From e5296441c98c35140f909ca1dbdb8d6852f996d3 Mon Sep 17 00:00:00 2001
From: bg <daniel.otte@rub.de>
Date: Wed, 4 Apr 2012 15:43:40 +0200
Subject: [PATCH] bug fixing(tm)

---
 bigint/bigint.c                               |  2 +-
 rsa/rsa_basic.c                               | 41 +++++++++++++++---
 rsa/rsa_pkcs15.c                              | 42 +++++++++++++++++--
 rsa/rsa_pkcs15.h                              |  4 ++
 test_src/string-extras.c                      | 10 +++++
 .../pkcs1v15crypt-vectors.txt                 |  0
 6 files changed, 89 insertions(+), 10 deletions(-)
 rename {rsa => testvectors/rsa-pkcs-1v2-1-vec}/pkcs1v15crypt-vectors.txt (100%)

diff --git a/bigint/bigint.c b/bigint/bigint.c
index a7a2b59..f0d7d6e 100644
--- a/bigint/bigint.c
+++ b/bigint/bigint.c
@@ -956,7 +956,7 @@ void bigint_inverse(bigint_t* dest, const bigint_t* a, const bigint_t* m){
 void bigint_changeendianess(bigint_t* a){
 	uint8_t t, *p, *q;
 	p = (uint8_t*)(a->wordv);
-	q = ((uint8_t*)p)+a->length_B*sizeof(bigint_word_t)-1;
+	q = p + a->length_B * sizeof(bigint_word_t) - 1;
 	while(p<q){
 		t = *p;
 		*p = *q;
diff --git a/rsa/rsa_basic.c b/rsa/rsa_basic.c
index e71bc8c..a166dfa 100644
--- a/rsa/rsa_basic.c
+++ b/rsa/rsa_basic.c
@@ -29,6 +29,7 @@
 #if DEBUG
 #include "cli.h"
 #include "uart_lowlevel.h"
+#include "string-extras.h"
 #endif
 
 void rsa_enc(bigint_t* data, rsa_publickey_t* key){
@@ -108,8 +109,18 @@ uint8_t rsa_dec(bigint_t* data, rsa_privatekey_t* key){
 }
 
 void rsa_os2ip(bigint_t* dest, const void* data, uint32_t length_B){
+#if BIGINT_WORD_SIZE == 8
+	if(data){
+		memcpy(dest->wordv, data, length_B)
+	}
+	dest->length_B = length_B;
+#else
 	uint8_t off;
-	off = length_B % sizeof(bigint_word_t);
+	off = (sizeof(bigint_word_t) - length_B % sizeof(bigint_word_t)) % sizeof(bigint_word_t);
+#if DEBUG
+	cli_putstr("\r\nDBG: off = 0x");
+	cli_hexdump_byte(off);
+#endif
 	if(!data){
 		if(off){
 			dest->wordv = realloc(dest->wordv, length_B + sizeof(bigint_word_t) - off);
@@ -117,19 +128,36 @@ void rsa_os2ip(bigint_t* dest, const void* data, uint32_t length_B){
 			memset(dest->wordv, 0, off);
 		}
 	}else{
+		memcpy((uint8_t*)dest->wordv + off, data, length_B);
 		if(off){
-			memcpy((uint8_t*)dest->wordv + off, data, length_B);
-			memset(dest, 0, off);
-		}else{
-			memcpy(dest->wordv, data, length_B);
+			memset(dest->wordv, 0, off);
 		}
 	}
-	dest->length_B = (length_B + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
+	dest->length_B = (length_B + off) / sizeof(bigint_word_t);
+#if DEBUG
+	cli_putstr("\r\nDBG: dest->length_B = 0x");
+	cli_hexdump_rev(&(dest->length_B), 2);
+#endif
+#endif
 	bigint_changeendianess(dest);
 	bigint_adjust(dest);
 }
 
 void rsa_i2osp(void* dest, bigint_t* src, uint16_t* out_length_B){
+#if BIGINT_WORD_SIZE == 8
+	if(dest){
+		uint8_t *e = src->wordv + src->length_B;
+		uint16_t i;
+		for(i=src->length_B; i>0; --i){
+			*((uint8_t*)dest) = *--e;
+			dest = (uint8_t*)dest + 1;
+		}
+	}else{
+		bigint_changeendianess(src);
+	}
+
+	*out_length_B = src->length_B;
+#else
 	*out_length_B = bigint_get_first_set_bit(src) / 8 + 1;
 	if(dest){
 		uint16_t i;
@@ -147,5 +175,6 @@ void rsa_i2osp(void* dest, bigint_t* src, uint16_t* out_length_B){
 			memmove(src->wordv, (uint8_t*)src->wordv+off, *out_length_B);
 		}
 	}
+#endif
 }
 
diff --git a/rsa/rsa_pkcs15.c b/rsa/rsa_pkcs15.c
index 858b918..1db7d3f 100644
--- a/rsa/rsa_pkcs15.c
+++ b/rsa/rsa_pkcs15.c
@@ -32,11 +32,15 @@
 
 #include "random_dummy.h"
 
