isn't it fuckin nice what we can do in C?! */
+ }
+ }
+}
+
+/*****************************************************************************/
+
+static
+void change_endian(void* data, uint8_t length){
+ uint8_t i,a;
+ for(i=0; i<length/2; ++i){
+ a = ((uint8_t*)data)[i];
+ ((uint8_t*)data)[i] = ((uint8_t*)data)[length-i-1];
+ ((uint8_t*)data)[length-i-1] = a;
+ }
+}
+
+/*****************************************************************************/
+
+void camellia128_enc(void* block, const camellia128_ctx_t* s){
+
+ #define BL (((uint64_t*)block)[0])
+ #define BR (((uint64_t*)block)[1])
+ /* endian adjustment */
+ /*BL*/
+ /* 1 2 3 4 5 6 7 8
+ * 8 7 6 5 4 3 2 1
+ */
+
+ uint64_t temp64;
+
+ change_endian(&BL, 64/8);
+ change_endian(&BR, 64/8);
+
+ /* Prewhitening */
+ BL ^= s->kll;
+ BR ^= s->klr;
+
+ /* the first 6 */
+ camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_POSTC1 , 0x33);
+ /* FL injection */
+ camellia128_keyop((camellia128_ctx_t*)s, -1);
+ BL = camellia_fl(BL, s->kal);
+ BR = camellia_fl_inv(BR, s->kar);
+ camellia128_keyop((camellia128_ctx_t*)s, -1);
+ /* middle 6 */
+ camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_INC2 , 0x34);
+ /* FL injection */
+ camellia128_keyop((camellia128_ctx_t*)s, 1);
+ BL = camellia_fl(BL, s->kll);
+ BR = camellia_fl_inv(BR, s->klr);
+ camellia128_keyop((camellia128_ctx_t*)s, 1);
+ /* last 6 */
+ camellia_6rounds(s, &BL, &BR, KEY_ROL17 | KEY_DIR_NORM | KEY_POSTC2 , 0x0C);
+ /* Postwhitening */
+ BR ^= s->kal;
+ BL ^= s->kar;
+
+ temp64 = BR;
+ BR = BL;
+ BL = temp64;
+
+ camellia128_keyop((camellia128_ctx_t*)s,1);
+
+ change_endian(&BL, 64/8);
+ change_endian(&BR, 64/8);
+
+ #undef BL
+ #undef BR
+}
+
+/*****************************************************************************/
+
+void camellia128_dec(void* block, const camellia128_ctx_t* s){
+
+ #define BL (((uint64_t*)block)[1])
+ #define BR (((uint64_t*)block)[0])
+ /* endian adjustment */
+ /*BL*/
+ /* 1 2 3 4 5 6 7 8
+ * 8 7 6 5 4 3 2 1
+ */
+
+ uint64_t temp64;
+ change_endian(&BL, 64/8);
+ change_endian(&BR, 64/8);
+
+ camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
+ /* Prewhitening */
+ BR ^= s->kal; /* kw3 */
+ BL ^= s->kar; /* kw4 */
+ /* the first 6 */
+ camellia_6rounds(s, &BR, &BL, KEY_ROL17 | KEY_DIR_INV | KEY_POSTC1 , 0x0C);
+ /* FL injection */
+ camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
+ BR = camellia_fl(BR, s->klr);
+ BL = camellia_fl_inv(BL, s->kll);
+ camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
+ /* middle 6 */
+ camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_INC2 , 0x0B);
+ /* FL injection */
+ camellia128_keyop_inv((camellia128_ctx_t*)s, -1);
+ BR = camellia_fl(BR, s->kar);
+ BL = camellia_fl_inv(BL, s->kal);
+ camellia128_keyop_inv((camellia128_ctx_t*)s, -1);
+ /* last 6 */
+ camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_POSTC2 , 0x33);
+
+ /* Postwhitening */
+ BL ^= s->kll; /* kw1 */
+ BR ^= s->klr; /* kw2 */
+
+ temp64 = BR;
+ BR = BL;
+ BL = temp64;
+
+ change_endian(&BL, 64/8);
+ change_endian(&BR, 64/8);
+
+}
+
+
+
+/*****************************************************************************/
+/*****************************************************************************/
+
+
+
+/* EOF */
--- /dev/null
+/* dsa.h */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef DSA_H_
+#define DSA_H_
+
+#include <stdint.h>
+#include "hfal-basic.h"
+#include "bigint.h"
+
+typedef struct{
+ bigint_t p;
+ bigint_t q;
+ bigint_t g;
+} dsa_domainparameters_t;
+
+typedef bigint_t dsa_pubkey_t;
+typedef bigint_t dsa_privkey_t;
+typedef struct{
+ bigint_t r;
+ bigint_t s;
+} dsa_signature_t;
+
+typedef struct{
+ dsa_privkey_t priv;
+ dsa_pubkey_t pub;
+ dsa_domainparameters_t domain;
+} dsa_ctx_t;
+
+#define DSA_SIGNATURE_OK 1
+#define DSA_SIGNATURE_FAIL 0
+
+uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m,
+ const dsa_ctx_t* ctx, const bigint_t* k);
+uint8_t dsa_sign_message(dsa_signature_t* s, const void* m, uint16_t m_len_b,
+ const hfdesc_t* hash_desc, const dsa_ctx_t* ctx,
+ uint8_t(*rand_in)(void));
+uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m,
+ const dsa_ctx_t* ctx);
+uint8_t dsa_verify_message(const dsa_signature_t* s, const void* m, uint16_t m_len_b,
+ const hfdesc_t* hash_desc, const dsa_ctx_t* ctx);
+
+#endif /* DSA_H_ */
--- /dev/null
+/* dsa_key_blob.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include "cli.h"
+#include "dsa.h"
+#include "bigint.h"
+
+
+#define DSA_KEY_BLOB_SIZE 1024
+
+#if DSA_KEY_BLOB_SIZE == 512
+
+#define PRIV_LEN_B (20)
+#define PUB_LEN_B (8*8)
+#define P_LEN_B (8*8)
+#define Q_LEN_B (20)
+#define G_LEN_B (8*8)
+#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B)
+
+
+static const uint8_t dsa_key_blob[] = {
+
+// priv:
+ 0xac, 0xe6, 0xef, 0x99, 0x08, 0xe8, 0x5f, 0xc8,
+ 0xc7, 0x51, 0x97, 0x99, 0xf4, 0xd3, 0x00, 0x0f,
+ 0x49, 0x72, 0xee, 0x46,
+// pub:
+ 0x18, 0x02, 0x53, 0x09, 0x61, 0xad, 0x0b, 0x9d,
+ 0x44, 0x80, 0x8d, 0xb4, 0x52, 0xdc, 0xb5, 0xf2,
+ 0x11, 0x20, 0x41, 0xc7, 0xd9, 0x7c, 0x7c, 0x6c,
+ 0xa0, 0x9e, 0xca, 0x0d, 0xff, 0x28, 0x3c, 0x64,
+ 0xfa, 0x92, 0xbb, 0x2c, 0xe9, 0x9b, 0x10, 0x94,
+ 0xa5, 0x8d, 0x03, 0x50, 0xa5, 0x59, 0xd4, 0x3f,
+ 0x57, 0x78, 0x8d, 0xcf, 0x0a, 0x99, 0x5d, 0xa3,
+ 0x2e, 0x80, 0xfa, 0x99, 0x44, 0x73, 0x6d, 0x9a,
+// P:
+ 0x9f, 0x2d, 0xc8, 0x3c, 0x34, 0xf9, 0xa1, 0xbc,
+ 0x6a, 0xa7, 0x49, 0x17, 0xd3, 0x82, 0xa2, 0xe2,
+ 0x25, 0x31, 0xc4, 0x3d, 0x1a, 0x3f, 0x0f, 0x8a,
+ 0x8b, 0x84, 0x3c, 0x6c, 0x9c, 0xdd, 0x42, 0xd9,
+ 0x1a, 0x22, 0xf2, 0x55, 0x98, 0xee, 0x7d, 0x98,
+ 0x9c, 0x9a, 0x91, 0x42, 0x5f, 0x4f, 0xa8, 0x32,
+ 0xa0, 0xb0, 0x0f, 0x79, 0xe2, 0x76, 0x08, 0x78,
+ 0x6e, 0xba, 0xf7, 0x74, 0x43, 0x4a, 0xf2, 0xdf,
+// Q:
+ 0xdb, 0x30, 0x69, 0xe6, 0x59, 0x77, 0xee, 0x38,
+ 0xea, 0xf7, 0xcc, 0x18, 0x83, 0xcf, 0xb4, 0x21,
+ 0xbc, 0xcf, 0x9a, 0x77,
+// G:
+ 0x73, 0x90, 0x27, 0x68, 0xe7, 0xe9, 0x3a, 0x45,
+ 0x6f, 0x7f, 0x95, 0xca, 0x9b, 0xfd, 0x33, 0x75,
+ 0x75, 0xff, 0x0f, 0xe7, 0x69, 0xfd, 0xb7, 0x07,
+ 0x0f, 0x6c, 0x3a, 0xec, 0x47, 0x82, 0x78, 0xb2,
+ 0xb3, 0x0b, 0x7f, 0x11, 0x9d, 0x34, 0x3e, 0xff,
+ 0xb8, 0x09, 0x42, 0x82, 0x81, 0x21, 0xad, 0x2b,
+ 0x51, 0x20, 0xec, 0x9e, 0xf8, 0x15, 0xaa, 0x3d,
+ 0x5f, 0x29, 0x2d, 0xb5, 0xc5, 0x64, 0x53, 0x2d
+};
+
+#endif
+
+#if DSA_KEY_BLOB_SIZE == 1024
+
+#define PRIV_LEN_B (20)
+#define PUB_LEN_B (16*8)
+#define P_LEN_B (16*8)
+#define Q_LEN_B (20)
+#define G_LEN_B (16*8)
+#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B)
+
+static const uint8_t dsa_key_blob[] = {
+ // priv:
+// 0x00, 0x00, 0x00, 0x00,
+ 0x03, 0xad, 0x17, 0x81, 0x0f, 0x70, 0x7f, 0x89,
+ 0xa2, 0x0a, 0x70, 0x1c, 0x3b, 0x24, 0xff, 0xd2,
+ 0x39, 0x93, 0xd7, 0x8d,
+ // pub:
+ 0x42, 0x1c, 0xb2, 0x03, 0xe5, 0xc6, 0x69, 0x81,
+ 0x1e, 0x35, 0x85, 0x86, 0xd7, 0x94, 0xd2, 0x1f,
+ 0x77, 0x05, 0x2f, 0xcc, 0xa5, 0x69, 0x46, 0x8f,
+ 0xe1, 0x9f, 0x82, 0xf6, 0x24, 0x2c, 0x64, 0x1b,
+ 0x29, 0x63, 0xd5, 0xb3, 0x32, 0xdc, 0xd9, 0x5a,
+ 0x4e, 0x92, 0xd9, 0x69, 0xcc, 0x51, 0x81, 0xc2,
+ 0xa3, 0x7e, 0xd7, 0xf8, 0x72, 0x1f, 0x8d, 0xd4,
+ 0xe8, 0x59, 0xb0, 0xaa, 0xdd, 0xa0, 0x73, 0xe6,
+ 0xc4, 0x50, 0x7f, 0x4c, 0x7c, 0xde, 0x35, 0x27,
+ 0x49, 0x36, 0x23, 0x36, 0xe4, 0x90, 0x54, 0x24,
+ 0x45, 0x99, 0xa3, 0x10, 0xc3, 0x59, 0x2f, 0x61,
+ 0xff, 0x75, 0xf0, 0x51, 0x1d, 0xa0, 0x8f, 0x69,
+ 0xc1, 0x1e, 0x3e, 0x65, 0xaf, 0x82, 0x9e, 0xa9,
+ 0x91, 0x17, 0x04, 0x7c, 0x56, 0xd1, 0x68, 0x8a,
+ 0x4b, 0xc9, 0x48, 0x92, 0xaf, 0x72, 0xca, 0xbf,
+ 0xf2, 0x2b, 0x9e, 0x42, 0x92, 0x46, 0x19, 0x64,
+ // P:
+ 0x97, 0x40, 0xda, 0x05, 0x19, 0x77, 0xb7, 0x17,
+ 0x4b, 0x7d, 0xc0, 0x5b, 0x81, 0xdd, 0xcc, 0x0b,
+ 0x86, 0xe0, 0x3c, 0x4d, 0xab, 0x3d, 0x43, 0xe4,
+ 0xe3, 0x5f, 0xf3, 0x56, 0xcd, 0x5c, 0xf2, 0x85,
+ 0x00, 0x45, 0x3c, 0xba, 0xf0, 0x56, 0xb3, 0x8b,
+ 0x29, 0xc3, 0x55, 0x7b, 0xb6, 0xfb, 0x68, 0xca,
+ 0x35, 0xe5, 0x0e, 0x46, 0xd6, 0xff, 0xc9, 0xbd,
+ 0x08, 0x71, 0x65, 0x3b, 0xf7, 0xab, 0xb1, 0x96,
+ 0x9b, 0x70, 0xdc, 0x8e, 0xf3, 0x02, 0xa4, 0x0f,
+ 0xc6, 0xcd, 0x70, 0xe5, 0xeb, 0xd3, 0x07, 0xb5,
+ 0x7d, 0x40, 0x8c, 0xfd, 0x33, 0x45, 0x8f, 0x9c,
+ 0x7f, 0xa1, 0x69, 0xcb, 0xe6, 0x73, 0x1d, 0x37,
+ 0xc7, 0x5f, 0x18, 0x57, 0x38, 0x96, 0x46, 0x24,
+ 0xad, 0xa6, 0x59, 0x3d, 0x7a, 0x74, 0x6e, 0x88,
+ 0x57, 0x18, 0x86, 0x7b, 0x07, 0x79, 0x52, 0xdd,
+ 0xbc, 0xa7, 0x40, 0x88, 0xa6, 0x66, 0x50, 0x49,
+ // Q:
+// 0x00, 0x00, 0x00, 0x00,
+ 0xb4, 0x6d, 0x89, 0x7a, 0x72, 0xdb, 0x8c, 0x92,
+ 0x60, 0xf9, 0x95, 0x47, 0x81, 0x57, 0xe8, 0x6b,
+ 0xb4, 0xf9, 0xde, 0x51,
+ // G:
+ 0x76, 0x1e, 0x1b, 0xd2, 0x5c, 0x5f, 0x92, 0x96,
+ 0x42, 0x18, 0xba, 0x8d, 0xe1, 0x24, 0x12, 0x24,
+ 0x6f, 0x3f, 0xb8, 0x05, 0xf9, 0x72, 0x74, 0xfa,
+ 0xef, 0xc3, 0x1e, 0xd5, 0xa5, 0x93, 0x28, 0x07,
+ 0xc0, 0x7b, 0x47, 0xef, 0x15, 0x13, 0x68, 0x18,
+ 0xfb, 0x0d, 0x69, 0xea, 0xcc, 0x5a, 0x43, 0x08,
+ 0x75, 0xec, 0xe4, 0x5e, 0x8e, 0xa9, 0x61, 0xe1,
+ 0xcd, 0x27, 0x8c, 0x55, 0xc9, 0x42, 0x11, 0x11,
+ 0x7f, 0x20, 0x4d, 0x70, 0x34, 0x49, 0x00, 0x8c,
+ 0x79, 0x95, 0x79, 0x0b, 0xfd, 0x8d, 0xda, 0xe3,
+ 0x0c, 0x27, 0x7a, 0x35, 0xe5, 0x35, 0xc9, 0x73,
+ 0x31, 0xaa, 0xed, 0xbe, 0x81, 0x89, 0x67, 0x06,
+ 0xf6, 0x97, 0x0d, 0x44, 0x07, 0xac, 0x09, 0xac,
+ 0x44, 0xf3, 0xc6, 0x8b, 0x30, 0x4c, 0x76, 0x0b,
+ 0x55, 0x74, 0x10, 0x06, 0xda, 0xd4, 0x3d, 0x96,
+ 0x7e, 0xc3, 0xf8, 0x22, 0x9c, 0x71, 0x1d, 0x9c
+};
+#endif
+
+#if DSA_KEY_BLOB_2048
+
+#define PRIV_LEN_B (20)
+#define PUB_LEN_B (32*8)
+#define P_LEN_B (32*8)
+#define Q_LEN_B (20)
+#define G_LEN_B (32*8)
+#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B)
+
+static const uint8_t dsa_key_blob[] = {
+/* priv: */
+ 0x1d, 0xe4, 0x81, 0x02, 0x52, 0x6b, 0x2b, 0x0e,
+ 0x98, 0x08, 0xc8, 0xb9, 0x81, 0x40, 0xd1, 0x1e,
+ 0x86, 0x69, 0x0d, 0xa9,
+/* pub: */
+ 0x70, 0xc4, 0x44, 0x28, 0x91, 0x77, 0x2b, 0x09,
+ 0xde, 0xe8, 0x66, 0x0b, 0xa5, 0xc8, 0x05, 0xb4,
+ 0x0a, 0x2d, 0x4f, 0x45, 0x8e, 0x0c, 0x8c, 0x38,
+ 0x61, 0xf3, 0x77, 0x05, 0x64, 0xf7, 0xe6, 0xe9,
+ 0x0b, 0x1f, 0x9b, 0x9f, 0x1f, 0xa1, 0x7e, 0x8f,
+ 0x5b, 0x14, 0x70, 0x1d, 0x4d, 0x1c, 0xdc, 0x9d,
+ 0xe0, 0x0a, 0xc4, 0x7b, 0x70, 0xfd, 0xef, 0xe6,
+ 0x20, 0x2d, 0x17, 0x13, 0xd7, 0x1c, 0xc0, 0xbb,
+ 0x5b, 0xce, 0x84, 0x6a, 0xa5, 0x4e, 0x27, 0x1c,
+ 0x9e, 0xaa, 0xb2, 0xdc, 0xc1, 0xec, 0x74, 0x93,
+ 0x67, 0xdb, 0xe1, 0xaa, 0x5a, 0x86, 0x1d, 0x8a,
+ 0xa9, 0x28, 0x7e, 0xfc, 0xd5, 0x72, 0x94, 0x6c,
+ 0x1d, 0x71, 0x85, 0x92, 0xa7, 0x6e, 0x84, 0x4f,
+ 0x27, 0xf3, 0x7e, 0x04, 0x7d, 0xf2, 0x7c, 0x07,
+ 0xa0, 0x7d, 0x02, 0x7c, 0x30, 0x70, 0xb5, 0x87,
+ 0xc3, 0xf0, 0xc2, 0x0c, 0xdb, 0x26, 0x72, 0x33,
+ 0x20, 0xca, 0xf0, 0x8b, 0x05, 0x20, 0x70, 0x98,
+ 0x65, 0x03, 0xd7, 0xd4, 0x47, 0xf0, 0xb2, 0x6e,
+ 0x2a, 0xbe, 0xcc, 0x83, 0x0d, 0xab, 0x60, 0x61,
+ 0x26, 0x7b, 0xaf, 0xae, 0x18, 0x9e, 0x20, 0xeb,
+ 0x12, 0x31, 0x18, 0x2e, 0x73, 0xca, 0xd4, 0x5e,
+ 0x66, 0x74, 0x61, 0x07, 0x9b, 0x20, 0x68, 0x12,
+ 0x88, 0xb1, 0xc5, 0x0f, 0x85, 0x9b, 0x45, 0x40,
+ 0x7d, 0x76, 0x62, 0x73, 0xba, 0x41, 0x7b, 0xaf,
+ 0xc7, 0xb9, 0x19, 0x7a, 0xd0, 0x55, 0xe6, 0xfd,
+ 0xb5, 0xb9, 0xc4, 0x1b, 0x22, 0x47, 0x8f, 0x7b,
+ 0xd7, 0x75, 0xe8, 0x7f, 0x01, 0xa2, 0x9b, 0x79,
+ 0xde, 0xea, 0x55, 0x3c, 0x61, 0x4d, 0xcd, 0xce,
+ 0x89, 0x8c, 0x76, 0x62, 0x12, 0x4d, 0xd4, 0x47,
+ 0x03, 0x0e, 0xe8, 0xe2, 0xb8, 0xda, 0xca, 0x20,
+ 0xb3, 0x64, 0xb6, 0x07, 0x06, 0x1b, 0xcb, 0x91,
+ 0x51, 0x2c, 0x2e, 0xfa, 0xe1, 0xee, 0x1e, 0x78,
+/* P: */
+ 0x8d, 0x09, 0x00, 0x56, 0x63, 0x39, 0x42, 0x8d,
+ 0x15, 0xd5, 0x1d, 0x86, 0x10, 0xde, 0xc7, 0xf4,
+ 0x07, 0xe5, 0x81, 0xbe, 0x67, 0xee, 0xc5, 0x33,
+ 0xd3, 0x41, 0x1b, 0xba, 0xd8, 0xa6, 0x61, 0x49,
+ 0x2d, 0x66, 0xcf, 0x60, 0x9f, 0x52, 0x60, 0x6e,
+ 0x0a, 0x16, 0xdc, 0x0b, 0x24, 0x1b, 0x62, 0x32,
+ 0xc4, 0xab, 0x52, 0x17, 0xbf, 0xc5, 0xa2, 0x2a,
+ 0xa4, 0x5e, 0x8c, 0xff, 0x97, 0x45, 0x51, 0xd9,
+ 0xc3, 0xf2, 0x32, 0x4a, 0xb9, 0x08, 0xc1, 0x6a,
+ 0x7b, 0x82, 0x93, 0x2a, 0x60, 0x29, 0x55, 0x1a,
+ 0x36, 0x1f, 0x05, 0x4f, 0xf1, 0x43, 0x12, 0xb2,
+ 0x73, 0x4e, 0xf6, 0x37, 0x65, 0x3d, 0x0b, 0x70,
+ 0x08, 0xc7, 0x34, 0x0b, 0x4d, 0xc9, 0x08, 0x70,
+ 0xaf, 0x4b, 0x95, 0x0b, 0x7c, 0x9f, 0xcf, 0xfc,
+ 0x57, 0x94, 0x47, 0x6d, 0xd1, 0xaf, 0xc6, 0x52,
+ 0xd9, 0xe2, 0x05, 0xce, 0xb2, 0xb8, 0x91, 0x6f,
+ 0x5a, 0x77, 0x6b, 0x1b, 0xff, 0x97, 0x8c, 0x5e,
+ 0x33, 0xfc, 0x80, 0x29, 0xdf, 0x83, 0x91, 0x0c,
+ 0x28, 0x1b, 0x00, 0xb4, 0xc9, 0x3e, 0xb7, 0x67,
+ 0xca, 0xab, 0x63, 0xd4, 0x48, 0xfe, 0xd2, 0xfd,
+ 0x65, 0x57, 0x33, 0x25, 0xbd, 0xf1, 0xa5, 0x51,
+ 0x51, 0x50, 0xf6, 0xcf, 0xfa, 0x0d, 0x67, 0x4e,
+ 0x90, 0x08, 0x87, 0x34, 0xf6, 0x33, 0xc9, 0x58,
+ 0xb1, 0x87, 0xf8, 0x5d, 0x73, 0x80, 0xde, 0x51,
+ 0xcd, 0x17, 0x70, 0x3e, 0xa4, 0xa8, 0x4f, 0xda,
+ 0xcd, 0xa2, 0x66, 0x0f, 0x95, 0xa7, 0xc6, 0xf7,
+ 0x12, 0x2e, 0x27, 0x94, 0xa9, 0x26, 0x1b, 0x25,
+ 0x16, 0x18, 0x99, 0x3b, 0x32, 0xaf, 0x71, 0x13,
+ 0x35, 0xda, 0xb8, 0x71, 0x5b, 0x50, 0x7c, 0x7a,
+ 0x9d, 0xcc, 0x0d, 0x95, 0xef, 0x6f, 0x64, 0x3c,
+ 0x28, 0x4b, 0x15, 0xe9, 0xd4, 0xad, 0xcc, 0x56,
+ 0xcb, 0x24, 0xf9, 0x61, 0x79, 0xd7, 0x56, 0xd3,
+/* Q: */
+ 0xf7, 0xdf, 0x85, 0xf5, 0x63, 0x36, 0x63, 0x71,
+ 0x74, 0x34, 0x98, 0x19, 0xff, 0x79, 0xf2, 0xe2,
+ 0x15, 0x75, 0x3c, 0x95,
+/* G: */
+ 0x0c, 0xf6, 0x8b, 0x1a, 0xbe, 0x66, 0x84, 0x98,
+ 0xae, 0xcb, 0xb0, 0xd9, 0x75, 0x75, 0x32, 0x4b,
+ 0xa3, 0xf2, 0x28, 0xa6, 0x6d, 0x13, 0xf2, 0xf3,
+ 0xfd, 0x93, 0x91, 0xb1, 0x21, 0x1e, 0xcc, 0x08,
+ 0x87, 0xce, 0x74, 0xb1, 0xd0, 0x19, 0x50, 0xff,
+ 0xac, 0xef, 0x9f, 0x82, 0xda, 0x75, 0xda, 0x6d,
+ 0x89, 0xf3, 0x0b, 0xdc, 0x27, 0x98, 0x85, 0x01,
+ 0x68, 0xb7, 0xbd, 0x98, 0x83, 0xb1, 0xb0, 0x65,
+ 0x31, 0x71, 0x43, 0x05, 0xa7, 0x76, 0x63, 0xe4,
+ 0x7d, 0x61, 0x53, 0xc7, 0x3e, 0x3b, 0x82, 0x28,
+ 0x65, 0x07, 0xfe, 0x9e, 0xa3, 0x35, 0x2c, 0xdc,
+ 0x9e, 0x05, 0x7c, 0x9a, 0x69, 0xc6, 0x9f, 0xc2,
+ 0x3f, 0x94, 0x6b, 0xad, 0xa4, 0x2b, 0x5d, 0x48,
+ 0x9e, 0x2c, 0xad, 0xd2, 0x89, 0x49, 0xdc, 0xdb,
+ 0x55, 0x49, 0x56, 0xaf, 0xe9, 0x0e, 0x37, 0xe7,
+ 0x1f, 0x42, 0x6a, 0x7c, 0xac, 0xe8, 0x1b, 0xbb,
+ 0x21, 0x82, 0x14, 0x72, 0x17, 0x64, 0xf0, 0x3c,
+ 0x3d, 0xc1, 0x43, 0x27, 0x27, 0x9f, 0xe9, 0x21,
+ 0xf2, 0x2f, 0xf7, 0xfa, 0x3c, 0xed, 0xbf, 0xab,
+ 0xab, 0xb7, 0x3c, 0x6d, 0x1e, 0x85, 0x9f, 0x77,
+ 0x4f, 0x69, 0x09, 0x4e, 0xed, 0x13, 0x84, 0x40,
+ 0x1a, 0xc6, 0xa1, 0xd9, 0x68, 0xb6, 0x18, 0x32,
+ 0x79, 0x25, 0x9e, 0xa6, 0x41, 0x30, 0xd1, 0xc2,
+ 0x7a, 0x8f, 0x0d, 0x46, 0xee, 0xda, 0xb0, 0xbf,
+ 0x64, 0x42, 0x59, 0x7e, 0x22, 0x88, 0xd6, 0x52,
+ 0xec, 0xed, 0xc4, 0x13, 0xb1, 0x7f, 0x5c, 0x77,
+ 0x4c, 0xfd, 0x22, 0x90, 0xd3, 0xe3, 0xa9, 0xc1,
+ 0x0f, 0x25, 0xac, 0xd5, 0x04, 0x84, 0xe6, 0xa8,
+ 0xc7, 0xb4, 0x4f, 0xa2, 0x67, 0xae, 0xaa, 0x92,
+ 0xe9, 0x0a, 0xed, 0x45, 0x5b, 0xf0, 0x1b, 0x69,
+ 0xec, 0xaf, 0x7d, 0xf2, 0x71, 0x25, 0xbf, 0x92,
+ 0xd4, 0xd0, 0x5b, 0xde, 0x5a, 0x2d, 0x18, 0x8e
+};
+#endif
+
+void load_dsa_key_blob(dsa_ctx_t* ctx){
+ if(ctx->priv.wordv){
+ free(ctx->priv.wordv);
+ }
+ ctx->priv.wordv = malloc(ALL_LEN_B);
+ if(ctx->priv.wordv==NULL){
+ cli_putstr("\r\nERROR: OUT OF MEMORY!!!");
+ return;
+ }
+ memcpy(ctx->priv.wordv, dsa_key_blob, ALL_LEN_B);
+ ctx->priv.length_W=(PRIV_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
+ ctx->pub.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B);
+ ctx->pub.length_W = (PUB_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
+ ctx->domain.p.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B);
+ ctx->domain.p.length_W = (P_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
+ ctx->domain.q.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B+P_LEN_B);
+ ctx->domain.q.length_W = (Q_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
+ ctx->domain.g.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B);
+ ctx->domain.g.length_W = (G_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
+
+ bigint_changeendianess(&(ctx->priv));
+ bigint_changeendianess(&(ctx->pub));
+ bigint_changeendianess(&(ctx->domain.p));
+ bigint_changeendianess(&(ctx->domain.q));
+ bigint_changeendianess(&(ctx->domain.g));
+
+ bigint_adjust(&(ctx->priv));
+ bigint_adjust(&(ctx->pub));
+ bigint_adjust(&(ctx->domain.p));
+ bigint_adjust(&(ctx->domain.q));
+ bigint_adjust(&(ctx->domain.g));
+}
--- /dev/null
+/* dsa_key_blob.h */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef DSA_KEY_BLOB_H_
+#define DSA_KEY_BLOB_H_
+
+void load_dsa_key_blob(dsa_ctx_t* ctx);
+
+#endif /* DSA_KEY_BLOB_H_ */
--- /dev/null
+/* dsa_sign.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdint.h>
+#include <string.h>
+#include "bigint.h"
+#include "dsa.h"
+#include "hashfunction_descriptor.h"
+#include "hfal-basic.h"
+
+#define MAX(a,b) (((a)>(b))?(a):(b))
+
+uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m,
+ const dsa_ctx_t* ctx, const bigint_t* k){
+ bigint_t tmp, tmp2;
+ bigint_word_t tmp_b[ctx->domain.p.length_W+5], tmp2_b[ctx->domain.q.length_W+5];
+ tmp.wordv= tmp_b;
+ tmp2.wordv = tmp2_b;
+ bigint_expmod_u(&tmp, &(ctx->domain.g), k, &(ctx->domain.p));
+ bigint_reduce(&tmp, &(ctx->domain.q));
+ bigint_copy(&(s->r), &tmp);
+ bigint_mul_u(&tmp, &tmp, &(ctx->priv));
+ bigint_add_u(&tmp, &tmp, m);
+ bigint_inverse(&tmp2, k, &(ctx->domain.q));
+ bigint_mul_u(&tmp, &tmp, &tmp2);
+ bigint_reduce(&tmp, &(ctx->domain.q));
+ bigint_copy(&(s->s), &tmp);
+
+ if(s->s.length_W==0 || s->r.length_W==0){
+ return 1;
+ }
+
+ return 0;
+}
+
+uint8_t dsa_sign_message(dsa_signature_t* s, const void* m, uint16_t m_len_b,
+ const hfdesc_t* hash_desc, const dsa_ctx_t* ctx,
+ uint8_t(*rand_in)(void)){
+ bigint_t z, k;
+ uint16_t i, n_B = ctx->domain.q.length_W;
+ unsigned hash_length = MAX(n_B,(hfal_hash_getHashsize(hash_desc)+sizeof(bigint_word_t)*8-1)/(sizeof(bigint_word_t)*8));
+ bigint_word_t hash_value[hash_length];
+ bigint_word_t k_b[n_B];
+ memset(hash_value, 0, hash_length*sizeof(bigint_word_t));
+ hfal_hash_mem(hash_desc, hash_value, m, m_len_b);
+ z.wordv = hash_value;
+ z.length_W = n_B;
+ bigint_changeendianess(&z);
+ k.wordv = k_b;
+ k.length_W = n_B;
+ do{
+ for(i=0; i<n_B*sizeof(bigint_word_t); ++i){
+ ((uint8_t*)k_b)[i] = rand_in();
+ }
+ k.length_W = n_B;
+ bigint_adjust(&k);
+ }while(dsa_sign_bigint(s, &z, ctx, &k));
+ return 0;
+}
+
--- /dev/null
+/* dsa_verify.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdint.h>
+#include <string.h>
+#include "bigint.h"
+#include "dsa.h"
+#include "hfal-basic.h"
+
+uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m,
+ const dsa_ctx_t* ctx){
+ if(s->r.length_W==0 || s->s.length_W==0){
+ return DSA_SIGNATURE_FAIL;
+ }
+ if(bigint_cmp_u(&(s->r), &(ctx->domain.q))>=0 || bigint_cmp_u(&(s->s), &(ctx->domain.q))>=0){
+ return DSA_SIGNATURE_FAIL;
+ }
+ bigint_t w, u1, u2, v1, v2;
+ bigint_word_t w_b[ctx->domain.q.length_W], u1_b[ctx->domain.q.length_W*2], u2_b[ctx->domain.q.length_W*2];
+ bigint_word_t v1_b[ctx->domain.p.length_W*2], v2_b[ctx->domain.p.length_W];
+ w.wordv = w_b;
+ u1.wordv = u1_b;
+ u2.wordv = u2_b;
+ v1.wordv = v1_b;
+ v2.wordv = v2_b;
+ bigint_inverse(&w, &(s->s), &(ctx->domain.q));
+ bigint_mul_u(&u1, &w, m);
+ bigint_reduce(&u1, &(ctx->domain.q));
+ bigint_mul_u(&u2, &w, &(s->r));
+ bigint_reduce(&u2, &(ctx->domain.q));
+ bigint_expmod_u(&v1, &(ctx->domain.g), &u1, &(ctx->domain.p));
+ bigint_expmod_u(&v2, &(ctx->pub), &u2, &(ctx->domain.p));
+ bigint_mul_u(&v1, &v1, &v2);
+ bigint_reduce(&v1, &(ctx->domain.p));
+ bigint_reduce(&v1, &(ctx->domain.q));
+ if(bigint_cmp_u(&v1, &(s->r))==0){
+ return DSA_SIGNATURE_OK;
+ }
+ return DSA_SIGNATURE_FAIL;
+}
+
+uint8_t dsa_verify_message(const dsa_signature_t* s, const void* m, uint16_t m_len_b,
+ const hfdesc_t* hash_desc, const dsa_ctx_t* ctx){
+ bigint_t z;
+ uint16_t n_B = ctx->domain.q.length_W;
+ unsigned hash_length = (hfal_hash_getHashsize(hash_desc)+sizeof(bigint_word_t)*8-1)/(sizeof(bigint_word_t)*8);
+ bigint_word_t hash_value[hash_length];
+ memset(hash_value, 0, hash_length*sizeof(bigint_word_t));
+ hfal_hash_mem(hash_desc, hash_value, m, m_len_b);
+ z.wordv = hash_value;
+ z.length_W = n_B;
+ bigint_changeendianess(&z);
+ bigint_adjust(&z);
+ return dsa_verify_bigint(s, &z, ctx);
+}
+
+
+
+
+
+
+
--- /dev/null
+/* entropium.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file entropium.c
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2006-05-17
+ * \license GPLv3 or later
+ * \brief This file contains an implementaition of a pseudo-random-number generator.
