void shabal_ctx_dump(shabal_ctx_t *ctx){
uint8_t i;
void *p;
cli_putstr_P(PSTR("\r\n=== shabal ctx dump ===\r\n size = "));
i=sizeof(shabal_ctx_t);
if(i>=100)
cli_putc('0'+i/100);
if(i>=10)
cli_putc('0'+(i/10)%10);
cli_putc('0'+i%10);
cli_putstr_P(PSTR("\r\n a = "));
cli_hexdump_block(ctx->a, 12*4, 5, 4*8);
cli_putstr_P(PSTR("\r\n b_buffer = "));
cli_hexdump_block(ctx->b_buffer, 12*4, 5, 4*8);
cli_putstr_P(PSTR("\r\n c_buffer = "));
cli_hexdump_block(ctx->c_buffer, 12*4, 5, 4*8);
if(ctx->b == &(ctx->b_buffer[0]))
cli_putstr_P(PSTR("\r\nb --> b_buffer"));
if(ctx->b == &(ctx->c_buffer[0]))
cli_putstr_P(PSTR("\r\nb --> c_buffer"));
if(ctx->c == &(ctx->b_buffer[0]))
cli_putstr_P(PSTR("\r\nc --> b_buffer"));
if(ctx->c == &(ctx->c_buffer[0]))
cli_putstr_P(PSTR("\r\nc --> c_buffer"));
cli_putstr_P(PSTR("\r\n b = "));
cli_hexdump(&(ctx->b), 2);
p = ctx->b_buffer;
cli_putstr_P(PSTR("\r\n b (should) = "));
cli_hexdump(&p, 2);
cli_putstr_P(PSTR("\r\n c = "));
cli_hexdump(&(ctx->c), 2);
p = ctx->c_buffer;
cli_putstr_P(PSTR("\r\n c (should) = "));
cli_hexdump(&p, 2);
}
void testrun_aes128_ctr(void){
uint8_t key[16];
uint8_t iv[16];
uint8_t plain[64];
bcal_ctr_ctx_t ctx;
uint8_t r;
memcpy(key, modes_key, 16);
memcpy(iv, modes_ctriv, 16);
memcpy(plain, modes_plain, 64);
cli_putstr("\r\n** AES128-CTR-TEST **");
r = bcal_ctr_init(&aes128_desc, key, 128, NULL, &ctx);
cli_putstr("\r\n init = 0x");
cli_hexdump(&r, 1);
cli_putstr("\r\n key: ");
cli_hexdump(key, 128/8);
cli_putstr("\r\n IV: ");
cli_hexdump(iv, 128/8);
cli_putstr("\r\n plaintext:");
cli_hexdump_block(plain, 4*128/8, 4, 16);
if(r)
return;
bcal_ctr_encMsg(iv, plain, 4*128, &ctx);
cli_putstr("\r\n ciphertext: ");
cli_hexdump_block(plain, 4*128/8, 4, 16);
bcal_ctr_decMsg(iv, plain, 4*128, &ctx);
cli_putstr("\r\n plaintext: ");
cli_hexdump_block(plain, 4*128/8, 4, 16);
bcal_ctr_free(&ctx);
}
void testrun_aes128_cmac(void){
uint8_t key[16];
uint8_t tag[16];
uint8_t plain[64];
uint16_t length[] = { 0, 128, 320, 512 };
bcal_cmac_ctx_t ctx;
uint8_t r,i;
memcpy(key, modes_key, 16);
memcpy(plain, modes_plain, 64);
cli_putstr("\r\n** AES128-CMAC-TEST **");
cli_putstr("\r\n key: ");
cli_hexdump(key, 128/8);
for(i=0; i<4; ++i){
r = bcal_cmac_init(&aes128_desc, key, 128, &ctx);
cli_putstr("\r\n init = 0x");
cli_hexdump(&r, 1);
cli_putstr("\r\n message: ");
cli_hexdump_block(plain, length[i]/8, 4, 16);
if(r)
return;
bcal_cmac(tag, 128, plain, length[i], &ctx);
cli_putstr("\r\n tag: ");
cli_hexdump_block(tag, 128/8, 4, 16);
bcal_cmac_free(&ctx);
}
}
/*
Klen = 16
Mlen = 18
Tlen = 2
Key = 3250974e306b4b678f914b514d1e90f6
Msg = cf132fd4ebc25fd3866f1a95a6193a1a9cdf
*/
void testrun_aes128_cmac72(void){
uint8_t key[16]= {
0x32, 0x50, 0x97, 0x4e, 0x30, 0x6b, 0x4b, 0x67,
0x8f, 0x91, 0x4b, 0x51, 0x4d, 0x1e, 0x90, 0xf6
};
uint8_t tag[2];
uint8_t plain[18] = {
0xcf, 0x13, 0x2f, 0xd4, 0xeb, 0xc2, 0x5f, 0xd3,
0x86, 0x6f, 0x1a, 0x95, 0xa6, 0x19, 0x3a, 0x1a,
0x9c, 0xdf,
};
bcal_cmac_ctx_t ctx;
uint8_t r;
cli_putstr("\r\n** AES128-CMAC-72-TEST **");
cli_putstr("\r\n key: ");
cli_hexdump(key, 128/8);
r = bcal_cmac_init(&aes128_desc, key, 128, &ctx);
cli_putstr("\r\n init = 0x");
cli_hexdump(&r, 1);
cli_putstr("\r\n message: ");
cli_hexdump_block(plain, 18, 4, 16);
if(r)
return;
bcal_cmac(tag, 16, plain, 18*8, &ctx);
cli_putstr("\r\n tag: ");
cli_hexdump_block(tag, 2, 4, 16);
bcal_cmac_free(&ctx);
}
void testrun_aes128_ofb(void){
uint8_t key[16];
uint8_t iv[16];
uint8_t plain[64];
bcal_ofb_ctx_t ctx;
uint8_t r;
memcpy_P(key, modes_key, 16);
