void aes256_encrypt(const aes_secret& key, aes_block& block)
{
aes256_context context;
aes256_init(&context, key.data());
aes256_encrypt_ecb(&context, block.data());
aes256_done(&context);
}
int main (int argc, char *argv[])
{
aes256_context ctx;
uint8_t key[32];
uint8_t buf[16], i;
/* put a test vector */
//for (i = 0; i < sizeof(buf);i++) buf[i] = i * 16 + i;
/*for (i = 0; i < sizeof(buf);i++)*/ strcpy(buf, "plain text to cipher");
for (i = 0; i < sizeof(key);i++) key[i] = i;
DUMP("txt: ", i, buf, sizeof(buf));
DUMP("key: ", i, key, sizeof(key));
printf("---\n");
aes256_init(&ctx, key);
aes256_encrypt_ecb(&ctx, buf);
DUMP("enc: ", i, buf, sizeof(buf));
//printf("tst: 8e a2 b7 ca 51 67 45 bf ea fc 49 90 4b 49 60 89\n");
//aes256_init(&ctx, key);
//aes256_init(&ctx, key);
aes256_decrypt_ecb(&ctx, buf);
DUMP("dec: ", i, buf, sizeof(buf));
aes256_done(&ctx);
return 0;
} /* main */
int id_init(int handle, const id_desc_t *desc, mifare_tag_t *tag,
const void *id, int32_t counter)
{
int i, block = desc->sector * 4;
/* Generate per card key */
uint8_t aes_key[32];
memcpy(aes_key, desc->aes_key, 32);
for (i = 0; i < 32; i++)
aes_key[i] ^= tag->serial[i & 3];
/* Prepare buffer */
uint8_t buf[16];
memcpy(buf, desc->magic, 4);
memcpy(&buf[4], id, 12);
/* Encrypt buffer */
aes256_context aes;
aes256_init(&aes, aes_key);
aes256_encrypt_ecb(&aes, buf);
aes256_done(&aes);
if (mifare_select(handle, tag))
return ID_ERROR_SELECT;
if (mifare_login(handle, desc->sector, desc->key_type, desc->key))
return ID_ERROR_LOGIN;
if (mifare_write_block(handle, block + 1, buf))
return ID_ERROR_WRITE_BLOCK;
if (mifare_write_value(handle, block + 2, 0))
return ID_ERROR_WRITE_VALUE;
return ID_OK;
}
int
main(void)
{
aes256_context ctx;
uint8_t key[32];
uint8_t buf[16], i;
/* Put a test vector. */
for (i = 0; i < sizeof(buf); i++)
buf[i] = i * 16 + i;
for (i = 0; i < sizeof(key); i++)
key[i] = i;
DUMP("txt: ", i, buf, sizeof(buf));
DUMP("key: ", i, key, sizeof(key));
printf("---\n");
aes256_init(&ctx, key);
aes256_encrypt_ecb(&ctx, buf);
DUMP("enc: ", i, buf, sizeof(buf));
printf("tst: 8e a2 b7 ca 51 67 45 bf ea fc 49 90 4b 49 60 89\n");
aes256_init(&ctx, key);
aes256_decrypt_ecb(&ctx, buf);
DUMP("dec: ", i, buf, sizeof(buf));
aes256_done(&ctx);
return (0);
}
void FileAccessEncrypted::close() {
if (!file)
return;
if (writing) {
Vector<uint8_t> compressed;
size_t len = data.size();
if (len % 16) {
len+=16-(len % 16);
}
MD5_CTX md5;
MD5Init(&md5);
MD5Update(&md5,data.ptr(),data.size());
MD5Final(&md5);
compressed.resize(len);
zeromem( compressed.ptr(), len );
for(int i=0;i<data.size();i++) {
compressed[i]=data[i];
}
aes256_context ctx;
aes256_init(&ctx,key.ptr());
for(size_t i=0;i<len;i+=16) {
aes256_encrypt_ecb(&ctx,&compressed[i]);
}
aes256_done(&ctx);
file->store_32(COMP_MAGIC);
file->store_32(mode);
file->store_buffer(md5.digest,16);
file->store_64(data.size());
file->store_buffer(compressed.ptr(),compressed.size());
file->close();
memdelete(file);
file=NULL;
data.clear();
} else {
file->close();
memdelete(file);
data.clear();
file=NULL;
}
}
void encrypt(uint8_t key[32], uint8_t *buf, unsigned long numbytes)
{
printf("\nBeginning encryption\n");
aes256_init(key);
unsigned long offset;
//printf("Creating %d threads over %d blocks\n", dimBlock.x*dimGrid.x, dimBlock.x);
for (offset = 0; offset < numbytes; offset += AES_BLOCK_SIZE)
aes256_encrypt_ecb(buf, offset);
}
// ------------------------------------------------------------------------------------------------
String AES256::Encrypt(CSStr data)
{
// Is there any data to encrypt?