+ *
+ * Extension 1:
+ * rndCore is expanded to 512 bits for more security.
+ *
+ \verbatim
+ ################################################################################################
+ # #
+ # +---------------------------+ #
+ # | | #
+ # V | #
+ # (concat) | #
+ +---------------+ # o---------o (xor)+---------+ o---------o o----o o---------o # +--------------+
+ | entropy Block | -----> | sha-256 | --(offset)-< | rndCore | ---> | sha-256 | --+----| +1 |---> | sha-256 | -----> | random Block |
+ +---------------+ # o---------o (xor)+---------+ o---------o | o----o o---------o # +--------------+
+ # (xor) (xor) | #
+ # ^ ^ | #
+ # \ / | #
+ # (offset)---------------------+ #
+ # #
+ ################################################################################################
+ \endverbatim
+ */
+
+#include <inttypes.h>
+#include <string.h>
+#include "sha256.h"
+#include "entropium.h"
+
+#include <stdio.h>
+
+/**
+ * \brief secret entropy pool.
+ * This is the core of the random which is generated
+ */
+static
+uint32_t rndCore[16];
+
+/*************************************************************************/
+
+/* idea is: hash the message and add it via xor to rndCore
+ *
+ * length in bits
+ *
+ * we simply first "hash" rndCore, then entropy.
+ */
+void entropium_addEntropy(unsigned length_b, const void* data){
+ sha256_ctx_t s;
+ static uint8_t offset=0; /* selects if higher or lower half gets updated */
+ sha256_init(&s);
+ sha256_nextBlock(&s, rndCore);
+ while (length_b>=512){
+ sha256_nextBlock(&s, data);
+ data = (uint8_t*)data+ 512/8;
+ length_b -= 512;
+ }
+ sha256_lastBlock(&s, data, length_b);
+ uint8_t i;
+ for (i=0; i<8; ++i){
+ rndCore[i+offset] ^= s.h[i];
+ }
+ offset ^= 8; /* hehe */
+}
+
+/*************************************************************************/
+
+void entropium_getRandomBlock(void *b){
+ sha256_ctx_t s;
+ uint8_t offset=8;
+
+ sha256_init(&s);
+ sha256_lastBlock(&s, rndCore, 512); /* remember the byte order! */
+ uint8_t i;
+ for (i=0; i<8; ++i){
+ rndCore[i+offset] ^= s.h[i];
+ }
+ offset ^= 8; /* hehe */
+ memcpy(b, s.h, 32); /* back up first hash in b */
+ ((uint8_t*)b)[*((uint8_t*)b)&31]++; /* the important increment step */
+ sha256_init(&s);
+ sha256_lastBlock(&s, b, 256);
+ memcpy(b, s.h, 32);
+}
+
+/*************************************************************************/
+
+
+uint8_t entropium_getRandomByte(void){
+ static uint8_t block[32];
+ static uint8_t i = 0;
+
+ if(i == 0){
+ entropium_getRandomBlock((void*)block);
+ i = 32;
+ }
+ return block[--i];
+}
+
+void entropium_fillBlockRandom(void* block, unsigned length_B){
+ while(length_B>ENTROPIUM_RANDOMBLOCK_SIZE){
+ entropium_getRandomBlock(block);
+ block = (uint8_t*)block + ENTROPIUM_RANDOMBLOCK_SIZE;
+ length_B -= ENTROPIUM_RANDOMBLOCK_SIZE;
+ }
+ while(length_B){
+ *((uint8_t*)block) = entropium_getRandomByte();
+ block= (uint8_t*)block +1; --length_B;
+ }
+}
+
+
--- /dev/null
+/* entropium.h */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * File: entropium.h
+ * Author: Daniel Otte
+ * Date: 23.07.2006
+ * License: GPL
+ * Description: This file contains the declarations for the pseudo-random-number generator.
+ **/
+
+/**
+ * \file entropium.h
+ * \author Daniel Otte
+ * \date 23.07.2006
+ * \license GPLv3 or later
+ * \brief This file contains the declarations for the pseudo-random-number generator.
+ **/
+
+
+#ifndef ENTROPIUM_H_
+#define ENTROPIUM_H_
+
+#include <stdint.h>
+/*
+ * length in bits
+ */
+#define ENTROPIUM_RANDOMBLOCK_SIZE 32 /* bytes */
+
+/** \fn void entropium_addEntropy(unsigned length_b, const void* data)
+ * \brief add entropy to the prng
+ *
+ * This function adds data to the internal entropy pool
+ * \param length_b length of the data block in bits
+ * \param data pointer to the data
+ */
+void entropium_addEntropy(unsigned length_b, const void* data);
+
+/** \fn void entropium_getRandomBlock(void* b)
+ * \brief generate a fixed size block of random data
+ *
+ * This function writes 32 bytes of random extracted from the entropy pool
+ * in the supplied buffer.
+ * \param b buffer where the random data gets written
+ */
+void entropium_getRandomBlock(void* b);
+
+/** \fn uint8_t entropium_getRandomByte(void)
+ * \brief get a single byte of random data
+ *
+ * This function utilizes a internal buffer which gets automatically filled
+ * again.
+ * \return a byte of random data
+ */
+uint8_t entropium_getRandomByte(void);
+
+/** \fn void entropium_fillBlockRandom(void* block, unsigned length_B)
+ * \brief get a block of random data
+ *
+ * This function writes random data extracted from the entropy pool in the
+ * supplied buffer. It shares a internal buffer with the
+ * entropium_getRandomByte() function.
+ * \param block pointer to the buffer where the random data goes
+ * \param length_B number of bytes to be written to the buffer
+ */
+void entropium_fillBlockRandom(void* block, unsigned length_B);
+
+#endif /*PRNG_H_*/
--- /dev/null
+/* hmac-md5.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ *
+ * implementation of HMAC as described in RFC2104
+ * Author: Daniel Otte
+ * email: daniel.otte@rub.de
+ * License: GPLv3 or later
+ **/
+
+/*
+ * hmac = hash ( k^opad , hash( k^ipad , msg))
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include "config.h"
+#include "md5.h"
+#include "hmac-md5.h"
+
+#define IPAD 0x36
+#define OPAD 0x5C
+
+#ifndef HMAC_SHORTONLY
+
+void hmac_md5_init(hmac_md5_ctx_t *s, void* key, uint16_t keylength_b){
+ uint8_t buffer[MD5_BLOCK_BYTES];
+ uint8_t i;
+
+ memset(buffer, 0, MD5_BLOCK_BYTES);
+ if (keylength_b > MD5_BLOCK_BITS){
+ md5((void*)buffer, key, keylength_b);
+ } else {
+ memcpy(buffer, key, (keylength_b+7)/8);
+ }
+
+ for (i=0; i<MD5_BLOCK_BYTES; ++i){
+ buffer[i] ^= IPAD;
+ }
+ md5_init(&(s->a));
+ md5_nextBlock(&(s->a), buffer);
+
+ for (i=0; i<MD5_BLOCK_BYTES; ++i){
+ buffer[i] ^= IPAD^OPAD;
+ }
+ md5_init(&(s->b));
+ md5_nextBlock(&(s->b), buffer);
+
+#if defined SECURE_WIPE_BUFFER
+ memset(buffer, 0, MD5_BLOCK_BYTES);
+#endif
+}
+
+void hmac_md5_nextBlock(hmac_md5_ctx_t *s, const void* block){
+ md5_nextBlock(&(s->a), block);
+}
+
+void hmac_md5_lastBlock(hmac_md5_ctx_t *s, const void* block, uint16_t length_b){
+ md5_lastBlock(&(s->a), block, length_b);
+}
+
+void hmac_md5_final(void* dest, hmac_md5_ctx_t *s){
+ md5_ctx2hash((md5_hash_t*)dest, &(s->a));
+ md5_lastBlock(&(s->b), dest, MD5_HASH_BITS);
+ md5_ctx2hash((md5_hash_t*)dest, &(s->b));
+}
+
+#endif
+
+/*
+void hmac_md5_nextBlock()
+void hmac_md5_lastBlock()
+*/
+
+/*
+ * keylength in bits!
+ * message length in bits!
+ */
+void hmac_md5(void* dest, void* key, uint16_t keylength_b, void* msg, uint32_t msglength_b){ /* a one-shot*/
+ md5_ctx_t s;
+ uint8_t i;
+ uint8_t buffer[MD5_BLOCK_BYTES];
+
+ memset(buffer, 0, MD5_BLOCK_BYTES);
+
+ /* if key is larger than a block we have to hash it*/
+ if (keylength_b > MD5_BLOCK_BITS){
+ md5((void*)buffer, key, keylength_b);
+ } else {
+ memcpy(buffer, key, (keylength_b+7)/8);
+ }
+
+ for (i=0; i<MD5_BLOCK_BYTES; ++i){
+ buffer[i] ^= IPAD;
+ }
+ md5_init(&s);
+ md5_nextBlock(&s, buffer);
+ while (msglength_b >= MD5_BLOCK_BITS){
+ md5_nextBlock(&s, msg);
+ msg = (uint8_t*)msg + MD5_BLOCK_BYTES;
+ msglength_b -= MD5_BLOCK_BITS;
+ }
+ md5_lastBlock(&s, msg, msglength_b);
+ /* since buffer still contains key xor ipad we can do ... */
+ for (i=0; i<MD5_BLOCK_BYTES; ++i){
+ buffer[i] ^= IPAD ^ OPAD;
+ }
+ md5_ctx2hash(dest, &s); /* save inner hash temporary to dest */
+ md5_init(&s);
+ md5_nextBlock(&s, buffer);
+ md5_lastBlock(&s, dest, MD5_HASH_BITS);
+ md5_ctx2hash(dest, &s);
+}
+
--- /dev/null
+/* hmac-md5.h */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef HMACMD5_H_
+#define HMACMD5_H_
+
+#include "md5.h"
+
+#define HMAC_MD5_BITS MD5_HASH_BITS
+#define HMAC_MD5_BYTES MD5_HASH_BYTES
+#define HMAC_MD5_BLOCK_BITS MD5_BLOCK_BITS
+#define HMAC_MD5_BLOCK_BYTES MD5_BLOCK_BYTES
+
+typedef struct{
+ md5_ctx_t a,b;
+} hmac_md5_ctx_t;
+
+
+void hmac_md5_init(hmac_md5_ctx_t *s, void* key, uint16_t keylength_b);
+void hmac_md5_nextBlock(hmac_md5_ctx_t *s, const void* block);
+void hmac_md5_lastBlock(hmac_md5_ctx_t *s, const void* block, uint16_t length_b);
+void hmac_md5_final(void* dest, hmac_md5_ctx_t *s);
+
+void hmac_md5(void* dest, void* key, uint16_t keylength_b, void* msg, uint32_t msglength_b);
+
+
+#endif /*HMACMD5_H_*/
--- /dev/null
+/* hmac-sha1.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ *
+ * implementation of HMAC as described in RFC2104
+ * Author: Daniel Otte
+ * email: daniel.otte@rub.de
+ * License: GPLv3 or later
+ **/
+
+/*
+ * hmac = hash ( k^opad , hash( k^ipad , msg))
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include "config.h"
+#include "sha1.h"
+#include "hmac-sha1.h"
+
+#define IPAD 0x36
+#define OPAD 0x5C
+
+
+#ifndef HMAC_SHORTONLY
+
+void hmac_sha1_init(hmac_sha1_ctx_t *s, const void* key, uint16_t keylength_b){
+ uint8_t buffer[SHA1_BLOCK_BYTES];
+ uint8_t i;
+
+ memset(buffer, 0, SHA1_BLOCK_BYTES);
+ if (keylength_b > SHA1_BLOCK_BITS){
+ sha1((void*)buffer, key, keylength_b);
+ } else {
+ memcpy(buffer, key, (keylength_b+7)/8);
+ }
+
+ for (i=0; i<SHA1_BLOCK_BYTES; ++i){
+ buffer[i] ^= IPAD;
+ }
+ sha1_init(&(s->a));
+ sha1_nextBlock(&(s->a), buffer);
+
+ for (i=0; i<SHA1_BLOCK_BYTES; ++i){
+ buffer[i] ^= IPAD^OPAD;
+ }
+ sha1_init(&(s->b));
+ sha1_nextBlock(&(s->b), buffer);
+
+
+#if defined SECURE_WIPE_BUFFER
+ memset(buffer, 0, SHA1_BLOCK_BYTES);
+#endif
+}
+
+void hmac_sha1_nextBlock(hmac_sha1_ctx_t *s, const void* block){
+ sha1_nextBlock(&(s->a), block);
+}
+void hmac_sha1_lastBlock(hmac_sha1_ctx_t *s, const void* block, uint16_t length_b){
+ while(length_b>=SHA1_BLOCK_BITS){
+ sha1_nextBlock(&(s->a), block);
+ block = (uint8_t*)block + SHA1_BLOCK_BYTES;
+ length_b -= SHA1_BLOCK_BITS;
+ }
+ sha1_lastBlock(&(s->a), block, length_b);
+}
+
+void hmac_sha1_final(void* dest, hmac_sha1_ctx_t *s){
+ sha1_ctx2hash(dest, &(s->a));
+ sha1_lastBlock(&(s->b), dest, SHA1_HASH_BITS);
+ sha1_ctx2hash(dest, &(s->b));
+}
+
+#endif
+
+/*
+ * keylength in bits!
+ * message length in bits!
+ */
+void hmac_sha1(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b){ /* a one-shot*/
+ sha1_ctx_t s;
+ uint8_t i;
+ uint8_t buffer[SHA1_BLOCK_BYTES];
+
+ memset(buffer, 0, SHA1_BLOCK_BYTES);
+
+ /* if key is larger than a block we have to hash it*/
+ if (keylength_b > SHA1_BLOCK_BITS){
+ sha1((void*)buffer, key, keylength_b);
+ } else {
+ memcpy(buffer, key, (keylength_b+7)/8);
+ }
+
+ for (i=0; i<SHA1_BLOCK_BYTES; ++i){
+ buffer[i] ^= IPAD;
+ }
+ sha1_init(&s);
+ sha1_nextBlock(&s, buffer);
+ while (msglength_b >= SHA1_BLOCK_BITS){
+ sha1_nextBlock(&s, msg);
+ msg = (uint8_t*)msg + SHA1_BLOCK_BYTES;
+ msglength_b -= SHA1_BLOCK_BITS;
+ }
+ sha1_lastBlock(&s, msg, msglength_b);
+ /* since buffer still contains key xor ipad we can do ... */
+ for (i=0; i<SHA1_BLOCK_BYTES; ++i){
+ buffer[i] ^= IPAD ^ OPAD;
+ }
+ sha1_ctx2hash(dest, &s); /* save inner hash temporary to dest */
+ sha1_init(&s);
+ sha1_nextBlock(&s, buffer);
+ sha1_lastBlock(&s, dest, SHA1_HASH_BITS);
+ sha1_ctx2hash(dest, &s);
+}
+
--- /dev/null
+/* hmac-sha1.h */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef HMACSHA1_H_
+#define HMACSHA1_H_
+
+#include "sha1.h"
+
+#define HMAC_SHA1_BITS SHA1_HASH_BITS
+#define HMAC_SHA1_BYTES SHA1_HASH_BYTES
+#define HMAC_SHA1_BLOCK_BITS SHA1_BLOCK_BITS
+#define HMAC_SHA1_BLOCK_BYTES SHA1_BLOCK_BYTES
+
+typedef struct{
+ sha1_ctx_t a, b;
+} hmac_sha1_ctx_t;
+
+
+void hmac_sha1_init(hmac_sha1_ctx_t *s, const void* key, uint16_t keylength_b);
+void hmac_sha1_nextBlock(hmac_sha1_ctx_t *s, const void* block);
+void hmac_sha1_lastBlock(hmac_sha1_ctx_t *s, const void* block, uint16_t length_b);
+void hmac_sha1_final(void* dest, hmac_sha1_ctx_t *s);
+
+void hmac_sha1(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b);
+
+#endif /*HMACSHA1_H_*/
--- /dev/null
+/* hmac-sha256.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ *
+ * implementation of HMAC as described in RFC2104
+ * Author: Daniel Otte
+ * email: daniel.otte@rub.de
+ * License: GPLv3 or later
+ **/
+
+/*
+ * hmac = hash ( k^opad , hash( k^ipad , msg))
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include "config.h"
+#include "sha256.h"
+#include "hmac-sha256.h"
+
+#define IPAD 0x36
+#define OPAD 0x5C
+
+#ifndef HMAC_SHA256_SHORTONLY
+
+void hmac_sha256_init(hmac_sha256_ctx_t *s, const void* key, uint16_t keylength_b){
+ uint8_t buffer[HMAC_SHA256_BLOCK_BYTES];
+ uint8_t i;
+
+ memset(buffer, 0, HMAC_SHA256_BLOCK_BYTES);
+ if (keylength_b > HMAC_SHA256_BLOCK_BITS){
+ sha256((void*)buffer, key, keylength_b);
+ } else {
+ memcpy(buffer, key, (keylength_b+7)/8);
+ }
+
+ for (i=0; i<HMAC_SHA256_BLOCK_BYTES; ++i){
+ buffer[i] ^= IPAD;
+ }
+
+ sha256_init(&(s->a));
+ sha256_nextBlock(&(s->a), buffer);
+
+ for (i=0; i<HMAC_SHA256_BLOCK_BYTES; ++i){
+ buffer[i] ^= IPAD^OPAD;
+ }
+ sha256_init(&(s->b));
+ sha256_nextBlock(&(s->b), buffer);
+
+#if defined SECURE_WIPE_BUFFER
+ memset(buffer, 0, SHA256_BLOCK_BYTES);
+#endif
+}
+
+void hmac_sha256_nextBlock(hmac_sha256_ctx_t *s, const void* block){
+ sha256_nextBlock(&(s->a), block);
+}
+
+void hmac_sha256_lastBlock(hmac_sha256_ctx_t *s, const void* block, uint16_t length_b){
+/* while(length_b>=SHA256_BLOCK_BITS){
+ sha256_nextBlock(&(s->a), block);
+ block = (uint8_t*)block + SHA256_BLOCK_BYTES;
+ length_b -= SHA256_BLOCK_BITS;
+ }
+*/ sha256_lastBlock(&(s->a), block, length_b);
+}
+
+void hmac_sha256_final(void* dest, hmac_sha256_ctx_t *s){
+ sha256_ctx2hash(dest, &(s->a));
+ sha256_lastBlock(&(s->b), dest, SHA256_HASH_BITS);
+ sha256_ctx2hash(dest, &(s->b));
+}
+
+#endif
+
+/*
+ * keylength in bits!
+ * message length in bits!