memcpy_P(iv, modes_iv, 16);
memcpy_P(plain, modes_plain, 64);
cli_putstr_P(PSTR("\r\n** AES128-OFB-TEST **"));
r = bcal_ofb_init(&aes128_desc, key, 128, &ctx);
cli_putstr_P(PSTR("\r\n init = 0x"));
cli_hexdump(&r, 1);
cli_putstr_P(PSTR("\r\n key: "));
cli_hexdump(key, 128/8);
cli_putstr_P(PSTR("\r\n IV: "));
cli_hexdump(iv, 128/8);
cli_putstr_P(PSTR("\r\n plaintext:"));
cli_hexdump_block(plain, 4*128/8, 4, 16);
if(r)
return;
bcal_ofb_encMsg(iv, plain, 4*128, &ctx);
cli_putstr_P(PSTR("\r\n ciphertext: "));
cli_hexdump_block(plain, 4*128/8, 4, 16);
bcal_ofb_decMsg(iv, plain, 4*128, &ctx);
cli_putstr_P(PSTR("\r\n plaintext: "));
cli_hexdump_block(plain, 4*128/8, 4, 16);
bcal_ofb_free(&ctx);
}
void quick_test(void){
uint8_t *ciphertext, *plaintext, rc;
uint8_t seed[sizeof(SEED)], seed_out[sizeof(SEED)];
uint16_t clen, plen;
if(!keys_allocated){
load_fix_rsa();
}
ciphertext = malloc(clen = bigint_length_B(&pub_key.modulus));
plaintext = malloc(clen);
memcpy_P(plaintext, MSG, sizeof(MSG));
memcpy_P(seed, SEED, sizeof(SEED));
cli_putstr_P(PSTR("\r\nplaintext:"));
cli_hexdump_block(plaintext, sizeof(MSG), 4, 16);
cli_putstr_P(PSTR("\r\nseed:"));
cli_hexdump_block(seed, sizeof(SEED), 4, 16);
cli_putstr_P(PSTR("\r\nencrypting: ..."));
rc = rsa_encrypt_pkcs1v15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed);
if(rc){
cli_putstr_P(PSTR("\r\nERROR: rsa_encrypt_pkcs1v15 returned: "));
cli_hexdump_byte(rc);
return;
}
cli_putstr_P(PSTR("\r\n\r\nciphertext:"));
cli_hexdump_block(ciphertext, clen, 4, 16);
if(clen != sizeof(ENCRYPTED)){
cli_putstr_P(PSTR("\r\n>>FAIL (no size match)<<"));
return;
}else{
if(memcmp_P(ciphertext, ENCRYPTED, clen)){
cli_putstr_P(PSTR("\r\n>>FAIL (no content match)<<"));
return;
}else{
cli_putstr_P(PSTR("\r\n>>OK<<"));
}
}
cli_putstr_P(PSTR("\r\ndecrypting: ..."));
rc = rsa_decrypt_pkcs1v15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out);
if(rc){
cli_putstr_P(PSTR("\r\nERROR: rsa_decrypt_pkcs1v15 returned: "));
cli_hexdump_byte(rc);
return;
}
cli_putstr_P(PSTR("\r\n\r\nplaintext:"));
cli_hexdump_block(plaintext, plen, 4, 16);
cli_putstr_P(PSTR("\r\n\r\nseed (out):"));
cli_hexdump_block(seed_out, sizeof(SEED), 4, 16);
free(ciphertext);
free(plaintext);
}
void hfal_test(const hfdesc_t *hd, void *msg, uint32_t length_b){
if(pgm_read_byte(&(hd->type))!=HFDESC_TYPE_HASHFUNCTION)
return;
uint16_t dlen = (pgm_read_word(&(hd->hashsize_b))+7)/8;
uint8_t digest[dlen];
cli_putstr_P(PSTR("\r\n=== "));
cli_putstr_P((void*)pgm_read_word(&(hd->name)));
cli_putstr_P(PSTR(" ===\r\n message:"));
cli_hexdump_block(msg, (length_b+7)/8, 4, 16);
hfal_hash_mem(hd, digest, msg, length_b);
cli_putstr_P(PSTR(" \r\n digest:"));
cli_hexdump_block(digest, dlen, 4, 16);
cli_putstr_P(PSTR("\r\n"));
}
void hfal_test(const hfdesc_t* hd, const void* msg, uint32_t length_b){
if(hd->type!=HFDESC_TYPE_HASHFUNCTION)
return;
uint16_t dlen = (hd->hashsize_b+7)/8;
uint8_t digest[dlen];
cli_putstr("\r\n=== ");
cli_putstr(hd->name);
cli_putstr(" ===\r\n message:");
cli_hexdump_block(msg, (length_b+7)/8, 4, 16);
hfal_hash_mem(hd, digest, msg, length_b);
cli_putstr(" \r\n digest:");
cli_hexdump_block(digest, dlen, 4, 16);
cli_putstr("\r\n");
}
void testrun_trivium(void){
uint8_t key[10];
uint8_t iv[4];
uint8_t buffer[64];
scgen_ctx_t ctx;
memset(key, 0, 10);
memset(iv, 0, 4);
key[0] = 0x80;
scal_cipher_init(&trivium_desc, key, 80, iv, 32, &ctx);
scal_cipher_gen_fillblock(buffer, 64, &ctx);
cli_putstr_P(PSTR("\r\nTest:\r\n Key = "));
cli_hexdump(key, 10);
