首页 发现 帮助
注册 登录
Avans-TI
/
2.3-InternetRadio
2
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: b12fac4b8e
分支列表 标签列表
2.3-InternetRad...
/
nutos
/
nut
/
contrib
/
arm-crypto-lib
/
rsa
/
rsaes_oaep.c

rsaes_oaep.c 6.3 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228 
  1. 

  2. /* rsa_oaep.c */
    3. 

  3. /*
    4. 

  4.     This file is part of the ARM-Crypto-Lib.
    5. 

  5.     Copyright (C) 2006-2012 Daniel Otte (daniel.otte@rub.de)
    6. 

  6. 

  7.     This program is free software: you can redistribute it and/or modify
    8. 

  8.     it under the terms of the GNU General Public License as published by
    9. 

  9.     the Free Software Foundation, either version 3 of the License, or
    10. 

  10.     (at your option) any later version.
    11. 

  11. 

  12.     This program is distributed in the hope that it will be useful,
    13. 

  13.     but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.     GNU General Public License for more details.
    16. 

  16. 

  17.     You should have received a copy of the GNU General Public License
    18. 

  18.     along with this program.  If not, see <http://www.gnu.org/licenses/>.
    19. 

  19. */
    20. 

  20. 

  21. #include <stdint.h>
    22. 

  22. #include <stdlib.h>
    23. 

  23. #include <string.h>
    24. 

  24. #include <crypto/memxor.h>
    25. 

  25. #include <crypto/mgf1.h>
    26. 

  26. #include <crypto/bigint.h>
    27. 

  27. #include <crypto/rsa_basic.h>
    28. 

  28. #include <crypto/rsaes_oaep.h>
    29. 

  29. 

  30. #include <crypto/random_dummy.h>
    31. 

  31. 

  32. #include <crypto/hfal_sha1.h>
    33. 

  33. 

  34. #include "cli.h"
    35. 

  35. #include "uart_lowlevel.h"
    36. 

  36. 

  37. mgf1_parameter_t mgf1_default_parameter = {
    38. 

  38. 		&sha1_desc
    39. 

  39. };
    40. 

  40. 

  41. rsa_oaep_parameter_t rsa_oaep_default_parameter = {
    42. 

  42. 		mgf1,
    43. 

  43. 		&sha1_desc,
    44. 

  44. 		&mgf1_default_parameter
    45. 

  45. };
    46. 

  46. 

  47. rsa_label_t rsa_oaep_default_label = {
    48. 

  48. 		0, NULL
    49. 

  49. };
    50. 

  50. 

  51. uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
    52. 

  52. 		              const void* src, uint16_t length_B,
    53. 

  53. 		              const rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
    54. 

  54. 		              const rsa_label_t* label, const void* seed){
    55. 

  55. 

  56. 	if(!p){
    57. 

  57. 		p = &rsa_oaep_default_parameter;
    58. 

  58. 	}
    59. 

  59. 	if(!label){
    60. 

  60. 		label = &rsa_oaep_default_label;
    61. 

  61. 	}
    62. 

  62. 	uint16_t hv_len = (hfal_hash_getHashsize(p->hf)+7)/8;
    63. 

  63. 	if(length_B > bigint_length_B(&key->modulus) - 2*hv_len - 2){
    64. 

  64. 		/* message too long */
    65. 

  65. 		return 1;
    66. 

  66. 	}
    67. 

  67. 	uint16_t buffer_len = bigint_length_B(&key->modulus);
    68. 

  68. /*
    69. 

  69. 	cli_putstr("\r\n buffer_len = ");
    70. 

  70. 	cli_hexdump_rev(&buffer_len, 2);
    71. 

  71. 	cli_putstr("\r\n modulus_len = ");
    72. 

  72. 	cli_hexdump_rev(&key->modulus->length_W, 2);
    73. 

  73. */
    74. 

  74. 	uint8_t* buffer = (uint8_t*)dest;
    75. 

  75. 	uint8_t off;
    76. 

  76. 	/* the following needs some explanation:
    77. 

  77. 	 * off is the offset which is used for compensating the effect of
    78. 

  78. 	 * changeendian() when it operates on multi-byte words.
    79. 

  79. 	 * */
    80. 