+ */
+void hmac_sha256(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b){ /* a one-shot*/
+ sha256_ctx_t s;
+ uint8_t i;
+ uint8_t buffer[HMAC_SHA256_BLOCK_BYTES];
+
+ memset(buffer, 0, HMAC_SHA256_BLOCK_BYTES);
+
+ /* if key is larger than a block we have to hash it*/
+ if (keylength_b > SHA256_BLOCK_BITS){
+ sha256((void*)buffer, key, keylength_b);
+ } else {
+ memcpy(buffer, key, (keylength_b+7)/8);
+ }
+
+ for (i=0; i<SHA256_BLOCK_BYTES; ++i){
+ buffer[i] ^= IPAD;
+ }
+ sha256_init(&s);
+ sha256_nextBlock(&s, buffer);
+ while (msglength_b >= HMAC_SHA256_BLOCK_BITS){
+ sha256_nextBlock(&s, msg);
+ msg = (uint8_t*)msg + HMAC_SHA256_BLOCK_BYTES;
+ msglength_b -= HMAC_SHA256_BLOCK_BITS;
+ }
+ sha256_lastBlock(&s, msg, msglength_b);
+ /* since buffer still contains key xor ipad we can do ... */
+ for (i=0; i<HMAC_SHA256_BLOCK_BYTES; ++i){
+ buffer[i] ^= IPAD ^ OPAD;
+ }
+ sha256_ctx2hash(dest, &s); /* save inner hash temporary to dest */
+ sha256_init(&s);
+ sha256_nextBlock(&s, buffer);
+ sha256_lastBlock(&s, dest, SHA256_HASH_BITS);
+ sha256_ctx2hash(dest, &s);
+}
--- /dev/null
+/* hmac-sha256.h */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef HMACSHA256_H_
+#define HMACSHA256_H_
+
+#include "sha256.h"
+
+#define HMAC_SHA256_BITS SHA256_HASH_BITS
+#define HMAC_SHA256_BYTES SHA256_HASH_BYTES
+#define HMAC_SHA256_BLOCK_BITS SHA256_BLOCK_BITS
+#define HMAC_SHA256_BLOCK_BYTES SHA256_BLOCK_BYTES
+
+
+typedef struct {
+ sha256_ctx_t a,b;
+} hmac_sha256_ctx_t;
+
+
+void hmac_sha256_init(hmac_sha256_ctx_t *s, const void* key, uint16_t keylength_b);
+void hmac_sha256_nextBlock(hmac_sha256_ctx_t *s, const void* block);
+void hmac_sha256_lastBlock(hmac_sha256_ctx_t *s, const void* block, uint16_t length_b);
+void hmac_sha256_final(void* dest, hmac_sha256_ctx_t *s);
+
+void hmac_sha256(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b);
+
+
+#endif /*HMACSHA256_H_*/
--- /dev/null
+./a51/A5_1.h
+./aes/aes128_dec.h
+./aes/aes128_enc.h
+./aes/aes192_dec.h
+./aes/aes192_enc.h
+./aes/aes256_dec.h
+./aes/aes256_enc.h
+./aes/aes_dec.h
+./aes/aes_enc.h
+./aes/aes.h
+./aes/aes_invsbox.h
+./aes/aes_keyschedule.h
+./aes/aes_sbox.h
+./aes/aes_types.h
+./arcfour/arcfour.h
+./backup/keccak/keccak.h
+./base64/base64_dec.h
+./base64/base64_enc.h
+./bcal/bcal_aes128.h
+./bcal/bcal_aes192.h
+./bcal/bcal_aes256.h
+./bcal/bcal-basic.h
+./bcal/bcal_camellia128.h
+./bcal/bcal_cast5.h
+./bcal/bcal_cast6.h
+./bcal/bcal-cbc.h
+./bcal/bcal-cfb_bit.h
+./bcal/bcal-cfb_byte.h
+./bcal/bcal-cmac.h
+./bcal/bcal_cscipher.h
+./bcal/bcal-ctr.h
+./bcal/bcal_des.h
+./bcal/bcal-eax.h
+./bcal/bcal_khazad.h
+./bcal/bcal-nessie.h
+./bcal/bcal_noekeon.h
+./bcal/bcal-ofb.h
+./bcal/bcal-performance.h
+./bcal/bcal_present80.h
+./bcal/bcal_present128.h
+./bcal/bcal_rc5.h
+./bcal/bcal_rc6.h
+./bcal/bcal_seed.h
+./bcal/bcal_serpent.h
+./bcal/bcal_skipjack.h
+./bcal/bcal_tdes2.h
+./bcal/bcal_tdes.h
+./bcal/bcal_threefish1024.h
+./bcal/bcal_threefish256.h
+./bcal/bcal_threefish512.h
+./bcal/bcal_xtea.h
+./bcal/keysize_descriptor.h
+./bigint/bigint.h
+./bigint/bigint_io.h
+./bigint/old_io/bigint_io.h
+./blake/blake_common.h
+./blake/blake_large.h
+./blake/blake_small.h
+./blockcipher_descriptor.h
+./bmw/bmw_large.h
+./bmw/bmw_small.h
+./camellia/camellia.h
+./cast5/cast5.h
+./cast5/cast5-sbox.h
+./cast6/cast6.h
+./cast6/cast6_sboxes.h
+./cscipher/cscipher.h
+./cscipher/cscipher_sbox.h
+./cubehash/cubehash.h
+./des/des.h
+./dsa/dsa.h
+./dsa/dsa_key_blob.h
+./echo/aes_enc_round.h
+./echo/echo.h
+./entropium/entropium.h
+./entropium/sha256.h
+./gf256mul/gf256mul.h
+./grain/grain.h
+./groestl/groestl_large.h
+./groestl/groestl_small.h
+./hashfunction_descriptor.h
+./hfal/hfal-basic.h
+./hfal/hfal_blake_large.h
+./hfal/hfal_blake_small.h
+./hfal/hfal_bmw_large.h
+./hfal/hfal_bmw_small.h
+./hfal/hfal_cubehash.h
+./hfal/hfal_echo.h
+./hfal/hfal_groestl_large.h
+./hfal/hfal_groestl_small.h
+./hfal/hfal-hmac.h
+./hfal/hfal_jh.h
+./hfal/hfal_keccak.h
+./hfal/hfal_md5.h
+./hfal/hfal-nessie.h
+./hfal/hfal-performance.h
+./hfal/hfal_sha1.h
+./hfal/hfal_sha224.h
+./hfal/hfal_sha256.h
+./hfal/hfal_sha384.h
+./hfal/hfal_sha512.h
+./hfal/hfal_shabal.h
+./hfal/hfal_skein1024.h
+./hfal/hfal_skein256.h
+./hfal/hfal_skein512.h
+./hfal/hfal-test.h
+./hmac-md5/hmac-md5.h
+./hmac-sha1/hmac-sha1.h
+./hmac-sha256/hmac-sha256.h
+./jh_/jh_simple.h
+./jh/jh_simple.h
+./jh_/jh_tables.h
+./jh/jh_tables.h
+./keccak/keccak.h
+./khazad/khazad.h
+./lfsr-helper.h
+./md5/md5.h
+./md5/md5_sbox.h
+./memxor/memxor.h
+./mgf1/mgf1.h
+./mickey128/mickey128.h
+./mqq-sign/mqq160-sign.h
+./mqq-sign/mqq160-sign_P.h
+./mqq-sign/mqq160-sign_testkey.h
+./mugi/aes_sbox.h
+./mugi/mugi.h
+./noekeon/noekeon_cbc_enc.h
+./noekeon/noekeon_ctr.h
+./noekeon/noekeon.h
+./noekeon/noekeon_prng.h
+./noekeon/omac_noekeon.h
+./present/present80.h
+./present/present128.h
+./prf_tls12/prf_tls12.h
+./rabbit/rabbit.h
+./rc5/rc5.h
+./rc6/rc6.h
+./rsa/random_dummy.h
+./rsa/rsa_basic.h
+./rsa/rsaes_oaep.h
+./rsa/rsaes_pkcs1v15.h
+./salsa20/salsa20.h
+./scal/scal_arcfour.h
+./scal/scal-basic.h
+./scal/scal_grain.h
+./scal/scal_mickey128.h
+./scal/scal-nessie.h
+./scal/scal_rabbit.h
+./scal/scal_salsa20.h
+./scal/scal_trivium.h
+./seed/seed.h
+./seed/seed_sbox.h
+./serpent/serpent.h
+./serpent/serpent-sboxes.h
+./sha1/sha1.h
+./sha2/sha224.h
+./sha2/sha256.h
+./sha2/sha2_large_common.h
+./sha2/sha2_small_common.h
+./sha2/sha384.h
+./sha2/sha512.h
+./sha3-api.h
+./shabal/shabal.h
+./shabea/sha256.h
+./shabea/shabea.h
+./shacal1/shacal1_enc.h
+./shacal2/shacal2_enc.h
+./skein/skein.h
+./skein/threefish.h
+./skein/ubi.h
+./skipjack/skipjack.h
+./streamcipher_descriptor.h
+./trivium/trivium.h
+./xtea/xtea.h
+./zodiac.h
--- /dev/null
+SCAL_STD = nessie_common.o performance_test.o memxor.o \
+ scal-basic.o scal-nessie.o \
+ keysize_descriptor.o nessie_stream_test.o
+# scal-performance.o
--- /dev/null
+# Makefile for bcal-algos (library)
+ALGO_NAME := BCAL_ALGOS
+
+$(ALGO_NAME)_DIR := bcal/
+$(ALGO_NAME)_INCDIR :=
+$(ALGO_NAME)_OBJ := \
+bcal_aes128.o \
+bcal_aes192.o \
+bcal_aes256.o \
+bcal_cast5.o \
+bcal_cast6.o \
+bcal_cscipher.o \
+bcal_des.o \
+bcal_khazad.o \
+bcal_noekeon.o \
+bcal_present80.o \
+bcal_present128.o \
+bcal_rc5.o \
+bcal_rc6.o \
+bcal_seed.o \
+bcal_serpent.o \
+bcal_tdes2.o \
+bcal_tdes.o \
+bcal_xtea.o
+
+
--- /dev/null
+# Makefile for hfal-algos (library)
+ALGO_NAME := HFAL_ALGOS
+
+$(ALGO_NAME)_DIR := hfal/
+$(ALGO_NAME)_INCDIR :=
+$(ALGO_NAME)_OBJ := \
+hfal_blake_large.o \
+hfal_blake_small.o \
+hfal_bmw_large.o \
+hfal_bmw_small.o \
+hfal_cubehash.o \
+hfal_echo.o \
+hfal_groestl_large.o \
+hfal_groestl_small.o \
+hfal_jh.o \
+hfal_keccak.o \
+hfal_md5.o \
+hfal_sha1.o \
+hfal_sha224.o \
+hfal_sha256.o \
+hfal_sha384.o \
+hfal_sha512.o \
+hfal_shabal.o \
+hfal_skein1024.o \
+hfal_skein256.o \
+hfal_skein512.o
+
--- /dev/null
+# Makefile for scal-algos (library)
+ALGO_NAME := SCAL_ALGOS
+
+$(ALGO_NAME)_DIR := scal/
+$(ALGO_NAME)_INCDIR :=
+$(ALGO_NAME)_OBJ := \
+scal_arcfour.o \
+scal_grain.o \
+scal_mickey128.o \
+scal_rabbit.o \
+scal_salsa20.o \
+scal_trivium.o
+
+
--- /dev/null
+# Makefile for BlueMidnightWish
+ALGO_NAME := BMW
+
+# comment out the following line for removement of BlueMidnightWish from the build process
+#HASHES += $(ALGO_NAME) # currently buggy
+
+$(ALGO_NAME)_DIR := bmw/
+$(ALGO_NAME)_INCDIR := memxor/ hfal/
+$(ALGO_NAME)_OBJ := bmw_small-asm-cstub.o bmw_small-asm.o bmw_large.o memxor.o
+$(ALGO_NAME)_TESTBIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD)
+$(ALGO_NAME)_NESSIE_TEST := test nessie
+$(ALGO_NAME)_PERFORMANCE_TEST := performance
+
--- /dev/null
+# Makefile for BlueMidnightWish
+ALGO_NAME := BMW_ASM_SPEED
+
+# comment out the following line for removement of BlueMidnightWish from the build process
+HASHES += $(ALGO_NAME)
+
+$(ALGO_NAME)_DIR := bmw/
+$(ALGO_NAME)_INCDIR := memxor/ hfal/
+$(ALGO_NAME)_OBJ := bmw_small_speed_cstub.o bmw_small_speed_asm_f0.o bmw_large_speed.o memxor.o
+$(ALGO_NAME)_TESTBIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD)
+$(ALGO_NAME)_NESSIE_TEST := test nessie
+$(ALGO_NAME)_PERFORMANCE_TEST := performance
+
--- /dev/null
+# Makefile for BlueMidnightWish
+ALGO_NAME := BMW_ASMMIX_SPEED
+
+# comment out the following line for removement of BlueMidnightWish from the build process
+HASHES += $(ALGO_NAME)
+
+$(ALGO_NAME)_DIR := bmw/
+$(ALGO_NAME)_INCDIR := memxor/ hfal/
+$(ALGO_NAME)_OBJ := bmw_small_speed_cstub.o bmw_small_speed_asmmix_f0.o bmw_large_speed.o memxor.o
+$(ALGO_NAME)_TESTBIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD)
+$(ALGO_NAME)_NESSIE_TEST := test nessie
+$(ALGO_NAME)_PERFORMANCE_TEST := performance
+
--- /dev/null
+# Makefile for camellia
+ALGO_NAME := CAMELLIA_C
+
+# comment out the following line for removement of serpent from the build process
+BLOCK_CIPHERS += $(ALGO_NAME)
+
+$(ALGO_NAME)_DIR := camellia/
+$(ALGO_NAME)_INCDIR := bcal/
+$(ALGO_NAME)_OBJ := camellia_C.o
+$(ALGO_NAME)_TESTBIN := main-camellia-test.o $(CLI_STD) $(BCAL_STD) \
+ bcal_camellia128.o
+$(ALGO_NAME)_NESSIE_TEST := "nessie"
+$(ALGO_NAME)_PERFORMANCE_TEST := "performance"
+
--- /dev/null
+# Makefile for DSA
+ALGO_NAME := DSA
+
+# comment out the following line for removement of DSA from the build process
+SIGNATURE += $(ALGO_NAME)
+
+$(ALGO_NAME)_DIR := dsa/
+$(ALGO_NAME)_INCDIR := memxor/ bigint/ sha1/ noekeon/ base64/ hfal/
+$(ALGO_NAME)_OBJ := bigint.o bigint_io.o sha1.o dsa_sign.o dsa_verify.o dsa_key_blob.o base64_enc.o
+$(ALGO_NAME)_TESTBIN := main-dsa-test.o $(CLI_STD) hfal_sha1.o $(HFAL_STD) \
+ noekeon.o noekeon_prng.o memxor.o
+
+$(ALGO_NAME)_PERFORMANCE_TEST := performance
+
--- /dev/null
+# Makefile for Entropium PRNG
+ALGO_NAME := ENTROPIUM
+
+# comment out the following line for removement of PRNG from the build process
+PRNGS += $(ALGO_NAME)
+
+$(ALGO_NAME)_DIR := entropium/
+$(ALGO_NAME)_INCDIR := sha2/
+$(ALGO_NAME)_OBJ := entropium.o sha256.o sha2_small_common.o
+$(ALGO_NAME)_TESTBIN := main-entropium-test.o $(CLI_STD) performance_test.o
+
+$(ALGO_NAME)_NESSIE_TEST := "nessie"
+$(ALGO_NAME)_PERFORMANCE_TEST := "performance"
+
--- /dev/null
+# Makefile for HMAC-MD5
+ALGO_NAME := HMAC-MD5
+
+# comment out the following line for removement of HMAC-MD5 from the build process
+MACS += $(ALGO_NAME)
+
+$(ALGO_NAME)_DIR := hmac-md5/
+$(ALGO_NAME)_INCDIR := md5/
+$(ALGO_NAME)_OBJ := hmac-md5.o md5.o md5_sbox.o
+$(ALGO_NAME)_TESTBIN := main-hmac-md5-test.o $(CLI_STD) \
+ nessie_mac_test.o nessie_common.o
+$(ALGO_NAME)_NESSIE_TEST := "nessie"
+$(ALGO_NAME)_PERFORMANCE_TEST := "performance"
+
--- /dev/null
+# Makefile for HMAC-SHA1
+ALGO_NAME := HMAC-SHA1
+
+# comment out the following line for removement of HMAC-SHA1 from the build process
+MACS += $(ALGO_NAME)
+
+$(ALGO_NAME)_DIR := hmac-sha1/
+$(ALGO_NAME)_INCDIR := sha1/
+$(ALGO_NAME)_OBJ := hmac-sha1.o sha1.o
+$(ALGO_NAME)_TESTBIN := main-hmac-sha1-test.o $(CLI_STD) \
+ nessie_mac_test.o nessie_common.o
+$(ALGO_NAME)_NESSIE_TEST := "nessie"
+$(ALGO_NAME)_PERFORMANCE_TEST := "performance"
+
--- /dev/null
+# Makefile for HMAC-SHA256
+ALGO_NAME := HMAC-SHA256
+
+# comment out the following line for removement of HMAC-SHA256 from the build process
+MACS += $(ALGO_NAME)
+
+$(ALGO_NAME)_DIR := hmac-sha256/
+$(ALGO_NAME)_INCDIR := sha2/
+$(ALGO_NAME)_OBJ := hmac-sha256.o sha256.o sha2_small_common.o
+$(ALGO_NAME)_TESTBIN := main-hmac-sha256-test.o $(CLI_STD) \
+ nessie_mac_test.o nessie_common.o
+$(ALGO_NAME)_NESSIE_TEST := "nessie"
+$(ALGO_NAME)_PERFORMANCE_TEST := "performance"
+
--- /dev/null
+ALGO_NAME := LIB_CLI_STD
+
+LIBRARYS += ALGO_NAME
+
+$(ALGO_NAME)_DIR := test_src/
+$(ALGO_NAME)_OBJ := cli.o hexdigit_tab.o dbz_strings.o string-extras.o uart_i.o \
+ sysclock.o hw_gptm.o dump.o startup.o circularbytebuffer.o \
+ main-test-common.o
+$(ALGO_NAME)_BIN := libcli.a
+
+
--- /dev/null
+
+/* rsa_oaep.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2012 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include "memxor.h"
+#include "mgf1.h"
+#include "bigint.h"
+#include "rsa_basic.h"
+#include "rsaes_oaep.h"
+
+#include "random_dummy.h"
+
+#include "hfal/hfal_sha1.h"
+
+#include "cli.h"
+#include "uart_lowlevel.h"
+
+mgf1_parameter_t mgf1_default_parameter = {
+ &sha1_desc
+};
+
+rsa_oaep_parameter_t rsa_oaep_default_parameter = {
+ mgf1,
+ &sha1_desc,
+ &mgf1_default_parameter
+};
+
+rsa_label_t rsa_oaep_default_label = {
+ 0, NULL
+};
+
+uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
+ const void* src, uint16_t length_B,
+ const rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
+ const rsa_label_t* label, const void* seed){
+
+ if(!p){
+ p = &rsa_oaep_default_parameter;
+ }
+ if(!label){
+ label = &rsa_oaep_default_label;
+ }
+ uint16_t hv_len = (hfal_hash_getHashsize(p->hf)+7)/8;
+ if(length_B > bigint_length_B(&key->modulus) - 2*hv_len - 2){
+ /* message too long */
+ return 1;
+ }
+ uint16_t buffer_len = bigint_length_B(&key->modulus);
+/*
+ cli_putstr("\r\n buffer_len = ");
+ cli_hexdump_rev(&buffer_len, 2);
+ cli_putstr("\r\n modulus_len = ");
+ cli_hexdump_rev(&key->modulus->length_W, 2);
+*/
+ uint8_t* buffer = (uint8_t*)dest;
+ uint8_t off;
+ /* the following needs some explanation:
+ * off is the offset which is used for compensating the effect of
+ * changeendian() when it operates on multi-byte words.
+ * */
+ off = (sizeof(bigint_word_t) -(bigint_get_first_set_bit(&key->modulus)/8+1)%(sizeof(bigint_word_t)*8))
+ % (sizeof(bigint_word_t));
+ buffer += off;
+ buffer_len -= off;
+// cli_putstr("\r\n off = ");
+// cli_hexdump_byte(off);
+ uint8_t* seed_buffer = buffer + 1;
+ uint16_t db_len = buffer_len - hv_len - 1;
+ uint8_t* db = seed_buffer + hv_len;
+ uint16_t maskbuffer_len = db_len>hv_len?db_len:hv_len;
+ uint8_t maskbuffer[maskbuffer_len];
+ bigint_t x;
+
+ memset(dest, 0, seed_buffer - buffer + off);
+ memset(db + hv_len, 0, db_len - hv_len - length_B -1);
+ hfal_hash_mem(p->hf, db, label->label, label->length_b);
+ db[db_len - length_B - 1] = 0x01;
+ memcpy(db+db_len - length_B, src, length_B);
+ if(seed){
+ memcpy(seed_buffer, seed, hv_len);
+ }else{
+ /* generate random seed */
+ if(!prng_get_byte){
+ return 2; /* ERROR: no random generator specified */
+ }
+ uint16_t i;
+ for(i=0; i<hv_len; ++i){
+ seed_buffer[i] = prng_get_byte();
+ }
+ }
+// cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
+// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
+ p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
+ memxor(db, maskbuffer, db_len);
+ p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter);
+ memxor(seed_buffer, maskbuffer, hv_len);
+// cli_putstr("\r\n msg (raw, post-feistel):\r\n");
+// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
+
+ x.wordv = dest;
+ bigint_adjust(&x);
+
+ rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus));
+ rsa_enc(&x, key);
+ rsa_i2osp(NULL, &x, out_length);
+ return 0;
+}
+
+uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
+ const void* src, uint16_t length_B,
+ const rsa_privatekey_t* key, const rsa_oaep_parameter_t *p,
+ const rsa_label_t* label, void* seed){
+
+// cli_putstr("\r\n -->rsa_decrypt_oaep()"); uart_flush(0);
+ if(!label){
+ label = &rsa_oaep_default_label;
+ }
+ if(!p){
+ p = &rsa_oaep_default_parameter;
+ }
+ uint16_t x_len, data_len;
+ bigint_t x;
+ uint16_t hv_len = hfal_hash_getHashsize(p->hf)/8;
+ uint8_t label_hv[hv_len];
+ uint16_t msg_len = bigint_get_first_set_bit(&key->modulus) / 8 + 1;
+ uint16_t db_len = msg_len - hv_len - 1;
+ uint8_t maskbuffer[db_len>hv_len?db_len:hv_len];
+
+ uint8_t *seed_buffer = dest;
+ uint8_t *db_buffer = seed_buffer + hv_len;
+
+ x_len = bigint_get_first_set_bit(&key->modulus)/8;
+ memset(dest, 0, bigint_length_B(&key->modulus) - length_B);
+ memcpy((uint8_t*)dest + bigint_length_B(&key->modulus) - length_B, src, length_B);
+
+// cli_putc('a'); uart_flush(0);
+
+ x.wordv = dest;
+ x.length_W = key->modulus.length_W;
+ x.info = 0;
+ bigint_adjust(&x);
+
+
+// cli_putc('b'); uart_flush(0);
+ rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus));
+// cli_putc('c'); uart_flush(0);
+ rsa_dec(&x, key);
+// cli_putc('d'); uart_flush(0);
+ rsa_i2osp(NULL, &x, &data_len);
+
+// cli_putstr("\r\n msg (raw, pre-move):\r\n");
+// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
+
+ if(data_len > x_len){
+ return 7;
+ }
+/*
+ cli_putstr("\r\n moving some bytes; x_len = ");
+ cli_hexdump_rev(&x_len, 2);
+ cli_putstr(" data_len = ");
+ cli_hexdump_rev(&data_len, 2);
+ uart_flush(0);
+*/
+ if(x_len != data_len){
+ memmove((uint8_t*)dest + x_len - data_len, dest, data_len);
+// cli_putstr(" (oh, not dead yet?!)");
+// uart_flush(0);
+ memset(dest, 0, x_len - data_len);
+ }
+
+ hfal_hash_mem(p->hf, label_hv, label->label, label->length_b);
+/*
+ cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
+ cli_hexdump_block(seed_buffer, bigint_length_B(key->modulus), 4, 16);
+ uart_flush(0);
+*/
+ p->mgf(maskbuffer, db_buffer, db_len, hv_len, p->mgf_parameter);
+ memxor(seed_buffer, maskbuffer, hv_len);
+ p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
+ memxor(db_buffer, maskbuffer, db_len);
+
+ if(memcmp(label_hv, db_buffer, hv_len)){
+// cli_putstr("\r\nDBG: DB:\r\n");
+// cli_hexdump_block(db_buffer, db_len, 4, 16);
+ return 2;
+ }
+
+ uint16_t ps_len=0;
+ while(db_buffer[hv_len + ps_len++] == 0)
+ ;
+
+ --ps_len;
+ if(db_buffer[hv_len + ps_len] != 1){
+ return 3;
+ }
+
+ if(seed){
+ memcpy(seed, seed_buffer, hv_len);
+ }
+
+ msg_len = db_len - hv_len - 1 - ps_len;
+ memmove(dest, db_buffer + hv_len + ps_len + 1, msg_len);
+
+ *out_length = msg_len;
+
+ return 0;
+}
+
+
--- /dev/null
+/* rsaes_oaep.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2012 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef RSAES_OAEP_H_
+#define RSAES_OAEP_H_
+
+#include <stdint.h>
+#include "rsa_basic.h"
+#include "mgf1.h"
+
+
+void mgf1(void* dest, const void* seed, uint16_t seed_len_B, uint16_t out_length_B, const mgf1_parameter_t* p);
+
+
+typedef struct {
+ void (*mgf)(void* dst, const void* seed, uint16_t slen_B, uint16_t dstlen_B, const mgf1_parameter_t* p);
+ const hfdesc_t* hf;
+ mgf1_parameter_t* mgf_parameter;
+} rsa_oaep_parameter_t;
+
+typedef struct {
+ uint16_t length_b;
+ const void* label;
+} rsa_label_t;
+
+extern rsa_oaep_parameter_t rsa_oaep_default_parameter;
+extern rsa_label_t rsa_oaep_default_label;
+
+uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
+ const void* src, uint16_t length_B,
+ const rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
+ const rsa_label_t* label, const void* seed);
+
+uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
+ const void* src, uint16_t length_B,
+ const rsa_privatekey_t* key, const rsa_oaep_parameter_t *p,
+ const rsa_label_t* label, void* seed);
+
+#endif /* RSAES_OAEP_H_ */
--- /dev/null
+/* rsa_pkcs1v15.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include "bigint.h"
+#include "rsa_basic.h"
+
+#define DEBUG 0
+
+#if DEBUG
+#include "bigint_io.h"
+#include "cli.h"
+#endif
+
+#include "random_dummy.h"
+
+uint16_t rsa_pkcs1v15_compute_padlength_B(const bigint_t* modulus, uint16_t msg_length_B){
+ return bigint_get_first_set_bit(modulus) / 8 + 1 - msg_length_B - 3;
+}
+
+uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
+ uint16_t length_B, const rsa_publickey_t* key, const void* pad){
+ int16_t pad_length;
+ bigint_t x;
+ pad_length = rsa_pkcs1v15_compute_padlength_B(&key->modulus, length_B);
+ if(pad_length<8){
+#if DEBUG
+ cli_putstr("\r\nERROR: pad_length<8; pad_length: ");
+ cli_hexdump_rev(&pad_length, 2);
+#endif
+ return 2; /* message to long */
+ }
+ if(!pad){
+#if DEBUG
+ cli_putstr("\r\nauto-generating pad ...");
+#endif
+ uint16_t i;
+ uint8_t c;
+ for(i=0; i<pad_length; ++i){
+ do{
+ c = prng_get_byte();
+ }while(c==0);
+ ((uint8_t*)dest)[i+2] = c;
+ }
+ }else{
+#if DEBUG
+ cli_putstr("\r\nsupplied pad: ");
+ cli_hexdump_block(pad, pad_length, 4, 16);
+#endif
+ memcpy((uint8_t*)dest + 2, pad, pad_length);
+ }
+ ((uint8_t*)dest)[0] = 0x00;
+ ((uint8_t*)dest)[1] = 0x02;
+ ((uint8_t*)dest)[2+pad_length] = 0x00;