cli_putstr_P(PSTR("\r\n IV = "));
cli_hexdump(iv, 4);
cli_putstr_P(PSTR("\r\n Cipher = "));
cli_hexdump_block(buffer, 64, 4, 16);
scal_cipher_free(&ctx);
key[0] = 0x40;
scal_cipher_init(&trivium_desc, key, 80, iv, 32, &ctx);
scal_cipher_gen_fillblock(buffer, 64, &ctx);
cli_putstr_P(PSTR("\r\nTest:\r\n Key = "));
cli_hexdump(key, 10);
cli_putstr_P(PSTR("\r\n IV = "));
cli_hexdump(iv, 4);
cli_putstr_P(PSTR("\r\n Cipher = "));
cli_hexdump_block(buffer, 64, 4, 16);
scal_cipher_free(&ctx);
key[0] = 0x20;
scal_cipher_init(&trivium_desc, key, 80, iv, 32, &ctx);
scal_cipher_gen_fillblock(buffer, 64, &ctx);
cli_putstr_P(PSTR("\r\nTest:\r\n Key = "));
cli_hexdump(key, 10);
cli_putstr_P(PSTR("\r\n IV = "));
cli_hexdump(iv, 4);
cli_putstr_P(PSTR("\r\n Cipher = "));
cli_hexdump_block(buffer, 64, 4, 16);
scal_cipher_free(&ctx);
key[0] = 0x10;
scal_cipher_init(&trivium_desc, key, 80, iv, 32, &ctx);
scal_cipher_gen_fillblock(buffer, 64, &ctx);
cli_putstr_P(PSTR("\r\nTest:\r\n Key = "));
cli_hexdump(key, 10);
cli_putstr_P(PSTR("\r\n IV = "));
cli_hexdump(iv, 4);
cli_putstr_P(PSTR("\r\n Cipher = "));
cli_hexdump_block(buffer, 64, 4, 16);
scal_cipher_free(&ctx);
}
/*
Count = 0
Klen = 24
Mlen = 0
Tlen = 2
Key = 2b2aaa666be161ed16648e862ac9bd1e317f71bc69e268b5
Msg = 00
*/
void testrun_aes192_cmac0(void){
uint8_t key[24]= {
0x2b, 0x2a, 0xaa, 0x66, 0x6b, 0xe1, 0x61, 0xed,
0x16, 0x64, 0x8e, 0x86, 0x2a, 0xc9, 0xbd, 0x1e,
0x31, 0x7f, 0x71, 0xbc, 0x69, 0xe2, 0x68, 0xb5
};
uint8_t tag[2];
uint8_t plain[1] = {
0x00
};
bcal_cmac_ctx_t ctx;
uint8_t r;
cli_putstr("\r\n** AES192-CMAC-0-TEST **");
cli_putstr("\r\n key: ");
cli_hexdump(key, 192/8);
r = bcal_cmac_init(&aes192_desc, key, 192, &ctx);
cli_putstr("\r\n init = 0x");
cli_hexdump(&r, 1);
if(r)
return;
bcal_cmac(tag, 16, plain, 0*8, &ctx);
cli_putstr("\r\n tag: ");
cli_hexdump_block(tag, 2, 4, 16);
bcal_cmac_free(&ctx);
}
void test256Null(void){
jh_ctx_t ctx;
uint8_t hash[32];
jh256_init(&ctx);
jh_lastBlock(&ctx, NULL, 0);
jh256_ctx2hash(hash, &ctx);
cli_putstr_P(PSTR("\r\nresult:\r\n"));
cli_hexdump_block(hash, 32, 4, 8);
}
void crypto_test(void){
uint8_t test_data[16], test_key[32];
aes256_ctx_t ctx;
memset(test_key, 0xA5, 32);
memset(test_data, 0, 16);
aes256_init(test_key, &ctx);
aes256_enc(test_data, &ctx);
cli_putstr("\r\ncrypto test data:\r\n");
cli_hexdump_block(test_data, 16, 4, 8);
}
void test_dump(void){
char lstr[16];
int len;
cli_putstr_P(PSTR("\r\nenter dump length: "));
cli_getsn_cecho(lstr, 15);
len = own_atou(lstr);
cli_putstr_P(PSTR("\r\ndumping 0x"));
cli_hexdump_rev(&len, 2);
cli_putstr_P(PSTR(" byte:"));
cli_hexdump_block(pub_key.modulus.wordv, len, 4, 8);
}
void test_prf(const hfdesc_t* hash, const void* secret, const void* seed, uint16_t out_length){
prf_tls12_ctx_t ctx;
uint8_t buffer[out_length];
prf_tls12_init_w_label(&ctx, hash, secret, 16*8, test_label, strlen(test_label), seed, 16*8);
cli_putstr("\r\n== Testing PRF-TLSv1.2 with ");
cli_putstr(hash->name);
cli_putstr(" ==\r\n");
prf_tls12_fill(buffer, out_length, &ctx);
cli_hexdump_block(buffer, out_length, 4, 8);
prf_tls12_free(&ctx);
}
void testrun_whirlpool(void){
whirlpool_ctx_t ctx;
uint8_t hash[64];
uint8_t data[64];
memset(data, 0, 64);
data[0] = 'a';
data[1] = 'b';
data[2] = 'c';
whirlpool_init(&ctx);
whirlpool_lastBlock(&ctx, data, 3*8);
whirlpool_ctx2hash(hash, &ctx);
cli_putstr_P(PSTR("\r\nEmpty message hash:"));
cli_hexdump_block(hash, 64, 4, 16);
}
void testrun_cscipher(void){
uint8_t data[] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
