/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
void testrun_stdtest_ubi256(uint16_t outsize){
ubi256_ctx_t ctx;
skein_config_t conf;
uint64_t iv[4];
cli_putstr_P(PSTR("\r\n\r\nTest vectors for UBI (256 bits):"));
memset(&conf, 0, sizeof(skein_config_t));
ubi256_init(&ctx, &conf, UBI_TYPE_CFG);
conf.schema[0] = 'S';
conf.schema[1] = 'H';
conf.schema[2] = 'A';
conf.schema[3] = '3';
conf.version = 1;
conf.out_length = outsize;
ubi256_lastBlock(&ctx, &conf, 256);
ubi256_ctx2hash(iv, &ctx);
cli_putstr_P(PSTR("\r\nIV: "));
cli_hexdump_rev(&(iv[0]), 8);
cli_putstr_P(PSTR(" "));
cli_hexdump_rev(&(iv[1]), 8);
cli_putstr_P(PSTR(" "));
cli_hexdump_rev(&(iv[2]), 8);
cli_putstr_P(PSTR(" "));
cli_hexdump_rev(&(iv[3]), 8);
}
static
void bmw_small_f2(uint32_t* h, uint32_t* q, const void* m){
uint32_t xl=0, xh;
uint8_t i;
for(i=16;i<24;++i){
xl ^= q[i];
}
xh = xl;
for(i=24;i<32;++i){
xh ^= q[i];
}
#if DEBUG
cli_putstr("\r\n XL = ");
cli_hexdump_rev(&xl, 4);
cli_putstr("\r\n XH = ");
cli_hexdump_rev(&xh, 4);
#endif
memcpy(h, m, 16*4);
h[0] ^= SHL32(xh, 5) ^ SHR32(q[16], 5);
h[1] ^= SHR32(xh, 7) ^ SHL32(q[17], 8);
h[2] ^= SHR32(xh, 5) ^ SHL32(q[18], 5);
h[3] ^= SHR32(xh, 1) ^ SHL32(q[19], 5);
h[4] ^= SHR32(xh, 3) ^ q[20];
h[5] ^= SHL32(xh, 6) ^ SHR32(q[21], 6);
h[6] ^= SHR32(xh, 4) ^ SHL32(q[22], 6);
h[7] ^= SHR32(xh,11) ^ SHL32(q[23], 2);
for(i=0; i<8; ++i){
h[i] += xl ^ q[24+i] ^ q[i];
}
for(i=0; i<8; ++i){
h[8+i] ^= xh ^ q[24+i];
h[8+i] += ROTL32(h[(4+i)%8],i+9);
}
/*
h[ 8] += SHL32(xl, 8) ^ q[23] ^ q[ 8];
h[ 9] += SHR32(xl, 6) ^ q[16] ^ q[ 9];
h[10] += SHL32(xl, 6) ^ q[17] ^ q[10];
h[11] += SHL32(xl, 4) ^ q[18] ^ q[11];
h[12] += SHR32(xl, 3) ^ q[19] ^ q[12];
h[13] += SHR32(xl, 4) ^ q[20] ^ q[13];
h[14] += SHR32(xl, 7) ^ q[21] ^ q[14];
h[15] += SHR32(xl, 2) ^ q[22] ^ q[15];
*/
memxor(q+9, q+16, 7*4);
q[8] ^= q[23];
h[ 8] += SHL32(xl, 8) ^ q[ 8];
h[ 9] += SHR32(xl, 6) ^ q[ 9];
h[10] += SHL32(xl, 6) ^ q[10];
h[11] += SHL32(xl, 4) ^ q[11];
h[12] += SHR32(xl, 3) ^ q[12];
h[13] += SHR32(xl, 4) ^ q[13];
h[14] += SHR32(xl, 7) ^ q[14];
h[15] += SHR32(xl, 2) ^ q[15];
}
void test_dump(void){
char lstr[16];
int len;
cli_putstr_P(PSTR("\r\nenter dump length: "));
cli_getsn_cecho(lstr, 15);
len = own_atou(lstr);
cli_putstr_P(PSTR("\r\ndumping 0x"));
cli_hexdump_rev(&len, 2);
cli_putstr_P(PSTR(" byte:"));
cli_hexdump_block(pub_key.modulus.wordv, len, 4, 8);
}
void test_add_scale_bigint(void){
bigint_t a, b, c;
uint16_t scale;
cli_putstr_P(PSTR("\r\nadd-scale test\r\n"));
for(;;){
cli_putstr_P(PSTR("\r\nenter a:"));
if(bigint_read_hex_echo(&a)){
cli_putstr_P(PSTR("\r\n end add-scale test"));
return;
}
cli_putstr_P(PSTR("\r\nenter b:"));
if(bigint_read_hex_echo(&b)){
cli_putstr_P(PSTR("\r\n end add-scale test"));
return;
}
cli_putstr_P(PSTR("\r\nenter scale:"));
{
char str[8];
cli_getsn_cecho(str, 7);
scale = atoi(str);
}
/*
if(bigint_read_hex_echo(&scale)){
free(scale.wordv);
cli_putstr_P(PSTR("\r\n end add test"));
return;
}
*/
uint8_t *c_b;
c_b = malloc(((a.length_B>(b.length_B+scale))?a.length_B:(b.length_B+scale))+2);