  80. 	off = (sizeof(bigint_word_t) -(bigint_get_first_set_bit(&key->modulus)/8+1)%(sizeof(bigint_word_t)*8))
    81. 

  81. 			% (sizeof(bigint_word_t));
    82. 

  82. 	buffer += off;
    83. 

  83.     buffer_len -= off;
    84. 

  84. //    cli_putstr("\r\n  off = ");
    85. 

  85. //    cli_hexdump_byte(off);
    86. 

  86. 	uint8_t* seed_buffer = buffer + 1;
    87. 

  87. 	uint16_t db_len = buffer_len - hv_len - 1;
    88. 

  88. 	uint8_t* db = seed_buffer + hv_len;
    89. 

  89. 	uint16_t maskbuffer_len = db_len>hv_len?db_len:hv_len;
    90. 

  90. 	uint8_t maskbuffer[maskbuffer_len];
    91. 

  91. 	bigint_t x;
    92. 

  92. 

  93. 	memset(dest, 0, seed_buffer - buffer + off);
    94. 

  94. 	memset(db + hv_len, 0, db_len - hv_len - length_B -1);
    95. 

  95. 	hfal_hash_mem(p->hf, db, label->label, label->length_b);
    96. 

  96. 	db[db_len - length_B - 1] = 0x01;
    97. 

  97. 	memcpy(db+db_len - length_B, src, length_B);
    98. 

  98. 	if(seed){
    99. 

  99. 		memcpy(seed_buffer, seed, hv_len);
    100. 

  100. 	}else{
    101. 

  101. 		/* generate random seed */
    102. 

  102. 		if(!prng_get_byte){
    103. 

  103. 			return 2; /* ERROR: no random generator specified */
    104. 

  104. 		}
    105. 

  105. 		uint16_t i;
    106. 

  106. 		for(i=0; i<hv_len; ++i){
    107. 

  107. 			seed_buffer[i] = prng_get_byte();
    108. 

  108. 		}
    109. 

  109. 	}
    110. 

  110. //	cli_putstr("\r\n  msg (raw, pre-feistel):\r\n");
    111. 

  111. //	cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
    112. 

  112. 	p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
    113. 

  113. 	memxor(db, maskbuffer, db_len);
    114. 

  114. 	p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter);
    115. 

  115. 	memxor(seed_buffer, maskbuffer, hv_len);
    116. 

  116. //	cli_putstr("\r\n  msg (raw, post-feistel):\r\n");
    117. 

  117. //	cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
    118. 

  118. 

  119. 	x.wordv = dest;
    120. 

  120. 	bigint_adjust(&x);
    121. 

  121. 

  122. 	rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus));
    123. 

  123. 	rsa_enc(&x, key);
    124. 

  124. 	rsa_i2osp(NULL, &x, out_length);
    125. 

  125. 	return 0;
    126. 

  126. }
    127. 

  127. 

  128. uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
    129. 

  129. 		              const void* src, uint16_t length_B,
    130. 

  130. 		              const rsa_privatekey_t* key, const rsa_oaep_parameter_t *p,
    131. 

  131. 		              const rsa_label_t* label, void* seed){
    132. 

  132. 

  133. //	cli_putstr("\r\n -->rsa_decrypt_oaep()"); uart_flush(0);
    134. 

  134. 	if(!label){
    135. 

  135. 		label = &rsa_oaep_default_label;
    136. 

  136. 	}
    137. 

  137. 	if(!p){
    138. 

  138. 		p = &rsa_oaep_default_parameter;
    139. 

  139. 	}
    140. 

  140. 	uint16_t x_len, data_len;
    141. 

  141. 	bigint_t x;
    142. 

  142. 	uint16_t hv_len = hfal_hash_getHashsize(p->hf)/8;
    143. 

  143. 	uint8_t label_hv[hv_len];
    144. 

  144. 	uint16_t msg_len = bigint_get_first_set_bit(&key->modulus) / 8 + 1;
    145. 

  145. 	uint16_t db_len = msg_len - hv_len - 1;
    146. 

  146. 	uint8_t maskbuffer[db_len>hv_len?db_len:hv_len];
    147. 

  147. 

  148. 	uint8_t *seed_buffer = dest;
    149. 