uint8_t key[] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
cscipher_ctx_t ctx;
cli_putstr("\r\n== CS-Cipher test==\r\nkey: ");
cli_hexdump(key, 16);
memset(&ctx, 0, 8*9);
cscipher_init(key, &ctx);
cli_putstr("\r\nround keys:\r\n");
cli_hexdump_block(&ctx, 8*9, 4, 8);
cli_putstr("\r\nplain: ");
cli_hexdump(data, 8);
cscipher_enc(data, &ctx);
cli_putstr("\r\ncipher: ");
cli_hexdump(data, 8);
cscipher_dec(data, &ctx);
cli_putstr("\r\nplain: ");
cli_hexdump(data, 8);
}
void test_khazad(void){
uint8_t key[16];
uint8_t data[8];
khazad_ctx_t ctx;
memset(key, 0, 16);
memset(data, 0, 8);
key[0] = 0x80;
cli_putstr_P(PSTR("\r\nkey: "));
cli_hexdump(key, 16);
khazad_init(key, &ctx);
cli_putstr_P(PSTR("\r\nround keys:"));
cli_hexdump_block(&ctx, 8*8, 4, 8);
cli_putstr_P(PSTR("\r\nplain: "));
cli_hexdump(data, 8);
khazad_enc(data, &ctx);
cli_putstr_P(PSTR("\r\nencrypt:"));
cli_hexdump(data, 8);
khazad_dec(data, &ctx);
cli_putstr_P(PSTR("\r\ndecrypt:"));
cli_hexdump(data, 8);
}
void shavs_test1(void){ /* KAT tests */
uint32_t length=0;
int32_t expect_input=0;
if(!shavs_algo){
cli_putstr("\r\nERROR: select algorithm first!");
return;
}
char c;
uint8_t diggest[shavs_algo->hashsize_b/8];
shavs_ctx.buffersize_B=shavs_algo->blocksize_b/8;
uint8_t buffer[shavs_ctx.buffersize_B+5];
shavs_ctx.buffer = buffer;
cli_putstr("\r\nbuffer_size = 0x");
cli_hexdump_rev(&(shavs_ctx.buffersize_B), 2);
cli_putstr(" bytes");
for(;;){
shavs_ctx.blocks = 0;
memset(buffer, 0, shavs_ctx.buffersize_B);
length = getLength();
if((int32_t)length<0){
#if DEBUG
cli_putstr("\r\n(x) Len == ");
cli_hexdump_rev(&length, 4);
uart_flush(0);
#endif
return;
}
#if DEBUG
cli_putstr("\r\nLen == ");
cli_hexdump_rev(&length, 4);
uart_flush(0);
#endif
if(length==0){
expect_input=2;
}else{
expect_input=((length + 7) >> 2) & (~1L);
}
#if DEBUG
cli_putstr("\r\nexpected_input == ");
cli_hexdump_rev(&expect_input, 4);
if(expect_input==0)
cli_putstr("\r\nexpected_input == 0 !!!");
#endif
shavs_ctx.buffer_idx = 0;
shavs_ctx.in_byte = 0;
shavs_ctx.blocks = 0;
uint8_t ret;
#if DEBUG
cli_putstr("\r\n HFAL init");
cli_putstr("\r\n (2) expected_input == ");
cli_hexdump_rev(&expect_input, 4);
#endif
ret = hfal_hash_init(shavs_algo, &(shavs_ctx.ctx));
if(ret){
cli_putstr("\r\n HFAL init returned with: ");
cli_hexdump(&ret, 1);
return;
}
#if DEBUG
cli_putstr("\r\n (3) expected_input == ");
cli_hexdump_rev(&expect_input, 4);
cli_putstr("\r\n");
#endif
while((c=cli_getc_cecho())!='M' && c!='m'){
if(!isblank((uint8_t)c)){
cli_putstr("\r\nERROR: wrong input (1) [0x");
cli_hexdump(&c, 1);
cli_putstr("]!\r\n");
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
}
if((c=cli_getc_cecho())!='s' && c!='S'){
cli_putstr("\r\nERROR: wrong input (2)!\r\n");
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
if((c=cli_getc_cecho())!='g' && c!='G'){
cli_putstr("\r\nERROR: wrong input (3)!\r\n");
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
while((c=cli_getc_cecho())!='='){
if(!isblank((uint8_t)c)){
cli_putstr("\r\nERROR: wrong input (4)!\r\n");
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
}
#if DEBUG
cli_putstr("\r\nparsing started");
#endif
shavs_ctx.buffer_idx = 0;
shavs_ctx.in_byte = 0;
shavs_ctx.blocks = 0;
while(expect_input>0){
c=cli_getc_cecho();
#if DEBUG
cli_putstr("\r\n\t(");
cli_hexdump_rev(&expect_input, 4);
cli_putstr(") ");
#endif
if(buffer_add(c)==0){
--expect_input;
}else{
if(!isblank((uint16_t)c)){
cli_putstr("\r\nERROR: wrong input (5) (");
cli_putc(c);
