#include "hfal/hfal_sha1.h"
-#include "cli.h"
-#include "uart_lowlevel.h"
-
mgf1_parameter_t mgf1_default_parameter = {
&sha1_desc
};
* */
off = (sizeof(bigint_word_t) -(bigint_get_first_set_bit(key->modulus)/8+1)%(sizeof(bigint_word_t)*8))
% (sizeof(bigint_word_t));
- uart_flush(0);
buffer += off;
buffer_len -= off;
uint8_t* seed_buffer = buffer + 1;
hfal_hash_mem(p->hf, db, label->label, label->length_b);
db[db_len - length_B - 1] = 0x01;
memcpy(db+db_len - length_B, src, length_B);
- uart_flush(0);
if(seed){
memcpy(seed_buffer, seed, hv_len);
}else{
}
}
-//void mgf1(void* dest, const void* seed, uint16_t seed_len_B, uint16_t out_length_B, const mgf1_parameter_t* p);
- cli_hexdump_block(dest, buffer_len+off, 4, 8);
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
memxor(db, maskbuffer, db_len);
p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter);
memxor(seed_buffer, maskbuffer, hv_len);
- cli_putstr("\r\ngot to 112\r\n");
- uart_flush(0);
x.wordv = dest;
x.length_B = key->modulus->length_B;
bigint_adjust(&x);
- cli_putstr("\r\ngot to 118\r\n");
- uart_flush(0);
- rsa_os2ip(&x, NULL, key->modulus->length_B * sizeof(bigint_word_t));
+ rsa_os2ip(&x, NULL, bigint_length_B(key->modulus));
rsa_enc(&x, key);
rsa_i2osp(NULL, &x, out_length);
return 0;
}
+
+uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
+ const void* src, uint16_t length_B,
+ rsa_privatekey_t* key, const rsa_oaep_parameter_t *p,
+ const rsa_label_t* label, void* seed){
+
+ if(!label){
+ label = &rsa_oaep_default_label;
+ }
+ if(!p){
+ p = &rsa_oaep_default_parameter;
+ }
+ uint8_t *buffer = dest;
+ uint16_t x_len, data_len;
+ bigint_t x;
+ uint16_t hv_len = hfal_hash_getHashsize(p->hf)/8;
+ uint8_t label_hv[hv_len];
+ uint16_t msg_len = (bigint_get_first_set_bit(key->modulus)+7)/8;
+ uint16_t db_len = msg_len - 1 - hv_len;
+ uint8_t maskbuffer[db_len>hv_len?db_len:hv_len];
+
+ uint8_t *seed_buffer = buffer + 1;
+ uint8_t *db_buffer = seed_buffer + hv_len;
+
+ x_len = bigint_length_B(key->modulus);
+ memset(dest, 0, x_len - length_B);
+ buffer = (uint8_t*)dest + x_len - length_B;
+ memcpy(buffer, src, length_B);
+
+ x.wordv = dest;
+ x.length_B = key->modulus->length_B;
+ bigint_adjust(&x);
+
+ rsa_os2ip(&x, NULL, bigint_length_B(key->modulus));
+ rsa_dec(&x, key);
+ rsa_i2osp(NULL, &x, &data_len);
+/*
+ if(data_len != x_len){
+ memmove(buffer + x_len - data_len, buffer, data_len);
+ memset(buffer, 0, x_len - data_len);
+ }
+*/
+ if(data_len > msg_len){
+ return 7;
+ }
+
+ memmove(buffer + msg_len - data_len, buffer, data_len);
+
+ hfal_hash_mem(p->hf, label_hv, label->label, label->length_b);
+/*
+ if(buffer[0] != 0){
+ return 1;
+ }
+*/
+ p->mgf(maskbuffer, db_buffer, db_len, hv_len, p->mgf_parameter);
+ memxor(seed_buffer, maskbuffer, hv_len);
+ p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
+ memxor(db_buffer, maskbuffer, db_len);
+
+ if(memcmp(label_hv, db_buffer, hv_len)){
+ return 2;
+ }
+
+ uint16_t ps_len=0;
+ while(db_buffer[hv_len + ps_len++] == 0)
+ ;
+
+ --ps_len;
+ if(db_buffer[hv_len + ps_len] != 1){
+ return 3;
+ }
+
+ if(seed){
+ memcpy(seed, seed_buffer, hv_len);
+ }
+
+ msg_len = db_len - hv_len - 1 - ps_len;
+ memmove(dest, db_buffer + hv_len + ps_len + 1, msg_len);
+
+ *out_length = msg_len;
+
+ return 0;
+}
+
+
* ------------------------------ */
/* RSA modulus n: */
-uint8_t modulus[] = {
+const uint8_t modulus[] = {
0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
};
/* RSA public exponent e: */
-uint8_t public_exponent[] = {
+const uint8_t public_exponent[] = {
0x00, 0x01, 0x00, 0x01
};
/* RSA private exponent d: */
-uint8_t private_exponent[] = {
+const uint8_t private_exponent[] = {
0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
};
/* Prime p: */
-uint8_t p[] = {
+const uint8_t p[] = {