+ memcpy((uint8_t*)dest+3+pad_length, src, length_B);
+ x.wordv = dest;
+ x.length_W = (length_B+pad_length+3+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
+#if DEBUG
+ cli_putstr("\r\nx-data: ");
+ cli_hexdump_block(x.wordv, x.length_W * sizeof(bigint_word_t), 4, 16);
+#endif
+ bigint_adjust(&x);
+ rsa_os2ip(&x, NULL, length_B+pad_length+3);
+ rsa_enc(&x, key);
+ rsa_i2osp(NULL, &x, out_length);
+ return 0;
+}
+
+uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
+ uint16_t length_B, const rsa_privatekey_t* key, void* pad){
+ bigint_t x;
+ uint16_t m_length, pad_length=0, idx=0;
+ x.wordv = dest;
+ rsa_os2ip(&x, src, length_B);
+#if DEBUG
+ cli_putstr("\r\ncalling rsa_dec() ...");
+ cli_putstr("\r\nencoded block (src.len = 0x");
+ cli_hexdump_rev(&length_B, 2);
+ cli_putstr("):");
+ cli_hexdump_block(x.wordv, x.length_W * sizeof(bigint_word_t), 4, 16);
+#endif
+ rsa_dec(&x, key);
+#if DEBUG
+ cli_putstr("\r\nfinished rsa_dec() ...");
+#endif
+ rsa_i2osp(NULL, &x, &m_length);
+#if DEBUG
+ cli_putstr("\r\ndecoded block:");
+ cli_hexdump_block(x.wordv, m_length, 4, 16);
+#endif
+ while(((uint8_t*)x.wordv)[idx]==0 && idx<m_length){
+ ++idx;
+ }
+ if(idx>=m_length){
+ return 1;
+ }
+ if(((uint8_t*)x.wordv)[idx]!=2){
+ return 3;
+ }
+
+ ++idx;
+ while(((uint8_t*)x.wordv)[idx+pad_length]!=0 && (idx+pad_length)<m_length){
+ ++pad_length;
+ }
+ if(pad_length<8 || (idx+pad_length)>=m_length){
+ return 2;
+ }
+ *out_length = m_length - idx - pad_length - 1;
+ if(pad){
+#if DEBUG
+ cli_putstr("\r\npadding block:");
+ cli_hexdump_block(((uint8_t*)x.wordv)+idx, pad_length, 4, 16);
+ cli_putstr("\r\npad @ 0x");
+ cli_hexdump_rev(&pad, 2);
+ cli_putstr("\r\ndst @ 0x");
+ cli_hexdump_rev(&dest, 2);
+#endif
+ memcpy(pad, ((uint8_t*)x.wordv)+idx, pad_length);
+ }
+ memmove(dest, ((uint8_t*)x.wordv) + idx + pad_length + 1, m_length - idx - pad_length - 1);
+
+ return 0;
+}
+
--- /dev/null
+/* rsa_pkcs1v15.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef RSAES_PKCS1V15_H_
+#define RSAES_PKCS1V15_H_
+
+#include <stdint.h>
+#include "rsa_basic.h"
+#include "bigint.h"
+
+uint16_t rsa_pkcs1v15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B);
+
+
+uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
+ uint16_t length_B, const rsa_publickey_t* key, const void* pad);
+
+uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
+ uint16_t length_B, const rsa_privatekey_t* key, void* pad);
+
+#endif /* RSAES_PKCS1V15_H_ */
--- /dev/null
+/* streamcipher_descriptor.h */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file stremcipher_descriptor.h
+ * \author Daniel Otte
+ * \date 2011-01-15
+ *
+ * \license GPLv3 or later
+ *
+ */
+
+#ifndef STREAMCIPHER_DESCRIPTOR_H_
+#define STREAMCIPHER_DESCRIPTOR_H_
+#include <stdint.h>
+
+
+#ifndef VOID_FPT
+#define VOID_FPT
+typedef void(*void_fpt)(void);
+#endif
+
+typedef void(*sc_init1_fpt)(const void*, void*); /* key of fixed length, no IV*/
+typedef void(*sc_init2_fpt)(const void*, const void*, void*); /* key and IV of fixed length */
+typedef void(*sc_init3_fpt)(const void*, uint16_t,void*); /* key of variable length, no IV */
+typedef void(*sc_init4_fpt)(const void*, uint16_t,const void*, void*); /* key of variable length, IV of fixed length */
+typedef void(*sc_init5_fpt)(const void*, uint16_t,const void*, uint16_t, void*); /* key and IV of variable length */
+
+typedef uint8_t(*sc_gen1_fpt)(void*); /* return keystream data */
+typedef void(*sc_gen2_fpt)(void*, void*); /* write keystream data to buffer */
+
+typedef uint8_t(*sc_genra1_fpt)(void*, uint64_t); /* return keystream data */
+typedef void(*sc_genra2_fpt)(void*, void*, uint64_t); /* write keystream data to buffer */
+
+
+typedef void(*sc_free_fpt)(void*);
+
+typedef union{
+ void_fpt initvoid;
+ sc_init1_fpt init1;
+ sc_init2_fpt init2;
+ sc_init3_fpt init3;
+ sc_init4_fpt init4;
+ sc_init5_fpt init5;
+} sc_init_fpt;
+
+typedef union{
+ void_fpt genvoid;
+ sc_gen1_fpt gen1;
+ sc_gen2_fpt gen2;
+} sc_gen_fpt;
+
+typedef union{
+ void_fpt genravoid;
+ sc_genra1_fpt genra1;
+ sc_genra2_fpt genra2;
+} sc_genra_fpt;
+
+#define SC_INIT_TYPE 0x07
+#define SC_INIT_TYPE_1 0x00 /* key of fixed length, no IV*/
+#define SC_INIT_TYPE_2 0x02 /* key and IV of fixed length */
+#define SC_INIT_TYPE_3 0x03 /* key of variable length, no IV */
+#define SC_INIT_TYPE_4 0x04 /* key of variable length, IV of fixed length */
+#define SC_INIT_TYPE_5 0x05 /* key and IV of variable length */
+
+#define SC_GEN_TYPE 0x08
+#define SC_GEN_TYPE_1 0x00 /* return data stream byte */
+#define SC_GEN_TYPE_2 0x08 /* write data stream block into buffer */
+
+#define SCDESC_TYPE_STREAMCIPHER 0x03
+
+typedef struct {
+ uint8_t type; /* 3==streamcipher */
+ uint8_t flags;
+ const char* name;
+ uint16_t ctxsize_B;
+ uint16_t gensize_b;
+ sc_init_fpt init;
+ sc_gen_fpt gen;
+ sc_genra_fpt genra;
+ sc_free_fpt free;
+ const void* valid_keysize_desc;
+ const void* valid_ivsize_desc;
+} scdesc_t; /* streamcipher descriptor type */
+
+typedef struct{
+ const scdesc_t* desc_ptr;
+ uint16_t keysize;
+ uint16_t ivsize;
+ uint16_t index;
+ uint8_t* buffer;
+ void* ctx;
+} scgen_ctx_t;
+
+#endif /* STREAMCIPHER_DESCRIPTOR_H_ */
+
--- /dev/null
+/* main-camellia-test.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * camellia test-suit
+ *
+ */
+#include "main-test-common.h"
+
+#include "camellia.h"
+#include "nessie_bc_test.h"
+#include "performance_test.h"
+#include "cli.h"
+#include "bcal_camellia128.h"
+#include "bcal-performance.h"
+
+char* algo_name = "Camellia";
+
+const bcdesc_t* algolist[] = {
+ (bcdesc_t*)&camellia128_desc,
+ NULL
+};
+
+/*****************************************************************************
+ * additional validation-functions *
+ *****************************************************************************/
+void camellia128_init_dummy(void* key, uint16_t keysize_b, void* ctx){
+ camellia128_init(key, ctx);
+}
+
+void testrun_nessie_camellia(void){
+ nessie_bc_ctx.blocksize_B = 16;
+ nessie_bc_ctx.keysize_b = 128;
+ nessie_bc_ctx.name = algo_name;
+ nessie_bc_ctx.ctx_size_B = sizeof(camellia128_ctx_t);
+ nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)camellia128_enc;
+ nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)camellia128_dec;
+ nessie_bc_ctx.cipher_genctx = (nessie_bc_gen_fpt)camellia128_init_dummy;
+
+ nessie_bc_run();
+}
+
+/*
+ * P No.001 : 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ */
+
+const uint8_t test_keys[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F,
+ 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0,
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+ 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE, 0xEF, 0xCD, 0xAB, 0x89, 0x67, 0x45, 0x23, 0x01,
+ 0xEF, 0xCD, 0xAB, 0x89, 0x67, 0x45, 0x23, 0x01, 0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE
+};
+
+void hexdump128(void* data){
+ uint8_t i;
+ for(i=0; i<16; ++i){
+ cli_hexdump(data, 1);
+ cli_putc(' ');
+ data = (uint8_t*)data +1;
+ }
+}
+
+void testrun_camellia128(void){
+ uint8_t data[16];
+ uint8_t data2[16];
+ uint8_t key[16];
+ char str[4];
+ uint8_t i,j;
+ str[3]= '\0';
+ for(j=0; j<10; ++j){
+ str[0] = ('0'+(j+1)/100);
+ str[1] = ('0'+((j+1)/10)%10);
+ str[2] = ('0'+(j+1)%10);
+ memcpy(key, test_keys+j*16, 16);
+ cli_putstr("\r\nK No.");
+ cli_putstr(str);
+ cli_putstr(" : ");
+ hexdump128(key);
+ camellia128_ctx_t ctx;
+ camellia128_init(key, &ctx);
+ for(i=0; i<128; ++i){
+ memset(data, 0x00, 16);
+ data[i/8] = 0x80>>i%8;
+ memcpy(data2, data, 16);
+ str[0] = ('0'+(i+1)/100);
+ str[1] = ('0'+((i+1)/10)%10);
+ str[2] = ('0'+(i+1)%10);
+ cli_putstr("\r\nP No.");
+ cli_putstr(str);
+ cli_putstr(" : ");
+ hexdump128(data);
+ camellia128_enc(data, &ctx);
+ cli_putstr("\r\nC No.");
+ cli_putstr(str);
+ cli_putstr(" : ");
+ hexdump128(data);
+ camellia128_dec(data, &ctx);
+ if(memcmp(data, data2, 16)){
+ cli_putstr("\r\n DECRYPTION ERROR !!!");
+ }
+ }
+ }
+}
+
+void test_performance_camellia(void){
+ bcal_performance_multiple(algolist);
+}
+
+
+/*****************************************************************************
+ * self tests *
+ *****************************************************************************/
+/*
+128-bit key
+key 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10
+plaintext 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10
+ciphertext 67 67 31 38 54 96 69 73 08 57 06 56 48 ea be 43
+*/
+void testrun_camellia(void){
+
+ uint8_t data[16] = { 0x01, 0x23, 0x45, 0x67,
+ 0x89, 0xab, 0xcd, 0xef,
+ 0xfe, 0xdc, 0xba, 0x98,
+ 0x76, 0x54, 0x32, 0x10 };
+
+ const uint8_t key[16] = { 0x01, 0x23, 0x45, 0x67,
+ 0x89, 0xab, 0xcd, 0xef,
+ 0xfe, 0xdc, 0xba, 0x98,
+ 0x76, 0x54, 0x32, 0x10 };
+
+
+ camellia128_ctx_t ctx;
+ camellia128_init(key, &ctx);
+ cli_putstr("\r\n key: ");
+ cli_hexdump(data, 16);
+ cli_putstr("\r\n plaintext: ");
+ cli_hexdump(data, 16);
+ camellia128_enc(data, &ctx);
+ cli_putstr("\r\n ciphertext: ");
+ cli_hexdump(data, 16);
+ camellia128_dec(data, &ctx);
+ cli_putstr("\r\n decrypted: ");
+ cli_hexdump(data, 16);
+
+}
+
+
+/*****************************************************************************
+ * main *
+ *****************************************************************************/
+
+const char nessie_str[] = "nessie";
+const char test_str[] = "test";
+const char test128_str[] = "test128";
+const char performance_str[] = "performance";
+const char echo_str[] = "echo";
+
+cmdlist_entry_t cmdlist[] = {
+ { nessie_str, NULL, testrun_nessie_camellia },
+ { test_str, NULL, testrun_camellia},
+ { test128_str, NULL, testrun_camellia128},
+ { performance_str, NULL, test_performance_camellia},
+ { echo_str, (void*)1, (void_fpt)echo_ctrl},
+ { NULL, NULL, NULL}
+};
+
+int main (void){
+ main_setup();
+
+ for(;;){
+ welcome_msg(algo_name);
+ cmd_interface(cmdlist);
+ }
+}
--- /dev/null
+/* main-dsa-test.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * DSA test-suit
+ *
+*/
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include "config.h"
+#include "cli.h"
+#include "dump.h"
+#include "uart_lowlevel.h"
+#include "sysclock.h"
+#include "hw_gptm.h"
+
+#include "noekeon.h"
+#include "noekeon_prng.h"
+#include "bigint.h"
+#include "bigint_io.h"
+#include "dsa.h"
+#include "dsa_key_blob.h"
+
+#include "performance_test.h"
+#include "hfal_sha1.h"
+#include "base64_enc.h"
+#include "base64_dec.h"
+
+void uart0_putc(char byte){
+ uart_putc(UART_0, byte);
+}
+
+char uart0_getc(void){
+ return uart_getc(UART_0);
+}
+
+const char* algo_name = "DSA";
+
+/*****************************************************************************
+ * additional validation-functions *
+ *****************************************************************************/
+
+dsa_ctx_t dsa_ctx;
+
+void load_fix_dsa(void){
+ load_dsa_key_blob(&dsa_ctx);
+}
+
+void dsa_print_item(bigint_t* a, const char* pstr){
+ uint8_t *p;
+ cli_putstr("\r\n");
+ cli_putstr(pstr);
+ cli_putstr(": ");
+ uint16_t i;
+ p = (uint8_t*)a->wordv + a->length_W*sizeof(bigint_word_t) -1;
+ for(i=0; i<a->length_W*sizeof(bigint_word_t)-1; ++i){
+ if(i%16==0){
+ cli_putstr("\r\n ");
+ }
+ cli_hexdump(p, 1);
+ cli_putc(':');
+ --p;
+ }
+ if(i%16==0){
+ cli_putstr("\r\n ");
+ }
+ cli_hexdump(p, 1);
+}
+
+void dsa_print_signature_b64(dsa_signature_t* s){
+ uint16_t size_r, size_s, size_o, i,j;
+ size_r = s->r.length_W*sizeof(bigint_word_t) +2;
+ size_s = s->s.length_W*sizeof(bigint_word_t) +2;
+ size_o = size_r + size_s +2;
+ uint8_t bin_b[size_o];
+ bin_b[0] = 0x30;
+ bin_b[1] = size_o -2;
+ bin_b[2] = 0x02;
+ bin_b[3] = size_r-2;
+ j=4;
+ for(i=s->r.length_W*sizeof(bigint_word_t); i>0; --i){
+ bin_b[j++] = ((uint8_t*)s->r.wordv)[i-1];
+ }
+ bin_b[j++] = 0x02;
+ bin_b[j++] = size_s -2;
+ for(i=s->s.length_W*sizeof(bigint_word_t); i>0; --i){
+ bin_b[j++] = ((uint8_t*)s->s.wordv)[i-1];
+ }
+ char b64_b[size_o*4/3+5];
+ base64enc(b64_b, bin_b, size_o);
+ cli_putstr(b64_b);
+}
+
+void dsa_print_ctx(dsa_ctx_t* ctx){
+ dsa_print_item(&(ctx->priv), "private");
+ dsa_print_item(&(ctx->pub), "public");
+ dsa_print_item(&(ctx->domain.p), "P");
+ dsa_print_item(&(ctx->domain.q), "Q");
+ dsa_print_item(&(ctx->domain.g), "G");
+}
+
+void dsa_print_signature(const dsa_signature_t* sig){
+ cli_putstr("\r\nDSA-Signature:\r\n r:");
+ bigint_print_hex(&(sig->r));
+ cli_putstr("\r\n s:");
+ bigint_print_hex(&(sig->s));
+}
+
+void quick_test(void){
+ dsa_signature_t dsa_sig;
+ uint8_t i, t=0, message[] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
+ load_fix_dsa();
+ bigint_word_t dsa_sig_s_b[dsa_ctx.domain.q.length_W],
+ dsa_sig_r_b[dsa_ctx.domain.q.length_W];
+ dsa_print_ctx(&dsa_ctx);
+ dsa_sig.r.wordv = dsa_sig_r_b;
+ dsa_sig.s.wordv = dsa_sig_s_b;
+ cli_putstr("\r\n\r\n=== DSA QUICK TEST ===");
+ for(i=0; i<9; ++i){
+ cli_putstr("\r\n");
+ cli_putc('1'+i);
+ cli_putstr(": message: ");
+ if (i){
+ cli_hexdump(message, i);
+ }else{
+ cli_putstr("<empty>");
+ }
+ cli_putstr("\r\n computing signature ... ");
+ dsa_sign_message(&dsa_sig, message, i*8, &sha1_desc, &dsa_ctx, random8);
+ dsa_print_signature(&dsa_sig);
+ cli_putstr("\r\n base64:\r\n--- SIGNATURE ---\r\n ");
+ dsa_print_signature_b64(&dsa_sig);
+ cli_putstr("\r\n verifying signature ... ");
+ t = dsa_verify_message(&dsa_sig, message, i*8, &sha1_desc, &dsa_ctx);
+ cli_putstr("\r\n verification: ");
+ if(t==DSA_SIGNATURE_OK){
+ cli_putstr("[PASS]");
+ }else{
+ cli_putstr("[FAIL]");
+ }
+ }
+}
+
+void reset_prng(void){
+ uint8_t buf[16];
+ memset(buf, 0, 16);
+ random_seed(buf);
+ cli_putstr("\r\nPRNG reset");
+}
+
+void testrun_performance_bigint(void){
+
+}
+/*****************************************************************************
+ * main *
+ *****************************************************************************/
+
+const char echo_test_str[] = "echo-test";
+const char reset_prng_str[] = "reset-prng";
+const char quick_test_str[] = "quick-test";
+const char performance_str[] = "performance";
+const char echo_str[] = "echo";
+
+cmdlist_entry_t cmdlist[] = {
+ { reset_prng_str, NULL, reset_prng },
+ { quick_test_str, NULL, quick_test },
+ { performance_str, NULL, testrun_performance_bigint },
+ { echo_str, (void*)1, (void_fpt)echo_ctrl },
+ { NULL, NULL, NULL }
+};
+
+int main (void){
+ sysclk_set_freq(SYS_FREQ);
+ sysclk_mosc_verify_enable();
+ uart_init(UART_0, 115200, 8, UART_PARATY_NONE, UART_STOPBITS_ONE);
+ gptm_set_timer_32periodic(TIMER0);
+
+ cli_rx = uart0_getc;
+ cli_tx = uart0_putc;
+
+ for(;;){
+ cli_putstr("\r\n\r\nARM-Crypto-Lib VS (");
+ cli_putstr(algo_name);
+ cli_putstr("; ");
+ cli_putstr(__DATE__);
+ cli_putc(' ');
+ cli_putstr(__TIME__);
+ cli_putstr(")\r\nloaded and running\r\n");
+ cmd_interface(cmdlist);
+ }
+}
--- /dev/null
+/* main-entropium-test.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * entropium test-suit
+ *
+*/
+
+#include "main-test-common.h"
+
+#include "entropium.h"
+#include "nessie_bc_test.h"
+#include "performance_test.h"
+
+char* algo_name = "Entropium";
+
+/*****************************************************************************
+ * additional validation-functions *
+ *****************************************************************************/
+
+void testrun_entropium(void){
+ char c, str[16];
+ uint8_t data[32];
+ uint32_t i=0;
+ while('q'!=cli_getc()){
+ entropium_getRandomBlock(data);
+ cli_putstr("\r\n ");
+ ultoa(i, str, 10);
+ for(c=strlen(str); c<11; ++c){
+ cli_putc(' ');
+ }
+ cli_putstr(str);
+ ++i;
+ cli_putstr(" : ");
+ cli_hexdump(data, 32);
+ }
+ cli_putstr("\r\n\r\n");
+}
+
+
+void testrun_performance_entropium(void){
+ uint64_t t;
+ char str[16];
+ uint8_t data[32];
+
+ calibrateTimer();
+ print_overhead();
+
+ startTimer(1);
+ entropium_addEntropy(128, data);
+ t = stopTimer();
+ cli_putstr("\r\n\tadd entropy time: ");
+ ultoa((unsigned long)t, str, 10);
+ cli_putstr(str);
+
+
+ startTimer(1);
+ entropium_getRandomBlock(data);
+ t = stopTimer();
+ cli_putstr("\r\n\tget random time: ");
+ ultoa((unsigned long)t, str, 10);
+ cli_putstr(str);
+
+ cli_putstr("\r\n");
+}
+/*****************************************************************************
+ * main *
+ *****************************************************************************/
+
+const char nessie_str[] = "nessie";
+const char test_str[] = "test";
+const char performance_str[] = "performance";
+const char echo_str[] = "echo";
+
+cmdlist_entry_t cmdlist[] = {
+ { nessie_str, NULL, testrun_entropium},
+ { test_str, NULL, testrun_entropium},
+ { performance_str, NULL, testrun_performance_entropium},
+ { echo_str, (void*)1, (void_fpt)echo_ctrl},
+ { NULL, NULL, NULL}
+};
+
+
+int main (void){
+ main_setup();
+
+ for(;;){
+ welcome_msg(algo_name);
+ cmd_interface(cmdlist);
+ }
+}
--- /dev/null
+/* main-hmac-md5-test.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * HMAC-MD5 test-suit
+ *
+*/
+#include "main-test-common.h"
+
+#include "md5.h"
+#include "hmac-md5.h"
+/*
+#include "base64_enc.h"
+#include "base64_dec.h"
+*/
+#include "nessie_mac_test.h"
+
+const char* algo_name = "HMAC-MD5";
+
+/*****************************************************************************
+ * additional validation-functions *
+ *****************************************************************************/
+void testrun_nessie_hmacmd5(void){
+ nessie_mac_ctx.macsize_b = HMAC_MD5_BITS;
+ nessie_mac_ctx.keysize_b = HMAC_MD5_BLOCK_BITS;
+ nessie_mac_ctx.blocksize_B = HMAC_MD5_BLOCK_BYTES;
+ nessie_mac_ctx.ctx_size_B = sizeof(hmac_md5_ctx_t);
+ nessie_mac_ctx.name = algo_name;
+ nessie_mac_ctx.mac_init = (nessie_mac_init_fpt)hmac_md5_init;
+ nessie_mac_ctx.mac_next = (nessie_mac_next_fpt)hmac_md5_nextBlock;
+ nessie_mac_ctx.mac_last = (nessie_mac_last_fpt)hmac_md5_lastBlock;
+ nessie_mac_ctx.mac_conv = (nessie_mac_conv_fpt)hmac_md5_final;
+
+ nessie_mac_run();
+}
+
+void testrun_test_hmacmd5(void){
+ uint8_t hmac[16];
+ uint8_t keys[][16] = {
+ { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b },
+ { 'J', 'e', 'f', 'e', },
+ { 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA }
+ };
+ uint8_t buffer[50];
+ cli_putstr("\r\n hmac (1): ");
+ hmac_md5(hmac, keys[0], 128, "Hi There", 64);
+ cli_hexdump(hmac, 16);
+
+ cli_putstr("\r\n hmac (2): ");
+ hmac_md5(hmac, keys[1], 4*8, "what do ya want for nothing?", 28*8);
+ cli_hexdump(hmac, 16);
+
+ cli_putstr("\r\n hmac (3): ");
+ memset(buffer, 0xDD, 50);
+ hmac_md5(hmac, keys[2], 128, buffer, 50*8);
+ cli_hexdump(hmac, 16);
+
+}
+
+void hmacmd5_interactive(void){
+ char key[101];
+ char msg[101];
+ uint8_t hmac[HMAC_MD5_BYTES];
+ uint8_t key_len, msg_len;
+ cli_putstr("\r\nHMAC-MD5:\r\nkey: ");
+ cli_getsn(key, 100);
+ key_len = strlen(key);
+ cli_putstr("\r\nmsg: ");
+ cli_getsn(msg, 100);
+ msg_len = strlen(msg);
+ hmac_md5(hmac, key, key_len*8, msg, msg_len*8);
+ cli_putstr("\r\nhmac-md5: ");
+ cli_hexdump(hmac, HMAC_MD5_BYTES);
+}
+
+void strhexdump(char* dest, void* src, uint16_t length){
+ char table[] = { '0', '1', '2', '3',
+ '4', '5', '6', '7',
+ '8', '9', 'a', 'b',
+ 'c', 'd', 'e', 'f' };
+ while(length--){
+ *dest++ = table[(*((uint8_t*)src))>>4];
+ *dest++ = table[(*((uint8_t*)src))&0xf];
+ src = (uint8_t*)src +1;
+ }
+}
+
+/*
+void cram_md5_interactive(void){
+ char key[101];
+ char msg_b64[101];
+ char username[101];
+ uint8_t msg[100];
+ uint8_t hmac[HMAC_MD5_BYTES];
+ int key_len, msg_len;
+ int ul;
+ cli_putstr("\r\nCRAM-MD5:\r\nkey: ");
+ cli_getsn(key, 100);
+ key_len = strlen(key);
+ cli_putstr("\r\nusername: ");
+ cli_getsn(username, 60);
+ cli_putstr("\r\nchallange: ");
+ cli_getsn(msg_b64, 100);
+ if((msg_len = base64_binlength(msg_b64, 1))==-1){
+ cli_putstr("\r\nERROR in base64 encoding !\r\n");
+ return;
+ }
+ base64dec(msg, msg_b64, 1);
+ hmac_md5(hmac, key, key_len*8, msg, msg_len*8);
+ ul=strlen(username);
+ username[ul]=' ';
+ strhexdump(username+ul+1, hmac, 128/8);
+ base64enc(msg_b64, username, ul+1+128/8*2);
+ cli_putstr("\r\nresponse: ");
+ cli_hexdump(hmac, HMAC_MD5_BYTES);
+ cli_putstr("\r\nresponse (b64): ");
+ cli_putstr(msg_b64);
+}
+*/
+
+
+void md5_interactive(void){
+ char msg[101];
+ uint8_t hash[MD5_HASH_BYTES];
+ uint8_t msg_len;