cli_putstr(")!\r\n");
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
}
}
#if DEBUG
cli_putstr("\r\nBuffer-A:");
cli_hexdump_block(buffer, shavs_ctx.buffersize_B, 5, 8);
cli_putstr("\r\n starting finalization");
cli_putstr("\r\n\tblocks == ");
cli_hexdump_rev(&(shavs_ctx.blocks),4);
cli_putstr("\r\n\tbuffer_idx == ");
cli_hexdump_rev(&(shavs_ctx.buffer_idx),2);
cli_putstr("\r\n\tin_byte == ");
cli_hexdump_rev(&(shavs_ctx.in_byte),1);
cli_putstr("\r\n starting last block");
cli_putstr("\r\n\tlength == ");
cli_hexdump_rev(&length,4);
cli_putstr("\r\n\tbuffersize_B == ");
cli_hexdump_rev(&(shavs_ctx.buffersize_B),2);
uint16_t temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
cli_putstr("\r\n\t (temp) == ");
cli_hexdump_rev(&temp,2);
#else
uint16_t temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
#endif
hfal_hash_lastBlock( &(shavs_ctx.ctx), buffer, /* be aware of freaking compilers!!! */
temp );
#if DEBUG
cli_putstr("\r\n starting ctx2hash");
#endif
hfal_hash_ctx2hash(diggest, &(shavs_ctx.ctx));
#if DEBUG
cli_putstr("\r\n starting hash free");
#endif
hfal_hash_free(&(shavs_ctx.ctx));
cli_putstr("\r\n MD = ");
cli_hexdump(diggest, shavs_algo->hashsize_b/8);
}
}
void testrun_aes128_eax(void){
uint8_t key[16];
uint8_t nonce[16];
uint8_t header[8];
uint8_t tag[16];
uint8_t msg[21];
uint8_t msg_len;
const void* msg_p;
const void* cipher_p;
uint8_t i, r;
bcal_eax_ctx_t ctx;
msg_p = eax_msg;
cipher_p = eax_cipher;
for(i=0; i<10; ++i){
cli_putstr("\r\n\r\n** AES128-EAX-TEST #");
cli_putc('0'+i);
cli_putstr(" **");
msg_len = eax_msg_len[i];
memcpy(key, eax_key+16*i, 16);
memcpy(nonce, eax_nonce+16*i, 16);
memcpy(header, eax_header+8*i, 8);
memcpy(msg, msg_p, msg_len);
msg_p = (uint8_t*)msg_p+msg_len;
cli_putstr("\r\n key: ");
cli_hexdump(key, 16);
cli_putstr("\r\n msg: ");
if(msg_len){
cli_hexdump(msg, msg_len);
}
cli_putstr("\r\n nonce: ");
cli_hexdump(nonce, 16);
cli_putstr("\r\n header: ");
cli_hexdump(header, 8);
r = bcal_eax_init(&aes128_desc, key, 128, &ctx);
cli_putstr("\r\n init = 0x");
cli_hexdump(&r, 1);
if(r)
return;
bcal_eax_loadNonce(nonce, 16*8, &ctx);
bcal_eax_addLastHeader(header, 8*8, &ctx);
bcal_eax_encLastBlock(msg, msg_len*8, &ctx);
bcal_eax_ctx2tag(tag, 128, &ctx);
cli_putstr("\r\n cipher: ");
cli_hexdump_block(msg, msg_len, 4, 16);
cli_putstr("\r\n tag: ");
cli_hexdump_block(tag, 16, 4, 16);
if(memcmp(msg, cipher_p, msg_len)){
cli_putstr("\r\n cipher: [fail]\r\n should: ");
memcpy(msg, cipher_p, msg_len);
cli_hexdump_block(msg, msg_len, 4, 16);
}else{
cli_putstr("\r\n cipher: [pass]");
}
cipher_p = ((uint8_t*)cipher_p)+msg_len;
// *
if(memcmp(tag, cipher_p, 16)){
cli_putstr("\r\n tag: [fail]");
}else{
cli_putstr("\r\n tag: [pass]");
}
cipher_p = ((uint8_t*)cipher_p)+16;
bcal_eax_free(&ctx);
}
}
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, const void* seed){
if(!p){
p = &rsa_oaep_default_parameter;
}
if(!label){
label = &rsa_oaep_default_label;
}
uint16_t hv_len = (hfal_hash_getHashsize(p->hf)+7)/8;
if(length_B > bigint_length_B(&key->modulus) - 2*hv_len - 2){
/* message too long */
return 1;
}
uint16_t buffer_len = bigint_length_B(&key->modulus);
#if DEBUG
cli_putstr("\r\n buffer_len = ");
cli_hexdump_rev(&buffer_len, 2);
cli_putstr("\r\n modulus_len = ");
cli_hexdump_rev(&key->modulus.length_B, 2);
#endif
uint8_t* buffer = (uint8_t*)dest;
uint8_t off;
/* the following needs some explanation:
* off is the offset which is used for compensating the effect of
* changeendian() when it operates on multi-byte words.
