From: bg Date: Tue, 21 Feb 2012 23:58:50 +0000 (+0100) Subject: works with three tests; contains a lot debug foo X-Git-Url: https://git.cryptolib.org/?a=commitdiff_plain;h=f3456452a0f13bfe6d332aaeeada5b626dac2739;p=arm-crypto-lib.git works with three tests; contains a lot debug foo --- diff --git a/bigint/bigint.c b/bigint/bigint.c index c1a82ab..307b1e4 100644 --- a/bigint/bigint.c +++ b/bigint/bigint.c @@ -91,7 +91,7 @@ uint16_t bigint_length_b(bigint_t* a){ /******************************************************************************/ uint16_t bigint_length_B(bigint_t* a){ - return (bigint_length_b(a)+7)/8; + return a->length_B * sizeof(bigint_word_t); } /******************************************************************************/ @@ -650,12 +650,18 @@ void bigint_sub_u_bitscale(bigint_t* a, const bigint_t* b, uint16_t bitscale){ } while(borrow){ if(i+1 > a->length_B){ - cli_putstr("\r\nDBG: *boom*\r\n"); + // char str[16]; + cli_putstr("\r\nDBG: *boom* a->length_B = "); + cli_hexdump_rev(&a->length_B, 2); + cli_putstr(" b->length_B = "); + cli_hexdump_rev(&b->length_B, 2); + cli_putstr(" bitscale = "); + cli_hexdump_rev(&bitscale, 2); bigint_set_zero(a); return; } a->wordv[i] -= borrow; - if(a->wordv[i]!=0xff){ + if(a->wordv[i] != (1LL<length_B > r->length_B){ shift = (a->length_B - r->length_B) * 8 * sizeof(bigint_word_t) + GET_FBS(a) - rfbs - 1; - if(a->wordv[a->length_B-1] > r->wordv[r->length_B-1]){ + /* + if((a->wordv[a->length_B-1] & ((1LL< r->wordv[r->length_B-1]){ + // cli_putc('~'); + cli_putstr("\r\n ~ [a] = "); + cli_hexdump_rev(&a->wordv[a->length_B-1], 4); + cli_putstr(" [r] = "); + cli_hexdump_rev(&r->wordv[r->length_B-1], 4); shift += 1; } + */ // cli_putstr("\r\nDBG: (p) shift = "); cli_hexdump_rev(&shift, 2); // cli_putstr(" a_len = "); cli_hexdump_rev(&a->length_B, 2); // cli_putstr(" r_len = "); cli_hexdump_rev(&r->length_B, 2); diff --git a/rsa/rsa_basic.c b/rsa/rsa_basic.c index d152be2..02947ed 100644 --- a/rsa/rsa_basic.c +++ b/rsa/rsa_basic.c @@ -21,11 +21,19 @@ #include #include #include "bigint.h" +#include "bigint_io.h" #include "rsa_basic.h" #include "cli.h" +#include "uart_lowlevel.h" void rsa_enc(bigint_t* data, rsa_publickey_t* key){ + cli_putstr("\r\n -->rsa_enc()\r\n m = "); + bigint_print_hex(data); + cli_putstr("\r\n e = "); + bigint_print_hex(key->exponent); + cli_putstr("\r\n n = "); + bigint_print_hex(key->modulus); bigint_expmod_u(data, data, key->exponent, key->modulus); } @@ -39,24 +47,34 @@ m = m2 + q * h uint8_t rsa_dec_crt_mono(bigint_t* data, rsa_privatekey_t* key){ bigint_t m1, m2; + cli_putstr("\r\n --> rsa_dec_crt_mono()"); + uart_flush(0); m1.wordv = malloc(key->components[0]->length_B * sizeof(bigint_word_t)); m2.wordv = malloc(key->components[1]->length_B * sizeof(bigint_word_t)); if(!m1.wordv || !m2.wordv){ + cli_putstr("\r\nERROR: OOM!"); free(m1.wordv); free(m2.wordv); return 1; } + cli_putc('a'); uart_flush(0); bigint_expmod_u(&m1, data, key->components[2], key->components[0]); + cli_putc('f'); uart_flush(0); bigint_expmod_u(&m2, data, key->components[3], key->components[1]); + cli_putc('b'); uart_flush(0); bigint_sub_s(&m1, &m1, &m2); while(BIGINT_NEG_MASK & m1.info){ bigint_add_s(&m1, &m1, key->components[0]); } + + cli_putc('c'); uart_flush(0); bigint_reduce(&m1, key->components[0]); bigint_mul_u(data, &m1, key->components[4]); + cli_putc('d'); uart_flush(0); bigint_reduce(data, key->components[0]); bigint_mul_u(data, data, key->components[1]); bigint_add_u(data, data, &m2); + cli_putc('e'); uart_flush(0); free(m1.wordv); free(m2.wordv); return 0; diff --git a/rsa/rsa_oaep.c b/rsa/rsa_oaep.c index f39b599..5e32546 100644 --- a/rsa/rsa_oaep.c +++ b/rsa/rsa_oaep.c @@ -31,6 +31,9 @@ #include "hfal/hfal_sha1.h" +#include "cli.h" +#include "uart_lowlevel.h" + mgf1_parameter_t mgf1_default_parameter = { &sha1_desc }; @@ -62,6 +65,10 @@ uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length, return 1; } uint16_t buffer_len = bigint_length_B(key->modulus); + cli_putstr("\r\n buffer_len = "); + cli_hexdump_rev(&buffer_len, 2); + cli_putstr("\r\n modulus_len = "); + cli_hexdump_rev(&key->modulus->length_B, 2); uint8_t* buffer = (uint8_t*)dest; uint8_t off; /* the following needs some explanation: @@ -72,6 +79,8 @@ uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length, % (sizeof(bigint_word_t)); buffer += off; buffer_len -= off; + cli_putstr("\r\n off = "); + cli_hexdump_byte(off); uint8_t* seed_buffer = buffer + 1; uint16_t db_len = buffer_len - hv_len - 1; uint8_t* db = seed_buffer + hv_len; @@ -79,7 +88,7 @@ uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length, uint8_t maskbuffer[maskbuffer_len]; bigint_t x; - memset(buffer, 0, seed_buffer - buffer); + memset(dest, 0, seed_buffer - buffer + off); memset(db + hv_len, 0, db_len - hv_len - length_B -1); hfal_hash_mem(p->hf, db, label->label, label->length_b); db[db_len - length_B - 1] = 0x01; @@ -96,11 +105,14 @@ uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length, seed_buffer[i] = prng_get_byte(); } } - + cli_putstr("\r\n msg (raw, pre-feistel):\r\n"); + cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16); p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter); memxor(db, maskbuffer, db_len); p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter); memxor(seed_buffer, maskbuffer, hv_len); + cli_putstr("\r\n msg (raw, post-feistel):\r\n"); + cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16); x.wordv = dest; x.length_B = key->modulus->length_B; @@ -117,47 +129,62 @@ uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length, rsa_privatekey_t* key, const rsa_oaep_parameter_t *p, const rsa_label_t* label, void* seed){ + cli_putstr("\r\n -->rsa_decrypt_oaep()"); uart_flush(0); if(!label){ label = &rsa_oaep_default_label; } if(!p){ p = &rsa_oaep_default_parameter; } - uint8_t *buffer = dest; uint16_t x_len, data_len; bigint_t x; uint16_t hv_len = hfal_hash_getHashsize(p->hf)/8; uint8_t label_hv[hv_len]; - uint16_t msg_len = (bigint_get_first_set_bit(key->modulus)+7)/8; - uint16_t db_len = msg_len - 1 - hv_len; + uint16_t msg_len = bigint_get_first_set_bit(key->modulus) / 8 + 1; + uint16_t db_len = msg_len - hv_len - 1; uint8_t maskbuffer[db_len>hv_len?db_len:hv_len]; - uint8_t *seed_buffer = buffer + 1; + uint8_t *seed_buffer = dest; uint8_t *db_buffer = seed_buffer + hv_len; - x_len = bigint_length_B(key->modulus); - memset(dest, 0, x_len - length_B); - buffer = (uint8_t*)dest + x_len - length_B; - memcpy(buffer, src, length_B); + x_len = bigint_get_first_set_bit(key->modulus)/8; + memset(dest, 0, bigint_length_B(key->modulus) - length_B); + memcpy((uint8_t*)dest + bigint_length_B(key->modulus) - length_B, src, length_B); + + cli_putc('a'); uart_flush(0); x.wordv = dest; x.length_B = key->modulus->length_B; + x.info = 0; bigint_adjust(&x); + + cli_putc('b'); uart_flush(0); rsa_os2ip(&x, NULL, bigint_length_B(key->modulus)); + cli_putc('c'); uart_flush(0); rsa_dec(&x, key); + cli_putc('d'); uart_flush(0); rsa_i2osp(NULL, &x, &data_len); -/* - if(data_len != x_len){ - memmove(buffer + x_len - data_len, buffer, data_len); - memset(buffer, 0, x_len - data_len); - } -*/ - if(data_len > msg_len){ + + cli_putstr("\r\n msg (raw, pre-move):\r\n"); + cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16); + + if(data_len > x_len){ return 7; } - memmove(buffer + msg_len - data_len, buffer, data_len); + cli_putstr("\r\n moving some bytes; x_len = "); + cli_hexdump_rev(&x_len, 2); + cli_putstr(" data_len = "); + cli_hexdump_rev(&data_len, 2); + uart_flush(0); + + if(x_len != data_len){ + memmove((uint8_t*)dest + x_len - data_len, dest, data_len); + cli_putstr(" (oh, not dead yet?!)"); + uart_flush(0); + memset(dest, 0, x_len - data_len); + } hfal_hash_mem(p->hf, label_hv, label->label, label->length_b); /* @@ -165,12 +192,19 @@ uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length, return 1; } */ + cli_putstr("\r\n msg (raw, pre-feistel):\r\n"); + cli_hexdump_block(seed_buffer, bigint_length_B(key->modulus), 4, 16); + + uart_flush(0); + p->mgf(maskbuffer, db_buffer, db_len, hv_len, p->mgf_parameter); memxor(seed_buffer, maskbuffer, hv_len); p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter); memxor(db_buffer, maskbuffer, db_len); if(memcmp(label_hv, db_buffer, hv_len)){ + cli_putstr("\r\nDBG: DB:\r\n"); + cli_hexdump_block(db_buffer, db_len, 4, 16); return 2; } diff --git a/rsa/rsa_oaep.h b/rsa/rsa_oaep.h index 1aed13b..8084653 100644 --- a/rsa/rsa_oaep.h +++ b/rsa/rsa_oaep.h @@ -39,7 +39,7 @@ typedef struct { } rsa_label_t; extern rsa_oaep_parameter_t rsa_oaep_default_parameter; - +extern rsa_label_t rsa_oaep_default_label; uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length, const void* src, uint16_t length_B, diff --git a/test_src/main-rsa_oaep-test.c b/test_src/main-rsa_oaep-test.c index 62cfe89..c49e4d7 100644 --- a/test_src/main-rsa_oaep-test.c +++ b/test_src/main-rsa_oaep-test.c @@ -34,6 +34,9 @@ const char* algo_name = "RSA-OAEP"; +#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t)) +#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t)) + /***************************************************************************** * additional validation-functions * *****************************************************************************/ @@ -167,9 +170,326 @@ const uint8_t encrypted2[] = { 0x15, 0x91, 0x2d, 0xf6, 0x96, 0xff, 0xe0, 0x70, 0x29, 0x32, 0x94, 0x6d, 0x71, 0x49, 0x2b, 