void quick_test(void){
uint8_t *ciphertext, *plaintext, rc;
uint8_t seed[sizeof(SEED)], seed_out[sizeof(SEED)];
uint16_t clen, plen;
if(!keys_allocated){
load_fix_rsa();
}
ciphertext = malloc(clen = bigint_length_B(&pub_key.modulus));
plaintext = malloc(clen);
memcpy_P(plaintext, MSG, sizeof(MSG));
memcpy_P(seed, SEED, sizeof(SEED));
cli_putstr_P(PSTR("\r\nplaintext:"));
cli_hexdump_block(plaintext, sizeof(MSG), 4, 16);
cli_putstr_P(PSTR("\r\nseed:"));
cli_hexdump_block(seed, sizeof(SEED), 4, 16);
cli_putstr_P(PSTR("\r\nencrypting: ..."));
rc = rsa_encrypt_pkcs1v15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed);
if(rc){
cli_putstr_P(PSTR("\r\nERROR: rsa_encrypt_pkcs1v15 returned: "));
cli_hexdump_byte(rc);
return;
}
cli_putstr_P(PSTR("\r\n\r\nciphertext:"));
cli_hexdump_block(ciphertext, clen, 4, 16);
if(clen != sizeof(ENCRYPTED)){
cli_putstr_P(PSTR("\r\n>>FAIL (no size match)<<"));
return;
}else{
if(memcmp_P(ciphertext, ENCRYPTED, clen)){
cli_putstr_P(PSTR("\r\n>>FAIL (no content match)<<"));
return;
}else{
cli_putstr_P(PSTR("\r\n>>OK<<"));
}
}
cli_putstr_P(PSTR("\r\ndecrypting: ..."));
rc = rsa_decrypt_pkcs1v15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out);
if(rc){
cli_putstr_P(PSTR("\r\nERROR: rsa_decrypt_pkcs1v15 returned: "));
cli_hexdump_byte(rc);
return;
}
cli_putstr_P(PSTR("\r\n\r\nplaintext:"));
cli_hexdump_block(plaintext, plen, 4, 16);
cli_putstr_P(PSTR("\r\n\r\nseed (out):"));
cli_hexdump_block(seed_out, sizeof(SEED), 4, 16);
free(ciphertext);
free(plaintext);
}
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, const void* seed){
if(!p){
p = &rsa_oaep_default_parameter;
}
if(!label){
label = &rsa_oaep_default_label;
}
uint16_t hv_len = (hfal_hash_getHashsize(p->hf)+7)/8;
if(length_B > bigint_length_B(&key->modulus) - 2*hv_len - 2){
/* message too long */
return 1;
}
uint16_t buffer_len = bigint_length_B(&key->modulus);
#if DEBUG
cli_putstr("\r\n buffer_len = ");
cli_hexdump_rev(&buffer_len, 2);
cli_putstr("\r\n modulus_len = ");
cli_hexdump_rev(&key->modulus.length_B, 2);
#endif
uint8_t* buffer = (uint8_t*)dest;
uint8_t off;
/* the following needs some explanation:
* off is the offset which is used for compensating the effect of
* changeendian() when it operates on multi-byte words.