if (!data || *data == 0)
{
return String();
}
// Copy the data into an editable string
String str(data);
// Make sure that we have a size with a multiple of 16
if ((str.size() % 16) != 0)
{
str.resize(str.size() - (str.size() % 16) + 16);
}
// Encrypt in chunks of 16 characters
for (Uint32 n = 0; n < str.size(); n += 16)
{
aes256_encrypt_ecb(&m_Context, reinterpret_cast< Uint8 * >(&str[n]));
}
// Return ownership of the encrypted string
return std::move(str);
}
int main (UNUSED_ int argc, UNUSED_ char *argv[])
{
uint8_t key[32] = {
0xFF, 0x7A, 0x61, 0x7C, 0xE6, 0x91, 0x48, 0xE4,
0xF1, 0x72, 0x6E, 0x2F, 0x43, 0x58, 0x1D, 0xE2,
0xAA, 0x62, 0xD9, 0xF8, 0x05, 0x53, 0x2E, 0xDF,
0xF1, 0xEE, 0xD6, 0x87, 0xFB, 0x54, 0x15, 0x3D
};
uint8_t buf[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
0x20, 0x21, 0x22, 0x23
};
rfc3686_blk ctr = {
{0x00, 0x1C, 0xC5, 0xB7}, /* nonce */
{0x51, 0xA5, 0x1D, 0x70, 0xA1, 0xC1, 0x11, 0x48}, /* IV */
{0x00, 0x00, 0x00, 0x01} /* counter */
};
aes256_context ctx;
int rc;
uint8_t i;
/* **********************************************************
* First we test CTR
*/
printf("# CTR test\n");
dump("Text:", buf, sizeof(buf));
dump("Key:", key, sizeof(key));
aes256_init(&ctx, key);
aes256_setCtrBlk(&ctx, &ctr);
aes256_encrypt_ctr(&ctx, buf, sizeof(buf));
dump("Result:", buf, sizeof(buf));
rc = mem_isequal(buf, RFC3686_TV9, sizeof(RFC3686_TV9));
printf("\t^ %s\n", (rc == 0) ? "Ok" : "INVALID" );
/* reset the counter to decrypt */
ctr.ctr[0] = ctr.ctr[1] = ctr.ctr[2] = 0;
ctr.ctr[3] = 1;
aes256_setCtrBlk(&ctx, &ctr);
aes256_decrypt_ctr(&ctx, buf, sizeof(buf));
dump("Text:", buf, sizeof(buf));
/* ************************************************************
* Now we test the core AES-256 ECB, just in case
*/
printf("\n# ECB test\n");
for (i = 0; i < sizeof(AES256_TV); i++)
buf[i] = ((i << 4) & 0xF0) + i;
for (i = 0; i < sizeof(key); i++)
key[i] = i;
dump("Text:", buf, sizeof(AES256_TV));
dump("Key:", key, sizeof(key));
aes256_init(&ctx, key);
aes256_encrypt_ecb(&ctx, buf);
dump("Result:", buf, sizeof(AES256_TV));
rc = mem_isequal(buf, AES256_TV, sizeof(AES256_TV));
printf("\t^ %s\n", (rc == 0) ? "Ok" : "INVALID" );
aes256_done(&ctx);
return 0;
} /* main */
/*! \fn main(void)
* \brief Main function
* \note For our security chain to be valid, EEP_BOOT_PWD_SET in eeprom needs to be set to BOOTLOADER_PWDOK_KEY
*/
int main(void)
{
/* Fetch bootkey in eeprom */
uint16_t current_bootkey_val = eeprom_read_word((uint16_t*)EEP_BOOTKEY_ADDR); // Bootkey in EEPROM
uint8_t new_aes_key[AES_KEY_LENGTH/8]; // New AES encryption key
