static int
remove_npdrm(SELF *self, CONTROL_INFO *control_info, uint8_t *metadata, struct keylist *klist)
{
CONTROL_INFO *info;
u32 license_type;
char content_id[0x31] = {'\0'};
struct rif *rif;
struct actdat *actdat;
u8 enc_const[0x10];
u8 dec_actdat[0x10];
u8 klicensee[0x10];
int i;
u64 off;
for (i = off = 0; off < self->controlinfo_size; i++) {
info = &control_info[i];
if (info->type == 3) {
license_type = info->npdrm.license_type;
switch (license_type) {
case 1:
// cant decrypt network stuff
return -1;
case 2:
memcpy(content_id, info->npdrm.content_id, 0x30);
rif = rif_get(content_id);
if (rif == NULL) {
return -1;
}
aes128(klist->rif, rif->padding, rif->padding);
aes128_enc(klist->idps, klist->npdrm_const, enc_const);
actdat = actdat_get();
if (actdat == NULL) {
return -1;
}
aes128(enc_const, &actdat->keyTable[swap32(rif->actDatIndex)*0x10], dec_actdat);
aes128(dec_actdat, rif->key, klicensee);
decrypt_npdrm(metadata, klist, klicensee);
return 1;
case 3:
decrypt_npdrm(metadata, klist, klist->free_klicensee);
return 1;
}
}
off += info->size;
}
return 0;
}
/*
* Its refers to encryption messages with ECB mode
* In ECB mode is separated from message in blocks of 16 bytes and cipher each
* one individually
*
* 'original_data' is the unencrypted message
* 'size' is the number of bytes that should occupy the message
* 'keySize' is the size of the key, this value can be 128, 192 or 256
*
*/
void WaspAES::ECBEncrypt( uint8_t *original_data
, uint16_t size
, uint16_t keySize)
{
// In ECB mode is separated from message in blocks of
// 16 bytes and cipher each one individually
uint16_t index,index2;
index = 0;
index2 = 0;
while( index < size )
{
// get the first 16-Byte block from original
// message to be encrypted separately
for (int i =0; i<16;i++)
{
block_data[i] = original_data[index];
index++;
}
// Encrypt the selected 16-Byte block
switch(keySize)
{
case 128:
aes128_enc(block_data, &ctx128);
break;
case 192:
aes192_enc(block_data, &ctx192);
break;
case 256:
aes256_enc(block_data, &ctx256);
break;
}
for (int i = 0; i<16;i++)
{
original_data[index2] = block_data[i];
index2++;
}
}
}
static inline void
mac(rijndael_ctx *ctx,
unsigned char *msg, size_t len,
unsigned char B[DTLS_CCM_BLOCKSIZE],
unsigned char X[DTLS_CCM_BLOCKSIZE]) {
size_t i;
for (i = 0; i < len; ++i)
B[i] = X[i] ^ msg[i];
#ifdef NOUVELLE_IMPLE_AES
// TODO vérifier les tailles des copies
memcpy(X, B, DTLS_CCM_BLOCKSIZE);
aes128_enc(X, ctx);
#endif
#ifdef ANCIENNE_IMPLE_AES
rijndael_encrypt(ctx, B, X);
#endif
}
static inline void
encrypt(rijndael_ctx *ctx, size_t L, unsigned long counter,
unsigned char *msg, size_t len,
unsigned char A[DTLS_CCM_BLOCKSIZE],
unsigned char S[DTLS_CCM_BLOCKSIZE]) {
static unsigned long counter_tmp;
SET_COUNTER(A, L, counter, counter_tmp);
#ifdef NOUVELLE_IMPLE_AES
// TODO vérifier les tailles des copies
memcpy(S, A, DTLS_CCM_BLOCKSIZE);
aes128_enc(S, ctx);
#endif
#ifdef ANCIENNE_IMPLE_AES
rijndael_encrypt(ctx, A, S);
#endif
memxor(msg, S, len);
}
int main (void) {
uint8_t j;
aes128_ctx_t ctx; /* the context where the round keys are stored */
aes128_init(key, &ctx); /* generating the round keys from the 128 bit key */
