void quick_test(void){ uint8_t *ciphertext, *plaintext, rc; uint8_t seed[sizeof(SEED)], seed_out[sizeof(SEED)]; uint16_t clen, plen; if(!keys_allocated){ load_fix_rsa(); } ciphertext = malloc(clen = bigint_length_B(&pub_key.modulus)); plaintext = malloc(clen); memcpy_P(plaintext, MSG, sizeof(MSG)); memcpy_P(seed, SEED, sizeof(SEED)); cli_putstr_P(PSTR("\r\nplaintext:")); cli_hexdump_block(plaintext, sizeof(MSG), 4, 16); cli_putstr_P(PSTR("\r\nseed:")); cli_hexdump_block(seed, sizeof(SEED), 4, 16); cli_putstr_P(PSTR("\r\nencrypting: ...")); rc = rsa_encrypt_pkcs1v15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed); if(rc){ cli_putstr_P(PSTR("\r\nERROR: rsa_encrypt_pkcs1v15 returned: ")); cli_hexdump_byte(rc); return; } cli_putstr_P(PSTR("\r\n\r\nciphertext:")); cli_hexdump_block(ciphertext, clen, 4, 16); if(clen != sizeof(ENCRYPTED)){ cli_putstr_P(PSTR("\r\n>>FAIL (no size match)<<")); return; }else{ if(memcmp_P(ciphertext, ENCRYPTED, clen)){ cli_putstr_P(PSTR("\r\n>>FAIL (no content match)<<")); return; }else{ cli_putstr_P(PSTR("\r\n>>OK<<")); } } cli_putstr_P(PSTR("\r\ndecrypting: ...")); rc = rsa_decrypt_pkcs1v15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out); if(rc){ cli_putstr_P(PSTR("\r\nERROR: rsa_decrypt_pkcs1v15 returned: ")); cli_hexdump_byte(rc); return; } cli_putstr_P(PSTR("\r\n\r\nplaintext:")); cli_hexdump_block(plaintext, plen, 4, 16); cli_putstr_P(PSTR("\r\n\r\nseed (out):")); cli_hexdump_block(seed_out, sizeof(SEED), 4, 16); free(ciphertext); free(plaintext); }
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length, const void* src, uint16_t length_B, rsa_publickey_t* key, const rsa_oaep_parameter_t *p, const rsa_label_t* label, const void* seed){ if(!p){ p = &rsa_oaep_default_parameter; } if(!label){ label = &rsa_oaep_default_label; } uint16_t hv_len = (hfal_hash_getHashsize(p->hf)+7)/8; if(length_B > bigint_length_B(&key->modulus) - 2*hv_len - 2){ /* message too long */ return 1; } uint16_t buffer_len = bigint_length_B(&key->modulus); #if DEBUG cli_putstr("\r\n buffer_len = "); cli_hexdump_rev(&buffer_len, 2); cli_putstr("\r\n modulus_len = "); cli_hexdump_rev(&key->modulus.length_B, 2); #endif uint8_t* buffer = (uint8_t*)dest; uint8_t off; /* the following needs some explanation: * off is the offset which is used for compensating the effect of * changeendian() when it operates on multi-byte words. * */ off = (sizeof(bigint_word_t) - (bigint_get_first_set_bit(&key->modulus)/8+1) % sizeof(bigint_word_t)) % (sizeof(bigint_word_t)); buffer += off; buffer_len -= off; uint8_t* seed_buffer = buffer + 1; uint16_t db_len = buffer_len - hv_len - 1; uint8_t* db = seed_buffer + hv_len; uint16_t maskbuffer_len = db_len>hv_len?db_len:hv_len; uint8_t maskbuffer[maskbuffer_len]; bigint_t x; memset(dest, 0, seed_buffer - buffer + off); memset(db + hv_len, 0, db_len - hv_len - length_B -1); hfal_hash_mem(p->hf, db, label->label, label->length_b); db[db_len - length_B - 1] = 0x01; memcpy(db+db_len - length_B, src, length_B); if(seed){ memcpy(seed_buffer, seed, hv_len); }else{ /* generate random seed */ if(!prng_get_byte){ return 2; /* ERROR: no random generator specified */ } uint16_t i; for(i=0; i<hv_len; ++i){ seed_buffer[i] = prng_get_byte(); } } #if DEBUG cli_putstr("\r\n msg (raw, pre-feistel):\r\n"); cli_hexdump_block(dest, bigint_length_B(&key->modulus), 4, 16); #endif p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter); memxor(db, maskbuffer, db_len); p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter); memxor(seed_buffer, maskbuffer, hv_len); #if DEBUG cli_putstr("\r\n msg (raw, post-feistel):\r\n"); cli_hexdump_block(dest, bigint_length_B(&key->modulus), 4, 16); #endif x.info = 0; x.length_B = key->modulus.length_B; x.wordv = dest; bigint_adjust(&x); rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus)); #if DEBUG cli_putstr("\r\ninput-msg (pre enc):\r\n"); cli_hexdump_rev(&src, 2); cli_hexdump_block(src, length_B, 4, 16); #endif rsa_enc(&x, key); #if DEBUG cli_putstr("\r\ninput-msg (post enc):\r\n"); cli_hexdump_rev(&src, 2); cli_hexdump_block(src, length_B, 4, 16); #endif rsa_i2osp(NULL, &x, out_length); return 0; }
uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length, const void* src, uint16_t length_B, rsa_privatekey_t* key, const rsa_oaep_parameter_t *p, const rsa_label_t* label, void* seed){ // cli_putstr("\r\n -->rsa_decrypt_oaep()"); uart_flush(0); if(!label){ label = &rsa_oaep_default_label; } if(!p){ p = &rsa_oaep_default_parameter; } uint16_t x_len, data_len; bigint_t x; uint16_t hv_len = hfal_hash_getHashsize(p->hf)/8; uint8_t label_hv[hv_len]; uint16_t msg_len = bigint_get_first_set_bit(&key->modulus) / 8 + 1; uint16_t db_len = msg_len - hv_len - 1; uint8_t maskbuffer[db_len>hv_len?db_len:hv_len]; uint8_t *seed_buffer = dest; uint8_t *db_buffer = seed_buffer + hv_len; x_len = bigint_get_first_set_bit(&key->modulus)/8; memset(dest, 0, bigint_length_B(&key->modulus) - length_B); memcpy((uint8_t*)dest + bigint_length_B(&key->modulus) - length_B, src, length_B); // cli_putc('a'); uart_flush(0); x.wordv = dest; x.length_B = key->modulus.length_B; x.info = 0; bigint_adjust(&x); // cli_putc('b'); uart_flush(0); rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus)); #if DEBUG cli_putstr_P(PSTR("\r\n rsa decrypting ...")); #endif rsa_dec(&x, key); #if DEBUG cli_putstr_P(PSTR(" [done]")); #endif rsa_i2osp(NULL, &x, &data_len); // cli_putstr("\r\n msg (raw, pre-move):\r\n"); // cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16); if(data_len > x_len){ return 7; } /* cli_putstr("\r\n moving some bytes; x_len = "); cli_hexdump_rev(&x_len, 2); cli_putstr(" data_len = "); cli_hexdump_rev(&data_len, 2); uart_flush(0); */ if(x_len != data_len){ memmove((uint8_t*)dest + x_len - data_len, dest, data_len); // cli_putstr(" (oh, not dead yet?!)"); // uart_flush(0); memset(dest, 0, x_len - data_len); } hfal_hash_mem(p->hf, label_hv, label->label, label->length_b); /* cli_putstr("\r\n msg (raw, pre-feistel):\r\n"); cli_hexdump_block(seed_buffer, bigint_length_B(key->modulus), 4, 16); uart_flush(0); */ p->mgf(maskbuffer, db_buffer, db_len, hv_len, p->mgf_parameter); memxor(seed_buffer, maskbuffer, hv_len); p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter); memxor(db_buffer, maskbuffer, db_len); if(memcmp(label_hv, db_buffer, hv_len)){ // cli_putstr("\r\nDBG: DB:\r\n"); // cli_hexdump_block(db_buffer, db_len, 4, 16); return 2; } uint16_t ps_len=0; while(db_buffer[hv_len + ps_len++] == 0) ; --ps_len; if(db_buffer[hv_len + ps_len] != 1){ return 3; } if(seed){ memcpy(seed, seed_buffer, hv_len); } msg_len = db_len - hv_len - 1 - ps_len; memmove(dest, db_buffer + hv_len + ps_len + 1, msg_len); *out_length = msg_len; return 0; }