uint8_t cur_aes_key[AES_KEY_LENGTH/8]; // AES encryption key
uint8_t firmware_data[SPM_PAGESIZE]; // One page of firmware data
aes256_context temp_aes_context; // AES context
uint8_t cur_cbc_mac[16]; // Current CBCMAC val
uint8_t temp_data[16]; // Temporary 16 bytes array
RET_TYPE flash_init_result; // Flash initialization result
uint16_t firmware_start_address = UINT16_MAX - MAX_FIRMWARE_SIZE - sizeof(cur_cbc_mac) - sizeof(cur_aes_key) + 1; // Start address of firmware in external memory
uint16_t firmware_end_address = UINT16_MAX - sizeof(cur_cbc_mac) - sizeof(cur_aes_key) + 1; // End address of firmware in external memory
/* Just in case we are going to disable the watch dog timer and disable interrupts */
cli();
wdt_reset();
wdt_clear_flag();
wdt_change_enable();
wdt_stop();
/* Check fuses: 2k words, SPIEN, BOD 4.3V, BOOTRST programming & ver disabled >> http://www.engbedded.com/fusecalc/ */
if ((boot_lock_fuse_bits_get(GET_LOW_FUSE_BITS) != 0xFF) || (boot_lock_fuse_bits_get(GET_HIGH_FUSE_BITS) != 0xD8) || (boot_lock_fuse_bits_get(GET_EXTENDED_FUSE_BITS) != 0xF8) || (boot_lock_fuse_bits_get(GET_LOCK_BITS) != 0xFC))
{
while(1);
}
/* If security isn't set in place yet, no point in launching the bootloader */
if (eeprom_read_byte((uint8_t*)EEP_BOOT_PWD_SET) != BOOTLOADER_PWDOK_KEY)
{
start_firmware();
}
/* Check if the device is booting normally, if the bootloader was called, or unknown state */
if (current_bootkey_val == CORRECT_BOOTKEY)
{
/* Security system set, correct bootkey for firmware */
start_firmware();
}
else if (current_bootkey_val != BOOTLOADER_BOOTKEY)
{
/* Security system set, bootkey isn't the bootloader one nor the main fw one... */
while(1);
}
/* By default, brick the device so it's an all or nothing update procedure */
eeprom_write_word((uint16_t*)EEP_BOOTKEY_ADDR, BRICKED_BOOTKEY);
/* Init IOs */
UHWCON = 0x01; // Enable USB 3.3V LDO
initFlashIOs(); // Init EXT Flash IOs
spiUsartBegin(); // Init SPI Controller
DDR_ACC_SS |= (1 << PORTID_ACC_SS); // Setup PORT for the Accelerometer SS
PORT_ACC_SS |= (1 << PORTID_ACC_SS); // Setup PORT for the Accelerometer SS
DDR_OLED_SS |= (1 << PORTID_OLED_SS); // Setup PORT for the OLED SS
PORT_OLED_SS |= (1 << PORTID_OLED_SS); // Setup PORT for the OLED SS
for (uint16_t i = 0; i < 20000; i++) asm volatile ("NOP");
/* Disable I2C block of the Accelerometer */
PORT_ACC_SS &= ~(1 << PORTID_ACC_SS);
spiUsartTransfer(0x23);
spiUsartTransfer(0x02);
PORT_ACC_SS |= (1 << PORTID_ACC_SS);
/* Check Flash */
flash_init_result = checkFlashID();
if (flash_init_result != RETURN_OK)
{
while(1);
}
for (uint8_t pass_number = 0; pass_number < 2; pass_number++)