+uint16_t rsa_pkcs15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B){
+	return bigint_get_first_set_bit(modulus) / 8 + 1 - msg_length_B - 3;
+}
+
 uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
 	uint16_t length_B, rsa_publickey_t* key, const void* pad){
 	int16_t pad_length;
 	bigint_t x;
-	pad_length = (bigint_get_first_set_bit(key->modulus) + 7) / 8 - length_B - 3;
+	pad_length = rsa_pkcs15_compute_padlength_B(key->modulus, length_B);
 	if(pad_length<8){
 #if DEBUG
 		cli_putstr("\r\nERROR: pad_length<8; pad_length: ");
@@ -45,6 +49,9 @@ uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
 		return 2; /* message to long */
 	}
 	if(!pad){
+#if DEBUG
+		cli_putstr("\r\nauto-generating pad ...");
+#endif
 		uint16_t i;
 		uint8_t c;
 		for(i=0; i<pad_length; ++i){
@@ -54,6 +61,10 @@ uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
 			((uint8_t*)dest)[i+2] = c;
 		}
 	}else{
+#if DEBUG
+		cli_putstr("\r\nsupplied pad: ");
+		cli_hexdump_block(pad, pad_length, 4, 16);
+#endif
 		memcpy((uint8_t*)dest + 2, pad, pad_length);
 	}
 	((uint8_t*)dest)[0] = 0x00;
@@ -62,6 +73,10 @@ uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
 	memcpy((uint8_t*)dest+3+pad_length, src, length_B);
 	x.wordv = dest;
 	x.length_B = (length_B+pad_length+3+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
+#if DEBUG
+	cli_putstr("\r\nx-data: ");
+	cli_hexdump_block(x.wordv, x.length_B * sizeof(bigint_word_t), 4, 16);
+#endif
 	bigint_adjust(&x);
 	rsa_os2ip(&x, NULL, length_B+pad_length+3);
 	rsa_enc(&x, key);
@@ -77,18 +92,30 @@ uint8_t rsa_decrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
 	rsa_os2ip(&x, src, length_B);
 #if DEBUG
 	cli_putstr("\r\ncalling rsa_dec() ...");
+	cli_putstr("\r\nencoded block (src.len = 0x");
+	cli_hexdump_rev(&length_B, 2);
+	cli_putstr("):");
+	cli_hexdump_block(x.wordv, x.length_B * sizeof(bigint_word_t), 4, 16);
 #endif
 	rsa_dec(&x, key);
 #if DEBUG
 	cli_putstr("\r\nfinished rsa_dec() ...");
 #endif
 	rsa_i2osp(NULL, &x, &m_length);
+#if DEBUG
+	cli_putstr("\r\ndecoded block:");
+	cli_hexdump_block(x.wordv, m_length, 4, 16);
+#endif
 	while(((uint8_t*)x.wordv)[idx]==0 && idx<m_length){
 		++idx;
 	}
-	if(((uint8_t*)x.wordv)[idx]!=2 || idx>=m_length){
+	if(idx>=m_length){
 		return 1;
 	}
+	if(((uint8_t*)x.wordv)[idx]!=2){
+		return 3;
+	}
+
 	++idx;
 	while(((uint8_t*)x.wordv)[idx+pad_length]!=0  && (idx+pad_length)<m_length){
 		++pad_length;
@@ -98,9 +125,18 @@ uint8_t rsa_decrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
 	}
 	*out_length = m_length - idx - pad_length - 1;
 	if(pad){
+#if DEBUG
+		cli_putstr("\r\npadding block:");
+		cli_hexdump_block(((uint8_t*)x.wordv)+idx, pad_length, 4, 16);
+		cli_putstr("\r\npad @ 0x");
+		cli_hexdump_rev(&pad, 2);
+		cli_putstr("\r\ndst @ 0x");
+		cli_hexdump_rev(&dest, 2);
+#endif
 		memcpy(pad, ((uint8_t*)x.wordv)+idx, pad_length);
 	}
-	memcpy(dest, ((uint8_t*)x.wordv) + idx + pad_length + 1, m_length - idx - pad_length - 1);
+	memmove(dest, ((uint8_t*)x.wordv) + idx + pad_length + 1, m_length - idx - pad_length - 1);
+
 	return 0;
 }
 
diff --git a/rsa/rsa_pkcs15.h b/rsa/rsa_pkcs15.h
index 74180dd..ff1b26d 100644
--- a/rsa/rsa_pkcs15.h
+++ b/rsa/rsa_pkcs15.h
@@ -21,6 +21,10 @@
 #define RSA_PKCS15_H_
 
 #include <stdint.h>
+#include "bigint.h"
+
+uint16_t rsa_pkcs15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B);
+
 
 uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
 		uint16_t length_B, rsa_publickey_t* key, const void* pad);
diff --git a/test_src/string-extras.c b/test_src/string-extras.c
index 18cf67f..6ab077e 100644
--- a/test_src/string-extras.c
+++ b/test_src/string-extras.c
@@ -40,6 +40,7 @@ uint32_t stridentcnt(const char* a, const char* b){
 		a++;
 		b++;
 	}
+	return 0;
 }
 
 uint16_t firstword_length(const char* s){
@@ -155,3 +156,12 @@ void strlwr(char* s){
 	}
 }
 */
+
+char* itoa(int a, char* buffer, uint8_t radix){
+	if(a<0){
+		*buffer = '-';
+		a = -a;
+	}
+	ultoa(a, buffer + 1, radix);
+	return buffer;
+}
diff --git a/rsa/pkcs1v15crypt-vectors.txt b/testvectors/rsa-pkcs-1v2-1-vec/pkcs1v15crypt-vectors.txt
similarity index 100%
rename from rsa/pkcs1v15crypt-vectors.txt
rename to testvectors/rsa-pkcs-1v2-1-vec/pkcs1v15crypt-vectors.txt
-- 
2.39.5