0x44 }; +/**********************************************************************************************/ +/* --------------------------------- + * RSAES-OAEP Encryption Example 2.1 + * --------------------------------- */ + +/* Message to be encrypted: */ +const uint8_t message3[] = { +0x8f, 0xf0, 0x0c, 0xaa, 0x60, 0x5c, 0x70, 0x28, 0x30, 0x63, 0x4d, 0x9a, 0x6c, 0x3d, 0x42, 0xc6, +0x52, 0xb5, 0x8c, 0xf1, 0xd9, 0x2f, 0xec, 0x57, 0x0b, 0xee, 0xe7 +}; + +/* Seed: */ +const uint8_t seed3[] = { +0x8c, 0x40, 0x7b, 0x5e, 0xc2, 0x89, 0x9e, 0x50, 0x99, 0xc5, 0x3e, 0x8c, 0xe7, 0x93, 0xbf, 0x94, +0xe7, 0x1b, 0x17, 0x82 +}; + +/* Encryption: */ +const uint8_t encrypted3[] = { +0x01, 0x81, 0xaf, 0x89, 0x22, 0xb9, 0xfc, 0xb4, 0xd7, 0x9d, 0x92, 0xeb, 0xe1, 0x98, 0x15, 0x99, +0x2f, 0xc0, 0xc1, 0x43, 0x9d, 0x8b, 0xcd, 0x49, 0x13, 0x98, 0xa0, 0xf4, 0xad, 0x3a, 0x32, 0x9a, +0x5b, 0xd9, 0x38, 0x55, 0x60, 0xdb, 0x53, 0x26, 0x83, 0xc8, 0xb7, 0xda, 0x04, 0xe4, 0xb1, 0x2a, +0xed, 0x6a, 0xac, 0xdf, 0x47, 0x1c, 0x34, 0xc9, 0xcd, 0xa8, 0x91, 0xad, 0xdc, 0xc2, 0xdf, 0x34, +0x56, 0x65, 0x3a, 0xa6, 0x38, 0x2e, 0x9a, 0xe5, 0x9b, 0x54, 0x45, 0x52, 0x57, 0xeb, 0x09, 0x9d, +0x56, 0x2b, 0xbe, 0x10, 0x45, 0x3f, 0x2b, 0x6d, 0x13, 0xc5, 0x9c, 0x02, 0xe1, 0x0f, 0x1f, 0x8a, +0xbb, 0x5d, 0xa0, 0xd0, 0x57, 0x09, 0x32, 0xda, 0xcf, 0x2d, 0x09, 0x01, 0xdb, 0x72, 0x9d, 0x0f, +0xef, 0xcc, 0x05, 0x4e, 0x70, 0x96, 0x8e, 0xa5, 0x40, 0xc8, 0x1b, 0x04, 0xbc, 0xae, 0xfe, 0x72, +0x0e +}; + +/**********************************************************************************************/ + +/* RSA modulus n: */ +const uint8_t modulus2[] = { +0x01, 0x94, 0x7c, 0x7f, 0xce, 0x90, 0x42, 0x5f, 0x47, 0x27, 0x9e, 0x70, 0x85, 0x1f, 0x25, 0xd5, +0xe6, 0x23, 0x16, 0xfe, 0x8a, 0x1d, 0xf1, 0x93, 0x71, 0xe3, 0xe6, 0x28, 0xe2, 0x60, 0x54, 0x3e, +0x49, 0x01, 0xef, 0x60, 0x81, 0xf6, 0x8c, 0x0b, 0x81, 0x41, 0x19, 0x0d, 0x2a, 0xe8, 0xda, 0xba, +0x7d, 0x12, 0x50, 0xec, 0x6d, 0xb6, 0x36, 0xe9, 0x44, 0xec, 0x37, 0x22, 0x87, 0x7c, 0x7c, 0x1d, +0x0a, 0x67, 0xf1, 0x4b, 0x16, 0x94, 0xc5, 0xf0, 0x37, 0x94, 0x51, 0xa4, 0x3e, 0x49, 0xa3, 0x2d, +0xde, 0x83, 0x67, 0x0b, 0x73, 0xda, 0x91, 0xa1, 0xc9, 0x9b, 0xc2, 0x3b, 0x43, 0x6a, 0x60, 0x05, +0x5c, 0x61, 0x0f, 0x0b, 0xaf, 0x99, 0xc1, 0xa0, 0x79, 0x56, 0x5b, 0x95, 0xa3, 0xf1, 0x52, 0x66, +0x32, 0xd1, 0xd4, 0xda, 0x60, 0xf2, 0x0e, 0xda, 0x25, 0xe6, 0x53, 0xc4, 0xf0, 0x02, 0x76, 0x6f, +0x45 +}; + +/* RSA public exponent e: */ +const uint8_t public_exponent2[] = { +0x01, 0x00, 0x01 +}; + +/* RSA private exponent d: */ +const uint8_t private_exponent2[] = { +0x08, 0x23, 0xf2, 0x0f, 0xad, 0xb5, 0xda, 0x89, 0x08, 0x8a, 0x9d, 0x00, 0x89, 0x3e, 0x21, 0xfa, +0x4a, 0x1b, 0x11, 0xfb, 0xc9, 0x3c, 0x64, 0xa3, 0xbe, 0x0b, 0xaa, 0xea, 0x97, 0xfb, 0x3b, 0x93, +0xc3, 0xff, 0x71, 0x37, 0x04, 0xc1, 0x9c, 0x96, 0x3c, 0x1d, 0x10, 0x7a, 0xae, 0x99, 0x05, 0x47, +0x39, 0xf7, 0x9e, 0x02, 0xe1, 0x86, 0xde, 0x86, 0xf8, 0x7a, 0x6d, 0xde, 0xfe, 0xa6, 0xd8, 0xcc, +0xd1, 0xd3, 0xc8, 0x1a, 0x47, 0xbf, 0xa7, 0x25, 0x5b, 0xe2, 0x06, 0x01, 0xa4, 0xa4, 0xb2, 0xf0, +0x8a, 0x16, 0x7b, 0x5e, 0x27, 0x9d, 0x71, 0x5b, 0x1b, 0x45, 0x5b, 0xdd, 0x7e, 0xab, 0x24, 0x59, +0x41, 