{
/* Init CBCMAC encryption context*/
eeprom_read_block((void*)cur_aes_key, (void*)EEP_BOOT_PWD, sizeof(cur_aes_key));
memset((void*)cur_cbc_mac, 0x00, sizeof(cur_cbc_mac));
memset((void*)temp_data, 0x00, sizeof(temp_data));
aes256_init_ecb(&temp_aes_context, cur_aes_key);
// Compute CBCMAC for between the start of the graphics zone until the max addressing space (65536) - the size of the CBCMAC
for (uint16_t i = GRAPHIC_ZONE_START; i < (UINT16_MAX - sizeof(cur_cbc_mac) + 1); i += sizeof(cur_cbc_mac))
{
// Read data from external flash
flashRawRead(temp_data, i, sizeof(temp_data));
// If we got to the part containing to firmware
if ((i >= firmware_start_address) && (i < firmware_end_address))
{
// Append firmware data to current buffer
uint16_t firmware_data_address = i - firmware_start_address;
memcpy(firmware_data + (firmware_data_address & SPM_PAGE_SIZE_BYTES_BM), temp_data, sizeof(temp_data));
// If we have a full page in buffer, flash it
firmware_data_address += sizeof(cur_cbc_mac);
if (((firmware_data_address & SPM_PAGE_SIZE_BYTES_BM) == 0x0000) && (pass_number == 1))
{
boot_program_page(firmware_data_address - SPM_PAGESIZE, firmware_data);
}
}
// If we got to the part containing the encrypted new aes key (end of the for())
if (i >= firmware_end_address)
{
memcpy(new_aes_key + i - firmware_end_address, temp_data, sizeof(temp_data));
}
// Continue computation of CBCMAC
aesXorVectors(cur_cbc_mac, temp_data, sizeof(temp_data));
aes256_encrypt_ecb(&temp_aes_context, cur_cbc_mac);
}
// Read CBCMAC in memory and compare it with the computed value
flashRawRead(temp_data, (UINT16_MAX - sizeof(cur_cbc_mac) + 1), sizeof(cur_cbc_mac));
if (pass_number == 0)
{
// First pass, compare CBCMAC and see if we do the next pass or start the firmware
if (sideChannelSafeMemCmp(temp_data, cur_cbc_mac, sizeof(cur_cbc_mac)) != 0)
{
// No match, start the main firmware
eeprom_write_word((uint16_t*)EEP_BOOTKEY_ADDR, CORRECT_BOOTKEY);
start_firmware();
}
else
{
// Otherwise, next pass!
}
}
else
{
// Second pass, compare CBCMAC and then update AES keys
if (sideChannelSafeMemCmp(temp_data, cur_cbc_mac, sizeof(cur_cbc_mac)) == 0)
{
// Fetch the encrypted new aes key from flash, decrypt it, store it
aes256_decrypt_ecb(&temp_aes_context, new_aes_key);
aes256_decrypt_ecb(&temp_aes_context, new_aes_key+16);
eeprom_write_block((void*)new_aes_key, (void*)EEP_BOOT_PWD, sizeof(new_aes_key));
eeprom_write_word((uint16_t*)EEP_BOOTKEY_ADDR, CORRECT_BOOTKEY);
start_firmware();
}
else
{
// Fail, erase everything! >> maybe just write a while(1) in the future?