wakeup_init();
sei(); //Activate interrupts
rfm70_init();
j = 0;
while(1) {
set_sleep_mode(SLEEP_MODE_IDLE);
sleep_mode();
if (interrupt_flag == 1) {
interrupt_flag = 0;
rfm70_mode_transmit();
rfm70_power(3);
_delay_ms(50);
read_vcc(); //setup the ADC
data.info.type = 1;
data.info.vcc = vcc;
data.info.vcc_factor = VCC_SCALE_FACTOR;
data.info.tempreture = 0;
for (uint8_t i=0;i<11;i++) {
data.info.data[i] = 0;
}
aes128_enc(data.raw, &ctx); /* encrypting the data block */
rfm70_transmit_message( data.raw, 16 );
_delay_ms(100);
rfm70_mode_powerdown();
}
}
return 0;
}
void testrun_test_aes(void){
uint8_t key[16] = { 0x2b, 0x7e, 0x15, 0x16,
0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88,
0x09, 0xcf, 0x4f, 0x3c };
uint8_t data[16] = { 0x32, 0x43, 0xf6, 0xa8,
0x88, 0x5a, 0x30, 0x8d,
0x31, 0x31, 0x98, 0xa2,
0xe0, 0x37, 0x07, 0x34 };
aes128_ctx_t ctx;
aes128_init(key, &ctx);
cli_putstr("\r\n\r\n cipher test (FIPS 197):\r\n key: ");
cli_hexdump(key, 16);
cli_putstr("\r\n plaintext: ");
cli_hexdump(data, 16);
aes128_enc(data, &ctx);
cli_putstr("\r\n ciphertext: ");
cli_hexdump(data, 16);
aes128_dec(data, &ctx);
cli_putstr("\r\n plaintext: ");
cli_hexdump(data, 16);
cli_putstr("\r\n testing bcal:");
bcgen_ctx_t bcal_ctx;
uint8_t r;
r = bcal_cipher_init(&aes128_desc, key, 128, &bcal_ctx);
cli_putstr("\r\n init = 0x");
cli_hexdump(&r, 1);
bcal_cipher_enc(data, &bcal_ctx);
cli_putstr("\r\n ciphertext: ");
cli_hexdump(data, 16);
bcal_cipher_dec(data, &bcal_ctx);
cli_putstr("\r\n plaintext: ");
cli_hexdump(data, 16);
bcal_cipher_free(&bcal_ctx);
}
void aes_128_ctr(unsigned char *key, size_t length, unsigned char nonce_counter[16], const unsigned char *input, unsigned char *output)
{
int c, i;
size_t n = 0;
unsigned char stream_block[16];
aes128_ctx_t ctx;
aes128_init(key, &ctx);
while( length-- )
{
if( n == 0 ) {
memcpy(stream_block,nonce_counter,16);
aes128_enc(stream_block, &ctx);
for( i = 16; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 )
break;
}
c = *input++;
*output++ = (unsigned char)( c ^ stream_block[n] );
n = (n + 1) & 0x0F;
}
}
void testrun_test_aes(void){
uint8_t key[16] = { 0x2b, 0x7e, 0x15, 0x16,
0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88,
0x09, 0xcf, 0x4f, 0x3c };
uint8_t data[16] = { 0x32, 0x43, 0xf6, 0xa8,
0x88, 0x5a, 0x30, 0x8d,
0x31, 0x31, 0x98, 0xa2,
0xe0, 0x37, 0x07, 0x34 };
aes128_ctx_t ctx;
aes128_init(key, &ctx);
cli_putstr_P(PSTR("\r\n\r\n cipher test (FIPS 197):\r\n key: "));
cli_hexdump(key, 16);
cli_putstr_P(PSTR("\r\n plaintext: "));
cli_hexdump(data, 16);
aes128_enc(data, &ctx);
cli_putstr_P(PSTR("\r\n ciphertext: "));
cli_hexdump(data, 16);
aes128_dec(data, &ctx);
cli_putstr_P(PSTR("\r\n plaintext: "));
cli_hexdump(data, 16);
}
int main ( void )
{
uint8_t *bufcontents;
uint8_t i;
uint8_t tv[] = "foobar1";
uint16_t ticker = 0;
uint8_t rc;
aes128_ctx_t ctx;
uint8_t key[] = "0123456789ABCDEF";
uint8_t IV[] = "FEDCBA9876543210";
uint8_t text[] = "Hello rfm12 world. I've gonna cipher you ";
drive(LED1);
drive(LED2);
toggle_output(LED1);
uart_init();
_delay_ms(250);
_delay_ms(250);
sei();
toggle_output(LED2);
uart_putstr ("AVR Boot Ok\r\n");
_delay_ms(250);
toggle_output(LED2);