* */
off = (sizeof(bigint_word_t) - (bigint_get_first_set_bit(&key->modulus)/8+1) % sizeof(bigint_word_t))
% (sizeof(bigint_word_t));
buffer += off;
buffer_len -= off;
uint8_t* seed_buffer = buffer + 1;
uint16_t db_len = buffer_len - hv_len - 1;
uint8_t* db = seed_buffer + hv_len;
uint16_t maskbuffer_len = db_len>hv_len?db_len:hv_len;
uint8_t maskbuffer[maskbuffer_len];
bigint_t x;
memset(dest, 0, seed_buffer - buffer + off);
memset(db + hv_len, 0, db_len - hv_len - length_B -1);
hfal_hash_mem(p->hf, db, label->label, label->length_b);
db[db_len - length_B - 1] = 0x01;
memcpy(db+db_len - length_B, src, length_B);
if(seed){
memcpy(seed_buffer, seed, hv_len);
}else{
/* generate random seed */
if(!prng_get_byte){
return 2; /* ERROR: no random generator specified */
}
uint16_t i;
for(i=0; i<hv_len; ++i){
seed_buffer[i] = prng_get_byte();
}
}
#if DEBUG
cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
cli_hexdump_block(dest, bigint_length_B(&key->modulus), 4, 16);
#endif
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
memxor(db, maskbuffer, db_len);
p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter);
memxor(seed_buffer, maskbuffer, hv_len);
#if DEBUG
cli_putstr("\r\n msg (raw, post-feistel):\r\n");
cli_hexdump_block(dest, bigint_length_B(&key->modulus), 4, 16);
#endif
x.info = 0;
x.length_B = key->modulus.length_B;
x.wordv = dest;
bigint_adjust(&x);
rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus));
#if DEBUG
cli_putstr("\r\ninput-msg (pre enc):\r\n");
cli_hexdump_rev(&src, 2);
cli_hexdump_block(src, length_B, 4, 16);
#endif
rsa_enc(&x, key);
#if DEBUG
cli_putstr("\r\ninput-msg (post enc):\r\n");
cli_hexdump_rev(&src, 2);
cli_hexdump_block(src, length_B, 4, 16);
#endif
rsa_i2osp(NULL, &x, out_length);
return 0;
}
void shavs_test1(void){ /* KAT tests */
uint32_t length=0;
int32_t expect_input=0;
if(!shavs_algo){
fputs_P(PSTR("\r\nERROR: select algorithm first!"), shavs_out_file);
return;
}
char c;
uint8_t diggest[pgm_read_word(&(shavs_algo->hashsize_b))/8];
shavs_ctx.buffersize_B=pgm_read_word(&(shavs_algo->blocksize_b))/8;
uint8_t buffer[shavs_ctx.buffersize_B+5];
shavs_ctx.buffer = buffer;
fprintf_P(shavs_out_file, PSTR("\nbuffer_size = 0x%04"PRIx16" bytes"), shavs_ctx.buffersize_B);
for(;;){
shavs_ctx.blocks = 0;
memset(buffer, 0, shavs_ctx.buffersize_B);
length = getLength();
if(length<0){
return;
}
#if DEBUG
fprintf_P(shavs_out_file, PSTR("\nLen == %"PRIu32), length)
#endif
if(length==0){
expect_input=2;
}else{
expect_input=((length + 7) >> 2) & (~1L);
}
#if DEBUG
fprintf_P(shavs_out_file, PSTR("\r\nexpected_input == %"PRId32), expected_input);
#endif
shavs_ctx.buffer_idx = 0;
shavs_ctx.in_byte = 0;
shavs_ctx.blocks = 0;
uint8_t ret;
#if DEBUG
fprintf_P(shavs_out_file, PSTR("\n HFAL init\n (2) expected_input == "), expected_input);
#endif
ret = hfal_hash_init(shavs_algo, &(shavs_ctx.ctx));
if(ret){
fprintf_P(shavs_out_file, PSTR("\r\n HFAL init returned with: %"PRIx8), ret);
return;
}
#if DEBUG
fprintf_P(shavs_out_file, PSTR("\r\n (3) expected_input == %"PRId32"\n"), expected_input)
#endif
while((c=cli_getc_cecho())!='M' && c!='m'){
if(!isblank(c)){
fprintf_P(shavs_out_file, PSTR("\nERROR: wrong input (1) [0x%"PRIx8"]!\n"), c);
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
}
if((c=cli_getc_cecho())!='s' && c!='S'){
fputs_P(PSTR("\nERROR: wrong input (2)!\n"), shavs_out_file);
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
if((c=cli_getc_cecho())!='g' && c!='G'){