for (uint16_t i = 0; i < MAX_FIRMWARE_SIZE; i += SPM_PAGESIZE)
{
boot_page_erase(i);
boot_spm_busy_wait();
}
while(1);
}
}
}
}
void aes_transmitter (unsigned char bytes_to_send[], int bytes_size, HANDLE h1)
{
int j;
int temp1 = 16;
int tempp1 = 16;
unsigned char buff_aes1[16];
unsigned char buff_aes2[16];
unsigned char buff_aes3[16];
unsigned char buff_aes4[16];
unsigned char buff_aes5[16];
unsigned char buff_aes6[16];
unsigned char buff_aes7[16];
unsigned char buff_aes8[16];
unsigned char buff_aes9[16];
unsigned char buff_aes10[16];
unsigned char buff_aes11[16];
/*unsigned char buff_aes12[16];
unsigned char buff_aes13[16];
unsigned char buff_aes14[16];
unsigned char buff_aes15[16];
unsigned char buff_aes16[16];
unsigned char buff_aes17[16];
unsigned char buff_aes18[16];
unsigned char buff_aes19[16];
unsigned char buff_aes20[16];
unsigned char buff_aes21[16];
unsigned char buff_aes22[16];
unsigned char buff_aes23[16];
unsigned char buff_aes24[16];
unsigned char buff_aes25[16];
unsigned char buff_aes26[16];
unsigned char buff_aes27[16];*/
unsigned char buff_enc[176];
aes256_context ctx;
uint8_t key[32];
uint8_t i;
//HANDLE h1;
//char c1[] = {"COM3"};
int first_time;
int temp, mytime, second_time;
clock_t t1, t2, t;
t1 = clock();
first_time = time(NULL);
for(j=0;j<sizeof(buff_aes1);j++) {
buff_aes1[j] = bytes_to_send[j];
buff_aes2[j] = bytes_to_send[j+16];
buff_aes3[j] = bytes_to_send[j+32];
buff_aes4[j] = bytes_to_send[j+48];
buff_aes5[j] = bytes_to_send[j+64];
buff_aes6[j] = bytes_to_send[j+80];
buff_aes7[j] = bytes_to_send[j+96];
buff_aes8[j] = bytes_to_send[j+112];
buff_aes9[j] = bytes_to_send[j+128];
buff_aes10[j] = bytes_to_send[j+144];
buff_aes11[j] = bytes_to_send[j+160];
/*buff_aes12[j] = bytes_to_send[j+176];
buff_aes13[j] = bytes_to_send[j+192];
buff_aes14[j] = bytes_to_send[j+208];
buff_aes15[j] = bytes_to_send[j+224];
buff_aes16[j] = bytes_to_send[j+240];
buff_aes17[j] = bytes_to_send[j+256];
buff_aes18[j] = bytes_to_send[j+272];
buff_aes19[j] = bytes_to_send[j+288];
buff_aes20[j] = bytes_to_send[j+304];
buff_aes21[j] = bytes_to_send[j+320];
buff_aes22[j] = bytes_to_send[j+336];
buff_aes23[j] = bytes_to_send[j+352];
buff_aes24[j] = bytes_to_send[j+368];
buff_aes25[j] = bytes_to_send[j+384];
buff_aes26[j] = bytes_to_send[j+400];
buff_aes27[j] = bytes_to_send[j+416];
temp1 = temp1 + 1;*/
}
//h1 = GetSerialPort(c1);
if (h1 == INVALID_HANDLE_VALUE)
{
fprintf(stderr, "Error opening serial port\n");
exit(1);
}
else {}
//printf("serial port opened successfully\n");
/* put a test vector */