aes128_init(key,&ctx);
while (1) {
uart_putstr("key = ");
uart_putstr(key);
uart_putstr("\r\n");
uart_putstr("text = ");
uart_putstr(text);
uart_putstr("\r\n");
/* Ciphering in CBC mode */
memxor(text,IV,16);
aes128_enc(text,&ctx);
memxor(text+16,text,16);
aes128_enc(text+16,&ctx);
memxor(text+32,text+16,16);
aes128_enc(text+32,&ctx);
uart_putstr("text ciphered = \r\n");
uart_hexdump(text,sizeof(text));
/* Deciphering in CBC mode */
aes128_dec(text+32,&ctx);
memxor(text+32,text+16,16);
aes128_dec(text+16,&ctx);
memxor(text+16,text,16);
aes128_dec(text,&ctx);
memxor(text,IV,16);
uart_putstr("text unciphered = ");
uart_putstr(text);
uart_putstr("\r\n");
/* Let change the IV */
IV[0]++;
_delay_ms(250);
_delay_ms(250);
_delay_ms(250);
_delay_ms(250);
}
}
void aes_indep_enc(uint8_t * pt)
{
aes128_enc(pt, &ctx); /* encrypting the data block */
}
void cbc_encrypt(cbc_state_t *state, aes_ctx_t *ctx) {
xor_buf(state->data, state->iv, AES_BUF_LEN);
aes128_enc(state->data, ctx);
memcpy(state->iv, state->data, AES_BUF_LEN);
}
// TODO vérifier les tailles des copies
static void
add_auth_data(rijndael_ctx *ctx, const unsigned char *msg, size_t la,
unsigned char B[DTLS_CCM_BLOCKSIZE],
unsigned char X[DTLS_CCM_BLOCKSIZE])
{
size_t i,j;
#ifdef NOUVELLE_IMPLE_AES
memcpy(X, B, DTLS_CCM_BLOCKSIZE);
aes128_enc(X, ctx);
#endif
#ifdef ANCIENNE_IMPLE_AES
rijndael_encrypt(ctx, B, X);
#endif
memset(B, 0, DTLS_CCM_BLOCKSIZE);
if (!la)
return;
#ifndef WITH_CONTIKI
if (la < 0xFF00) { /* 2^16 - 2^8 */
j = 2;
dtls_int_to_uint16(B, la);
} else if (la <= UINT32_MAX) {
j = 6;
dtls_int_to_uint16(B, 0xFFFE);
dtls_int_to_uint32(B+2, la);
} else {
j = 10;
dtls_int_to_uint16(B, 0xFFFF);
dtls_int_to_uint64(B+2, la);
}
#else /* WITH_CONTIKI */
/* With Contiki, we are building for small devices and thus
* anticipate that the number of additional authentication bytes
* will not exceed 65280 bytes (0xFF00) and we can skip the
* workarounds required for j=6 and j=10 on devices with a word size
* of 32 bits or 64 bits, respectively.
*/
assert(la < 0xFF00);
j = 2;
dtls_int_to_uint16(B, la);
#endif /* WITH_CONTIKI */
i = min(DTLS_CCM_BLOCKSIZE - j, la);
memcpy(B + j, msg, i);
la -= i;
msg += i;
memxor(B, X, DTLS_CCM_BLOCKSIZE);
#ifdef NOUVELLE_IMPLE_AES
// TODO vérifier les tailles des copies
memcpy(X, B, DTLS_CCM_BLOCKSIZE);
aes128_enc(X, ctx);
#endif
#ifdef ANCIENNE_IMPLE_AES
rijndael_encrypt(ctx, B, X);
#endif
while (la > DTLS_CCM_BLOCKSIZE) {
for (i = 0; i < DTLS_CCM_BLOCKSIZE; ++i)
B[i] = X[i] ^ *msg++;
la -= DTLS_CCM_BLOCKSIZE;
#ifdef NOUVELLE_IMPLE_AES
// TODO vérifier les tailles des copies
memcpy(X, B, DTLS_CCM_BLOCKSIZE);
aes128_enc(X, ctx);
#endif
#ifdef ANCIENNE_IMPLE_AES
rijndael_encrypt(ctx, B, X);
#endif
}
if (la) {
memset(B, 0, DTLS_CCM_BLOCKSIZE);
memcpy(B, msg, la);
memxor(B, X, DTLS_CCM_BLOCKSIZE);
#ifdef NOUVELLE_IMPLE_AES
// TODO vérifier les tailles des copies
memcpy(X, B, DTLS_CCM_BLOCKSIZE);
aes128_enc(X, ctx);
#endif
#ifdef ANCIENNE_IMPLE_AES
rijndael_encrypt(ctx, B, X);
#endif
}
}
long int
dtls_ccm_decrypt_message(rijndael_ctx *ctx, size_t M, size_t L,
unsigned char nonce[DTLS_CCM_BLOCKSIZE],
unsigned char *msg, size_t lm,