fputs_P(PSTR("\nERROR: wrong input (3)!\n"), shavs_out_file);
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
while((c=cli_getc_cecho())!='='){
if(!isblank(c)){
fputs_P(PSTR("\nERROR: wrong input (4)!\n"), shavs_out_file);
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
}
#if DEBUG
fputs_P(PSTR("\r\nparsing started"), shavs_out_file);
#endif
shavs_ctx.buffer_idx = 0;
shavs_ctx.in_byte = 0;
shavs_ctx.blocks = 0;
while(expect_input>0){
c=cli_getc_cecho();
#if DEBUG
fprintf_P(shavs_out_file, PSTR("\n\t(%"PRId32") "), expected_input);
_delay_ms(500);
#endif
if(buffer_add(c)==0){
--expect_input;
}else{
if(!isblank((uint16_t)c)){
fprintf_P(shavs_out_file, PSTR("\nERROR: wrong input (5) (%c)!\n"), c);
hfal_hash_free(&(shavs_ctx.ctx));
return;
}
}
}
#if DEBUG
cli_putstr_P(PSTR("\r\nBuffer-A:"));
cli_hexdump_block(buffer, shavs_ctx.buffersize_B, 5, 8);
cli_putstr_P(PSTR("\r\n starting finalisation"));
cli_putstr_P(PSTR("\r\n\tblocks == "));
cli_hexdump_rev(&(shavs_ctx.blocks),4);
cli_putstr_P(PSTR("\r\n\tbuffer_idx == "));
cli_hexdump_rev(&(shavs_ctx.buffer_idx),2);
cli_putstr_P(PSTR("\r\n\tin_byte == "));
cli_hexdump_rev(&(shavs_ctx.in_byte),1);
_delay_ms(500);
cli_putstr_P(PSTR("\r\n starting last block"));
cli_putstr_P(PSTR("\r\n\tlength == "));
cli_hexdump_rev(&length,4);
cli_putstr_P(PSTR("\r\n\tbuffersize_B == "));
cli_hexdump_rev(&(shavs_ctx.buffersize_B),2);
uint16_t temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
cli_putstr_P(PSTR("\r\n\t (temp) == "));
cli_hexdump_rev(&temp,2);
_delay_ms(500);
temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
#else
uint16_t temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
#endif
hfal_hash_lastBlock( &(shavs_ctx.ctx), buffer, /* be aware of freaking compilers!!! */
temp );
#if DEBUG
cli_putstr_P(PSTR("\r\n starting ctx2hash"));
_delay_ms(500);
#endif
hfal_hash_ctx2hash(diggest, &(shavs_ctx.ctx));
#if DEBUG
cli_putstr_P(PSTR("\r\n starting hash free"));
#endif
hfal_hash_free(&(shavs_ctx.ctx));
cli_putstr_P(PSTR("\r\n MD = "));
cli_hexdump(diggest, pgm_read_word(&(shavs_algo->hashsize_b))/8);
}
}
void testrun_aes128_cfb1(void){
uint8_t key[16];
uint8_t iv[16];
uint8_t plain[64];
bcal_cfb_b_ctx_t ctx;
uint8_t r;
memcpy(key, modes_key, 16);
memcpy(iv, modes_iv, 16);
memcpy(plain, modes_plain, 64);
cli_putstr("\r\n** AES128-CFB1-TEST **");
r = bcal_cfb_b_init(&aes128_desc, key, 128, 1, &ctx);
cli_putstr("\r\n init = 0x");
cli_hexdump(&r, 1);
cli_putstr("\r\n key: ");
cli_hexdump(key, 128/8);
cli_putstr("\r\n IV: ");
cli_hexdump(iv, 128/8);
cli_putstr("\r\n plaintext:");
cli_hexdump_block(plain, 2, 4, 16);
if(r)
return;
uint8_t i, bit_offset, byte_offset;
bcal_cfb_b_loadIV(iv, &ctx);
for(i=0; i<16; ++i){
byte_offset = i/8;
bit_offset = i&7;
cli_putstr("\r\n plain bit: ");
cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0');
bcal_cfb_b_encNext(plain+byte_offset, bit_offset, &ctx);
cli_putstr("\r\n cipher bit: ");
cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0');
}
cli_putstr("\r\n ciphertext: ");
cli_hexdump_block(plain, 2, 4, 16);
bcal_cfb_b_loadIV(iv, &ctx);
for(i=0; i<16; ++i){
byte_offset = i/8;
bit_offset = i&7;
cli_putstr("\r\n plain bit: ");
cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0');
bcal_cfb_b_decNext(plain+byte_offset, bit_offset, &ctx);
cli_putstr("\r\n cipher bit: ");
cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0');
}
cli_putstr("\r\n plaintext: ");
cli_hexdump_block(plain, 2, 4, 16);