void run_seed_test(void){ uint8_t *msg, *ciph, *msg_; uint16_t ciph_len, msg_len; uint16_t msg_len_; uint16_t seed_len; uint8_t *seed, *seed_out; char read_int_str[18]; cli_putstr_P(PSTR("\r\n== test with given seed ==")); cli_putstr_P(PSTR("\r\n = message =")); cli_putstr_P(PSTR("\r\n length: ")); cli_getsn(read_int_str, 16); msg_len = own_atou(read_int_str); seed_len = rsa_pkcs1v15_compute_padlength_B(&pub_key.modulus, msg_len); seed = malloc(seed_len); #if DEBUG cli_putstr_P(PSTR("\r\nDBG: @seed: 0x")); cli_hexdump_rev(&seed, 2); #endif if(!seed){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); return; } seed_out = malloc(seed_len); #if DEBUG cli_putstr_P(PSTR("\r\nDBG: @seed_out: 0x")); cli_hexdump_rev(&seed_out, 2); #endif if(!seed_out){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); return; } msg = malloc(msg_len); #if DEBUG cli_putstr_P(PSTR("\r\nDBG: @msg: 0x")); cli_hexdump_rev(&msg, 2); #endif if(!msg){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); return; } ciph = malloc(bigint_length_B(&pub_key.modulus)); #if DEBUG cli_putstr_P(PSTR("\r\nDBG: @ciph: 0x")); cli_hexdump_rev(&ciph, 2); #endif if(!ciph){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); return; } msg_ = malloc(bigint_length_B(&pub_key.modulus) /* + sizeof(bigint_word_t) */ ); #if DEBUG cli_putstr_P(PSTR("\r\nDBG: @msg_: 0x")); cli_hexdump_rev(&msg_, 2); #endif if(!msg_){ cli_putstr_P(PSTR("\r\nERROR: OOM!")); return; } cli_putstr_P(PSTR("\r\n data: ")); read_os(msg, msg_len, NULL); cli_putstr_P(PSTR("\r\n seed (0x")); cli_hexdump_rev(&seed_len, 2); cli_putstr_P(PSTR(" bytes): ")); read_os(seed, seed_len, NULL); cli_putstr_P(PSTR("\r\n encrypting ...")); /* cli_putstr_P(PSTR("\r\n plaintext:")); cli_hexdump_block(msg, msg_len, 4, 16); cli_putstr_P(PSTR("\r\n seed:")); cli_hexdump_block(seed, seed_len, 4, 16); */ #if DEBUG cli_putstr_P(PSTR("\r\n first prime:")); bigint_print_hex(&priv_key.components[0]); #endif rsa_encrypt_pkcs1v15(ciph, &ciph_len, msg, msg_len, &pub_key, seed); cli_putstr_P(PSTR("\r\n ciphertext:")); cli_hexdump_block(ciph, ciph_len, 4, 16); #if DEBUG cli_putstr_P(PSTR("\r\n first prime:")); bigint_print_hex(&priv_key.components[0]); #endif cli_putstr_P(PSTR("\r\n decrypting ... ")); rsa_decrypt_pkcs1v15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out); cli_putstr_P(PSTR("[done]")); if(msg_len != msg_len_){ char tstr[16]; cli_putstr_P(PSTR("\r\nERROR: wrong decrypted message length (")); itoa(msg_len_, tstr, 10); cli_putstr(tstr); cli_putstr_P(PSTR(" instead of ")); itoa(msg_len, tstr, 10); cli_putstr(tstr); cli_putc(')'); goto end; } if(memcmp(msg, msg_, msg_len)){ cli_putstr_P(PSTR("\r\nERROR: wrong decrypted message:")); cli_hexdump_block(msg_, msg_len_, 4, 16); cli_putstr_P(PSTR("\r\nreference:")); cli_hexdump_block(msg, msg_len, 4, 16); goto end; } if(memcmp(seed, seed_out, seed_len)){ cli_putstr_P(PSTR("\r\nERROR: wrong decrypted seed:")); cli_hexdump_block(seed_out, seed_len, 4, 16); cli_putstr_P(PSTR("\r\nreference:")); cli_hexdump_block(seed, seed_len, 4, 16); goto end; } cli_putstr_P(PSTR("\r\n >>OK<<")); end: free(msg_); free(ciph); free(msg); free(seed_out); free(seed); }