0xd9, 0x76, 0x8b, 0x9a, 0xce, 0xfb, 0x3c, 0xcd, 0xa5, 0x95, 0x2d, 0xa3, 0xce, 0xe7, 0x25, +0x25, 0xb4, 0x50, 0x16, 0x63, 0xa8, 0xee, 0x15, 0xc9, 0xe9, 0x92, 0xd9, 0x24, 0x62, 0xfe, 0x39 +}; + +/* Prime p: */ +const uint8_t p2[] = { +0x01, 0x59, 0xdb, 0xde, 0x04, 0xa3, 0x3e, 0xf0, 0x6f, 0xb6, 0x08, 0xb8, 0x0b, 0x19, 0x0f, 0x4d, +0x3e, 0x22, 0xbc, 0xc1, 0x3a, 0xc8, 0xe4, 0xa0, 0x81, 0x03, 0x3a, 0xbf, 0xa4, 0x16, 0xed, 0xb0, +0xb3, 0x38, 0xaa, 0x08, 0xb5, 0x73, 0x09, 0xea, 0x5a, 0x52, 0x40, 0xe7, 0xdc, 0x6e, 0x54, 0x37, +0x8c, 0x69, 0x41, 0x4c, 0x31, 0xd9, 0x7d, 0xdb, 0x1f, 0x40, 0x6d, 0xb3, 0x76, 0x9c, 0xc4, 0x1a, +0x43 +}; + +/* Prime q: */ +const uint8_t q2[] = { +0x01, 0x2b, 0x65, 0x2f, 0x30, 0x40, 0x3b, 0x38, 0xb4, 0x09, 0x95, 0xfd, 0x6f, 0xf4, 0x1a, 0x1a, +0xcc, 0x8a, 0xda, 0x70, 0x37, 0x32, 0x36, 0xb7, 0x20, 0x2d, 0x39, 0xb2, 0xee, 0x30, 0xcf, 0xb4, +0x6d, 0xb0, 0x95, 0x11, 0xf6, 0xf3, 0x07, 0xcc, 0x61, 0xcc, 0x21, 0x60, 0x6c, 0x18, 0xa7, 0x5b, +0x8a, 0x62, 0xf8, 0x22, 0xdf, 0x03, 0x1b, 0xa0, 0xdf, 0x0d, 0xaf, 0xd5, 0x50, 0x6f, 0x56, 0x8b, +0xd7 +}; + +/* p's CRT exponent dP: */ +const uint8_t dp2[] = { +0x43, 0x6e, 0xf5, 0x08, 0xde, 0x73, 0x65, 0x19, 0xc2, 0xda, 0x4c, 0x58, 0x0d, 0x98, 0xc8, 0x2c, +0xb7, 0x45, 0x2a, 0x3f, 0xb5, 0xef, 0xad, 0xc3, 0xb9, 0xc7, 0x78, 0x9a, 0x1b, 0xc6, 0x58, 0x4f, +0x79, 0x5a, 0xdd, 0xbb, 0xd3, 0x24, 0x39, 0xc7, 0x46, 0x86, 0x55, 0x2e, 0xcb, 0x6c, 0x2c, 0x30, +0x7a, 0x4d, 0x3a, 0xf7, 0xf5, 0x39, 0xee, 0xc1, 0x57, 0x24, 0x8c, 0x7b, 0x31, 0xf1, 0xa2, 0x55 +}; + +/* q's CRT exponent dQ: */ +const uint8_t dq2[] = { +0x01, 0x2b, 0x15, 0xa8, 0x9f, 0x3d, 0xfb, 0x2b, 0x39, 0x07, 0x3e, 0x73, 0xf0, 0x2b, 0xdd, 0x0c, +0x1a, 0x7b, 0x37, 0x9d, 0xd4, 0x35, 0xf0, 0x5c, 0xdd, 0xe2, 0xef, 0xf9, 0xe4, 0x62, 0x94, 0x8b, +0x7c, 0xec, 0x62, 0xee, 0x90, 0x50, 0xd5, 0xe0, 0x81, 0x6e, 0x07, 0x85, 0xa8, 0x56, 0xb4, 0x91, +0x08, 0xdc, 0xb7, 0x5f, 0x36, 0x83, 0x87, 0x4d, 0x1c, 0xa6, 0x32, 0x9a, 0x19, 0x01, 0x30, 0x66, +0xff +}; + +/* CRT coefficient qInv: */ +const uint8_t qinv2[] = { +0x02, 0x70, 0xdb, 0x17, 0xd5, 0x91, 0x4b, 0x01, 0x8d, 0x76, 0x11, 0x8b, 0x24, 0x38, 0x9a, 0x73, +0x50, 0xec, 0x83, 0x6b, 0x00, 0x63, 0xa2, 0x17, 0x21, 0x23, 0x6f, 0xd8, 0xed, 0xb6, 0xd8, 0x9b, +0x51, 0xe7, 0xee, 0xb8, 0x7b, 0x61, 0x1b, 0x71, 0x32, 0xcb, 0x7e, 0xa7, 0x35, 0x6c, 0x23, 0x15, +0x1c, 0x1e, 0x77, 0x51, 0x50, 0x7c, 0x78, 0x6d, 0x9e, 0xe1, 0x79, 0x41, 0x70, 0xa8, 0xc8, 0xe8 +}; + +/**********************************************************************************************/ + + +uint8_t keys_allocated = 0; rsa_publickey_t pub_key; rsa_privatekey_t priv_key; +#if 0 + #define MSG message + #define SEED seed + #define ENCRYPTED encrypted + #define MODULUS modulus + #define PUB_EXPONENT public_exponent + #define PRIV_EXPONENT private_exponent + #define P p + #define Q q + #define DP dp + #define DQ dq + #define QINV qinv +#else + #define MSG message3 + #define SEED seed3 + #define ENCRYPTED encrypted3 + #define MODULUS modulus2 + #define PUB_EXPONENT public_exponent2 + #define PRIV_EXPONENT private_exponent2 + #define P p2 + #define Q q2 + #define DP dp2 + #define DQ dq2 + #define QINV