  149. 	uint8_t *db_buffer = seed_buffer + hv_len;
    150. 

  150. 

  151. 	x_len = bigint_get_first_set_bit(&key->modulus)/8;
    152. 

  152. 	memset(dest, 0, bigint_length_B(&key->modulus) - length_B);
    153. 

  153. 	memcpy((uint8_t*)dest + bigint_length_B(&key->modulus) - length_B, src, length_B);
    154. 

  154. 

  155. //	cli_putc('a'); uart_flush(0);
    156. 

  156. 

  157. 	x.wordv = dest;
    158. 

  158. 	x.length_W = key->modulus.length_W;
    159. 

  159. 	x.info = 0;
    160. 

  160. 	bigint_adjust(&x);
    161. 

  161. 

  162. 

  163. //	cli_putc('b'); uart_flush(0);
    164. 

  164. 	rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus));
    165. 

  165. //	cli_putc('c'); uart_flush(0);
    166. 

  166. 	rsa_dec(&x, key);
    167. 

  167. //	cli_putc('d'); uart_flush(0);
    168. 

  168. 	rsa_i2osp(NULL, &x, &data_len);
    169. 

  169. 

  170. //	cli_putstr("\r\n  msg (raw, pre-move):\r\n");
    171. 

  171. //	cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
    172. 

  172. 

  173. 	if(data_len > x_len){
    174. 

  174. 		return 7;
    175. 

  175. 	}
    176. 

  176. /*
    177. 

  177. 	cli_putstr("\r\n moving some bytes; x_len = ");
    178. 

  178. 	cli_hexdump_rev(&x_len, 2);
    179. 

  179. 	cli_putstr("  data_len = ");
    180. 

  180. 	cli_hexdump_rev(&data_len, 2);
    181. 

  181. 	uart_flush(0);
    182. 

  182. */
    183. 

  183. 	if(x_len != data_len){
    184. 

  184. 		memmove((uint8_t*)dest + x_len - data_len, dest, data_len);
    185. 

  185. //		cli_putstr("  (oh, not dead yet?!)");
    186. 

  186. //		uart_flush(0);
    187. 

  187. 		memset(dest, 0, x_len - data_len);
    188. 

  188. 	}
    189. 

  189. 

  190. 	hfal_hash_mem(p->hf, label_hv, label->label, label->length_b);
    191. 

  191. /*
    192. 

  192. 	cli_putstr("\r\n  msg (raw, pre-feistel):\r\n");
    193. 

  193. 	cli_hexdump_block(seed_buffer, bigint_length_B(key->modulus), 4, 16);
    194. 

  194. 	uart_flush(0);
    195. 

  195. */
    196. 

  196. 	p->mgf(maskbuffer, db_buffer, db_len, hv_len, p->mgf_parameter);
    197. 

  197. 	memxor(seed_buffer, maskbuffer, hv_len);
    198. 

  198. 	p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
    199. 

  199. 	memxor(db_buffer, maskbuffer, db_len);
    200. 

  200. 

  201. 	if(memcmp(label_hv, db_buffer, hv_len)){
    202. 

  202. //		cli_putstr("\r\nDBG: DB:\r\n");
    203. 

  203. //		cli_hexdump_block(db_buffer, db_len, 4, 16);
    204. 

  204. 		return 2;
    205. 

  205. 	}
    206. 

  206. 

  207. 	uint16_t ps_len=0;
    208. 

  208. 	while(db_buffer[hv_len + ps_len++] == 0)
    209. 

  209. 		;
    210. 

  210. 

  211. 	--ps_len;
    212. 

  212. 	if(db_buffer[hv_len + ps_len] != 1){
    213. 

  213. 		return 3;
    214. 

  214. 	}
    215. 

  215. 

  216. 	if(seed){
    217. 

  217. 		memcpy(seed, seed_buffer, hv_len);
    218. 

  218. 	}
    219. 

  219. 

  220. 	msg_len = db_len - hv_len - 1 - ps_len;
    221. 

  221. 	memmove(dest, db_buffer + hv_len + ps_len + 1, msg_len);
    222. 

  222. 

  223. 	*out_length = msg_len;
    224. 

  224. 

  225. 	return 0;
    226. 

  226. }
    227. 

  227. 

  228.