+ cli_putstr("\r\nmsg: ");
+ cli_getsn(msg, 100);
+ msg_len = strlen(msg);
+ md5((void*)hash, msg, msg_len*8);
+ cli_putstr("\r\nmd5: ");
+ cli_hexdump(hash, MD5_HASH_BYTES);
+}
+
+
+/*****************************************************************************
+ * main *
+ *****************************************************************************/
+
+const char nessie_str[] = "nessie";
+const char test_str[] = "test";
+/* const char performance_str[] = "performance"; */
+const char echo_str[] = "echo";
+const char hmd5i_str[] = "hmac-md5";
+/* const char crammd5i_str[] = "cram-md5"; */
+const char md5i_str[] = "md5";
+
+
+const cmdlist_entry_t const cmdlist[] = {
+ { nessie_str, NULL, testrun_nessie_hmacmd5},
+ { test_str, NULL, testrun_test_hmacmd5},
+ { hmd5i_str, NULL, hmacmd5_interactive},
+/* { crammd5i_str, NULL, cram_md5_interactive}, */
+ { md5i_str, NULL, md5_interactive},
+/* { performance_str, NULL, testrun_performance_hmacmd5}, */
+ { echo_str, (void*)1, (void_fpt)echo_ctrl},
+ { NULL, NULL, NULL}
+};
+
+int main (void){
+ main_setup();
+
+ for(;;){
+ welcome_msg(algo_name);
+ cmd_interface(cmdlist);
+ }
+}
--- /dev/null
+/* main-hmac-sha1-test.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * HMAC-SHA1 test-suit
+ *
+*/
+
+#include "main-test-common.h"
+#include "sha1.h"
+#include "hmac-sha1.h"
+
+#include "nessie_mac_test.h"
+
+
+const char* algo_name = "HMAC-SHA1";
+
+/*****************************************************************************
+ * additional validation-functions *
+ *****************************************************************************/
+
+void testrun_nessie_hmacsha1(void){
+ nessie_mac_ctx.macsize_b = HMAC_SHA1_BITS;
+ nessie_mac_ctx.keysize_b = HMAC_SHA1_BLOCK_BITS;
+ nessie_mac_ctx.blocksize_B = HMAC_SHA1_BLOCK_BYTES;
+ nessie_mac_ctx.ctx_size_B = sizeof(hmac_sha1_ctx_t);
+ nessie_mac_ctx.name = algo_name;
+ nessie_mac_ctx.mac_init = (nessie_mac_init_fpt)hmac_sha1_init;
+ nessie_mac_ctx.mac_next = (nessie_mac_next_fpt)hmac_sha1_nextBlock;
+ nessie_mac_ctx.mac_last = (nessie_mac_last_fpt)hmac_sha1_lastBlock;
+ nessie_mac_ctx.mac_conv = (nessie_mac_conv_fpt)hmac_sha1_final;
+
+ nessie_mac_run();
+}
+
+
+/*****************************************************************************
+ * main *
+ *****************************************************************************/
+
+const char nessie_str[] = "nessie";
+const char test_str[] = "test";
+/* const char performance_str[] = "performance"; */
+const char echo_str[] = "echo";
+
+const cmdlist_entry_t const cmdlist[] = {
+ { nessie_str, NULL, testrun_nessie_hmacsha1},
+ { test_str, NULL, testrun_nessie_hmacsha1},
+/* { performance_str, NULL, testrun_performance_hmacsha1}, */
+ { echo_str, (void*)1, (void_fpt)echo_ctrl},
+ { NULL, NULL, NULL}
+};
+
+int main (void){
+ main_setup();
+
+ for(;;){
+ welcome_msg(algo_name);
+ cmd_interface(cmdlist);
+ }
+}
--- /dev/null
+/* main-hmac-sha256-test.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * HMAC-SHA256 test-suit
+ *
+*/
+
+#include "main-test-common.h"
+
+#include "sha256.h"
+#include "hmac-sha256.h"
+
+#include "nessie_mac_test.h"
+
+
+const char* algo_name = "HMAC-SHA256";
+
+/*****************************************************************************
+ * additional validation-functions *
+ *****************************************************************************/
+
+void testrun_hmacsha256(void){
+ uint8_t key[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF };
+ uint8_t msg[] = { 0x00 };
+ uint8_t mac[HMAC_SHA256_BYTES];
+ hmac_sha256(mac, key, 512, msg, 0);
+ cli_putstr("\r\n quick hmac = ");
+ cli_hexdump(mac, HMAC_SHA256_BYTES);
+ cli_putstr("\r\n");
+}
+
+void testrun_nessie_hmacsha256(void){
+ nessie_mac_ctx.macsize_b = HMAC_SHA256_BITS;
+ nessie_mac_ctx.keysize_b = HMAC_SHA256_BLOCK_BITS;
+ nessie_mac_ctx.blocksize_B = HMAC_SHA256_BLOCK_BYTES;
+ nessie_mac_ctx.ctx_size_B = sizeof(hmac_sha256_ctx_t);
+ nessie_mac_ctx.name = algo_name;
+ nessie_mac_ctx.mac_init = (nessie_mac_init_fpt)hmac_sha256_init;
+ nessie_mac_ctx.mac_next = (nessie_mac_next_fpt)hmac_sha256_nextBlock;
+ nessie_mac_ctx.mac_last = (nessie_mac_last_fpt)hmac_sha256_lastBlock;
+ nessie_mac_ctx.mac_conv = (nessie_mac_conv_fpt)hmac_sha256_final;
+
+ nessie_mac_run();
+}
+
+
+
+/*****************************************************************************
+ * main *
+ *****************************************************************************/
+
+const char nessie_str[] = "nessie";
+const char test_str[] = "test";
+/* const char performance_str[] = "performance"; */
+const char echo_str[] = "echo";
+
+const cmdlist_entry_t const cmdlist[] = {
+ { nessie_str, NULL, testrun_nessie_hmacsha256},
+ { test_str, NULL, testrun_hmacsha256},
+/* { performance_str, NULL, testrun_performance_hmacsha256}, */
+ { echo_str, (void*)1, (void_fpt)echo_ctrl},
+ { NULL, NULL, NULL}
+};
+
+int main (void){
+ main_setup();
+
+ for(;;){
+ welcome_msg(algo_name);
+ cmd_interface(cmdlist);
+ }
+}
--- /dev/null
+/* main-dsa-test.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * RSA test-suit
+ *
+*/
+#include "main-test-common.h"
+
+#include "noekeon.h"
+#include "noekeon_prng.h"
+#include "bigint.h"
+#include "bigint_io.h"
+#include "random_dummy.h"
+#include "rsa_basic.h"
+#include "rsaes_oaep.h"
+
+#include "performance_test.h"
+
+const char* algo_name = "RSAES-OAEP";
+
+#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t))
+#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
+
+/*****************************************************************************
+ * additional validation-functions *
+ *****************************************************************************/
+#if 0
+/* ==================================
+ * Example 1: A 1024-bit RSA Key Pair
+ * ================================== */
+
+/* ------------------------------
+ * Components of the RSA Key Pair
+ * ------------------------------ */
+
+/* RSA modulus n: */
+const uint8_t modulus[] = {
+0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
+0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
+0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
+0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
+0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
+0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
+0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
+0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
+};
+
+/* RSA public exponent e: */
+const uint8_t public_exponent[] = {
+0x00, 0x01, 0x00, 0x01
+};
+
+/* RSA private exponent d: */
+const uint8_t private_exponent[] = {
+0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
+0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
+0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
+0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
+0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
+0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
+0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
+0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
+};
+
+/* Prime p: */
+const uint8_t p[] = {
+0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
+0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
+0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
+0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
+};
+
+/* Prime q: */
+const uint8_t q[] = {
+0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
+0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
+0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
+0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
+};
+
+/* p's CRT exponent dP: */
+const uint8_t dp[] = {
+0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
+0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
+0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
+0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
+};
+
+/* q's CRT exponent dQ: */
+const uint8_t dq[] = {
+0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
+0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
+0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
+0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
+};
+
+/* CRT coefficient qInv: */
+const uint8_t qinv[] = {
+0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
+0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
+0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
+0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1
+};
+
+/* ---------------------------------
+ * RSAES-OAEP Encryption Example 1.1
+ * --------------------------------- */
+
+/* Message to be, encrypted: */
+const uint8_t message[] = {
+0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
+0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
+};
+
+/* Seed: */
+const uint8_t seed[] = {
+0x18, 0xb7, 0x76, 0xea, 0x21, 0x06, 0x9d, 0x69, 0x77, 0x6a, 0x33, 0xe9, 0x6b, 0xad, 0x48, 0xe1,
+0xdd, 0xa0, 0xa5, 0xef
+};
+
+/* Encryption: */
+const uint8_t encrypted[] = {
+0x35, 0x4f, 0xe6, 0x7b, 0x4a, 0x12, 0x6d, 0x5d, 0x35, 0xfe, 0x36, 0xc7, 0x77, 0x79, 0x1a, 0x3f,
+0x7b, 0xa1, 0x3d, 0xef, 0x48, 0x4e, 0x2d, 0x39, 0x08, 0xaf, 0xf7, 0x22, 0xfa, 0xd4, 0x68, 0xfb,
+0x21, 0x69, 0x6d, 0xe9, 0x5d, 0x0b, 0xe9, 0x11, 0xc2, 0xd3, 0x17, 0x4f, 0x8a, 0xfc, 0xc2, 0x01,
+0x03, 0x5f, 0x7b, 0x6d, 0x8e, 0x69, 0x40, 0x2d, 0xe5, 0x45, 0x16, 0x18, 0xc2, 0x1a, 0x53, 0x5f,
+0xa9, 0xd7, 0xbf, 0xc5, 0xb8, 0xdd, 0x9f, 0xc2, 0x43, 0xf8, 0xcf, 0x92, 0x7d, 0xb3, 0x13, 0x22,
+0xd6, 0xe8, 0x81, 0xea, 0xa9, 0x1a, 0x99, 0x61, 0x70, 0xe6, 0x57, 0xa0, 0x5a, 0x26, 0x64, 0x26,
+0xd9, 0x8c, 0x88, 0x00, 0x3f, 0x84, 0x77, 0xc1, 0x22, 0x70, 0x94, 0xa0, 0xd9, 0xfa, 0x1e, 0x8c,
+0x40, 0x24, 0x30, 0x9c, 0xe1, 0xec, 0xcc, 0xb5, 0x21, 0x00, 0x35, 0xd4, 0x7a, 0xc7, 0x2e, 0x8a
+};
+
+/* Message to be encrypted: */
+const uint8_t message2[] = {
+0x75, 0x0c, 0x40, 0x47, 0xf5, 0x47, 0xe8, 0xe4, 0x14, 0x11, 0x85, 0x65, 0x23, 0x29, 0x8a, 0xc9,
+0xba, 0xe2, 0x45, 0xef, 0xaf, 0x13, 0x97, 0xfb, 0xe5, 0x6f, 0x9d, 0xd5
+};
+
+/* Seed: */
+const uint8_t seed2[] = {
+0x0c, 0xc7, 0x42, 0xce, 0x4a, 0x9b, 0x7f, 0x32, 0xf9, 0x51, 0xbc, 0xb2, 0x51, 0xef, 0xd9, 0x25,
+0xfe, 0x4f, 0xe3, 0x5f
+};
+
+/* Encryption: */
+const uint8_t encrypted2[] = {
+0x64, 0x0d, 0xb1, 0xac, 0xc5, 0x8e, 0x05, 0x68, 0xfe, 0x54, 0x07, 0xe5, 0xf9, 0xb7, 0x01, 0xdf,
+0xf8, 0xc3, 0xc9, 0x1e, 0x71, 0x6c, 0x53, 0x6f, 0xc7, 0xfc, 0xec, 0x6c, 0xb5, 0xb7, 0x1c, 0x11,
+0x65, 0x98, 0x8d, 0x4a, 0x27, 0x9e, 0x15, 0x77, 0xd7, 0x30, 0xfc, 0x7a, 0x29, 0x93, 0x2e, 0x3f,
+0x00, 0xc8, 0x15, 0x15, 0x23, 0x6d, 0x8d, 0x8e, 0x31, 0x01, 0x7a, 0x7a, 0x09, 0xdf, 0x43, 0x52,
+0xd9, 0x04, 0xcd, 0xeb, 0x79, 0xaa, 0x58, 0x3a, 0xdc, 0xc3, 0x1e, 0xa6, 0x98, 0xa4, 0xc0, 0x52,
+0x83, 0xda, 0xba, 0x90, 0x89, 0xbe, 0x54, 0x91, 0xf6, 0x7c, 0x1a, 0x4e, 0xe4, 0x8d, 0xc7, 0x4b,
+0xbb, 0xe6, 0x64, 0x3a, 0xef, 0x84, 0x66, 0x79, 0xb4, 0xcb, 0x39, 0x5a, 0x35, 0x2d, 0x5e, 0xd1,
+0x15, 0x91, 0x2d, 0xf6, 0x96, 0xff, 0xe0, 0x70, 0x29, 0x32, 0x94, 0x6d, 0x71, 0x49, 0x2b, 0x44
+};
+
+/**********************************************************************************************/
+/* ---------------------------------
+ * RSAES-OAEP Encryption Example 2.1
+ * --------------------------------- */
+
+/* Message to be encrypted: */
+const uint8_t message3[] = {
+0x8f, 0xf0, 0x0c, 0xaa, 0x60, 0x5c, 0x70, 0x28, 0x30, 0x63, 0x4d, 0x9a, 0x6c, 0x3d, 0x42, 0xc6,
+0x52, 0xb5, 0x8c, 0xf1, 0xd9, 0x2f, 0xec, 0x57, 0x0b, 0xee, 0xe7
+};
+
+/* Seed: */
+const uint8_t seed3[] = {
+0x8c, 0x40, 0x7b, 0x5e, 0xc2, 0x89, 0x9e, 0x50, 0x99, 0xc5, 0x3e, 0x8c, 0xe7, 0x93, 0xbf, 0x94,
+0xe7, 0x1b, 0x17, 0x82
+};
+
+/* Encryption: */
+const uint8_t encrypted3[] = {
+0x01, 0x81, 0xaf, 0x89, 0x22, 0xb9, 0xfc, 0xb4, 0xd7, 0x9d, 0x92, 0xeb, 0xe1, 0x98, 0x15, 0x99,
+0x2f, 0xc0, 0xc1, 0x43, 0x9d, 0x8b, 0xcd, 0x49, 0x13, 0x98, 0xa0, 0xf4, 0xad, 0x3a, 0x32, 0x9a,
+0x5b, 0xd9, 0x38, 0x55, 0x60, 0xdb, 0x53, 0x26, 0x83, 0xc8, 0xb7, 0xda, 0x04, 0xe4, 0xb1, 0x2a,
+0xed, 0x6a, 0xac, 0xdf, 0x47, 0x1c, 0x34, 0xc9, 0xcd, 0xa8, 0x91, 0xad, 0xdc, 0xc2, 0xdf, 0x34,
+0x56, 0x65, 0x3a, 0xa6, 0x38, 0x2e, 0x9a, 0xe5, 0x9b, 0x54, 0x45, 0x52, 0x57, 0xeb, 0x09, 0x9d,
+0x56, 0x2b, 0xbe, 0x10, 0x45, 0x3f, 0x2b, 0x6d, 0x13, 0xc5, 0x9c, 0x02, 0xe1, 0x0f, 0x1f, 0x8a,
+0xbb, 0x5d, 0xa0, 0xd0, 0x57, 0x09, 0x32, 0xda, 0xcf, 0x2d, 0x09, 0x01, 0xdb, 0x72, 0x9d, 0x0f,
+0xef, 0xcc, 0x05, 0x4e, 0x70, 0x96, 0x8e, 0xa5, 0x40, 0xc8, 0x1b, 0x04, 0xbc, 0xae, 0xfe, 0x72,
+0x0e
+};
+#endif
+/**********************************************************************************************/
+
+/* ---------------------------------
+ * RSAES-OAEP Encryption Example 2.4
+ * --------------------------------- */
+
+/* Message to be encrypted: */
+const uint8_t message4[] = {
+0xa7, 0xeb, 0x2a, 0x50, 0x36, 0x93, 0x1d, 0x27, 0xd4, 0xe8, 0x91, 0x32, 0x6d, 0x99, 0x69, 0x2f,
+0xfa, 0xdd, 0xa9, 0xbf, 0x7e, 0xfd, 0x3e, 0x34, 0xe6, 0x22, 0xc4, 0xad, 0xc0, 0x85, 0xf7, 0x21,
+0xdf, 0xe8, 0x85, 0x07, 0x2c, 0x78, 0xa2, 0x03, 0xb1, 0x51, 0x73, 0x9b, 0xe5, 0x40, 0xfa, 0x8c,
+0x15, 0x3a, 0x10, 0xf0, 0x0a
+};
+
+/* Seed: */
+const uint8_t seed4[] = {
+0x9a, 0x7b, 0x3b, 0x0e, 0x70, 0x8b, 0xd9, 0x6f, 0x81, 0x90, 0xec, 0xab, 0x4f, 0xb9, 0xb2, 0xb3,
+0x80, 0x5a, 0x81, 0x56
+};
+
+/* Encryption: */
+const uint8_t encrypted4[] = {
+/* 0x00,*/ 0xa4, 0x57, 0x8c, 0xbc, 0x17, 0x63, 0x18, 0xa6, 0x38, 0xfb, 0xa7, 0xd0, 0x1d, 0xf1, 0x57,
+0x46, 0xaf, 0x44, 0xd4, 0xf6, 0xcd, 0x96, 0xd7, 0xe7, 0xc4, 0x95, 0xcb, 0xf4, 0x25, 0xb0, 0x9c,
+0x64, 0x9d, 0x32, 0xbf, 0x88, 0x6d, 0xa4, 0x8f, 0xba, 0xf9, 0x89, 0xa2, 0x11, 0x71, 0x87, 0xca,
+0xfb, 0x1f, 0xb5, 0x80, 0x31, 0x76, 0x90, 0xe3, 0xcc, 0xd4, 0x46, 0x92, 0x0b, 0x7a, 0xf8, 0x2b,
+0x31, 0xdb, 0x58, 0x04, 0xd8, 0x7d, 0x01, 0x51, 0x4a, 0xcb, 0xfa, 0x91, 0x56, 0xe7, 0x82, 0xf8,
+0x67, 0xf6, 0xbe, 0xd9, 0x44, 0x9e, 0x0e, 0x9a, 0x2c, 0x09, 0xbc, 0xec, 0xc6, 0xaa, 0x08, 0x76,
+0x36, 0x96, 0x5e, 0x34, 0xb3, 0xec, 0x76, 0x6f, 0x2f, 0xe2, 0xe4, 0x30, 0x18, 0xa2, 0xfd, 0xde,
+0xb1, 0x40, 0x61, 0x6a, 0x0e, 0x9d, 0x82, 0xe5, 0x33, 0x10, 0x24, 0xee, 0x06, 0x52, 0xfc, 0x76,
+0x41
+};
+
+/**********************************************************************************************/
+#if 1
+/* RSA modulus n: */
+const uint8_t modulus2[] = {
+0x01, 0x94, 0x7c, 0x7f, 0xce, 0x90, 0x42, 0x5f, 0x47, 0x27, 0x9e, 0x70, 0x85, 0x1f, 0x25, 0xd5,
+0xe6, 0x23, 0x16, 0xfe, 0x8a, 0x1d, 0xf1, 0x93, 0x71, 0xe3, 0xe6, 0x28, 0xe2, 0x60, 0x54, 0x3e,
+0x49, 0x01, 0xef, 0x60, 0x81, 0xf6, 0x8c, 0x0b, 0x81, 0x41, 0x19, 0x0d, 0x2a, 0xe8, 0xda, 0xba,
+0x7d, 0x12, 0x50, 0xec, 0x6d, 0xb6, 0x36, 0xe9, 0x44, 0xec, 0x37, 0x22, 0x87, 0x7c, 0x7c, 0x1d,
+0x0a, 0x67, 0xf1, 0x4b, 0x16, 0x94, 0xc5, 0xf0, 0x37, 0x94, 0x51, 0xa4, 0x3e, 0x49, 0xa3, 0x2d,
+0xde, 0x83, 0x67, 0x0b, 0x73, 0xda, 0x91, 0xa1, 0xc9, 0x9b, 0xc2, 0x3b, 0x43, 0x6a, 0x60, 0x05,
+0x5c, 0x61, 0x0f, 0x0b, 0xaf, 0x99, 0xc1, 0xa0, 0x79, 0x56, 0x5b, 0x95, 0xa3, 0xf1, 0x52, 0x66,
+0x32, 0xd1, 0xd4, 0xda, 0x60, 0xf2, 0x0e, 0xda, 0x25, 0xe6, 0x53, 0xc4, 0xf0, 0x02, 0x76, 0x6f,
+0x45
+};
+
+/* RSA public exponent e: */
+const uint8_t public_exponent2[] = {
+0x01, 0x00, 0x01
+};
+
+/* RSA private exponent d: */
+const uint8_t private_exponent2[] = {
+0x08, 0x23, 0xf2, 0x0f, 0xad, 0xb5, 0xda, 0x89, 0x08, 0x8a, 0x9d, 0x00, 0x89, 0x3e, 0x21, 0xfa,
+0x4a, 0x1b, 0x11, 0xfb, 0xc9, 0x3c, 0x64, 0xa3, 0xbe, 0x0b, 0xaa, 0xea, 0x97, 0xfb, 0x3b, 0x93,
+0xc3, 0xff, 0x71, 0x37, 0x04, 0xc1, 0x9c, 0x96, 0x3c, 0x1d, 0x10, 0x7a, 0xae, 0x99, 0x05, 0x47,
+0x39, 0xf7, 0x9e, 0x02, 0xe1, 0x86, 0xde, 0x86, 0xf8, 0x7a, 0x6d, 0xde, 0xfe, 0xa6, 0xd8, 0xcc,
+0xd1, 0xd3, 0xc8, 0x1a, 0x47, 0xbf, 0xa7, 0x25, 0x5b, 0xe2, 0x06, 0x01, 0xa4, 0xa4, 0xb2, 0xf0,
+0x8a, 0x16, 0x7b, 0x5e, 0x27, 0x9d, 0x71, 0x5b, 0x1b, 0x45, 0x5b, 0xdd, 0x7e, 0xab, 0x24, 0x59,
+0x41, 0xd9, 0x76, 0x8b, 0x9a, 0xce, 0xfb, 0x3c, 0xcd, 0xa5, 0x95, 0x2d, 0xa3, 0xce, 0xe7, 0x25,
+0x25, 0xb4, 0x50, 0x16, 0x63, 0xa8, 0xee, 0x15, 0xc9, 0xe9, 0x92, 0xd9, 0x24, 0x62, 0xfe, 0x39
+};
+
+/* Prime p: */
+const uint8_t p2[] = {
+0x01, 0x59, 0xdb, 0xde, 0x04, 0xa3, 0x3e, 0xf0, 0x6f, 0xb6, 0x08, 0xb8, 0x0b, 0x19, 0x0f, 0x4d,
+0x3e, 0x22, 0xbc, 0xc1, 0x3a, 0xc8, 0xe4, 0xa0, 0x81, 0x03, 0x3a, 0xbf, 0xa4, 0x16, 0xed, 0xb0,
+0xb3, 0x38, 0xaa, 0x08, 0xb5, 0x73, 0x09, 0xea, 0x5a, 0x52, 0x40, 0xe7, 0xdc, 0x6e, 0x54, 0x37,
+0x8c, 0x69, 0x41, 0x4c, 0x31, 0xd9, 0x7d, 0xdb, 0x1f, 0x40, 0x6d, 0xb3, 0x76, 0x9c, 0xc4, 0x1a,
+0x43
+};
+
+/* Prime q: */
+const uint8_t q2[] = {
+0x01, 0x2b, 0x65, 0x2f, 0x30, 0x40, 0x3b, 0x38, 0xb4, 0x09, 0x95, 0xfd, 0x6f, 0xf4, 0x1a, 0x1a,
+0xcc, 0x8a, 0xda, 0x70, 0x37, 0x32, 0x36, 0xb7, 0x20, 0x2d, 0x39, 0xb2, 0xee, 0x30, 0xcf, 0xb4,
+0x6d, 0xb0, 0x95, 0x11, 0xf6, 0xf3, 0x07, 0xcc, 0x61, 0xcc, 0x21, 0x60, 0x6c, 0x18, 0xa7, 0x5b,
+0x8a, 0x62, 0xf8, 0x22, 0xdf, 0x03, 0x1b, 0xa0, 0xdf, 0x0d, 0xaf, 0xd5, 0x50, 0x6f, 0x56, 0x8b,
+0xd7
+};
+
+/* p's CRT exponent dP: */
+const uint8_t dp2[] = {
+0x43, 0x6e, 0xf5, 0x08, 0xde, 0x73, 0x65, 0x19, 0xc2, 0xda, 0x4c, 0x58, 0x0d, 0x98, 0xc8, 0x2c,
+0xb7, 0x45, 0x2a, 0x3f, 0xb5, 0xef, 0xad, 0xc3, 0xb9, 0xc7, 0x78, 0x9a, 0x1b, 0xc6, 0x58, 0x4f,
+0x79, 0x5a, 0xdd, 0xbb, 0xd3, 0x24, 0x39, 0xc7, 0x46, 0x86, 0x55, 0x2e, 0xcb, 0x6c, 0x2c, 0x30,
+0x7a, 0x4d, 0x3a, 0xf7, 0xf5, 0x39, 0xee, 0xc1, 0x57, 0x24, 0x8c, 0x7b, 0x31, 0xf1, 0xa2, 0x55
+};
+
+/* q's CRT exponent dQ: */
+const uint8_t dq2[] = {
+0x01, 0x2b, 0x15, 0xa8, 0x9f, 0x3d, 0xfb, 0x2b, 0x39, 0x07, 0x3e, 0x73, 0xf0, 0x2b, 0xdd, 0x0c,
+0x1a, 0x7b, 0x37, 0x9d, 0xd4, 0x35, 0xf0, 0x5c, 0xdd, 0xe2, 0xef, 0xf9, 0xe4, 0x62, 0x94, 0x8b,
+0x7c, 0xec, 0x62, 0xee, 0x90, 0x50, 0xd5, 0xe0, 0x81, 0x6e, 0x07, 0x85, 0xa8, 0x56, 0xb4, 0x91,
+0x08, 0xdc, 0xb7, 0x5f, 0x36, 0x83, 0x87, 0x4d, 0x1c, 0xa6, 0x32, 0x9a, 0x19, 0x01, 0x30, 0x66,
+0xff
+};
+
+/* CRT coefficient qInv: */
+const uint8_t qinv2[] = {
+0x02, 0x70, 0xdb, 0x17, 0xd5, 0x91, 0x4b, 0x01, 0x8d, 0x76, 0x11, 0x8b, 0x24, 0x38, 0x9a, 0x73,
+0x50, 0xec, 0x83, 0x6b, 0x00, 0x63, 0xa2, 0x17, 0x21, 0x23, 0x6f, 0xd8, 0xed, 0xb6, 0xd8, 0x9b,
+0x51, 0xe7, 0xee, 0xb8, 0x7b, 0x61, 0x1b, 0x71, 0x32, 0xcb, 0x7e, 0xa7, 0x35, 0x6c, 0x23, 0x15,
+0x1c, 0x1e, 0x77, 0x51, 0x50, 0x7c, 0x78, 0x6d, 0x9e, 0xe1, 0x79, 0x41, 0x70, 0xa8, 0xc8, 0xe8
+};
+
+#endif
+/**********************************************************************************************/
+
+
+uint8_t keys_allocated = 0;
+rsa_publickey_t pub_key;
+rsa_privatekey_t priv_key;
+
+#if 0
+ #define MSG message
+ #define SEED seed
+ #define ENCRYPTED encrypted
+ #define MODULUS modulus
+ #define PUB_EXPONENT public_exponent
+ #define PRIV_EXPONENT private_exponent
+ #define P p
+ #define Q q
+ #define DP dp
+ #define DQ dq
+ #define QINV qinv
+#else
+ #define MSG message4
+ #define SEED seed4
+ #define ENCRYPTED encrypted4
+ #define MODULUS modulus2
+ #define PUB_EXPONENT public_exponent2
+ #define PRIV_EXPONENT private_exponent2
+ #define P p2
+ #define Q q2
+ #define DP dp2
+ #define DQ dq2
+ #define QINV qinv2
+#endif
+
+
+uint8_t convert_nibble(uint8_t c){
+ if(c>='0' && c<='9'){
+ return c - '0';
+ }
+ c |= 'A' ^ 'a';
+ if(c>='a' && c<='f'){
+ return c - 'a' + 10;
+ }
+ return 0xff;
+}
+
+const char *block_ignore_string=" \t\r\n,;";
+#define BUFFER_LIMIT 120
+uint16_t read_os(void* dst, uint16_t length, const char* ignore_string){
+ uint16_t counter = 0;
+ uint16_t c;
+ uint8_t v, tmp = 0, idx = 0;
+ if(!ignore_string){
+ ignore_string = block_ignore_string;
+ }
+ while(counter < length){
+ c = cli_getc();
+ if(c > 0xff){
+ return counter;
+ }
+ if(strchr(ignore_string, c)){
+ continue;
+ }
+ v = convert_nibble(c);
+ if(v > 0x0f){
+ return counter;
+ }
+ if(idx){
+ ((uint8_t*)dst)[counter++] = (tmp << 4) | v;
+ idx = 0;
+ if(counter % (BUFFER_LIMIT/2) == 0){
+ cli_putc('.');
+ }
+ }else{
+ tmp = v;
+ idx = 1;
+ }
+ }
+ return counter;
+}
+
+uint16_t own_atou(const char* str){
+ uint16_t r=0;
+ while(*str && *str >= '0' && *str <= '9'){
+ r *= 10;
+ r += *str++ - '0';
+ }
+ return r;
+}
+
+char* own_utoa(unsigned value, char* str, uint8_t radix){
+ char *p = str, *b = str;
+ char t;
+ div_t d;
+ if(radix>36){
+ return NULL;
+ }
+ if(value == 0){