if(c_b==NULL){
cli_putstr_P(PSTR("\n\rERROR: Out of memory!"));
free(a.wordv);
free(b.wordv);
continue;
}
c.wordv = c_b;
bigint_copy(&c, &a);
bigint_add_scale_u(&c, &b, scale);
cli_putstr_P(PSTR("\r\n "));
bigint_print_hex(&a);
cli_putstr_P(PSTR(" + "));
bigint_print_hex(&b);
cli_putstr_P(PSTR("<<8*"));
cli_hexdump_rev(&scale, 2);
cli_putstr_P(PSTR(" = "));
bigint_print_hex(&c);
cli_putstr_P(PSTR("\r\n"));
free(a.wordv);
free(b.wordv);
free(c_b);
}
}
void ctx_dump(const bmw_small_ctx_t* ctx){
uint8_t i;
cli_putstr("\r\n==== ctx dump ====");
for(i=0; i<16;++i){
cli_putstr("\r\n h[");
cli_hexdump(&i, 1);
cli_putstr("] = ");
cli_hexdump_rev(&(ctx->h[i]), 4);
}
cli_putstr("\r\n counter = ");
cli_hexdump(&(ctx->counter), 4);
}
void dump_x(const uint32_t* q, uint8_t elements, char x){
uint8_t i;
cli_putstr("\r\n==== ");
cli_putc(x);
cli_putstr(" dump ====");
for(i=0; i<elements;++i){
cli_putstr("\r\n ");
cli_putc(x);
cli_putstr("[");
cli_hexdump(&i, 1);
cli_putstr("] = ");
cli_hexdump_rev(&(q[i]), 4);
}
}
void testrun_stdtest_ubi512(uint16_t outsize){
ubi512_ctx_t ctx;
skein_config_t conf;
uint64_t iv[8];
uint8_t null[UBI512_BLOCKSIZE_B];
cli_putstr_P(PSTR("\r\n\r\nTest vectors for UBI (512 bits):"));
memset(&conf, 0, sizeof(skein_config_t));
memset(null, 0, UBI512_BLOCKSIZE_B);
ubi512_init(&ctx, null, UBI_TYPE_CFG);
conf.schema[0] = 'S';
conf.schema[1] = 'H';
conf.schema[2] = 'A';
conf.schema[3] = '3';
conf.version = 1;
conf.out_length = outsize;
ubi512_lastBlock(&ctx, &conf, 256);
ubi512_ctx2hash(iv, &ctx);
cli_putstr_P(PSTR("\r\nIV: "));
cli_hexdump_rev(&(iv[0]), 8);
cli_putstr_P(PSTR(" "));
cli_hexdump_rev(&(iv[1]), 8);
cli_putstr_P(PSTR(" "));
cli_hexdump_rev(&(iv[2]), 8);
cli_putstr_P(PSTR(" "));
cli_hexdump_rev(&(iv[3]), 8);
cli_putstr_P(PSTR("\r\n "));
cli_hexdump_rev(&(iv[4]), 8);
cli_putstr_P(PSTR(" "));
cli_hexdump_rev(&(iv[5]), 8);
cli_putstr_P(PSTR(" "));
cli_hexdump_rev(&(iv[6]), 8);
cli_putstr_P(PSTR(" "));
cli_hexdump_rev(&(iv[7]), 8);
}
void shavs_test1(void){ /* KAT tests */
uint32_t length=0;
int32_t expect_input=0;
if(!shavs_algo){
cli_putstr("\r\nERROR: select algorithm first!");
return;
}
char c;
uint8_t diggest[shavs_algo->hashsize_b/8];
shavs_ctx.buffersize_B=shavs_algo->blocksize_b/8;
uint8_t buffer[shavs_ctx.buffersize_B+5];
shavs_ctx.buffer = buffer;
cli_putstr("\r\nbuffer_size = 0x");
cli_hexdump_rev(&(shavs_ctx.buffersize_B), 2);
cli_putstr(" bytes");
for(;;){
shavs_ctx.blocks = 0;
memset(buffer, 0, shavs_ctx.buffersize_B);
length = getLength();
if((int32_t)length<0){
#if DEBUG
cli_putstr("\r\n(x) Len == ");
cli_hexdump_rev(&length, 4);
uart_flush(0);
#endif
return;
}
#if DEBUG
cli_putstr("\r\nLen == ");
cli_hexdump_rev(&length, 4);
uart_flush(0);
#endif
if(length==0){
expect_input=2;
}else{
expect_input=((length + 7) >> 2) & (~1L);
}
#if DEBUG
cli_putstr("\r\nexpected_input == ");
cli_hexdump_rev(&expect_input, 4);
if(expect_input==0)
cli_putstr("\r\nexpected_input == 0 !!!");
#endif
shavs_ctx.buffer_idx = 0;
shavs_ctx.in_byte = 0;
shavs_ctx.blocks = 0;
uint8_t ret;
#if DEBUG