const unsigned char *aad, size_t la) {
size_t len;
unsigned long counter_tmp;
unsigned long counter = 1; /* \bug does not work correctly on ia32 when
lm >= 2^16 */
unsigned char A[DTLS_CCM_BLOCKSIZE]; /* A_i blocks for encryption input */
unsigned char B[DTLS_CCM_BLOCKSIZE]; /* B_i blocks for CBC-MAC input */
unsigned char S[DTLS_CCM_BLOCKSIZE]; /* S_i = encrypted A_i blocks */
unsigned char X[DTLS_CCM_BLOCKSIZE]; /* X_i = encrypted B_i blocks */
if (lm < M)
goto error;
len = lm; /* save original length */
lm -= M; /* detract MAC size*/
/* create the initial authentication block B0 */
block0(M, L, la, lm, nonce, B);
add_auth_data(ctx, aad, la, B, X);
/* initialize block template */
A[0] = L-1;
/* copy the nonce */
memcpy(A + 1, nonce, DTLS_CCM_BLOCKSIZE - L);
while (lm >= DTLS_CCM_BLOCKSIZE) {
/* decrypt */
encrypt(ctx, L, counter, msg, DTLS_CCM_BLOCKSIZE, A, S);
/* calculate MAC */
mac(ctx, msg, DTLS_CCM_BLOCKSIZE, B, X);
/* update local pointers */
lm -= DTLS_CCM_BLOCKSIZE;
msg += DTLS_CCM_BLOCKSIZE;
counter++;
}
if (lm) {
/* decrypt */
encrypt(ctx, L, counter, msg, lm, A, S);
/* Calculate MAC. Note that msg ends in the MAC so we must
* construct B to contain X ^ msg for the first lm bytes (done in
* mac() and X ^ 0 for the remaining DTLS_CCM_BLOCKSIZE - lm bytes
* (i.e., we can use memcpy() here).
*/
memcpy(B + lm, X + lm, DTLS_CCM_BLOCKSIZE - lm);
mac(ctx, msg, lm, B, X);
/* update local pointers */
msg += lm;
}
/* calculate S_0 */
SET_COUNTER(A, L, 0, counter_tmp);
#ifdef NOUVELLE_IMPLE_AES
memcpy(S, A, DTLS_CCM_BLOCKSIZE);
aes128_enc(S, ctx);
#endif
#ifdef ANCIENNE_IMPLE_AES
rijndael_encrypt(ctx, A, S);
#endif
memxor(msg, S, M);
/* return length if MAC is valid, otherwise continue with error handling */
if (equals(X, msg, M))
return len - M;
error:
return -1;
}
long int
dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L,
unsigned char nonce[DTLS_CCM_BLOCKSIZE],
unsigned char *msg, size_t lm,
const unsigned char *aad, size_t la) {
size_t i, len;
unsigned long counter_tmp;
unsigned long counter = 1; /* \bug does not work correctly on ia32 when
lm >= 2^16 */
unsigned char A[DTLS_CCM_BLOCKSIZE]; /* A_i blocks for encryption input */
unsigned char B[DTLS_CCM_BLOCKSIZE]; /* B_i blocks for CBC-MAC input */
unsigned char S[DTLS_CCM_BLOCKSIZE]; /* S_i = encrypted A_i blocks */
unsigned char X[DTLS_CCM_BLOCKSIZE]; /* X_i = encrypted B_i blocks */
len = lm; /* save original length */
/* create the initial authentication block B0 */
block0(M, L, la, lm, nonce, B);
add_auth_data(ctx, aad, la, B, X);
/* initialize block template */
A[0] = L-1;
/* copy the nonce */
memcpy(A + 1, nonce, DTLS_CCM_BLOCKSIZE - L);
while (lm >= DTLS_CCM_BLOCKSIZE) {
/* calculate MAC */
mac(ctx, msg, DTLS_CCM_BLOCKSIZE, B, X);
/* encrypt */
encrypt(ctx, L, counter, msg, DTLS_CCM_BLOCKSIZE, A, S);
/* update local pointers */
lm -= DTLS_CCM_BLOCKSIZE;
msg += DTLS_CCM_BLOCKSIZE;
counter++;
}
if (lm) {
/* Calculate MAC. The remainder of B must be padded with zeroes, so
* B is constructed to contain X ^ msg for the first lm bytes (done in
* mac() and X ^ 0 for the remaining DTLS_CCM_BLOCKSIZE - lm bytes
* (i.e., we can use memcpy() here).