qinv2 +#endif + + +uint8_t convert_nibble(uint8_t c){ + if(c>='0' && c<='9'){ + return c - '0'; + } + c |= 'A' ^ 'a'; + if(c>='a' && c<='f'){ + return c - 'a' + 10; + } + return 0xff; +} + +const char *block_ignore_string=" \t\r\n,;"; + +uint16_t read_os(void* dst, uint16_t length, const char* ignore_string){ + uint16_t counter = 0; + uint16_t c; + uint8_t v, tmp = 0, idx = 0; + if(!ignore_string){ + ignore_string = block_ignore_string; + } + while(counter < length){ + c = cli_getc(); + if(c > 0xff){ + return counter; + } + if(strchr(ignore_string, c)){ + continue; + } + v = convert_nibble(c); + if(v > 0x0f){ + return counter; + } + if(idx){ + ((uint8_t*)dst)[counter++] = (tmp << 4) | v; + idx = 0; + }else{ + tmp = v; + idx = 1; + } + } + return counter; +} + +uint16_t own_atou(const char* str){ + uint16_t r=0; + while(*str && *str >= '0' && *str <= '9'){ + r *= 10; + r += *str++ - '0'; + } + return r; +} + +uint8_t read_bigint(bigint_t* a, char* prompt){ + uint16_t read_length, actual_length; + uint8_t off; + uint8_t *buffer; + char read_int_str[18]; + cli_putstr(prompt); + cli_putstr("\r\n length: "); + cli_getsn(read_int_str, 16); + read_length = own_atou(read_int_str); + off = (sizeof(bigint_word_t) - (read_length % sizeof(bigint_word_t))) % sizeof(bigint_word_t); + buffer = malloc(((read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t)); + if(!buffer){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + cli_putstr("\r\n data: "); + memset(buffer, 0, sizeof(bigint_word_t)); + actual_length = read_os(buffer + off, read_length, NULL); + if(actual_length != read_length){ + cli_putstr("\r\nERROR: unexpected end of data!"); + free(buffer); + return 1; + } + a->wordv = (bigint_word_t*)buffer; + a->length_B = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t); + bigint_changeendianess(a); + bigint_adjust(a); + return 0; +} + +uint8_t pre_alloc_key_crt(void){ + uint8_t c; + pub_key.modulus = malloc(sizeof(bigint_t)); + if(!pub_key.modulus){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + priv_key.modulus = pub_key.modulus; + priv_key.n = 5; + priv_key.components = malloc(5 * sizeof(bigint_t*)); + if(!priv_key.components){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + pub_key.exponent = malloc(sizeof(bigint_t)); + if(!pub_key.exponent){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + for(c=0; c<5; ++c){ + priv_key.components[c] = malloc(sizeof(bigint_t)); + if(!priv_key.components[c]){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + } + return 0; +} + +void free_key(void){ + uint8_t c; + free(pub_key.modulus->wordv); + free(pub_key.exponent->wordv); + free(pub_key.modulus); + pub_key.modulus = priv_key.modulus = NULL; + free(pub_key.exponent); + pub_key.exponent = NULL; + for(c = 0; c < priv_key.n; ++c){ + free(priv_key.components[c]->wordv); + free(priv_key.components[c]); + } + free(priv_key.components); + priv_key.components = NULL; +} + +uint8_t read_key_crt(void){ + uint8_t r; + cli_putstr("\r\n== reading key (crt) =="); + r = pre_alloc_key_crt(); + if(r) return r; + r = read_bigint(pub_key.modulus,"\r\n = module ="); + if(r) return r; + r = read_bigint(pub_key.exponent,"\r\n = public exponent ="); + if(r) return r; + r = read_bigint(priv_key.components[0],"\r\n = p (first prime) ="); + if(r) return r; + r = read_bigint(priv_key.components[1],"\r\n = q (second prime) ="); + if(r) return r; + r = read_bigint(priv_key.components[2],"\r\n = dp (p's exponent) ="); + if(r) return r; + r = read_bigint(priv_key.components[3],"\r\n = dq (q's exponent) ="); + if(r) return r; + r = read_bigint(priv_key.components[4],"\r\n = qInv (q' coefficient) ="); + return r; +} + +uint8_t read_key_conv(void){ + uint8_t r; + cli_putstr("\r\n== reading key (crt) =="); + pub_key.modulus = malloc(sizeof(bigint_t)); + if(!pub_key.modulus){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + r = read_bigint(pub_key.modulus,"\r\n = module ="); + if(r) return r; + priv_key.modulus = pub_key.modulus; + priv_key.n = 1; + pub_key.exponent = malloc(sizeof(bigint_t)); + if(!pub_key.exponent){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + priv_key.components = malloc(sizeof(bigint_t*)); + if(!priv_key.components){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + priv_key.components[0] = malloc(sizeof(bigint_t)); + if(!priv_key.components[0]){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + r = read_bigint(pub_key.exponent,"\r\n = public exponent ="); + if(r) return r; + r = read_bigint(priv_key.components[0],"\r\n = private exponent ="); + return r; +} + void load_priv_conventional(void){ bigint_t *epriv; epriv = malloc(sizeof(bigint_t)); @@ -224,47 +544,45 @@ void load_priv_crt_mono(void){ } } - -void load_fix_rsa(void){ - bigint_t *m, *epub; - m = malloc(sizeof(bigint_t)); - epub = malloc(sizeof(bigint_t)); - if(!m || !epub){ +uint8_t load_bigint_from_os(bigint_t* a, const void* os, uint16_t length_B){ + a->length_B = BIGINT_CEIL(length_B) / sizeof(bigint_word_t); + a->wordv = malloc(BIGINT_CEIL(length_B)); + if(!a->wordv){ cli_putstr("\r\nOOM!\r\n"); - return; + return 1; } + memset(a->wordv, 0, sizeof(bigint_word_t)); + memcpy((uint8_t*)a->wordv + BIGINT_OFF(length_B), os, length_B); + a->info = 0; + bigint_changeendianess(a); + bigint_adjust(a); + return 0; +} - m->length_B = (sizeof(modulus) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t); - epub->length_B = (sizeof(public_exponent) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t); - - m->wordv = malloc(m->length_B * sizeof(bigint_word_t)); - epub->wordv = malloc(epub->length_B * sizeof(bigint_word_t)); +void load_fix_rsa(void){ + if(keys_allocated){ + free_key(); + } + keys_allocated = 1; - if(!m->wordv || !epub->wordv){ + if(pre_alloc_key_crt()){ cli_putstr("\r\nOOM!\r\n"); return; } - memcpy(m->wordv, modulus, sizeof(modulus)); - memcpy(epub->wordv, public_exponent, sizeof(public_exponent)); - - pub_key.modulus = priv_key.modulus = m; - pub_key.exponent = epub; - - bigint_changeendianess(m); - bigint_adjust(m); - bigint_changeendianess(epub); - bigint_adjust(epub); + load_bigint_from_os(pub_key.modulus, MODULUS, sizeof(MODULUS)); + load_bigint_from_os(pub_key.exponent, PUB_EXPONENT, sizeof(PUB_EXPONENT)); + priv_key.n = 