* */
off = (sizeof(bigint_word_t) - (bigint_get_first_set_bit(&key->modulus)/8+1) % sizeof(bigint_word_t))
% (sizeof(bigint_word_t));
buffer += off;
buffer_len -= off;
uint8_t* seed_buffer = buffer + 1;
uint16_t db_len = buffer_len - hv_len - 1;
uint8_t* db = seed_buffer + hv_len;
uint16_t maskbuffer_len = db_len>hv_len?db_len:hv_len;
uint8_t maskbuffer[maskbuffer_len];
bigint_t x;
memset(dest, 0, seed_buffer - buffer + off);
memset(db + hv_len, 0, db_len - hv_len - length_B -1);
hfal_hash_mem(p->hf, db, label->label, label->length_b);
db[db_len - length_B - 1] = 0x01;
memcpy(db+db_len - length_B, src, length_B);
if(seed){
memcpy(seed_buffer, seed, hv_len);
}else{
/* generate random seed */
if(!prng_get_byte){
return 2; /* ERROR: no random generator specified */
}
uint16_t i;
for(i=0; i<hv_len; ++i){
seed_buffer[i] = prng_get_byte();
}
}
#if DEBUG
cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
cli_hexdump_block(dest, bigint_length_B(&key->modulus), 4, 16);
#endif
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
memxor(db, maskbuffer, db_len);
p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter);
memxor(seed_buffer, maskbuffer, hv_len);
#if DEBUG
cli_putstr("\r\n msg (raw, post-feistel):\r\n");
cli_hexdump_block(dest, bigint_length_B(&key->modulus), 4, 16);
#endif
x.info = 0;
x.length_B = key->modulus.length_B;
x.wordv = dest;
bigint_adjust(&x);
rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus));
#if DEBUG
cli_putstr("\r\ninput-msg (pre enc):\r\n");
cli_hexdump_rev(&src, 2);
cli_hexdump_block(src, length_B, 4, 16);
#endif
rsa_enc(&x, key);
#if DEBUG
cli_putstr("\r\ninput-msg (post enc):\r\n");
cli_hexdump_rev(&src, 2);
cli_hexdump_block(src, length_B, 4, 16);
#endif
rsa_i2osp(NULL, &x, out_length);
return 0;
}
uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
rsa_privatekey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, void* seed){
// cli_putstr("\r\n -->rsa_decrypt_oaep()"); uart_flush(0);
if(!label){
label = &rsa_oaep_default_label;
}
if(!p){
p = &rsa_oaep_default_parameter;
}
uint16_t x_len, data_len;
bigint_t x;
uint16_t hv_len = hfal_hash_getHashsize(p->hf)/8;
uint8_t label_hv[hv_len];
uint16_t msg_len = bigint_get_first_set_bit(&key->modulus) / 8 + 1;
uint16_t db_len = msg_len - hv_len - 1;
uint8_t maskbuffer[db_len>hv_len?db_len:hv_len];
uint8_t *seed_buffer = dest;
uint8_t *db_buffer = seed_buffer + hv_len;
x_len = bigint_get_first_set_bit(&key->modulus)/8;
memset(dest, 0, bigint_length_B(&key->modulus) - length_B);
memcpy((uint8_t*)dest + bigint_length_B(&key->modulus) - length_B, src, length_B);
// cli_putc('a'); uart_flush(0);
x.wordv = dest;
x.length_B = key->modulus.length_B;
x.info = 0;
bigint_adjust(&x);
// cli_putc('b'); uart_flush(0);
rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus));
#if DEBUG
cli_putstr_P(PSTR("\r\n rsa decrypting ..."));
#endif
rsa_dec(&x, key);
#if DEBUG
cli_putstr_P(PSTR(" [done]"));
#endif
rsa_i2osp(NULL, &x, &data_len);
// cli_putstr("\r\n msg (raw, pre-move):\r\n");
// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
if(data_len > x_len){
return 7;
}
/*
cli_putstr("\r\n moving some bytes; x_len = ");
cli_hexdump_rev(&x_len, 2);
cli_putstr(" data_len = ");
cli_hexdump_rev(&data_len, 2);
uart_flush(0);
*/
if(x_len != data_len){
memmove((uint8_t*)dest + x_len - data_len, dest, data_len);
// cli_putstr(" (oh, not dead yet?!)");
// uart_flush(0);
memset(dest, 0, x_len - data_len);
}
hfal_hash_mem(p->hf, label_hv, label->label, label->length_b);
/*
cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
cli_hexdump_block(seed_buffer, bigint_length_B(key->modulus), 4, 16);
uart_flush(0);
*/
p->mgf(maskbuffer, db_buffer, db_len, hv_len, p->mgf_parameter);
memxor(seed_buffer, maskbuffer, hv_len);