*/
memcpy(B + lm, X + lm, DTLS_CCM_BLOCKSIZE - lm);
mac(ctx, msg, lm, B, X);
/* encrypt */
encrypt(ctx, L, counter, msg, lm, A, S);
/* update local pointers */
msg += lm;
}
/* calculate S_0 */
SET_COUNTER(A, L, 0, counter_tmp);
#ifdef NOUVELLE_IMPLE_AES
memcpy(S, A, DTLS_CCM_BLOCKSIZE);
aes128_enc(S, ctx);
#endif
#ifdef ANCIENNE_IMPLE_AES
rijndael_encrypt(ctx, A, S);
#endif
for (i = 0; i < M; ++i)
*msg++ = X[i] ^ S[i];
return len + M;
}
// encrypt single 128bit block. data is assumed to be 16 uint8_t's
// key and iv are assumed to be both 128bit thus 16 uint8_t's
void aes128_enc_single(const uint8_t* key, void* data){
aes128_ctx_t ctx;
aes128_init(key, &ctx);
aes128_enc(data, &ctx);
}
int main(void) {
io_init();
uint8_t input[16];
aes128_ctx_t ks, iks;
printf("Build Date: %s\n", build_date);
printf("Git: %s\n\n", build_git_sha);
printf(" Photon DA AES\n");
printf("-----------------\n");
printf("ROUNDS = %lu\n", (unsigned long) ROUNDS);
printf("DELAY = %lu\n", (unsigned long) DELAY);
printf("STARTUP = %lu\n", (unsigned long) STARTUP);
printf("-----------------\n");
printf("SBOX: 0x%.2X\n", (unsigned int) aes_sbox);
printf("Input: 0x%.2X\n", (unsigned int) input);
printf("Key: 0x%.2X\n", (unsigned int) key);
printf("-----------------\n");
#if ROUNDS == 0
uint16_t writes = eeprom_read_word(&write_cycles);
uint8_t byte = eeprom_read_byte(&input_byte);
printf("write_cycles = %u\n", writes);
printf("input_byte = 0x%.2X\n", byte);
#endif
#ifdef PHOTON
printf("Computing S-Box only!\n");
#endif
printf("\n");
#if STARTUP > 0
_delay_ms(STARTUP * 1000);
#endif
#ifdef VERBOSE
printf("Printing AES Key:\n");
print_128(key);
printf("\n");
#endif
// aes128_init(const void* key, aes128_ctx_t* ctx);
aes128_init(key, &ks);
#ifdef VERBOSE
printf("Printing AES SBOX:\n");
uint16_t s = 0;
for(s=0; s < 256; s++) {
printf("%.2X", aes_sbox[s]);
if((s + 1) % 16 == 0)
printf("\n");
}
printf("\n");
#endif
#if ROUNDS > 0
unsigned long round = 1;
uint8_t i=0;
unsigned long total_rounds = 256 * ROUNDS;
while(round <= total_rounds) {
reset_input(input, i);
#else
reset_input(input, byte);
memcpy(&init,&input,sizeof(uint8_t)*16);
printf("Input:\n");
print_128(input);
printf("\n");
while(1) {
memcpy(&input,&init,sizeof(uint8_t)*16);
#endif
memcpy(&iks,&ks,sizeof(aes128_ctx_t));
#ifdef VERBOSE
#if ROUNDS > 0
printf("[%6ld]: Input:\n", round);
#else
printf("Input:\n");
#endif
print_128(input);
printf("\n");
#endif
// void aes128_enc(void* buffer, aes128_ctx_t* ctx);
aes128_enc(input, &ks);
#ifdef VERBOSE
#if ROUNDS > 0
printf("[%6ld]: Result:\n", round);
#else
printf("Result:\n");
#endif
//Result gets written back to the input
print_128(input);
printf("\n");
#endif
#if ROUNDS > 0
round++;
if ( (round - 1) % ROUNDS == 0)
i++;
#endif
#if DELAY > 0
_delay_ms(DELAY);
#endif
}
#if ROUNDS > 0
printf("Exiting... after round %li\n", round - 1);
#endif
return(0);
}