+ *p++ = '0';
+ *p = '\0';
+ return str;
+ }
+ while(value){
+ d = div(value, radix);
+ value = d.quot;
+ if(d.rem < 10){
+ *p++ = '0' + d.rem;
+ }else{
+ *p++ = 'a' + d.rem - 10;
+ }
+ }
+ *p = '\0';
+ while(str<p){
+ t = *str;
+ *str++ = *--p;
+ *p = t;
+ }
+ return b;
+}
+
+uint8_t read_bigint(bigint_t* a, char* prompt){
+ uint16_t read_length, actual_length;
+ uint8_t off;
+ uint8_t *buffer;
+ char read_int_str[18];
+ cli_putstr(prompt);
+ cli_putstr("\r\n length: ");
+ cli_getsn(read_int_str, 16);
+ read_length = own_atou(read_int_str);
+ off = (sizeof(bigint_word_t) - (read_length % sizeof(bigint_word_t))) % sizeof(bigint_word_t);
+ buffer = malloc(((read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t));
+ if(!buffer){
+ cli_putstr("\r\nERROR: OOM!");
+ return 2;
+ }
+ cli_putstr("\r\n data: ");
+ memset(buffer, 0, sizeof(bigint_word_t));
+ actual_length = read_os(buffer + off, read_length, NULL);
+ if(actual_length != read_length){
+ cli_putstr("\r\nERROR: unexpected end of data!");
+ free(buffer);
+ return 1;
+ }
+ a->wordv = (bigint_word_t*)buffer;
+ a->length_W = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
+ a->info = 0;
+ bigint_changeendianess(a);
+ bigint_adjust(a);
+ return 0;
+}
+
+uint8_t pre_alloc_key_crt(void){
+ priv_key.n = 5;
+ priv_key.components = malloc(5 * sizeof(bigint_t));
+ if(!priv_key.components){
+ cli_putstr("\r\nERROR: OOM!");
+ return 2;
+ }
+ return 0;
+}
+
+void free_key(void){
+ uint8_t c;
+ free(pub_key.modulus.wordv);
+ free(pub_key.exponent.wordv);
+ pub_key.modulus.wordv = priv_key.modulus.wordv = NULL;
+ for(c = 0; c < priv_key.n; ++c){
+ free(priv_key.components[c].wordv);
+ }
+ free(priv_key.components);
+}
+
+uint8_t read_key_crt(void){
+ uint8_t r;
+ cli_putstr("\r\n== reading key (crt) ==");
+ r = pre_alloc_key_crt();
+ if(r) return r;
+ r = read_bigint(&pub_key.modulus, "\r\n = module =");
+ memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
+ if(r) return r;
+ r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
+ if(r) return r;
+ r = read_bigint(&priv_key.components[0], "\r\n = p (first prime) =");
+ if(r) return r;
+ r = read_bigint(&priv_key.components[1], "\r\n = q (second prime) =");
+ if(r) return r;
+ r = read_bigint(&priv_key.components[2], "\r\n = dp (p's exponent) =");
+ if(r) return r;
+ r = read_bigint(&priv_key.components[3], "\r\n = dq (q's exponent) =");
+ if(r) return r;
+ r = read_bigint(&priv_key.components[4], "\r\n = qInv (q' coefficient) =");
+ return r;
+}
+
+uint8_t read_key_conv(void){
+ uint8_t r;
+ cli_putstr("\r\n== reading key (crt) ==");
+ r = read_bigint(&pub_key.modulus,"\r\n = module =");
+ if(r) return r;
+ memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
+ priv_key.n = 1;
+ priv_key.components = malloc(sizeof(bigint_t));
+ if(!priv_key.components){
+ cli_putstr("\r\nERROR: OOM!");
+ return 2;
+ }
+ r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
+ if(r) return r;
+ r = read_bigint(&priv_key.components[0], "\r\n = private exponent =");
+ return r;
+}
+
+void load_priv_conventional(void){
+ priv_key.components = malloc(sizeof(bigint_t));
+ priv_key.components[0].length_W = (sizeof(PRIV_EXPONENT) +
+ sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
+ priv_key.components[0].wordv = malloc(priv_key.components[0].length_W *
+ sizeof(bigint_word_t));
+ if(!priv_key.components[0].wordv){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ memcpy(priv_key.components[0].wordv, PRIV_EXPONENT, sizeof(PRIV_EXPONENT));
+ priv_key.n = 1;
+ bigint_changeendianess(&priv_key.components[0]);
+ bigint_adjust(&priv_key.components[0]);
+}
+
+
+void load_priv_crt_mono(void){
+ bigint_t *v;
+ const uint8_t *bv[5] = {P,Q,DP,DQ,QINV};
+ uint16_t sv[5] = {sizeof(P), sizeof(Q), sizeof(DP), sizeof(DQ), sizeof(QINV)};
+ uint8_t i;
+ v = malloc(5 * sizeof(bigint_t));
+ if(!v){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ priv_key.components = v;
+ priv_key.n = 5;
+ for(i=0; i<5; ++i){
+ v[i].info = 0;
+ v[i].length_W = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
+ v[i].wordv = calloc(v[i].length_W , sizeof(bigint_word_t));
+ if(!v[i].wordv){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ memcpy(v[i].wordv, bv[i], sv[i]);
+ bigint_changeendianess(&v[i]);
+ bigint_adjust(&v[i]);
+ }
+}
+
+uint8_t load_bigint_from_os(bigint_t* a, const void* os, uint16_t length_B){
+ a->length_W = BIGINT_CEIL(length_B) / sizeof(bigint_word_t);
+ a->wordv = malloc(BIGINT_CEIL(length_B));
+ if(!a->wordv){
+ cli_putstr("\r\nOOM!\r\n");
+ return 1;
+ }
+ memset(a->wordv, 0, sizeof(bigint_word_t));
+ memcpy((uint8_t*)a->wordv + BIGINT_OFF(length_B), os, length_B);
+ a->info = 0;
+ bigint_changeendianess(a);
+ bigint_adjust(a);
+ return 0;
+}
+
+void load_fix_rsa(void){
+ if(keys_allocated){
+ free_key();
+ }
+ keys_allocated = 1;
+
+ if(pre_alloc_key_crt()){
+ cli_putstr("\r\nOOM!\r\n");
+ return;
+ }
+
+ load_bigint_from_os(&pub_key.modulus, MODULUS, sizeof(MODULUS));
+ load_bigint_from_os(&pub_key.exponent, PUB_EXPONENT, sizeof(PUB_EXPONENT));
+ priv_key.n = 5;
+ memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
+ load_bigint_from_os(&priv_key.components[0], P, sizeof(P));
+ load_bigint_from_os(&priv_key.components[1], Q, sizeof(Q));
+ load_bigint_from_os(&priv_key.components[2], DP, sizeof(DP));
+ load_bigint_from_os(&priv_key.components[3], DQ, sizeof(DQ));
+ load_bigint_from_os(&priv_key.components[4], QINV, sizeof(QINV));
+
+// load_priv_conventional();
+// load_priv_crt_mono();
+}
+
+void quick_test(void){
+ uint8_t *ciphertext, *plaintext, rc;
+ uint8_t seed[sizeof(SEED)];
+ uint16_t clen, plen;
+ ciphertext = malloc(clen = pub_key.modulus.length_W * sizeof(bigint_word_t));
+ plaintext = malloc(pub_key.modulus.length_W * sizeof(bigint_word_t));
+ memcpy(plaintext, MSG, sizeof(MSG));
+ memcpy(seed, SEED, sizeof(SEED));
+ cli_putstr("\r\nplaintext:");
+ cli_hexdump_block(plaintext, sizeof(MSG), 4, 8);
+ cli_putstr("\r\nencrypting: ...");
+ rc = rsa_encrypt_oaep(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, NULL, NULL, seed);
+ if(rc){
+ cli_putstr("\r\nERROR: rsa_encrypt_oaep returned: ");
+ cli_hexdump_byte(rc);
+ return;
+
+ }
+
+ cli_putstr("\r\n\r\nciphertext:");
+ cli_hexdump_block(ciphertext, clen, 4, 8);
+ if(clen!=sizeof(ENCRYPTED)){
+ cli_putstr("\r\n>>FAIL (no size match)<<");
+ }else{
+ if(memcmp(ciphertext, ENCRYPTED, clen)){
+ cli_putstr("\r\n>>FAIL (no content match)<<");
+ }else{
+ cli_putstr("\r\n>>OK<<");
+ }
+ }
+
+ cli_putstr("\r\ndecrypting: ...");
+ rc = rsa_decrypt_oaep(plaintext, &plen, ciphertext, clen, &priv_key, NULL, NULL, NULL);
+ if(rc){
+ cli_putstr("\r\nERROR: rsa_decrypt_oaep returned: ");
+ cli_hexdump_byte(rc);
+ return;
+ }
+ cli_putstr("\r\n\r\nplaintext:");
+ cli_hexdump_block(plaintext, plen, 4, 8);
+
+ free(ciphertext);
+ free(plaintext);
+}
+
+void run_seed_test(void){
+ uint8_t *msg, *ciph, *msg_;
+ uint16_t msg_len, ciph_len, msg_len_;
+ uint8_t seed[20], seed_out[20];
+ char read_int_str[18];
+ cli_putstr("\r\n== test with given seed ==");
+ cli_putstr("\r\n = message =");
+ cli_putstr("\r\n length: ");
+ cli_getsn(read_int_str, 16);
+ msg_len = own_atou(read_int_str);
+ msg = malloc(msg_len);
+ if(!msg){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ ciph = malloc(bigint_length_B(&pub_key.modulus));
+ if(!ciph){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ msg_ = malloc(bigint_length_B(&pub_key.modulus));
+ if(!msg_){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ cli_putstr("\r\n data: ");
+ read_os(msg, msg_len, NULL);
+ cli_putstr("\r\n seed (20 bytes): ");
+ read_os(seed, 20, NULL);
+
+ cli_putstr("\r\n encrypting ...");
+ rsa_encrypt_oaep(ciph, &ciph_len, msg, msg_len, &pub_key, NULL, NULL, seed);
+ cli_putstr("\r\n ciphertext:");
+ cli_hexdump_block(ciph, ciph_len, 4, 16);
+ cli_putstr("\r\n decrypting ... ");
+ rsa_decrypt_oaep(msg_, &msg_len_, ciph, ciph_len, &priv_key, NULL, NULL, seed_out);
+ cli_putstr("[done]");
+ if(msg_len != msg_len_){
+ char tstr[16];
+ cli_putstr("\r\nERROR: wrong decrypted message length (");
+
+ own_utoa(msg_len_, tstr, 10);
+ cli_putstr(tstr);
+ cli_putstr(" instead of ");
+ own_utoa(msg_len, tstr, 10);
+ cli_putstr(tstr);
+ cli_putc(')');
+ goto end;
+ }
+ if(memcmp(msg, msg_, msg_len)){
+ cli_putstr("\r\nERROR: wrong decrypted message:");
+ cli_hexdump_block(msg_, msg_len_, 4, 16);
+ cli_putstr("\r\nreference:");
+ cli_hexdump_block(msg, msg_len, 4, 16);
+ goto end;
+ }
+
+ if(memcmp(seed, seed_out, 20)){
+ cli_putstr("\r\nERROR: wrong decrypted seed:");
+ cli_hexdump_block(seed_out, 20, 4, 16);
+ cli_putstr("\r\nreference:");
+ cli_hexdump_block(seed, 20, 4, 16);
+ goto end;
+ }
+ cli_putstr("\r\n >>OK<<");
+end:
+ free(msg);
+ free(msg_);
+ free(ciph);
+}
+
+void reset_prng(void){
+ uint8_t buf[16];
+ memset(buf, 0, 16);
+ random_seed(buf);
+ cli_putstr("\r\nPRNG reset");
+}
+
+void rsa_init(void){
+ prng_get_byte = random8;
+}
+
+void load_key(void){
+ if(keys_allocated){
+ free_key();
+ }
+ keys_allocated = 1;
+ read_key_crt();
+}
+
+void test_dump(void){
+ char lstr[16];
+ int len;
+ cli_putstr("\r\nenter dump length: ");
+ cli_getsn(lstr, 15);
+ len = own_atou(lstr);
+ cli_putstr("\r\ndumping 0x");
+ cli_hexdump_rev(&len, 2);
+ cli_putstr(" byte:");
+ cli_hexdump_block(pub_key.modulus.wordv, len, 4, 8);
+}
+
+/*****************************************************************************
+ * main *
+ *****************************************************************************/
+
+const char echo_test_str[] = "echo-test";
+const char reset_prng_str[] = "reset-prng";
+const char load_key_str[] = "load-key";
+const char load_fix_key_str[] = "load-fix-key";
+const char quick_test_str[] = "quick-test";
+const char seed_test_str[] = "seed-test";
+const char dump_test_str[] = "dump-test";
+const char performance_str[] = "performance";
+const char echo_str[] = "echo";
+
+const cmdlist_entry_t cmdlist[] = {
+ { reset_prng_str, NULL, reset_prng },
+ { load_key_str, NULL, load_key },
+ { load_fix_key_str, NULL, load_fix_rsa },
+ { quick_test_str, NULL, quick_test },
+ { seed_test_str, NULL, run_seed_test },
+ { dump_test_str, NULL, test_dump },
+// { performance_str, NULL, testrun_performance_bigint },
+ { echo_str, (void*)1, (void_fpt)echo_ctrl },
+ { NULL, NULL, NULL }
+};
+
+void dump_sp(void){
+ uint8_t x;
+ uint8_t *xa = &x;
+ cli_putstr("\r\nstack pointer: ~");
+ cli_hexdump_rev(&xa, 4);
+}
+
+int main (void){
+ main_setup();
+
+ for(;;){
+ welcome_msg(algo_name);
+ rsa_init();
+ cmd_interface(cmdlist);
+ }
+}
--- /dev/null
+/* main-dsa-test.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * RSA test-suit
+ *
+*/
+#include "main-test-common.h"
+
+#include "noekeon.h"
+#include "noekeon_prng.h"
+#include "bigint.h"
+#include "bigint_io.h"
+#include "random_dummy.h"
+#include "rsa_basic.h"
+#include "rsaes_pkcs1v15.h"
+
+#include "performance_test.h"
+
+const char* algo_name = "RSAES-PKCS15";
+
+#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t))
+#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
+
+/*****************************************************************************
+ * additional validation-functions *
+ *****************************************************************************/
+
+/* Modulus: */
+const uint8_t modulus[] = {
+0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
+0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
+0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
+0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
+0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
+0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
+0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
+0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
+};
+
+/* Public exponent: */
+const uint8_t pub_exponent[] = { 0x01, 0x00, 0x01 };
+
+/* Exponent: */
+const uint8_t priv_exponent[] = {
+0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
+0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
+0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
+0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
+0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
+0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
+0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
+0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
+};
+
+/* Prime 1: */
+const uint8_t p[] = {
+0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
+0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
+0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
+0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
+};
+
+/* Prime 2: */
+const uint8_t q[] = {
+0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
+0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
+0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
+0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
+};
+
+/* Prime exponent 1: */
+const uint8_t dp[] = {
+0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
+0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
+0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
+0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
+};
+
+/* Prime exponent 2: */
+const uint8_t dq[] = {
+0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
+0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
+0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
+0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
+};
+
+/* Coefficient: */
+const uint8_t qinv[] = {
+0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
+0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
+0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
+0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1
+};
+
+/*
+ * Example 2: A 1024-bit RSA key pair
+ * ---------------------------------------------------
+ */
+
+/* Modulus: */
+const uint8_t modulus2[] = {
+0x98, 0xb7, 0x05, 0x82, 0xca, 0x80, 0x8f, 0xd1, 0xd3, 0x50, 0x95, 0x62, 0xa0, 0xef, 0x30, 0x5a,
+0xf6, 0xd9, 0x87, 0x54, 0x43, 0xb3, 0x5b, 0xdf, 0x24, 0xd5, 0x36, 0x35, 0x3e, 0x3f, 0x12, 0x28,
+0xdc, 0xd1, 0x2a, 0x78, 0x56, 0x83, 0x56, 0xc6, 0xff, 0x32, 0x3a, 0xbf, 0x72, 0xac, 0x1c, 0xdb,
+0xfe, 0x71, 0x2f, 0xb4, 0x9f, 0xe5, 0x94, 0xa5, 0xa2, 0x17, 0x5d, 0x48, 0xb6, 0x73, 0x25, 0x38,
+0xd8, 0xdf, 0x37, 0xcb, 0x97, 0x0b, 0xe4, 0xa5, 0xb5, 0x62, 0xc3, 0xf2, 0x98, 0xdb, 0x9d, 0xdf,
+0x75, 0x60, 0x78, 0x77, 0x91, 0x8c, 0xce, 0xd1, 0xd0, 0xd1, 0xf3, 0x77, 0x33, 0x8c, 0x0d, 0x3d,
+0x32, 0x07, 0x79, 0x7e, 0x86, 0x2c, 0x65, 0xd1, 0x14, 0x39, 0xe5, 0x88, 0x17, 0x75, 0x27, 0xa7,
+0xde, 0xd9, 0x19, 0x71, 0xad, 0xcf, 0x91, 0xe2, 0xe8, 0x34, 0xe3, 0x7f, 0x05, 0xa7, 0x36, 0x55
+};
+
+/* Public exponent: */
+const uint8_t pub_exponent2[] = {0x01, 0x00, 0x01 };
+
+/* Exponent: */
+const uint8_t priv_exponent2[] = {
+0x06, 0x14, 0xa7, 0x86, 0x05, 0x2d, 0x28, 0x4c, 0xd9, 0x06, 0xa8, 0xe4, 0x13, 0xf7, 0x62, 0x2c,
+0x05, 0x0f, 0x35, 0x49, 0xc0, 0x26, 0x58, 0x9e, 0xa2, 0x77, 0x50, 0xe0, 0xbe, 0xd9, 0x41, 0x0e,
+0x5a, 0x78, 0x83, 0xa1, 0xe6, 0x03, 0xf5, 0xc5, 0x17, 0xad, 0x36, 0xd4, 0x9f, 0xaa, 0xc5, 0xbd,
+0x66, 0xbc, 0xb8, 0x03, 0x0f, 0xa8, 0xd3, 0x09, 0xe3, 0x51, 0xdd, 0xd7, 0x82, 0xd8, 0x43, 0xdf,
+0x97, 0x56, 0x80, 0xae, 0x73, 0xee, 0xa9, 0xaa, 0xb2, 0x89, 0xb7, 0x57, 0x20, 0x5d, 0xad, 0xb8,
+0xfd, 0xfb, 0x98, 0x9e, 0xc8, 0xdb, 0x8e, 0x70, 0x95, 0xf5, 0x1f, 0x24, 0x52, 0x9f, 0x56, 0x37,
+0xaa, 0x66, 0x93, 0x31, 0xe2, 0x56, 0x9f, 0x8b, 0x85, 0x4a, 0xbe, 0xce, 0xc9, 0x9a, 0xa2, 0x64,
+0xc3, 0xda, 0x7c, 0xc6, 0x86, 0x6f, 0x0c, 0x0e, 0x1f, 0xb8, 0x46, 0x98, 0x48, 0x58, 0x1c, 0x73
+};
+
+/* Prime 1: */
+const uint8_t p2[] = {
+0xcb, 0x61, 0xa8, 0x8c, 0x8c, 0x30, 0x5a, 0xd9, 0xa8, 0xfb, 0xec, 0x2b, 0xa4, 0xc8, 0x6c, 0xcc,
+0xc2, 0x02, 0x80, 0x24, 0xaa, 0x16, 0x90, 0xc2, 0x9b, 0xc8, 0x26, 0x4d, 0x2f, 0xeb, 0xe8, 0x7e,
+0x4f, 0x86, 0xe9, 0x12, 0xef, 0x0f, 0x5c, 0x18, 0x53, 0xd7, 0x1c, 0xbc, 0x9b, 0x14, 0xba, 0xed,
+0x3c, 0x37, 0xce, 0xf6, 0xc7, 0xa3, 0x59, 0x8b, 0x6f, 0xbe, 0x06, 0x48, 0x10, 0x90, 0x5b, 0x57
+};
+
+/* Prime 2: */
+const uint8_t q2[] = {
+0xc0, 0x39, 0x9f, 0x0b, 0x93, 0x80, 0xfa, 0xba, 0x38, 0xff, 0x80, 0xd2, 0xff, 0xf6, 0xed, 0xe7,
+0x9c, 0xfd, 0xab, 0xf6, 0x58, 0x97, 0x20, 0x77, 0xa5, 0xe2, 0xb2, 0x95, 0x69, 0x3e, 0xa5, 0x10,
+0x72, 0x26, 0x8b, 0x91, 0x74, 0x6e, 0xea, 0x9b, 0xe0, 0x4a, 0xd6, 0x61, 0x00, 0xeb, 0xed, 0x73,
+0x3d, 0xb4, 0xcd, 0x01, 0x47, 0xa1, 0x8d, 0x6d, 0xe8, 0xc0, 0xcd, 0x8f, 0xbf, 0x24, 0x9c, 0x33
+};
+
+/* Prime exponent 1: */
+const uint8_t dp2[] = {
+0x94, 0x4c, 0x3a, 0x65, 0x79, 0x57, 0x4c, 0xf7, 0x87, 0x33, 0x62, 0xab, 0x14, 0x35, 0x9c, 0xb7,
+0xd5, 0x03, 0x93, 0xc2, 0xa8, 0x4f, 0x59, 0xf0, 0xbd, 0x3c, 0xbd, 0x48, 0xed, 0x17, 0x7c, 0x68,
+0x95, 0xbe, 0x8e, 0xb6, 0xe2, 0x9f, 0xf5, 0x8c, 0x3b, 0x9e, 0x0f, 0xf3, 0x2a, 0xb5, 0x7b, 0xf3,
+0xbe, 0x44, 0x07, 0x62, 0x84, 0x81, 0x84, 0xaa, 0x9a, 0xa9, 0x19, 0xd5, 0x74, 0x56, 0x7e, 0x73
+};
+
+/* Prime exponent 2: */
+const uint8_t dq2[] = {
+0x45, 0xeb, 0xef, 0xd5, 0x87, 0x27, 0x30, 0x8c, 0xd2, 0xb4, 0xe6, 0x08, 0x5a, 0x81, 0x58, 0xd2,
+0x9a, 0x41, 0x8f, 0xee, 0xc1, 0x14, 0xe0, 0x03, 0x85, 0xbc, 0xeb, 0x96, 0xfb, 0xbc, 0x84, 0xd0,
+0x71, 0xa5, 0x61, 0xb9, 0x5c, 0x30, 0x08, 0x79, 0x00, 0xe2, 0x58, 0x0e, 0xdb, 0x05, 0xf6, 0xce,
+0xa7, 0x90, 0x7f, 0xcd, 0xca, 0x5f, 0x92, 0x91, 0x7b, 0x4b, 0xbe, 0xba, 0x5e, 0x1e, 0x14, 0x0f
+};
+
+/* Coefficient: */
+const uint8_t qinv2[] = {
+0xc5, 0x24, 0x68, 0xc8, 0xfd, 0x15, 0xe5, 0xda, 0x2f, 0x6c, 0x8e, 0xba, 0x4e, 0x97, 0xba, 0xeb,
+0xe9, 0x95, 0xb6, 0x7a, 0x1a, 0x7a, 0xd7, 0x19, 0xdd, 0x9f, 0xff, 0x36, 0x6b, 0x18, 0x4d, 0x5a,
+0xb4, 0x55, 0x07, 0x59, 0x09, 0x29, 0x20, 0x44, 0xec, 0xb3, 0x45, 0xcf, 0x2c, 0xdd, 0x26, 0x22,
+0x8e, 0x21, 0xf8, 0x51, 0x83, 0x25, 0x5f, 0x4a, 0x9e, 0x69, 0xf4, 0xc7, 0x15, 0x2e, 0xbb, 0x0f
+};
+
+
+/* PKCS#1 v1.5 encryption of 0x20, random messages with random s0xee,ds
+ * ---------------------------------------------------------------------------
+ */
+
+/* Message: */
+const uint8_t message_x[] = {
+0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
+0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
+};
+
+/* Seed: */
+const uint8_t seed_x[] = {
+0x01, 0x73, 0x41, 0xae, 0x38, 0x75, 0xd5, 0xf8, 0x71, 0x01, 0xf8, 0xcc, 0x4f, 0xa9, 0xb9, 0xbc,
+0x15, 0x6b, 0xb0, 0x46, 0x28, 0xfc, 0xcd, 0xb2, 0xf4, 0xf1, 0x1e, 0x90, 0x5b, 0xd3, 0xa1, 0x55,
+0xd3, 0x76, 0xf5, 0x93, 0xbd, 0x73, 0x04, 0x21, 0x08, 0x74, 0xeb, 0xa0, 0x8a, 0x5e, 0x22, 0xbc,
+0xcc, 0xb4, 0xc9, 0xd3, 0x88, 0x2a, 0x93, 0xa5, 0x4d, 0xb0, 0x22, 0xf5, 0x03, 0xd1, 0x63, 0x38,
+0xb6, 0xb7, 0xce, 0x16, 0xdc, 0x7f, 0x4b, 0xbf, 0x9a, 0x96, 0xb5, 0x97, 0x72, 0xd6, 0x60, 0x6e,
+0x97, 0x47, 0xc7, 0x64, 0x9b, 0xf9, 0xe0, 0x83, 0xdb, 0x98, 0x18, 0x84, 0xa9, 0x54, 0xab, 0x3c,
+0x6f };
+
+/* Encryption: */
+const uint8_t encrypted_x[] = {
+0x50, 0xb4, 0xc1, 0x41, 0x36, 0xbd, 0x19, 0x8c, 0x2f, 0x3c, 0x3e, 0xd2, 0x43, 0xfc, 0xe0, 0x36,
+0xe1, 0x68, 0xd5, 0x65, 0x17, 0x98, 0x4a, 0x26, 0x3c, 0xd6, 0x64, 0x92, 0xb8, 0x08, 0x04, 0xf1,
+0x69, 0xd2, 0x10, 0xf2, 0xb9, 0xbd, 0xfb, 0x48, 0xb1, 0x2f, 0x9e, 0xa0, 0x50, 0x09, 0xc7, 0x7d,
+0xa2, 0x57, 0xcc, 0x60, 0x0c, 0xce, 0xfe, 0x3a, 0x62, 0x83, 0x78, 0x9d, 0x8e, 0xa0, 0xe6, 0x07,
+0xac, 0x58, 0xe2, 0x69, 0x0e, 0xc4, 0xeb, 0xc1, 0x01, 0x46, 0xe8, 0xcb, 0xaa, 0x5e, 0xd4, 0xd5,
+0xcc, 0xe6, 0xfe, 0x7b, 0x0f, 0xf9, 0xef, 0xc1, 0xea, 0xbb, 0x56, 0x4d, 0xbf, 0x49, 0x82, 0x85,
+0xf4, 0x49, 0xee, 0x61, 0xdd, 0x7b, 0x42, 0xee, 0x5b, 0x58, 0x92, 0xcb, 0x90, 0x60, 0x1f, 0x30,
+0xcd, 0xa0, 0x7b, 0xf2, 0x64, 0x89, 0x31, 0x0b, 0xcd, 0x23, 0xb5, 0x28, 0xce, 0xab, 0x3c, 0x31
+};
+
+/*
+ * PKCS#1 v1.5 Encryption Example 2.15
+ * ----------------------------------
+ */
+/* Message: */
+const uint8_t message_2_15[] = {
+0xa6, 0xd0, 0xe8, 0xc1, 0xea, 0x4a, 0xb4, 0xec, 0xc8, 0x95, 0x7d, 0x62, 0x28, 0x15, 0x79, 0x67,
+0x5a, 0x64, 0x8d, 0x62, 0xb7, 0xf2, 0x2b, 0x2b, 0x08, 0xd1, 0x31, 0x3f, 0x40, 0x6f, 0x13, 0x7e,
+0x99, 0x42, 0x67, 0x35, 0xcd, 0xb9, 0x37, 0x2f, 0xec, 0xa1, 0xee, 0x78, 0x46, 0x3f, 0xa5, 0xde,
+0x9c, 0xdd, 0x84, 0x75, 0x6c, 0x68, 0xbd, 0x1d, 0x92, 0xba, 0x96, 0x5f, 0x50, 0x64, 0x10, 0xb1
+};
+