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
memxor(db_buffer, maskbuffer, db_len);
if(memcmp(label_hv, db_buffer, hv_len)){
// cli_putstr("\r\nDBG: DB:\r\n");
// cli_hexdump_block(db_buffer, db_len, 4, 16);
return 2;
}
uint16_t ps_len=0;
while(db_buffer[hv_len + ps_len++] == 0)
;
--ps_len;
if(db_buffer[hv_len + ps_len] != 1){
return 3;
}
if(seed){
memcpy(seed, seed_buffer, hv_len);
}
msg_len = db_len - hv_len - 1 - ps_len;
memmove(dest, db_buffer + hv_len + ps_len + 1, msg_len);
*out_length = msg_len;
return 0;
}
void run_seed_test(void){
uint8_t *msg, *ciph, *msg_;
uint16_t ciph_len, msg_len;
uint16_t msg_len_;
uint16_t seed_len;
uint8_t *seed, *seed_out;
char read_int_str[18];
cli_putstr_P(PSTR("\r\n== test with given seed =="));
cli_putstr_P(PSTR("\r\n = message ="));
cli_putstr_P(PSTR("\r\n length: "));
cli_getsn(read_int_str, 16);
msg_len = own_atou(read_int_str);
seed_len = rsa_pkcs1v15_compute_padlength_B(&pub_key.modulus, msg_len);
seed = malloc(seed_len);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @seed: 0x"));
cli_hexdump_rev(&seed, 2);
#endif
if(!seed){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
seed_out = malloc(seed_len);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @seed_out: 0x"));
cli_hexdump_rev(&seed_out, 2);
#endif
if(!seed_out){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
msg = malloc(msg_len);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @msg: 0x"));
cli_hexdump_rev(&msg, 2);
#endif
if(!msg){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
ciph = malloc(bigint_length_B(&pub_key.modulus));
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @ciph: 0x"));
cli_hexdump_rev(&ciph, 2);
#endif
if(!ciph){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
msg_ = malloc(bigint_length_B(&pub_key.modulus) /* + sizeof(bigint_word_t) */ );
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @msg_: 0x"));
cli_hexdump_rev(&msg_, 2);
#endif
if(!msg_){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
cli_putstr_P(PSTR("\r\n data: "));
read_os(msg, msg_len, NULL);
cli_putstr_P(PSTR("\r\n seed (0x"));
cli_hexdump_rev(&seed_len, 2);
cli_putstr_P(PSTR(" bytes): "));
read_os(seed, seed_len, NULL);
cli_putstr_P(PSTR("\r\n encrypting ..."));
/*
cli_putstr_P(PSTR("\r\n plaintext:"));
cli_hexdump_block(msg, msg_len, 4, 16);
cli_putstr_P(PSTR("\r\n seed:"));
cli_hexdump_block(seed, seed_len, 4, 16);
*/
#if DEBUG
cli_putstr_P(PSTR("\r\n first prime:"));
bigint_print_hex(&priv_key.components[0]);
#endif
rsa_encrypt_pkcs1v15(ciph, &ciph_len, msg, msg_len, &pub_key, seed);
cli_putstr_P(PSTR("\r\n ciphertext:"));
cli_hexdump_block(ciph, ciph_len, 4, 16);
#if DEBUG
cli_putstr_P(PSTR("\r\n first prime:"));
bigint_print_hex(&priv_key.components[0]);
#endif
cli_putstr_P(PSTR("\r\n decrypting ... "));
rsa_decrypt_pkcs1v15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out);
cli_putstr_P(PSTR("[done]"));
if(msg_len != msg_len_){
char tstr[16];
cli_putstr_P(PSTR("\r\nERROR: wrong decrypted message length ("));
itoa(msg_len_, tstr, 10);
cli_putstr(tstr);
cli_putstr_P(PSTR(" instead of "));
itoa(msg_len, tstr, 10);
cli_putstr(tstr);
cli_putc(')');
goto end;
}
if(memcmp(msg, msg_, msg_len)){
cli_putstr_P(PSTR("\r\nERROR: wrong decrypted message:"));
cli_hexdump_block(msg_, msg_len_, 4, 16);
cli_putstr_P(PSTR("\r\nreference:"));
cli_hexdump_block(msg, msg_len, 4, 16);
goto end;
}
if(memcmp(seed, seed_out, seed_len)){
cli_putstr_P(PSTR("\r\nERROR: wrong decrypted seed:"));
cli_hexdump_block(seed_out, seed_len, 4, 16);
cli_putstr_P(PSTR("\r\nreference:"));
cli_hexdump_block(seed, seed_len, 4, 16);
goto end;
}
cli_putstr_P(PSTR("\r\n >>OK<<"));
end:
free(msg_);
free(ciph);
free(msg);
free(seed_out);
free(seed);
}