cli_putstr("\r\n HFAL init");
cli_putstr("\r\n (2) expected_input == ");
cli_hexdump_rev(&expect_input, 4);
#endif
ret = hfal_hash_init(shavs_algo, &(shavs_ctx.ctx));
if(ret){
cli_putstr("\r\n HFAL init returned with: ");
cli_hexdump(&ret, 1);
return;
}
#if DEBUG
cli_putstr("\r\n (3) expected_input == ");
cli_hexdump_rev(&expect_input, 4);
cli_putstr("\r\n");
#endif
while((c=cli_getc_cecho())!='M' && c!='m'){
if(!isblank((uint8_t)c)){
cli_putstr("\r\nERROR: wrong input (1) [0x");
cli_hexdump(&c, 1);
cli_putstr("]!\r\n");
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
}
if((c=cli_getc_cecho())!='s' && c!='S'){
cli_putstr("\r\nERROR: wrong input (2)!\r\n");
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
if((c=cli_getc_cecho())!='g' && c!='G'){
cli_putstr("\r\nERROR: wrong input (3)!\r\n");
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
while((c=cli_getc_cecho())!='='){
if(!isblank((uint8_t)c)){
cli_putstr("\r\nERROR: wrong input (4)!\r\n");
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
}
#if DEBUG
cli_putstr("\r\nparsing started");
#endif
shavs_ctx.buffer_idx = 0;
shavs_ctx.in_byte = 0;
shavs_ctx.blocks = 0;
while(expect_input>0){
c=cli_getc_cecho();
#if DEBUG
cli_putstr("\r\n\t(");
cli_hexdump_rev(&expect_input, 4);
cli_putstr(") ");
#endif
if(buffer_add(c)==0){
--expect_input;
}else{
if(!isblank((uint16_t)c)){
cli_putstr("\r\nERROR: wrong input (5) (");
cli_putc(c);
cli_putstr(")!\r\n");
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
}
}
#if DEBUG
cli_putstr("\r\nBuffer-A:");
cli_hexdump_block(buffer, shavs_ctx.buffersize_B, 5, 8);
cli_putstr("\r\n starting finalization");
cli_putstr("\r\n\tblocks == ");
cli_hexdump_rev(&(shavs_ctx.blocks),4);
cli_putstr("\r\n\tbuffer_idx == ");
cli_hexdump_rev(&(shavs_ctx.buffer_idx),2);
cli_putstr("\r\n\tin_byte == ");
cli_hexdump_rev(&(shavs_ctx.in_byte),1);
cli_putstr("\r\n starting last block");
cli_putstr("\r\n\tlength == ");
cli_hexdump_rev(&length,4);
cli_putstr("\r\n\tbuffersize_B == ");
cli_hexdump_rev(&(shavs_ctx.buffersize_B),2);
uint16_t temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
cli_putstr("\r\n\t (temp) == ");
cli_hexdump_rev(&temp,2);
#else
uint16_t temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
#endif
hfal_hash_lastBlock( &(shavs_ctx.ctx), buffer, /* be aware of freaking compilers!!! */
temp );
#if DEBUG
cli_putstr("\r\n starting ctx2hash");
#endif
hfal_hash_ctx2hash(diggest, &(shavs_ctx.ctx));
#if DEBUG
cli_putstr("\r\n starting hash free");
#endif
hfal_hash_free(&(shavs_ctx.ctx));
cli_putstr("\r\n MD = ");
cli_hexdump(diggest, shavs_algo->hashsize_b/8);
}
}
void shavs_test1(void){ /* KAT tests */
uint32_t length=0;
int32_t expect_input=0;
if(!shavs_algo){
fputs_P(PSTR("\r\nERROR: select algorithm first!"), shavs_out_file);
return;
}
char c;
uint8_t diggest[pgm_read_word(&(shavs_algo->hashsize_b))/8];
shavs_ctx.buffersize_B=pgm_read_word(&(shavs_algo->blocksize_b))/8;
uint8_t buffer[shavs_ctx.buffersize_B+5];
shavs_ctx.buffer = buffer;
fprintf_P(shavs_out_file, PSTR("\nbuffer_size = 0x%04"PRIx16" bytes"), shavs_ctx.buffersize_B);