+/* Seed: */
+const uint8_t seed_2_15[] = {
+0x1c, 0x25, 0xc9, 0xb8, 0x32, 0x16, 0x9a, 0x1f, 0xdb, 0x6c, 0x14, 0x8e, 0x47, 0xe6, 0x6c, 0x3c,
+0xc8, 0x21, 0x41, 0xe6, 0x11, 0xa6, 0xf3, 0x0c, 0xc9, 0x0c, 0x50, 0x49, 0xe8, 0xc5, 0x02, 0xb3,
+0x1c, 0xad, 0xc7, 0x62, 0x39, 0xb7, 0xbd, 0xaf, 0x93, 0xfa, 0x97, 0x34, 0x3e, 0x7e, 0xe5, 0x51,
+0xbc, 0x52, 0xfd, 0xb5, 0xec, 0x9e, 0x40, 0x0a, 0xf0, 0x5d, 0xbe, 0xac, 0xda
+};
+
+/* Encryption: */
+const uint8_t encrypted_2_15[] = {
+0xe8, 0xb2, 0xfc, 0x76, 0xdf, 0xb4, 0xa6, 0xcc, 0x43, 0x64, 0xde, 0x8f, 0x68, 0x3c, 0x3f,
+0xcd, 0x0a, 0x9e, 0xcf, 0xbd, 0x4a, 0x5a, 0x72, 0x24, 0xf4, 0x9a, 0xe9, 0xb4, 0xf3, 0xb5, 0xcd,
+0xc7, 0x1c, 0xbb, 0x8c, 0x66, 0xfd, 0x35, 0xf3, 0xd1, 0x8e, 0xca, 0x98, 0x96, 0x7b, 0xd4, 0x00,
+0x5d, 0xf7, 0x91, 0x52, 0x41, 0x6f, 0xd4, 0x7e, 0x56, 0x2c, 0x55, 0xed, 0xc6, 0xd6, 0x12, 0x12,
+0x28, 0x6e, 0xf9, 0x75, 0xbc, 0xc8, 0x02, 0x69, 0x25, 0x92, 0x65, 0x39, 0x00, 0x97, 0x3c, 0x72,
+0xe0, 0x1a, 0x69, 0x3b, 0x05, 0xfc, 0x2d, 0x58, 0x56, 0xea, 0xef, 0x7a, 0xc0, 0x8f, 0xf5, 0xec,
+0xd5, 0x31, 0xe2, 0xc2, 0xce, 0x92, 0x77, 0x45, 0xa1, 0x16, 0x5a, 0x51, 0xaa, 0x66, 0x98, 0xa1,
+0xff, 0xcb, 0x87, 0xf8, 0x1e, 0xf6, 0x51, 0x0b, 0xca, 0xf9, 0xcb, 0x76, 0x1e, 0x9e, 0x1f, 0x0f
+};
+
+uint8_t keys_allocated = 0;
+rsa_publickey_t pub_key;
+rsa_privatekey_t priv_key;
+
+#if 1
+ #define MSG message_2_15
+ #define SEED seed_2_15
+ #define ENCRYPTED encrypted_2_15
+ #define MODULUS modulus2
+ #define PUB_EXPONENT pub_exponent2
+ #define PRIV_EXPONENT priv_exponent2
+ #define P p2
+ #define Q q2
+ #define DP dp2
+ #define DQ dq2
+ #define QINV qinv2
+#endif
+
+
+uint8_t convert_nibble(uint8_t c){
+ if(c>='0' && c<='9'){
+ return c - '0';
+ }
+ c |= 'A' ^ 'a';
+ if(c>='a' && c<='f'){
+ return c - 'a' + 10;
+ }
+ return 0xff;
+}
+
+const char *block_ignore_string=" \t\r\n,;";
+#define BUFFER_LIMIT 120
+uint16_t read_os(void* dst, uint16_t length, const char* ignore_string){
+ uint16_t counter = 0;
+ uint16_t c;
+ uint8_t v, tmp = 0, idx = 0;
+ if(!ignore_string){
+ ignore_string = block_ignore_string;
+ }
+ while(counter < length){
+ c = cli_getc();
+ if(c > 0xff){
+ return counter;
+ }
+ if(strchr(ignore_string, c)){
+ continue;
+ }
+ v = convert_nibble(c);
+ if(v > 0x0f){
+ return counter;
+ }
+ if(idx){
+ ((uint8_t*)dst)[counter++] = (tmp << 4) | v;
+ idx = 0;
+ if(counter % (BUFFER_LIMIT/2) == 0){
+ cli_putc('.');
+ }
+ }else{
+ tmp = v;
+ idx = 1;
+ }
+ }
+ return counter;
+}
+
+uint16_t own_atou(const char* str){
+ uint16_t r=0;
+ while(*str && *str >= '0' && *str <= '9'){
+ r *= 10;
+ r += *str++ - '0';
+ }
+ return r;
+}
+
+uint8_t read_bigint(bigint_t* a, char* prompt){
+ uint16_t read_length, actual_length;
+ uint8_t off;
+ uint8_t *buffer;
+ char read_int_str[18];
+ cli_putstr(prompt);
+ cli_putstr("\r\n length: ");
+ cli_getsn(read_int_str, 16);
+ read_length = own_atou(read_int_str);
+ off = (sizeof(bigint_word_t) - (read_length % sizeof(bigint_word_t))) % sizeof(bigint_word_t);
+ buffer = malloc(((read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t));
+ if(!buffer){
+ cli_putstr("\r\nERROR: OOM!");
+ return 2;
+ }
+ cli_putstr("\r\n data: ");
+ memset(buffer, 0, sizeof(bigint_word_t));
+ actual_length = read_os(buffer + off, read_length, NULL);
+ if(actual_length != read_length){
+ cli_putstr("\r\nERROR: unexpected end of data!");
+ free(buffer);
+ return 1;
+ }
+ a->wordv = (bigint_word_t*)buffer;
+ a->length_W = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
+ a->info = 0;
+ bigint_changeendianess(a);
+ bigint_adjust(a);
+ return 0;
+}
+
+uint8_t pre_alloc_key_crt(void){
+ priv_key.n = 5;
+ priv_key.components = malloc(5 * sizeof(bigint_t));
+ if(!priv_key.components){
+ cli_putstr("\r\nERROR: OOM!");
+ return 2;
+ }
+ return 0;
+}
+
+void free_key(void){
+ uint8_t c;
+ free(pub_key.modulus.wordv);
+ free(pub_key.exponent.wordv);
+ pub_key.modulus.wordv = priv_key.modulus.wordv = NULL;
+ for(c = 0; c < priv_key.n; ++c){
+ free(priv_key.components[c].wordv);
+ }
+ free(priv_key.components);
+}
+
+uint8_t read_key_crt(void){
+ uint8_t r;
+ cli_putstr("\r\n== reading key (crt) ==");
+ r = pre_alloc_key_crt();
+ if(r) return r;
+ r = read_bigint(&pub_key.modulus, "\r\n = module =");
+ memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
+ if(r) return r;
+ r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
+ if(r) return r;
+ r = read_bigint(&priv_key.components[0], "\r\n = p (first prime) =");
+ if(r) return r;
+ r = read_bigint(&priv_key.components[1], "\r\n = q (second prime) =");
+ if(r) return r;
+ r = read_bigint(&priv_key.components[2], "\r\n = dp (p's exponent) =");
+ if(r) return r;
+ r = read_bigint(&priv_key.components[3], "\r\n = dq (q's exponent) =");
+ if(r) return r;
+ r = read_bigint(&priv_key.components[4], "\r\n = qInv (q' coefficient) =");
+ return r;
+}
+
+uint8_t read_key_conv(void){
+ uint8_t r;
+ cli_putstr("\r\n== reading key (crt) ==");
+ r = read_bigint(&pub_key.modulus,"\r\n = module =");
+ if(r) return r;
+ memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
+ priv_key.n = 1;
+ priv_key.components = malloc(sizeof(bigint_t));
+ if(!priv_key.components){
+ cli_putstr("\r\nERROR: OOM!");
+ return 2;
+ }
+ r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
+ if(r) return r;
+ r = read_bigint(&priv_key.components[0], "\r\n = private exponent =");
+ return r;
+}
+
+void load_priv_conventional(void){
+ priv_key.components = malloc(sizeof(bigint_t));
+ priv_key.components[0].length_W = (sizeof(PRIV_EXPONENT) +
+ sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
+ priv_key.components[0].wordv = malloc(priv_key.components[0].length_W *
+ sizeof(bigint_word_t));
+ if(!priv_key.components[0].wordv){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ memcpy(priv_key.components[0].wordv, PRIV_EXPONENT, sizeof(PRIV_EXPONENT));
+ priv_key.n = 1;
+ bigint_changeendianess(&priv_key.components[0]);
+ bigint_adjust(&priv_key.components[0]);
+}
+
+
+void load_priv_crt_mono(void){
+ bigint_t *v;
+ const uint8_t *bv[5] = {P,Q,DP,DQ,QINV};
+ uint16_t sv[5] = {sizeof(P), sizeof(Q), sizeof(DP), sizeof(DQ), sizeof(QINV)};
+ uint8_t i;
+ v = malloc(5 * sizeof(bigint_t));
+ if(!v){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ priv_key.components = v;
+ priv_key.n = 5;
+ for(i=0; i<5; ++i){
+ v[i].info = 0;
+ v[i].length_W = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
+ v[i].wordv = calloc(v[i].length_W , sizeof(bigint_word_t));
+ if(!v[i].wordv){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ memcpy(v[i].wordv, bv[i], sv[i]);
+ bigint_changeendianess(&v[i]);
+ bigint_adjust(&v[i]);
+ }
+}
+
+uint8_t load_bigint_from_os(bigint_t* a, const void* os, uint16_t length_B){
+ a->length_W = BIGINT_CEIL(length_B) / sizeof(bigint_word_t);
+ a->wordv = malloc(BIGINT_CEIL(length_B));
+ if(!a->wordv){
+ cli_putstr("\r\nOOM!\r\n");
+ return 1;
+ }
+ memset(a->wordv, 0, sizeof(bigint_word_t));
+ memcpy((uint8_t*)a->wordv + BIGINT_OFF(length_B), os, length_B);
+ a->info = 0;
+ bigint_changeendianess(a);
+ bigint_adjust(a);
+ return 0;
+}
+
+void load_fix_rsa(void){
+ if(keys_allocated){
+ free_key();
+ }
+ keys_allocated = 1;
+
+ if(pre_alloc_key_crt()){
+ cli_putstr("\r\nOOM!\r\n");
+ return;
+ }
+
+ load_bigint_from_os(&pub_key.modulus, MODULUS, sizeof(MODULUS));
+ load_bigint_from_os(&pub_key.exponent, PUB_EXPONENT, sizeof(PUB_EXPONENT));
+ priv_key.n = 5;
+ memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
+ load_bigint_from_os(&priv_key.components[0], P, sizeof(P));
+ load_bigint_from_os(&priv_key.components[1], Q, sizeof(Q));
+ load_bigint_from_os(&priv_key.components[2], DP, sizeof(DP));
+ load_bigint_from_os(&priv_key.components[3], DQ, sizeof(DQ));
+ load_bigint_from_os(&priv_key.components[4], QINV, sizeof(QINV));
+
+// load_priv_conventional();
+// load_priv_crt_mono();
+}
+
+void quick_test(void){
+ uint8_t *ciphertext, *plaintext, rc;
+ uint8_t seed[sizeof(SEED)], seed_out[sizeof(SEED)];
+ uint16_t clen, plen;
+ if(!keys_allocated){
+ load_fix_rsa();
+ }
+ ciphertext = malloc(clen = pub_key.modulus.length_W * sizeof(bigint_word_t));
+ plaintext = malloc(pub_key.modulus.length_W * sizeof(bigint_word_t));
+ memcpy(plaintext, MSG, sizeof(MSG));
+ memcpy(seed, SEED, sizeof(SEED));
+ cli_putstr("\r\nplaintext:");
+ cli_hexdump_block(plaintext, sizeof(MSG), 4, 16);
+ cli_putstr("\r\nseed:");
+ cli_hexdump_block(seed, sizeof(SEED), 4, 16);
+ cli_putstr("\r\nencrypting: ...");
+
+ rc = rsa_encrypt_pkcs1v15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed);
+ if(rc){
+ cli_putstr("\r\nERROR: rsa_encrypt_pkcs1v15 returned: ");
+ cli_hexdump_byte(rc);
+ return;
+
+ }
+
+ cli_putstr("\r\n\r\nciphertext:");
+ cli_hexdump_block(ciphertext, clen, 4, 16);
+ if(clen!=sizeof(ENCRYPTED)){
+ cli_putstr("\r\n>>FAIL (no size match)<<");
+ }else{
+ if(memcmp(ciphertext, ENCRYPTED, clen)){
+ cli_putstr("\r\n>>FAIL (no content match)<<");
+ }else{
+ cli_putstr("\r\n>>OK<<");
+ }
+ }
+
+ cli_putstr("\r\ndecrypting: ...");
+ rc = rsa_decrypt_pkcs1v15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out);
+ if(rc){
+ cli_putstr("\r\nERROR: rsa_decrypt_pkcs1v15 returned: ");
+ cli_hexdump_byte(rc);
+ return;
+ }
+ cli_putstr("\r\n\r\nplaintext:");
+ cli_hexdump_block(plaintext, plen, 4, 16);
+ cli_putstr("\r\n\r\nseed (out):");
+ cli_hexdump_block(seed_out, sizeof(SEED), 4, 16);
+
+ free(ciphertext);
+ free(plaintext);
+}
+
+void run_seed_test(void){
+ uint8_t *msg, *ciph, *msg_;
+ uint16_t msg_len, ciph_len, msg_len_;
+ uint16_t seed_len;
+ uint8_t *seed, *seed_out;
+ char read_int_str[18];
+ cli_putstr("\r\n== test with given seed ==");
+ cli_putstr("\r\n = message =");
+ cli_putstr("\r\n length: ");
+ cli_getsn(read_int_str, 16);
+ msg_len = own_atou(read_int_str);
+ seed_len = rsa_pkcs1v15_compute_padlength_B(&pub_key.modulus, msg_len);
+ seed = malloc(seed_len);
+ if(!seed){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ seed_out = malloc(seed_len);
+ if(!seed_out){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ msg = malloc(msg_len);
+ if(!msg){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ ciph = malloc(bigint_length_B(&pub_key.modulus));
+ if(!ciph){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ msg_ = malloc(bigint_length_B(&pub_key.modulus));
+ if(!msg_){
+ cli_putstr("\r\nERROR: OOM!");
+ return;
+ }
+ cli_putstr("\r\n data: ");
+ read_os(msg, msg_len, NULL);
+ cli_putstr("\r\n seed (0x");
+ cli_hexdump_rev(&seed_len, 2);
+ cli_putstr(" bytes): ");
+ read_os(seed, seed_len, NULL);
+
+ cli_putstr("\r\n encrypting ...");
+/*
+ cli_putstr("\r\n plaintext:");
+ cli_hexdump_block(msg, msg_len, 4, 16);
+ cli_putstr("\r\n seed:");
+ cli_hexdump_block(seed, seed_len, 4, 16);
+*/
+ rsa_encrypt_pkcs1v15(ciph, &ciph_len, msg, msg_len, &pub_key, seed);
+ cli_putstr("\r\n ciphertext:");
+ cli_hexdump_block(ciph, ciph_len, 4, 16);
+ cli_putstr("\r\n decrypting ... ");
+ rsa_decrypt_pkcs1v15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out);
+ cli_putstr("[done]");
+ if(msg_len != msg_len_){
+ char tstr[16];
+ cli_putstr("\r\nERROR: wrong decrypted message length (");
+ ultoa(msg_len_, tstr, 10);
+ cli_putstr(tstr);
+ cli_putstr(" instead of ");
+ ultoa(msg_len, tstr, 10);
+ cli_putstr(tstr);
+ cli_putc(')');
+ goto end;
+ }
+ if(memcmp(msg, msg_, msg_len)){
+ cli_putstr("\r\nERROR: wrong decrypted message:");
+ cli_hexdump_block(msg_, msg_len_, 4, 16);
+ cli_putstr("\r\nreference:");
+ cli_hexdump_block(msg, msg_len, 4, 16);
+ goto end;
+ }
+
+ if(memcmp(seed, seed_out, seed_len)){
+ cli_putstr("\r\nERROR: wrong decrypted seed:");
+ cli_hexdump_block(seed_out, seed_len, 4, 16);
+ cli_putstr("\r\nreference:");
+ cli_hexdump_block(seed, seed_len, 4, 16);
+ goto end;
+ }
+ cli_putstr("\r\n >>OK<<");
+end:
+ free(ciph);
+ free(msg_);
+ free(msg);
+ free(seed_out);
+ free(seed);
+}
+
+void reset_prng(void){
+ uint8_t buf[16];
+ memset(buf, 0, 16);
+ random_seed(buf);
+ cli_putstr("\r\nPRNG reset");
+}
+
+void rsa_init(void){
+ prng_get_byte = random8;
+}
+
+void load_key(void){
+ if(keys_allocated){
+ free_key();
+ }
+ keys_allocated = 1;
+ read_key_crt();
+}
+
+void test_dump(void){
+ char lstr[16];
+ int len;
+ cli_putstr("\r\nenter dump length: ");
+ cli_getsn(lstr, 15);
+ len = own_atou(lstr);
+ cli_putstr("\r\ndumping 0x");
+ cli_hexdump_rev(&len, 2);
+ cli_putstr(" byte:");
+ cli_hexdump_block(pub_key.modulus.wordv, len, 4, 8);
+}
+
+/*****************************************************************************
+ * main *
+ *****************************************************************************/
+
+const char echo_test_str[] = "echo-test";
+const char reset_prng_str[] = "reset-prng";
+const char load_key_str[] = "load-key";
+const char load_fix_key_str[] = "load-fix-key";
+const char quick_test_str[] = "quick-test";
+const char seed_test_str[] = "seed-test";
+const char dump_test_str[] = "dump-test";
+const char performance_str[] = "performance";
+const char echo_str[] = "echo";
+
+const cmdlist_entry_t cmdlist[] = {
+ { reset_prng_str, NULL, reset_prng },
+ { load_key_str, NULL, load_key },
+ { load_fix_key_str, NULL, load_fix_rsa },
+ { quick_test_str, NULL, quick_test },
+ { seed_test_str, NULL, run_seed_test },
+ { dump_test_str, NULL, test_dump },
+// { performance_str, NULL, testrun_performance_bigint },
+ { echo_str, (void*)1, (void_fpt)echo_ctrl },
+ { NULL, NULL, NULL }
+};
+
+void dump_sp(void){
+ uint8_t x;
+ uint8_t *xa = &x;
+ cli_putstr("\r\nstack pointer: ~");
+ cli_hexdump_rev(&xa, 4);
+}
+
+int main (void){
+ main_setup();
+
+ for(;;){
+ welcome_msg(algo_name);
+ rsa_init();
+ cmd_interface(cmdlist);
+ }
+}
--- /dev/null
+/* main-sha512-test.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * SHA-512 test-suit
+ *
+*/
+
+#include "main-test-common.h"
+#include "uart_lowlevel.h"
+
+#include "shavs.h"
+#include "nessie_hash_test.h"
+#include "performance_test.h"
+#include "hfal-nessie.h"
+#include "hfal-performance.h"
+#include "hfal-test.h"
+
+
+#include "sha224.h"
+#include "hfal_sha224.h"
+#include "sha256.h"
+#include "hfal_sha256.h"
+#include "sha384.h"
+#include "hfal_sha384.h"
+#include "sha512.h"
+#include "hfal_sha512.h"
+
+const char* algo_name = "SHA-2";
+
+const hfdesc_t* algolist[] = {
+ (hfdesc_t*)&sha224_desc,
+ (hfdesc_t*)&sha256_desc,
+ (hfdesc_t*)&sha384_desc,
+ (hfdesc_t*)&sha512_desc,
+ NULL
+};
+
+/*****************************************************************************
+ * additional validation-functions *
+ *****************************************************************************/
+
+void testrun_nessie_sha2(void){
+ hfal_nessie_multiple(algolist);
+}
+
+void testrun_performance_sha2(void){
+ hfal_performance_multiple(algolist);
+}
+
+void simple_test(void){
+ const char *msg = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+ "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
+
+ uint8_t hash[64];
+ sha512_ctx_t ctx;
+ cli_putstr("\r\nDBG: init ..."); uart_flush(0);
+ sha512_init(&ctx);
+ cli_putstr("\r\nDBG: init done"); uart_flush(0);
+ sha512_lastBlock(&ctx, msg, 3*8);
+ cli_putstr("\r\nDBG: lastBlock done"); uart_flush(0);
+ sha512_ctx2hash(hash, &ctx);
+ cli_putstr("\r\n hash = ");
+ cli_hexdump(hash, 64);
+
+
+ cli_putstr("\r\nDBG: init ..."); uart_flush(0);
+ sha512_init(&ctx);
+ cli_putstr("\r\nDBG: init done"); uart_flush(0);
+ sha512_lastBlock(&ctx, msg, 896);
+ cli_putstr("\r\nDBG: lastBlock done"); uart_flush(0);
+ sha512_ctx2hash(hash, &ctx);
+ cli_putstr("\r\n hash = ");
+ cli_hexdump(hash, 64);
+
+ uint32_t c=0;
+ uint8_t buffer[128];
+ memset(buffer, 'a', 128);
+ cli_putstr("\r\nDBG: init ..."); uart_flush(0);
+ sha512_init(&ctx);
+ cli_putstr("\r\nDBG: init done"); uart_flush(0);
+ do{
+ sha512_nextBlock(&ctx, buffer);
+ c += 128;
+ }while(c+128<1000000L);
+ sha512_lastBlock(&ctx, buffer, (1000000-c)*8);
+ cli_putstr("\r\nDBG: lastBlock done"); uart_flush(0);
+ sha512_ctx2hash(hash, &ctx);
+ cli_putstr("\r\n hash = ");
+ cli_hexdump(hash, 64);
+
+
+}
+
+/*
+void test_monte(void){
+ uint8_t data1[] = {
+ 0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
+ 0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
+ 0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
+ 0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
+ 0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
+ 0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
+ 0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
+ 0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
+ 0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
+ 0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
+ 0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
+ 0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7 };
+
+ uint8_t data2[] = {
+ 0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
+ 0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
+ 0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
+ 0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
+ 0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
+ 0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
+ 0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
+ 0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
+ 0xFD, 0xDF, 0x1B, 0x37, 0xDD, 0x34, 0xB3, 0xB2,
+ 0x01, 0xD4, 0x3C, 0x57, 0xBC, 0xDE, 0x11, 0x58,
+ 0x38, 0xF0, 0xDF, 0x70, 0x1D, 0xA9, 0x3C, 0x3B,
+ 0xF2, 0xC9, 0xC8, 0x68, 0x96, 0xE7, 0xE6, 0xC7 };
+ uint8_t hash[SHA256_HASH_BYTES];
+ sha256((sha256_hash_t*)hash, data1, 3*32*8);
+ cli_putstr("\r\n hash(data1) = ");
+ cli_hexdump(hash, 32);
+ sha256((sha256_hash_t*)hash, data2, 3*32*8);
+ cli_putstr("\r\n hash(data2) = ");
+ cli_hexdump(hash, 32);
+}
+
+void test_monte2(void){
+ uint8_t data[] = {
+ 0x6c, 0xd4, 0xc0, 0xc5, 0xcb, 0x2c, 0xa2, 0xa0,
+ 0xf1, 0xd1, 0xae, 0xce, 0xba, 0xc0, 0x3b, 0x52,
+ 0xe6, 0x4e, 0xa0, 0x3d, 0x1a, 0x16, 0x54, 0x37,
+ 0x29, 0x36, 0x54, 0x5b, 0x92, 0xbb, 0xc5, 0x48,
+ 0x4a, 0x59, 0xdb, 0x74, 0xbb, 0x60, 0xf9, 0xc4,
+ 0x0c, 0xeb, 0x1a, 0x5a, 0xa3, 0x5a, 0x6f, 0xaf,
+ 0xe8, 0x03, 0x49, 0xe1, 0x4c, 0x25, 0x3a, 0x4e,
+ 0x8b, 0x1d, 0x77, 0x61, 0x2d, 0xdd, 0x81, 0xac,
+ 0xe9, 0x26, 0xae, 0x8b, 0x0a, 0xf6, 0xe5, 0x31,
+ 0x76, 0xdb, 0xff, 0xcc, 0x2a, 0x6b, 0x88, 0xc6,
+ 0xbd, 0x76, 0x5f, 0x93, 0x9d, 0x3d, 0x17, 0x8a,
+ 0x9b, 0xde, 0x9e, 0xf3, 0xaa, 0x13, 0x1c, 0x61,
+ 0xe3, 0x1c, 0x1e, 0x42, 0xcd, 0xfa, 0xf4, 0xb4,
+ 0xdc, 0xde, 0x57, 0x9a, 0x37, 0xe1, 0x50, 0xef,
+ 0xbe, 0xf5, 0x55, 0x5b, 0x4c, 0x1c, 0xb4, 0x04,
+ 0x39, 0xd8, 0x35, 0xa7, 0x24, 0xe2, 0xfa, 0xe7 };
+
+ uint8_t hash[SHA256_HASH_BYTES];
+ sha256((sha256_hash_t*)hash, data, 1024);
+ cli_putstr("\r\n hash(data) = ");
+ cli_hexdump(hash, 32);
+}
+*/
+/*****************************************************************************
+ * main *
+ *****************************************************************************/
+
+const char nessie_str[] = "nessie";
+const char test_str[] = "test";
+//const char monte_str[] = "monte";
+//const char monte2_str[] = "monte2";
+const char performance_str[] = "performance";
+const char echo_str[] = "echo";
+const char shavs_list_str[] = "shavs_list";
+const char shavs_set_str[] = "shavs_set";
+const char shavs_test1_str[] = "shavs_test1";
+const char shavs_test2_str[] = "shavs_test2";
+const char shavs_test3_str[] = "shavs_test3";
+const char dump_str[] = "dump";
+
+const cmdlist_entry_t cmdlist[] = {
+ { nessie_str, NULL, testrun_nessie_sha2 },
+ { test_str, NULL, simple_test },
+// { monte_str, NULL, test_monte },
+// { monte2_str, NULL, test_monte2 },
+ { performance_str, NULL, testrun_performance_sha2 },
+ { echo_str, (void*)1, (void_fpt)echo_ctrl },
+ { shavs_list_str, NULL, shavs_listalgos },
+ { shavs_set_str, (void*)1, (void_fpt)shavs_setalgo },
+ { shavs_test1_str, NULL, shavs_test1 },
+ { shavs_test2_str, NULL, shavs_test2 },
+ { shavs_test3_str, NULL, shavs_test3 },
+ { dump_str, (void*)1, (void_fpt)dump },
+ { NULL, NULL, NULL }
+};
+
+int main(void) {
+ main_setup();
+
+ shavs_algolist=(hfdesc_t**)algolist;
+ shavs_algo=(hfdesc_t*)&sha256_desc;
+
+ for(;;){
+ welcome_msg(algo_name);
+ cmd_interface(cmdlist);
+ }
+
+}