bcal_cfb_b_encMsg(iv, plain, 0, 64*8, &ctx);
cli_putstr("\r\n ciphertext: ");
cli_hexdump_block(plain, 64, 4, 16);
bcal_cfb_b_decMsg(iv, plain, 0, 64*8, &ctx);
cli_putstr("\r\n plaintext: ");
cli_hexdump_block(plain, 64, 4, 16);
bcal_cfb_b_free(&ctx);
}
void run_seed_test(void){
uint8_t *msg, *ciph, *msg_;
uint16_t ciph_len, msg_len;
uint16_t msg_len_;
uint16_t seed_len;
uint8_t *seed, *seed_out;
char read_int_str[18];
cli_putstr_P(PSTR("\r\n== test with given seed =="));
cli_putstr_P(PSTR("\r\n = message ="));
cli_putstr_P(PSTR("\r\n length: "));
cli_getsn(read_int_str, 16);
msg_len = own_atou(read_int_str);
seed_len = rsa_pkcs1v15_compute_padlength_B(&pub_key.modulus, msg_len);
seed = malloc(seed_len);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @seed: 0x"));
cli_hexdump_rev(&seed, 2);
#endif
if(!seed){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
seed_out = malloc(seed_len);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @seed_out: 0x"));
cli_hexdump_rev(&seed_out, 2);
#endif
if(!seed_out){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
msg = malloc(msg_len);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @msg: 0x"));
cli_hexdump_rev(&msg, 2);
#endif
if(!msg){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
ciph = malloc(bigint_length_B(&pub_key.modulus));
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @ciph: 0x"));
cli_hexdump_rev(&ciph, 2);
#endif
if(!ciph){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
msg_ = malloc(bigint_length_B(&pub_key.modulus) /* + sizeof(bigint_word_t) */ );
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @msg_: 0x"));
cli_hexdump_rev(&msg_, 2);
#endif
if(!msg_){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
cli_putstr_P(PSTR("\r\n data: "));
read_os(msg, msg_len, NULL);
cli_putstr_P(PSTR("\r\n seed (0x"));
cli_hexdump_rev(&seed_len, 2);
cli_putstr_P(PSTR(" bytes): "));
read_os(seed, seed_len, NULL);
cli_putstr_P(PSTR("\r\n encrypting ..."));
/*
cli_putstr_P(PSTR("\r\n plaintext:"));
cli_hexdump_block(msg, msg_len, 4, 16);
cli_putstr_P(PSTR("\r\n seed:"));
cli_hexdump_block(seed, seed_len, 4, 16);
*/
#if DEBUG
cli_putstr_P(PSTR("\r\n first prime:"));
bigint_print_hex(&priv_key.components[0]);
#endif
rsa_encrypt_pkcs1v15(ciph, &ciph_len, msg, msg_len, &pub_key, seed);
cli_putstr_P(PSTR("\r\n ciphertext:"));
cli_hexdump_block(ciph, ciph_len, 4, 16);
#if DEBUG
cli_putstr_P(PSTR("\r\n first prime:"));
bigint_print_hex(&priv_key.components[0]);
#endif
cli_putstr_P(PSTR("\r\n decrypting ... "));
rsa_decrypt_pkcs1v15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out);
cli_putstr_P(PSTR("[done]"));
if(msg_len != msg_len_){
char tstr[16];
cli_putstr_P(PSTR("\r\nERROR: wrong decrypted message length ("));
itoa(msg_len_, tstr, 10);
cli_putstr(tstr);
cli_putstr_P(PSTR(" instead of "));
itoa(msg_len, tstr, 10);
cli_putstr(tstr);
cli_putc(')');
goto end;
}
if(memcmp(msg, msg_, msg_len)){
cli_putstr_P(PSTR("\r\nERROR: wrong decrypted message:"));
cli_hexdump_block(msg_, msg_len_, 4, 16);
cli_putstr_P(PSTR("\r\nreference:"));
cli_hexdump_block(msg, msg_len, 4, 16);
goto end;
}
if(memcmp(seed, seed_out, seed_len)){
cli_putstr_P(PSTR("\r\nERROR: wrong decrypted seed:"));
cli_hexdump_block(seed_out, seed_len, 4, 16);
cli_putstr_P(PSTR("\r\nreference:"));
cli_hexdump_block(seed, seed_len, 4, 16);
goto end;
}
cli_putstr_P(PSTR("\r\n >>OK<<"));
end:
free(msg_);
free(ciph);
free(msg);
free(seed_out);
free(seed);
}