for(;;){
shavs_ctx.blocks = 0;
memset(buffer, 0, shavs_ctx.buffersize_B);
length = getLength();
if(length<0){
return;
}
#if DEBUG
fprintf_P(shavs_out_file, PSTR("\nLen == %"PRIu32), length)
#endif
if(length==0){
expect_input=2;
}else{
expect_input=((length + 7) >> 2) & (~1L);
}
#if DEBUG
fprintf_P(shavs_out_file, PSTR("\r\nexpected_input == %"PRId32), expected_input);
#endif
shavs_ctx.buffer_idx = 0;
shavs_ctx.in_byte = 0;
shavs_ctx.blocks = 0;
uint8_t ret;
#if DEBUG
fprintf_P(shavs_out_file, PSTR("\n HFAL init\n (2) expected_input == "), expected_input);
#endif
ret = hfal_hash_init(shavs_algo, &(shavs_ctx.ctx));
if(ret){
fprintf_P(shavs_out_file, PSTR("\r\n HFAL init returned with: %"PRIx8), ret);
return;
}
#if DEBUG
fprintf_P(shavs_out_file, PSTR("\r\n (3) expected_input == %"PRId32"\n"), expected_input)
#endif
while((c=cli_getc_cecho())!='M' && c!='m'){
if(!isblank(c)){
fprintf_P(shavs_out_file, PSTR("\nERROR: wrong input (1) [0x%"PRIx8"]!\n"), c);
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
}
if((c=cli_getc_cecho())!='s' && c!='S'){
fputs_P(PSTR("\nERROR: wrong input (2)!\n"), shavs_out_file);
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
if((c=cli_getc_cecho())!='g' && c!='G'){
fputs_P(PSTR("\nERROR: wrong input (3)!\n"), shavs_out_file);
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
while((c=cli_getc_cecho())!='='){
if(!isblank(c)){
fputs_P(PSTR("\nERROR: wrong input (4)!\n"), shavs_out_file);
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
}
#if DEBUG
fputs_P(PSTR("\r\nparsing started"), shavs_out_file);
#endif
shavs_ctx.buffer_idx = 0;
shavs_ctx.in_byte = 0;
shavs_ctx.blocks = 0;
while(expect_input>0){
c=cli_getc_cecho();
#if DEBUG
fprintf_P(shavs_out_file, PSTR("\n\t(%"PRId32") "), expected_input);
_delay_ms(500);
#endif
if(buffer_add(c)==0){
--expect_input;
}else{
if(!isblank((uint16_t)c)){
fprintf_P(shavs_out_file, PSTR("\nERROR: wrong input (5) (%c)!\n"), c);
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
}
}
#if DEBUG
cli_putstr_P(PSTR("\r\nBuffer-A:"));
cli_hexdump_block(buffer, shavs_ctx.buffersize_B, 5, 8);
cli_putstr_P(PSTR("\r\n starting finalisation"));
cli_putstr_P(PSTR("\r\n\tblocks == "));
cli_hexdump_rev(&(shavs_ctx.blocks),4);
cli_putstr_P(PSTR("\r\n\tbuffer_idx == "));
cli_hexdump_rev(&(shavs_ctx.buffer_idx),2);
cli_putstr_P(PSTR("\r\n\tin_byte == "));
cli_hexdump_rev(&(shavs_ctx.in_byte),1);
_delay_ms(500);
cli_putstr_P(PSTR("\r\n starting last block"));
cli_putstr_P(PSTR("\r\n\tlength == "));
cli_hexdump_rev(&length,4);
cli_putstr_P(PSTR("\r\n\tbuffersize_B == "));
cli_hexdump_rev(&(shavs_ctx.buffersize_B),2);
uint16_t temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
cli_putstr_P(PSTR("\r\n\t (temp) == "));
cli_hexdump_rev(&temp,2);
_delay_ms(500);
temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
#else
uint16_t temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
#endif
hfal_hash_lastBlock( &(shavs_ctx.ctx), buffer, /* be aware of freaking compilers!!! */
temp );
#if DEBUG