0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
};
/* Prime q: */
-uint8_t q[] = {
+const uint8_t q[] = {
0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
};
/* p's CRT exponent dP: */
-uint8_t dp[] = {
+const uint8_t dp[] = {
0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
};
/* q's CRT exponent dQ: */
-uint8_t dq[] = {
+const uint8_t dq[] = {
0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
};
/* CRT coefficient qInv: */
-uint8_t qinv[] = {
+const uint8_t qinv[] = {
0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
* --------------------------------- */
/* Message to be, encrypted: */
-uint8_t message[] = {
+const uint8_t message[] = {
0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
};
/* Seed: */
-uint8_t seed[] = {
+const uint8_t seed[] = {
0x18, 0xb7, 0x76, 0xea, 0x21, 0x06, 0x9d, 0x69, 0x77, 0x6a, 0x33, 0xe9, 0x6b, 0xad, 0x48, 0xe1,
0xdd, 0xa0, 0xa5, 0xef
};
/* Encryption: */
-uint8_t encrypted[] = {
+const uint8_t encrypted[] = {
0x35, 0x4f, 0xe6, 0x7b, 0x4a, 0x12, 0x6d, 0x5d, 0x35, 0xfe, 0x36, 0xc7, 0x77, 0x79, 0x1a, 0x3f,
0x7b, 0xa1, 0x3d, 0xef, 0x48, 0x4e, 0x2d, 0x39, 0x08, 0xaf, 0xf7, 0x22, 0xfa, 0xd4, 0x68, 0xfb,
0x21, 0x69, 0x6d, 0xe9, 0x5d, 0x0b, 0xe9, 0x11, 0xc2, 0xd3, 0x17, 0x4f, 0x8a, 0xfc, 0xc2, 0x01,
0x40, 0x24, 0x30, 0x9c, 0xe1, 0xec, 0xcc, 0xb5, 0x21, 0x00, 0x35, 0xd4, 0x7a, 0xc7, 0x2e, 0x8a
};
+/* Message to be encrypted: */
+const uint8_t message2[] = {
+0x75, 0x0c, 0x40, 0x47, 0xf5, 0x47, 0xe8, 0xe4, 0x14, 0x11, 0x85, 0x65, 0x23, 0x29, 0x8a, 0xc9,
+0xba, 0xe2, 0x45, 0xef, 0xaf, 0x13, 0x97, 0xfb, 0xe5, 0x6f, 0x9d, 0xd5
+};
+
+/* Seed: */
+const uint8_t seed2[] = {
+0x0c, 0xc7, 0x42, 0xce, 0x4a, 0x9b, 0x7f, 0x32, 0xf9, 0x51, 0xbc, 0xb2, 0x51, 0xef, 0xd9, 0x25,
+0xfe, 0x4f, 0xe3, 0x5f
+};
+
+/* Encryption: */
+const uint8_t encrypted2[] = {
+0x64, 0x0d, 0xb1, 0xac, 0xc5, 0x8e, 0x05, 0x68, 0xfe, 0x54, 0x07, 0xe5, 0xf9, 0xb7, 0x01, 0xdf,
+0xf8, 0xc3, 0xc9, 0x1e, 0x71, 0x6c, 0x53, 0x6f, 0xc7, 0xfc, 0xec, 0x6c, 0xb5, 0xb7, 0x1c, 0x11,
+0x65, 0x98, 0x8d, 0x4a, 0x27, 0x9e, 0x15, 0x77, 0xd7, 0x30, 0xfc, 0x7a, 0x29, 0x93, 0x2e, 0x3f,
+0x00, 0xc8, 0x15, 0x15, 0x23, 0x6d, 0x8d, 0x8e, 0x31, 0x01, 0x7a, 0x7a, 0x09, 0xdf, 0x43, 0x52,
+0xd9, 0x04, 0xcd, 0xeb, 0x79, 0xaa, 0x58, 0x3a, 0xdc, 0xc3, 0x1e, 0xa6, 0x98, 0xa4, 0xc0, 0x52,
+0x83, 0xda, 0xba, 0x90, 0x89, 0xbe, 0x54, 0x91, 0xf6, 0x7c, 0x1a, 0x4e, 0xe4, 0x8d, 0xc7, 0x4b,
+0xbb, 0xe6, 0x64, 0x3a, 0xef, 0x84, 0x66, 0x79, 0xb4, 0xcb, 0x39, 0x5a, 0x35, 0x2d, 0x5e, 0xd1,
+0x15, 0x91, 0x2d, 0xf6, 0x96, 0xff, 0xe0, 0x70, 0x29, 0x32, 0x94, 0x6d, 0x71, 0x49, 0x2b, 0x44
+};
+
rsa_publickey_t pub_key;
rsa_privatekey_t priv_key;
}
-#define MSG message
-#define SEED seed
+#define MSG message2
+#define SEED seed2
+#define ENCRYPTED encrypted2
void quick_test(void){
uint8_t *ciphertext, *plaintext, rc;
- uint16_t clen; //, plen;
+ uint16_t clen, plen;
ciphertext = malloc(clen = pub_key.modulus->length_B * sizeof(bigint_word_t));
plaintext = malloc(pub_key.modulus->length_B * sizeof(bigint_word_t));
// memcpy(ciphertext, message1, sizeof(message1));
}
cli_putstr("\r\n\r\nciphertext:");
cli_hexdump_block(ciphertext, clen, 4, 8);
+ if(clen!=sizeof(ENCRYPTED) || memcmp(ENCRYPTED, ciphertext, clen)){
+ cli_putstr("\r\n>>FAIL<<");
+ }else{
+ cli_putstr("\r\n>>OK<<");
+ }
uart_flush(0);
-/*
- rc = rsa_decrypt_pkcs15(plaintext, &plen, ciphertext, clen, &priv_key, NULL);
+
+
+ rc = rsa_decrypt_oaep(plaintext, &plen, ciphertext, clen, &priv_key, NULL, NULL, NULL);
if(rc){
- cli_putstr("\r\nERROR: rsa_encrypt_pkcs15 returned: ");
+ cli_putstr("\r\nERROR: rsa_decrypt_oaep returned: ");
cli_hexdump_byte(rc);
return;
}
cli_putstr("\r\n\r\nplaintext:");
cli_hexdump_block(plaintext, plen, 4, 8);
-*/
+
free(ciphertext);
free(plaintext);
}