5; + load_bigint_from_os(priv_key.components[0], P, sizeof(P)); + load_bigint_from_os(priv_key.components[1], Q, sizeof(Q)); + load_bigint_from_os(priv_key.components[2], DP, sizeof(DP)); + load_bigint_from_os(priv_key.components[3], DQ, sizeof(DQ)); + load_bigint_from_os(priv_key.components[4], QINV, sizeof(QINV)); // load_priv_conventional(); - load_priv_crt_mono(); +// load_priv_crt_mono(); } - -#define MSG message2 -#define SEED seed2 -#define ENCRYPTED encrypted2 - void quick_test(void){ uint8_t *ciphertext, *plaintext, rc; uint16_t clen, plen; @@ -304,6 +622,59 @@ void quick_test(void){ free(plaintext); } +void run_seed_test(void){ + uint8_t *msg, *ciph, *msg_; + uint16_t msg_len, ciph_len, msg_len_; + uint8_t seed[20], seed_out[20]; + char read_int_str[18]; + cli_putstr("\r\n== test with given seed =="); + cli_putstr("\r\n = message ="); + cli_putstr("\r\n length: "); + cli_getsn(read_int_str, 16); + msg_len = own_atou(read_int_str); + msg = malloc(msg_len); + if(!msg){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + ciph = malloc(bigint_length_B(pub_key.modulus)); + if(!ciph){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + msg_ = malloc(bigint_length_B(pub_key.modulus)); + if(!msg_){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + cli_putstr("\r\n data: "); + read_os(msg, msg_len, NULL); + cli_putstr("\r\n seed (20 bytes): "); + read_os(seed, 20, NULL); + + cli_putstr("\r\n encrypting ..."); + rsa_encrypt_oaep(ciph, &ciph_len, msg, msg_len, &pub_key, NULL, NULL, seed); + cli_putstr("\r\n ciphertext:"); + cli_hexdump_block(ciph, ciph_len, 4, 16); + cli_putstr("\r\n decrypting ..."); + uart_flush(0); + rsa_decrypt_oaep(msg_, &msg_len_, ciph, ciph_len, &priv_key, NULL, NULL, seed_out); + if(msg_len != msg_len_){ + cli_putstr("\r\nERROR: wrong decryted message length"); + return; + } + if(memcmp(msg, msg_, msg_len)){ + cli_putstr("\r\nERROR: wrong decryted message"); + return; + } + + if(memcmp(seed, seed_out, 20)){ + cli_putstr("\r\nERROR: wrong decryted seed"); + return; + } + cli_putstr("\r\n >>OK<<"); +} + void reset_prng(void){ uint8_t buf[16]; memset(buf, 0, 16); @@ -312,23 +683,36 @@ void reset_prng(void){ } void rsa_init(void){ - load_fix_rsa(); prng_get_byte = random8; } +void load_key(void){ + if(keys_allocated){ + free_key(); + } + keys_allocated = 1; + read_key_crt(); +} + /***************************************************************************** * main * *****************************************************************************/ const char echo_test_str[] = "echo-test"; const char reset_prng_str[] = "reset-prng"; +const char load_key_str[] = "load-key"; +const char load_fix_key_str[] = "load-fix-key"; const char quick_test_str[] = "quick-test"; +const char seed_test_str[] = "seed-test"; const char performance_str[] = "performance"; const char echo_str[] = "echo"; cmdlist_entry_t cmdlist[] = { { reset_prng_str, NULL, reset_prng }, + { load_key_str, NULL, load_key }, + { load_fix_key_str, NULL, load_fix_rsa }, { quick_test_str, NULL, quick_test }, + { seed_test_str, NULL, run_seed_test }, // { performance_str, NULL, testrun_performance_bigint }, { echo_str, (void*)1, (void_fpt)echo_ctrl }, { NULL, NULL, NULL }