cli_putstr_P(PSTR("\r\n starting ctx2hash"));
_delay_ms(500);
#endif
hfal_hash_ctx2hash(diggest, &(shavs_ctx.ctx));
#if DEBUG
cli_putstr_P(PSTR("\r\n starting hash free"));
#endif
hfal_hash_free(&(shavs_ctx.ctx));
cli_putstr_P(PSTR("\r\n MD = "));
cli_hexdump(diggest, pgm_read_word(&(shavs_algo->hashsize_b))/8);
}
}
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, const void* seed){
if(!p){
p = &rsa_oaep_default_parameter;
}
if(!label){
label = &rsa_oaep_default_label;
}
uint16_t hv_len = (hfal_hash_getHashsize(p->hf)+7)/8;
if(length_B > bigint_length_B(&key->modulus) - 2*hv_len - 2){
/* message too long */
return 1;
}
uint16_t buffer_len = bigint_length_B(&key->modulus);
#if DEBUG
cli_putstr("\r\n buffer_len = ");
cli_hexdump_rev(&buffer_len, 2);
cli_putstr("\r\n modulus_len = ");
cli_hexdump_rev(&key->modulus.length_B, 2);
#endif
uint8_t* buffer = (uint8_t*)dest;
uint8_t off;
/* the following needs some explanation:
* off is the offset which is used for compensating the effect of
* changeendian() when it operates on multi-byte words.
* */
off = (sizeof(bigint_word_t) - (bigint_get_first_set_bit(&key->modulus)/8+1) % sizeof(bigint_word_t))
% (sizeof(bigint_word_t));
buffer += off;
buffer_len -= off;
uint8_t* seed_buffer = buffer + 1;
uint16_t db_len = buffer_len - hv_len - 1;
uint8_t* db = seed_buffer + hv_len;
uint16_t maskbuffer_len = db_len>hv_len?db_len:hv_len;
uint8_t maskbuffer[maskbuffer_len];
bigint_t x;
memset(dest, 0, seed_buffer - buffer + off);
memset(db + hv_len, 0, db_len - hv_len - length_B -1);
hfal_hash_mem(p->hf, db, label->label, label->length_b);
db[db_len - length_B - 1] = 0x01;
memcpy(db+db_len - length_B, src, length_B);
if(seed){
memcpy(seed_buffer, seed, hv_len);
}else{
/* generate random seed */
if(!prng_get_byte){
return 2; /* ERROR: no random generator specified */
}
uint16_t i;
for(i=0; i<hv_len; ++i){
seed_buffer[i] = prng_get_byte();
}
}
#if DEBUG
cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
cli_hexdump_block(dest, bigint_length_B(&key->modulus), 4, 16);
#endif
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
memxor(db, maskbuffer, db_len);
p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter);
memxor(seed_buffer, maskbuffer, hv_len);
#if DEBUG
cli_putstr("\r\n msg (raw, post-feistel):\r\n");
cli_hexdump_block(dest, bigint_length_B(&key->modulus), 4, 16);
#endif
x.info = 0;
x.length_B = key->modulus.length_B;
x.wordv = dest;
bigint_adjust(&x);
rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus));
#if DEBUG
cli_putstr("\r\ninput-msg (pre enc):\r\n");
cli_hexdump_rev(&src, 2);
cli_hexdump_block(src, length_B, 4, 16);
#endif
rsa_enc(&x, key);
#if DEBUG
cli_putstr("\r\ninput-msg (post enc):\r\n");
cli_hexdump_rev(&src, 2);
cli_hexdump_block(src, length_B, 4, 16);
#endif
rsa_i2osp(NULL, &x, out_length);
return 0;
}
void dump_sp(void){
uint8_t x;
uint8_t *xa = &x;
cli_putstr_P(PSTR("\r\nstack pointer: ~"));
cli_hexdump_rev(&xa, 4);
}
void run_seed_test(void){
uint8_t *msg, *ciph, *msg_;
uint16_t ciph_len, msg_len;
uint16_t msg_len_;
uint16_t seed_len;
uint8_t *seed, *seed_out;