--- /dev/null
+/* nessie_bc_test.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ *
+ * author: Daniel Otte
+ * email: daniel.otte@rub.de
+ * license: GPLv3
+ *
+ * a suit for running the nessie-tests for blockciphers
+ *
+ * */
+#include <stdint.h>
+#include <string.h>
+#include "nessie_bc_test.h"
+#include "nessie_common.h"
+
+volatile nessie_bc_ctx_t nessie_bc_ctx;
+
+void nessie_bc_init(void){
+ memset((void*)&nessie_bc_ctx, 0, sizeof(nessie_bc_ctx_t));
+}
+
+static
+void nessie_bc_free(void* ctx){
+ if(nessie_bc_ctx.cipher_free)
+ nessie_bc_ctx.cipher_free(ctx);
+}
+
+void nessie_bc_enc(uint8_t* key, uint8_t* pt){
+ uint8_t ctx[nessie_bc_ctx.ctx_size_B];
+ uint8_t buffer[nessie_bc_ctx.blocksize_B];
+ uint16_t i;
+
+ /* single test */
+ nessie_print_item("key", key, (nessie_bc_ctx.keysize_b+7)/8);
+ nessie_bc_ctx.cipher_genctx(key, nessie_bc_ctx.keysize_b, ctx);
+
+ memcpy(buffer, pt, nessie_bc_ctx.blocksize_B);
+ nessie_print_item("plain", buffer, nessie_bc_ctx.blocksize_B);
+ nessie_bc_ctx.cipher_enc(buffer, ctx);
+ nessie_print_item("cipher", buffer, nessie_bc_ctx.blocksize_B);
+ if(nessie_bc_ctx.cipher_dec){
+ nessie_bc_ctx.cipher_dec(buffer, ctx);
+ nessie_print_item("decrypted", buffer, nessie_bc_ctx.blocksize_B);
+ }
+ /* 100 times test */
+ memcpy(buffer, pt, nessie_bc_ctx.blocksize_B);
+ for(i=0; i<100; ++i){
+ nessie_bc_ctx.cipher_enc(buffer, ctx);
+ NESSIE_SEND_ALIVE_A(i);
+ }
+ nessie_print_item("Iterated 100 times", buffer, nessie_bc_ctx.blocksize_B);
+#ifndef NESSIE_NO1KTEST
+ /* 1000 times test, we use the 100 preceding steps to fasten things a bit */
+ for(; i<1000; ++i){
+ nessie_bc_ctx.cipher_enc(buffer, ctx);
+ NESSIE_SEND_ALIVE_A(i);
+ }
+ nessie_print_item("Iterated 1000 times", buffer, nessie_bc_ctx.blocksize_B);
+#endif
+ nessie_bc_free(ctx);
+}
+
+void nessie_bc_dec(uint8_t* key, uint8_t* ct){
+ uint8_t ctx[nessie_bc_ctx.ctx_size_B];
+ uint8_t buffer[nessie_bc_ctx.blocksize_B];
+
+ /* single test */
+ nessie_print_item("key", key, (nessie_bc_ctx.keysize_b+7)/8);
+ nessie_bc_ctx.cipher_genctx(key, nessie_bc_ctx.keysize_b, ctx);
+ memcpy(buffer, ct, nessie_bc_ctx.blocksize_B);
+ nessie_print_item("cipher", buffer, nessie_bc_ctx.blocksize_B);
+ nessie_bc_ctx.cipher_dec(buffer, ctx);
+ nessie_print_item("plain", buffer, nessie_bc_ctx.blocksize_B);
+ nessie_bc_ctx.cipher_enc(buffer, ctx);
+ nessie_print_item("encrypted", buffer, nessie_bc_ctx.blocksize_B);
+ nessie_bc_free(ctx);
+}
+
+void nessie_bc_run(void){
+ uint16_t i;
+ uint8_t set;
+ uint8_t key[(nessie_bc_ctx.keysize_b+7)/8];
+ uint8_t buffer[nessie_bc_ctx.blocksize_B];
+
+ nessie_print_header(nessie_bc_ctx.name, nessie_bc_ctx.keysize_b,
+ nessie_bc_ctx.blocksize_B*8, 0, 0, 0);
+ /* test set 1 */
+ set=1;
+ nessie_print_setheader(set);
+ for(i=0; i<nessie_bc_ctx.keysize_b; ++i){
+ nessie_print_set_vector(set, i);
+ memset(key, 0, (nessie_bc_ctx.keysize_b+7)/8);
+ key[i/8] |= 0x80>>(i%8);
+ memset(buffer, 0, nessie_bc_ctx.blocksize_B);
+ nessie_bc_enc(key, buffer);
+ }
+ /* test set 2 */
+ set=2;
+ nessie_print_setheader(set);
+ for(i=0; i<nessie_bc_ctx.blocksize_B*8; ++i){
+ nessie_print_set_vector(set, i);
+ memset(key, 0, (nessie_bc_ctx.keysize_b+7)/8);
+ memset(buffer, 0, nessie_bc_ctx.blocksize_B);
+ buffer[i/8] |= 0x80>>(i%8);
+ nessie_bc_enc(key, buffer);
+ }
+ /* test set 3 */
+ set=3;
+ nessie_print_setheader(set);
+ for(i=0; i<256; ++i){
+ nessie_print_set_vector(set, i);
+ memset(key, i, (nessie_bc_ctx.keysize_b+7)/8);
+ memset(buffer, i, nessie_bc_ctx.blocksize_B);
+ nessie_bc_enc(key, buffer);
+ }
+ /* test set 4 */
+ set=4;
+ nessie_print_setheader(set);
+ /* 4 - 0*/
+ nessie_print_set_vector(set, 0);
+ for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){
+ key[i]=i;
+ }
+ for(i=0; i<nessie_bc_ctx.blocksize_B; ++i){
+ buffer[i]=i*0x11;
+ }
+ nessie_bc_enc(key, buffer);
+ /* 4 - 1 */
+ nessie_print_set_vector(set, 1);
+ /* This is the test vectors in Kasumi */
+ static uint8_t kasumi_key[] = {
+ 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
+ 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 };
+ static uint8_t kasumi_plain[]={
+ 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 };
+ for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){
+ key[i]=kasumi_key[i%sizeof(kasumi_key)];
+ }
+ for(i=0; i<nessie_bc_ctx.blocksize_B; ++i){
+ buffer[i]=kasumi_plain[i%sizeof(kasumi_plain)];
+ }
+ nessie_bc_enc(key, buffer);
+ /* half done ;-) */
+ if(nessie_bc_ctx.cipher_dec==NULL)
+ return;
+ /* test set 5 */
+ set=5;
+ nessie_print_setheader(set);
+ for(i=0; i<nessie_bc_ctx.keysize_b; ++i){
+ nessie_print_set_vector(set, i);
+ memset(key, 0, (nessie_bc_ctx.keysize_b+7)/8);
+ key[i/8] |= 0x80>>(i%8);
+ memset(buffer, 0, nessie_bc_ctx.blocksize_B);
+ nessie_bc_dec(key, buffer);
+ }
+ /* test set 6 */
+ set=6;
+ nessie_print_setheader(set);
+ for(i=0; i<nessie_bc_ctx.blocksize_B*8; ++i){
+ nessie_print_set_vector(set, i);
+ memset(key, 0, (nessie_bc_ctx.keysize_b+7)/8);
+ memset(buffer, 0, nessie_bc_ctx.blocksize_B);
+ buffer[i/8] |= 0x80>>(i%8);
+ nessie_bc_dec(key, buffer);
+ }
+ /* test set 7 */
+ set=7;
+ nessie_print_setheader(set);
+ for(i=0; i<256; ++i){
+ nessie_print_set_vector(set, i);
+ memset(key, i, (nessie_bc_ctx.keysize_b+7)/8);
+ memset(buffer, i, nessie_bc_ctx.blocksize_B);
+ nessie_bc_dec(key, buffer);
+ }
+ /* test set 8 */
+ set=8;
+ nessie_print_setheader(set);
+ /* 8 - 0*/
+ nessie_print_set_vector(set, 0);
+ for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){
+ key[i]=(uint8_t)i;
+ }
+ for(i=0; i<nessie_bc_ctx.blocksize_B; ++i){
+ buffer[i]=(uint8_t)(i*0x11);
+ }
+ nessie_bc_dec(key, buffer);
+ /* 8 - 1 */
+ nessie_print_set_vector(set, 1);
+ for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){
+ key[i]=kasumi_key[i%sizeof(kasumi_key)];
+ }
+ for(i=0; i<nessie_bc_ctx.blocksize_B; ++i){
+ buffer[i]=kasumi_plain[i%sizeof(kasumi_plain)];
+ }
+ nessie_bc_dec(key, buffer);
+ nessie_print_footer();
+}
--- /dev/null
+/* nessie_bc_test.h */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef NESSIE_BC_TEST_H_
+#define NESSIE_BC_TEST_H_
+
+#include <stdint.h>
+
+typedef void (*nessie_bc_gen_fpt)(const uint8_t* key, uint16_t keysize_b, void* ctx);
+typedef void (*nessie_bc_free_fpt)(void* ctx);
+typedef void (*nessie_bc_enc_fpt)(void* buffer, const void* ctx);
+typedef void (*nessie_bc_dec_fpt)(void* buffer, const void* ctx);
+
+typedef struct nessie_bc_ctx_st{
+ uint16_t keysize_b;
+ uint16_t blocksize_B;
+ uint16_t ctx_size_B;
+ const char* name;
+ nessie_bc_gen_fpt cipher_genctx;
+ nessie_bc_free_fpt cipher_free;
+ nessie_bc_enc_fpt cipher_enc;
+ nessie_bc_dec_fpt cipher_dec;
+} nessie_bc_ctx_t;
+
+
+extern volatile nessie_bc_ctx_t nessie_bc_ctx;
+
+void nessie_bc_run(void);
+void nessie_bc_init(void);
+
+
+#endif /*NESSIE_BC_TEST_H_*/
--- /dev/null
+/* nessie_mac_test.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ *
+ * author: Daniel Otte
+ * email: daniel.otte@rub.de
+ * license: GPLv3
+ *
+ * a suit for running the nessie-tests for MACs
+ *
+ * */
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+#include "nessie_mac_test.h"
+#include "nessie_common.h"
+#include "dbz_strings.h"
+
+nessie_mac_ctx_t nessie_mac_ctx;
+
+#define KEYSIZE_B ((nessie_mac_ctx.keysize_b+7)/8)
+#define MACSIZE_B ((nessie_mac_ctx.macsize_b+7)/8)
+#define BLOCKSIZE_B (nessie_mac_ctx.blocksize_B)
+
+#define PRINTKEY nessie_print_item("key", key, KEYSIZE_B)
+#define PRINTMAC nessie_print_item("MAC", mac, MACSIZE_B)
+
+
+static const uint8_t keyproto[] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
+
+static
+void ascii_mac(const void* data, const void* desc, uint8_t* key){
+ uint8_t ctx[nessie_mac_ctx.ctx_size_B];
+ uint8_t mac[MACSIZE_B];
+ uint16_t sl;
+ uint8_t buffer[BLOCKSIZE_B];
+
+ NESSIE_PUTSTR("\r\n message=");
+ NESSIE_PUTSTR(desc);
+ PRINTKEY;
+ nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
+ sl = strlen(data);
+ while(sl>nessie_mac_ctx.blocksize_B){
+ memcpy(buffer, data, BLOCKSIZE_B);
+ nessie_mac_ctx.mac_next(ctx, buffer);
+ data = (uint8_t*)data + BLOCKSIZE_B;
+ sl -= BLOCKSIZE_B;
+ }
+ memcpy(buffer, data, sl);
+ nessie_mac_ctx.mac_last(ctx, buffer, sl*8);
+ nessie_mac_ctx.mac_conv(mac, ctx);
+ PRINTMAC;
+}
+
+// message=1 million times "a"
+
+static
+void amillion_mac(uint8_t* key){
+ uint8_t ctx[nessie_mac_ctx.ctx_size_B];
+ uint8_t mac[MACSIZE_B];
+ uint8_t block[nessie_mac_ctx.blocksize_B];
+ uint32_t n=1000000LL;
+ uint16_t i=0;
+
+ NESSIE_PUTSTR("\r\n message=");
+ NESSIE_PUTSTR("1 million times \"a\"");
+ PRINTKEY;
+
+ memset(block, 'a', nessie_mac_ctx.blocksize_B);
+ nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
+ while(n>=nessie_mac_ctx.blocksize_B){
+ nessie_mac_ctx.mac_next(ctx, block);
+ n -= nessie_mac_ctx.blocksize_B;
+ NESSIE_SEND_ALIVE_A(i++);
+ }
+ nessie_mac_ctx.mac_last(ctx, block, n*8);
+ nessie_mac_ctx.mac_conv(mac, ctx);
+ PRINTMAC;
+}
+
+
+static
+void zero_mac(uint16_t n, uint8_t* key){
+ uint8_t ctx[nessie_mac_ctx.ctx_size_B];
+ uint8_t mac[MACSIZE_B];
+ uint8_t block[nessie_mac_ctx.blocksize_B];
+
+ NESSIE_PUTSTR("\r\n message=");
+ if(n>=10000)
+ NESSIE_PUTC('0'+n/10000);
+ if(n>=1000)
+ NESSIE_PUTC('0'+(n/1000)%10);
+ if(n>=100)
+ NESSIE_PUTC('0'+(n/100)%10);
+ if(n>=10)
+ NESSIE_PUTC('0'+(n/10)%10);
+ NESSIE_PUTC('0'+n%10);
+ NESSIE_PUTSTR(" zero bits");
+ PRINTKEY;
+
+ memset(block, 0, nessie_mac_ctx.blocksize_B);
+ nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
+ while(n>nessie_mac_ctx.blocksize_B*8){
+ nessie_mac_ctx.mac_next(ctx, block);
+ n -= nessie_mac_ctx.blocksize_B*8;
+ }
+ nessie_mac_ctx.mac_last(ctx, block, n);
+ nessie_mac_ctx.mac_conv(mac, ctx);
+ PRINTMAC;
+}
+
+static
+void one_in512_mac(uint16_t pos, uint8_t* key){
+ uint8_t ctx[nessie_mac_ctx.ctx_size_B];
+ uint8_t mac[MACSIZE_B];
+ uint8_t block[nessie_mac_ctx.blocksize_B];
+ uint16_t n=512;
+ char* tab[8]={"80", "40", "20", "10",
+ "08", "04", "02", "01" };
+
+ pos&=511;
+ NESSIE_PUTSTR("\r\n message=");
+ NESSIE_PUTSTR("512-bit string: ");
+ if((pos/8) >=10){
+ NESSIE_PUTC('0'+(pos/8/10)%10);
+ } else {
+ NESSIE_PUTC(' ');
+ }
+ NESSIE_PUTC('0'+(pos/8)%10);
+ NESSIE_PUTSTR("*00,");
+ NESSIE_PUTSTR(tab[pos&7]);
+ NESSIE_PUTC(',');
+ if(63-(pos/8) >=10){
+ NESSIE_PUTC('0'+((63-pos/8)/10)%10);
+ } else {
+ NESSIE_PUTC(' ');
+ }
+ NESSIE_PUTC('0'+(63-pos/8)%10);
+ NESSIE_PUTSTR("*00");
+ PRINTKEY;
+
+ /* now the real stuff */
+ memset(block, 0, 512/8);
+ block[pos>>3] = 0x80>>(pos&0x7);
+ uint8_t* bp;
+ bp = block;
+ nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
+ while(n>nessie_mac_ctx.blocksize_B*8){
+ nessie_mac_ctx.mac_next(ctx, bp);
+ n -= nessie_mac_ctx.blocksize_B*8;
+ bp += nessie_mac_ctx.blocksize_B;
+ }
+ nessie_mac_ctx.mac_last(ctx, bp, n);
+ nessie_mac_ctx.mac_conv(mac, ctx);
+ PRINTMAC;
+}
+
+static
+void tv4_mac(void){
+ uint8_t ctx[nessie_mac_ctx.ctx_size_B];
+ uint8_t mac[MACSIZE_B];
+ uint8_t block[MACSIZE_B];
+ uint8_t key[KEYSIZE_B];
+ uint16_t n=MACSIZE_B*8;
+ uint32_t i;
+ char str[6];
+
+ NESSIE_PUTSTR("\r\n message=");
+ utoa(MACSIZE_B*8, str, 10);
+ NESSIE_PUTSTR(str);
+ NESSIE_PUTSTR(" zero bits");
+ memset(block, 0, MACSIZE_B);
+ for(i=0; i<KEYSIZE_B; ++i)
+ key[i] = keyproto[i%(3*8)];
+ nessie_print_item("key", key, KEYSIZE_B);
+ nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
+ while(n>nessie_mac_ctx.blocksize_B*8){
+ nessie_mac_ctx.mac_next(ctx, block);
+ n -= nessie_mac_ctx.blocksize_B*8;
+ }
+ nessie_mac_ctx.mac_last(ctx, block, n);
+ nessie_mac_ctx.mac_conv(mac, ctx);
+ PRINTMAC;
+ for(i=1; i<100000L; ++i){ /* this assumes BLOCKSIZE >= HASHSIZE */
+ nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
+ nessie_mac_ctx.mac_last(ctx, mac, nessie_mac_ctx.macsize_b);
+ nessie_mac_ctx.mac_conv(mac, ctx);
+ NESSIE_SEND_ALIVE_A(i);
+ }
+ nessie_print_item("iterated 100000 times", mac, MACSIZE_B);
+}
+
+void nessie_mac_run(void){
+ uint16_t i;
+ uint8_t set;
+ uint8_t key[KEYSIZE_B];
+
+ nessie_print_header(nessie_mac_ctx.name, nessie_mac_ctx.keysize_b, 0, 0,
+ nessie_mac_ctx.macsize_b, 0);
+ /* test set 1 */
+ const char* challange_dbz=
+ "\0"
+ "\"\" (empty string)\0"
+ "a\0"
+ "\"a\"\0"
+ "abc\0"
+ "\"abc\"\0"
+ "message digest\0"
+ "\"message digest\"\0"
+ "abcdefghijklmnopqrstuvwxyz\0"
+ "\"abcdefghijklmnopqrstuvwxyz\"\0"
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq\0"
+ "\"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq\"\0"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789\0"
+ "\"A...Za...z0...9\"\0"
+ "1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890\0"
+ "8 times \"1234567890\"\0"
+ "Now is the time for all \0"
+ "\"Now is the time for all \"\0"
+ "Now is the time for it\0"
+ "\"Now is the time for it\"\0"
+ ;
+
+ set=1;
+ nessie_print_setheader(set);
+ for(i=0; i<KEYSIZE_B; ++i){
+ key[i] = keyproto[i%sizeof(keyproto)];
+ }
+ const char* challange[20];
+ dbz_splitup(challange_dbz, challange);
+ for(i=0; i<10; ++i){
+ nessie_print_set_vector(set, i);
+ ascii_mac(challange[2*i], challange[2*i+1], key);
+ }
+ nessie_print_set_vector(set, i);
+ amillion_mac(key);
+ for(i=0; i<KEYSIZE_B; ++i){
+ key[i] = keyproto[0x10+i%0x8];
+ }
+ for(i=0; i<10; ++i){
+ nessie_print_set_vector(set, 11+i);
+ ascii_mac(challange[2*i], challange[2*i+1], key);
+ }
+ nessie_print_set_vector(set, 11+i);
+ amillion_mac(key);
+ /* test set 2 */
+ set=2;
+ for(i=0; i<KEYSIZE_B; ++i){
+ key[i] = keyproto[i%sizeof(keyproto)];
+ }
+ nessie_print_setheader(set);
+ for(i=0; i<1024; ++i){
+ nessie_print_set_vector(set, i);
+ zero_mac(i, key);
+ }
+ /* test set 3 */
+ set=3;
+ nessie_print_setheader(set);
+ /* we use the same key as above */
+ for(i=0; i<512; ++i){
+ nessie_print_set_vector(set, i);
+ one_in512_mac(i, key);
+ }
+ /* test set 4 */
+ set=4;
+ nessie_print_setheader(set);
+ /* we use the same key as above */
+ nessie_print_set_vector(set, 0);
+ tv4_mac();
+ /* test set 5 */
+ set=5;
+ nessie_print_setheader(set);
+ for(i=0; i<nessie_mac_ctx.keysize_b; ++i){
+ nessie_print_set_vector(set, i);
+ memset(key, 0, KEYSIZE_B);
+ key[i>>3]=0x80>>(i&0x7);
+ ascii_mac("ABC", "\"ABC\"", key);
+ }
+ nessie_print_footer();
+}
--- /dev/null
+/* nessie_mac_test.h */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef NESSIE_MAC_TEST_H_
+#define NESSIE_MAC_TEST_H_
+
+#include <stdint.h>
+
+typedef void (*nessie_mac_init_fpt)(void* ctx, const void* key, uint16_t keysize_b);
+typedef void (*nessie_mac_next_fpt)(void* ctx, const void* buffer);
+typedef void (*nessie_mac_last_fpt)(void* ctx, const void* buffer, uint16_t size_b);
+typedef void (*nessie_mac_conv_fpt)(void* buffer, void* ctx);
+
+
+typedef struct nessie_mac_ctx_st{
+ uint16_t macsize_b;
+ uint16_t keysize_b;
+ uint16_t blocksize_B;
+ uint16_t ctx_size_B;
+ const char* name;
+ nessie_mac_init_fpt mac_init;
+ nessie_mac_next_fpt mac_next;
+ nessie_mac_last_fpt mac_last;
+ nessie_mac_conv_fpt mac_conv;
+} nessie_mac_ctx_t;
+
+
+extern nessie_mac_ctx_t nessie_mac_ctx;
+
+void nessie_mac_run(void);
+
+#endif /*NESSIE_MAC_TEST_H_*/
--- /dev/null
+/* nessie_stream_test.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ *
+ * author: Daniel Otte
+ * email: daniel.otte@rub.de
+ * license: GPLv3
+ *
+ * a suit for running the nessie-tests for streamciphers
+ *
+ * */
+#include <stdint.h>
+#include <string.h>
+#include "nessie_stream_test.h"
+#include "nessie_common.h"
+#include "memxor.h"
+
+nessie_stream_ctx_t nessie_stream_ctx;
+
+
+#define BLOCKSIZE_B 64
+
+
+static
+void nessie_gen_block(void* ctx, uint8_t* block){
+ uint16_t i;
+ for(i=0; i<BLOCKSIZE_B; ++i){
+ block[i] = nessie_stream_ctx.cipher_enc(ctx);
+ }
+}
+
+static
+void nessie_stream_enc(uint8_t* key){
+ uint8_t ctx[nessie_stream_ctx.ctx_size_B];
+ uint8_t buffer[BLOCKSIZE_B];
+ uint8_t xorbuffer[BLOCKSIZE_B];
+ uint8_t i;
+
+ memset(xorbuffer, 0, BLOCKSIZE_B);
+
+ nessie_print_item("key", key, (nessie_stream_ctx.keysize_b+7)/8);
+
+ nessie_stream_ctx.cipher_genctx(key, nessie_stream_ctx.keysize_b, ctx);
+
+ nessie_gen_block(ctx, buffer);
+ memxor(xorbuffer, buffer, BLOCKSIZE_B);
+ nessie_print_item("stream[0..63]", buffer, BLOCKSIZE_B);
+
+ for(i=0; i<((192-0)/BLOCKSIZE_B-1); ++i){
+ nessie_gen_block(ctx, buffer);
+ memxor(xorbuffer, buffer, BLOCKSIZE_B);
+ }
+
+ nessie_gen_block(ctx, buffer);
+ memxor(xorbuffer, buffer, BLOCKSIZE_B);
+ nessie_print_item("stream[192..255]", buffer, BLOCKSIZE_B);
+
+ nessie_gen_block(ctx, buffer);
+ memxor(xorbuffer, buffer, BLOCKSIZE_B);
+ nessie_print_item("stream[256..319]", buffer, BLOCKSIZE_B);
+
+ for(i=0; i<((448-256)/BLOCKSIZE_B-1); ++i){
+ nessie_gen_block(ctx, buffer);
+ memxor(xorbuffer, buffer, BLOCKSIZE_B);
+ }
+
+ nessie_gen_block(ctx, buffer);
+ memxor(xorbuffer, buffer, BLOCKSIZE_B);
+ nessie_print_item("stream[448..511]", buffer, BLOCKSIZE_B);
+
+ nessie_print_item("stream[0..511]xored", xorbuffer, BLOCKSIZE_B);
+
+}
+
+
+static
+void nessie_stream_enc_large(uint8_t* key){
+ uint8_t ctx[nessie_stream_ctx.ctx_size_B];
+ uint8_t buffer[BLOCKSIZE_B];
+ uint8_t xorbuffer[BLOCKSIZE_B];
+ uint32_t i;
+
+ memset(xorbuffer, 0, BLOCKSIZE_B);
+
+ nessie_print_item("key", key, (nessie_stream_ctx.keysize_b+7)/8);
+
+ nessie_stream_ctx.cipher_genctx(key, nessie_stream_ctx.keysize_b, ctx);
+
+ nessie_gen_block(ctx, buffer);
+ memxor(xorbuffer, buffer, BLOCKSIZE_B);
+ nessie_print_item("stream[0..63]", buffer, BLOCKSIZE_B);
+
+ for(i=0; i<((65472-0)/BLOCKSIZE_B-1); ++i){
+ nessie_gen_block(ctx, buffer);
+ memxor(xorbuffer, buffer, BLOCKSIZE_B);
+ NESSIE_SEND_ALIVE_A(i);
+ }
+
+ nessie_gen_block(ctx, buffer);
+ memxor(xorbuffer, buffer, BLOCKSIZE_B);
+ nessie_print_item("stream[65472..65535]", buffer, BLOCKSIZE_B);
+
+ nessie_gen_block(ctx, buffer);
+ memxor(xorbuffer, buffer, BLOCKSIZE_B);
+ nessie_print_item("stream[65536..65599]", buffer, BLOCKSIZE_B);
+
+ for(i=0; i<((131008-65536)/BLOCKSIZE_B-1); ++i){
+ nessie_gen_block(ctx, buffer);
+ memxor(xorbuffer, buffer, BLOCKSIZE_B);
+ NESSIE_SEND_ALIVE_A(i);
+ }
+
+ nessie_gen_block(ctx, buffer);
+ memxor(xorbuffer, buffer, BLOCKSIZE_B);
+ nessie_print_item("stream[131008..131071]", buffer, BLOCKSIZE_B);
+
+ nessie_print_item("stream[0..131071]xored", xorbuffer, BLOCKSIZE_B);
+
+}
+
+void nessie_stream_run(void){
+ uint16_t i;
+ uint8_t set;
+ uint8_t key[(nessie_stream_ctx.keysize_b+7)/8];
+
+ nessie_print_header(nessie_stream_ctx.name, nessie_stream_ctx.keysize_b,
+ 0, 0, 0, nessie_stream_ctx.ivsize_b);
+ /* test set 1 */
+ set=1;
+ nessie_print_setheader(set);
+ for(i=0; i<nessie_stream_ctx.keysize_b; ++i){
+ nessie_print_set_vector(set, i);
+ memset(key, 0, (nessie_stream_ctx.keysize_b+7)/8);
+ key[i/8] |= 0x80>>(i%8);
+ nessie_stream_enc(key);
+ }
+ /* test set 2 */
+ set=2;
+ nessie_print_setheader(set);
+ for(i=0; i<256; ++i){
+ nessie_print_set_vector(set, i);
+ memset(key, i, (nessie_stream_ctx.keysize_b+7)/8);
+ nessie_stream_enc(key);
+ }
+ /* test set 3 */
+ set=3;
+ nessie_print_setheader(set);
+ for(i=0; i<256; ++i){
+ uint8_t j;
+ nessie_print_set_vector(set, i);
+ for(j=0; j<(nessie_stream_ctx.keysize_b+7)/8; ++j){
+ key[j]=(i+j)&0xff;
+ }
+ nessie_stream_enc(key);
+ }
+ /* test set 4 */
+ set=4;
+ nessie_print_setheader(set);
+ for(i=0; i<4; ++i){
+ uint8_t j;
+ nessie_print_set_vector(set, i);
+ for(j=0; j<(nessie_stream_ctx.keysize_b+7)/8; ++j){
+ key[j]=(i*5+j*0x53)&0xff;
+ }
+ nessie_stream_enc_large(key);
+ }
+
+ nessie_print_footer();
+}
--- /dev/null
+/* nessie_stream_test.h */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef NESSIE_STREAM_TEST_H_
+#define NESSIE_STREAM_TEST_H_
+
+#include <stdint.h>
+
+typedef void (*nessie_stream_genctx_fpt)(uint8_t* key, uint16_t keylength_b, void* ctx);
+typedef uint8_t (*nessie_stream_genenc_fpt)(void* ctx);
+
+typedef struct nessie_stream_ctx_st{
+ uint16_t keysize_b;
+ uint16_t ivsize_b;
+ uint16_t outsize_b;
+ uint16_t ctx_size_B;
+ char* name;
+ nessie_stream_genctx_fpt cipher_genctx;
+ nessie_stream_genenc_fpt cipher_enc;
+} nessie_stream_ctx_t;
+
+
+extern nessie_stream_ctx_t nessie_stream_ctx;
+
+void nessie_stream_run(void);
+
+#endif /*NESSIE_STREAM_TEST_H_*/
projects / arm-crypto-lib.git / commitdiff