for (i = 0; i < sizeof(key);i++) key[i] = i;
// DUMP("plain txt: ", i, bytes_to_send, bytes_size);
// printf("---\n");
aes256_init(&ctx, key);
aes256_encrypt_ecb(&ctx, buff_aes1);
aes256_encrypt_ecb(&ctx, buff_aes2);
aes256_encrypt_ecb(&ctx, buff_aes3);
aes256_encrypt_ecb(&ctx, buff_aes4);
aes256_encrypt_ecb(&ctx, buff_aes5);
aes256_encrypt_ecb(&ctx, buff_aes6);
aes256_encrypt_ecb(&ctx, buff_aes7);
aes256_encrypt_ecb(&ctx, buff_aes8);
aes256_encrypt_ecb(&ctx, buff_aes9);
aes256_encrypt_ecb(&ctx, buff_aes10);
aes256_encrypt_ecb(&ctx, buff_aes11);
/*aes256_encrypt_ecb(&ctx, buff_aes12);
aes256_encrypt_ecb(&ctx, buff_aes13);
aes256_encrypt_ecb(&ctx, buff_aes14);
aes256_encrypt_ecb(&ctx, buff_aes15);
aes256_encrypt_ecb(&ctx, buff_aes16);
aes256_encrypt_ecb(&ctx, buff_aes17);
aes256_encrypt_ecb(&ctx, buff_aes18);
aes256_encrypt_ecb(&ctx, buff_aes19);
aes256_encrypt_ecb(&ctx, buff_aes20);
aes256_encrypt_ecb(&ctx, buff_aes21);
aes256_encrypt_ecb(&ctx, buff_aes22);
aes256_encrypt_ecb(&ctx, buff_aes23);
aes256_encrypt_ecb(&ctx, buff_aes24);
aes256_encrypt_ecb(&ctx, buff_aes25);
aes256_encrypt_ecb(&ctx, buff_aes26);
aes256_encrypt_ecb(&ctx, buff_aes27);*/
//DUMP("encrypted text: ", i, bytes_to_send, bytes_size);
aes256_done(&ctx);
//delay();
for(j=0;j<sizeof(buff_aes1);j++) {
buff_enc[j] = buff_aes1[j];
buff_enc[j+16] = buff_aes2[j];
buff_enc[j+32] = buff_aes3[j];
buff_enc[j+48] = buff_aes4[j];
buff_enc[j+64] = buff_aes5[j];
buff_enc[j+80] = buff_aes6[j];
buff_enc[j+96] = buff_aes7[j];
buff_enc[j+112] = buff_aes8[j];
buff_enc[j+128] = buff_aes9[j];
buff_enc[j+144] = buff_aes10[j];
buff_enc[j+160] = buff_aes11[j];
/*buff_enc[j+176] = buff_aes12[j];
buff_enc[j+192] = buff_aes13[j];
buff_enc[j+208] = buff_aes14[j];
buff_enc[j+224] = buff_aes15[j];
buff_enc[j+240] = buff_aes16[j];
buff_enc[j+256] = buff_aes17[j];
buff_enc[j+272] = buff_aes18[j];
buff_enc[j+288] = buff_aes19[j];
buff_enc[j+304] = buff_aes20[j];
buff_enc[j+320] = buff_aes21[j];
buff_enc[j+336] = buff_aes22[j];
buff_enc[j+352] = buff_aes23[j];
buff_enc[j+368] = buff_aes24[j];
buff_enc[j+384] = buff_aes25[j];
buff_enc[j+400] = buff_aes26[j];
buff_enc[j+416] = buff_aes27[j];
tempp1 = tempp1 + 1;*/
}
ser_comm(buff_enc, h1);
//ser_comm(bytes_to_send, h1);
//printf("\n");
t2 = clock();
second_time = time(NULL);
t = t2 - t1;
mytime = second_time - first_time;
// printf ("Total execution time %f seconds.\n",((float)t)/CLOCKS_PER_SEC);
// printf ("Program took me %d cycles to execute.\n",t);
// printf("Actual time taken is %d seconds.\n", mytime);
} /* main */