char read_int_str[18];
cli_putstr_P(PSTR("\r\n== test with given seed =="));
cli_putstr_P(PSTR("\r\n = message ="));
cli_putstr_P(PSTR("\r\n length: "));
cli_getsn(read_int_str, 16);
msg_len = own_atou(read_int_str);
seed_len = rsa_pkcs1v15_compute_padlength_B(&pub_key.modulus, msg_len);
seed = malloc(seed_len);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @seed: 0x"));
cli_hexdump_rev(&seed, 2);
#endif
if(!seed){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
seed_out = malloc(seed_len);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @seed_out: 0x"));
cli_hexdump_rev(&seed_out, 2);
#endif
if(!seed_out){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
msg = malloc(msg_len);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @msg: 0x"));
cli_hexdump_rev(&msg, 2);
#endif
if(!msg){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
ciph = malloc(bigint_length_B(&pub_key.modulus));
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @ciph: 0x"));
cli_hexdump_rev(&ciph, 2);
#endif
if(!ciph){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
msg_ = malloc(bigint_length_B(&pub_key.modulus) /* + sizeof(bigint_word_t) */ );
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @msg_: 0x"));
cli_hexdump_rev(&msg_, 2);
#endif
if(!msg_){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
cli_putstr_P(PSTR("\r\n data: "));
read_os(msg, msg_len, NULL);
cli_putstr_P(PSTR("\r\n seed (0x"));
cli_hexdump_rev(&seed_len, 2);
cli_putstr_P(PSTR(" bytes): "));
read_os(seed, seed_len, NULL);
cli_putstr_P(PSTR("\r\n encrypting ..."));
/*
cli_putstr_P(PSTR("\r\n plaintext:"));
cli_hexdump_block(msg, msg_len, 4, 16);
cli_putstr_P(PSTR("\r\n seed:"));
cli_hexdump_block(seed, seed_len, 4, 16);
*/
#if DEBUG
cli_putstr_P(PSTR("\r\n first prime:"));
bigint_print_hex(&priv_key.components[0]);
#endif
rsa_encrypt_pkcs1v15(ciph, &ciph_len, msg, msg_len, &pub_key, seed);
cli_putstr_P(PSTR("\r\n ciphertext:"));
cli_hexdump_block(ciph, ciph_len, 4, 16);
#if DEBUG
cli_putstr_P(PSTR("\r\n first prime:"));
bigint_print_hex(&priv_key.components[0]);
#endif
cli_putstr_P(PSTR("\r\n decrypting ... "));
rsa_decrypt_pkcs1v15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out);
cli_putstr_P(PSTR("[done]"));
if(msg_len != msg_len_){
char tstr[16];
cli_putstr_P(PSTR("\r\nERROR: wrong decrypted message length ("));
itoa(msg_len_, tstr, 10);
cli_putstr(tstr);
cli_putstr_P(PSTR(" instead of "));
itoa(msg_len, tstr, 10);
cli_putstr(tstr);
cli_putc(')');
goto end;
}
if(memcmp(msg, msg_, msg_len)){
cli_putstr_P(PSTR("\r\nERROR: wrong decrypted message:"));
cli_hexdump_block(msg_, msg_len_, 4, 16);
cli_putstr_P(PSTR("\r\nreference:"));
cli_hexdump_block(msg, msg_len, 4, 16);
goto end;
}
if(memcmp(seed, seed_out, seed_len)){
cli_putstr_P(PSTR("\r\nERROR: wrong decrypted seed:"));
cli_hexdump_block(seed_out, seed_len, 4, 16);
cli_putstr_P(PSTR("\r\nreference:"));
cli_hexdump_block(seed, seed_len, 4, 16);
goto end;
}
cli_putstr_P(PSTR("\r\n >>OK<<"));
end:
free(msg_);
free(ciph);
free(msg);
free(seed_out);
free(seed);
}
