static int remove_npdrm(SELF *self, CONTROL_INFO *control_info, uint8_t *metadata, struct keylist *klist) { CONTROL_INFO *info; u32 license_type; char content_id[0x31] = {'\0'}; struct rif *rif; struct actdat *actdat; u8 enc_const[0x10]; u8 dec_actdat[0x10]; u8 klicensee[0x10]; int i; u64 off; for (i = off = 0; off < self->controlinfo_size; i++) { info = &control_info[i]; if (info->type == 3) { license_type = info->npdrm.license_type; switch (license_type) { case 1: // cant decrypt network stuff return -1; case 2: memcpy(content_id, info->npdrm.content_id, 0x30); rif = rif_get(content_id); if (rif == NULL) { return -1; } aes128(klist->rif, rif->padding, rif->padding); aes128_enc(klist->idps, klist->npdrm_const, enc_const); actdat = actdat_get(); if (actdat == NULL) { return -1; } aes128(enc_const, &actdat->keyTable[swap32(rif->actDatIndex)*0x10], dec_actdat); aes128(dec_actdat, rif->key, klicensee); decrypt_npdrm(metadata, klist, klicensee); return 1; case 3: decrypt_npdrm(metadata, klist, klist->free_klicensee); return 1; } } off += info->size; } return 0; }
/* * Its refers to encryption messages with ECB mode * In ECB mode is separated from message in blocks of 16 bytes and cipher each * one individually * * 'original_data' is the unencrypted message * 'size' is the number of bytes that should occupy the message * 'keySize' is the size of the key, this value can be 128, 192 or 256 * */ void WaspAES::ECBEncrypt( uint8_t *original_data , uint16_t size , uint16_t keySize) { // In ECB mode is separated from message in blocks of // 16 bytes and cipher each one individually uint16_t index,index2; index = 0; index2 = 0; while( index < size ) { // get the first 16-Byte block from original // message to be encrypted separately for (int i =0; i<16;i++) { block_data[i] = original_data[index]; index++; } // Encrypt the selected 16-Byte block switch(keySize) { case 128: aes128_enc(block_data, &ctx128); break; case 192: aes192_enc(block_data, &ctx192); break; case 256: aes256_enc(block_data, &ctx256); break; } for (int i = 0; i<16;i++) { original_data[index2] = block_data[i]; index2++; } } }
static inline void mac(rijndael_ctx *ctx, unsigned char *msg, size_t len, unsigned char B[DTLS_CCM_BLOCKSIZE], unsigned char X[DTLS_CCM_BLOCKSIZE]) { size_t i; for (i = 0; i < len; ++i) B[i] = X[i] ^ msg[i]; #ifdef NOUVELLE_IMPLE_AES // TODO vérifier les tailles des copies memcpy(X, B, DTLS_CCM_BLOCKSIZE); aes128_enc(X, ctx); #endif #ifdef ANCIENNE_IMPLE_AES rijndael_encrypt(ctx, B, X); #endif }
static inline void encrypt(rijndael_ctx *ctx, size_t L, unsigned long counter, unsigned char *msg, size_t len, unsigned char A[DTLS_CCM_BLOCKSIZE], unsigned char S[DTLS_CCM_BLOCKSIZE]) { static unsigned long counter_tmp; SET_COUNTER(A, L, counter, counter_tmp); #ifdef NOUVELLE_IMPLE_AES // TODO vérifier les tailles des copies memcpy(S, A, DTLS_CCM_BLOCKSIZE); aes128_enc(S, ctx); #endif #ifdef ANCIENNE_IMPLE_AES rijndael_encrypt(ctx, A, S); #endif memxor(msg, S, len); }
int main (void) { uint8_t j; aes128_ctx_t ctx; /* the context where the round keys are stored */ aes128_init(key, &ctx); /* generating the round keys from the 128 bit key */ wakeup_init(); sei(); //Activate interrupts rfm70_init(); j = 0; while(1) { set_sleep_mode(SLEEP_MODE_IDLE); sleep_mode(); if (interrupt_flag == 1) { interrupt_flag = 0; rfm70_mode_transmit(); rfm70_power(3); _delay_ms(50); read_vcc(); //setup the ADC data.info.type = 1; data.info.vcc = vcc; data.info.vcc_factor = VCC_SCALE_FACTOR; data.info.tempreture = 0; for (uint8_t i=0;i<11;i++) { data.info.data[i] = 0; } aes128_enc(data.raw, &ctx); /* encrypting the data block */ rfm70_transmit_message( data.raw, 16 ); _delay_ms(100); rfm70_mode_powerdown(); } } return 0; }
void testrun_test_aes(void){ uint8_t key[16] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; uint8_t data[16] = { 0x32, 0x43, 0xf6, 0xa8, 0x88, 0x5a, 0x30, 0x8d, 0x31, 0x31, 0x98, 0xa2, 0xe0, 0x37, 0x07, 0x34 }; aes128_ctx_t ctx; aes128_init(key, &ctx); cli_putstr("\r\n\r\n cipher test (FIPS 197):\r\n key: "); cli_hexdump(key, 16); cli_putstr("\r\n plaintext: "); cli_hexdump(data, 16); aes128_enc(data, &ctx); cli_putstr("\r\n ciphertext: "); cli_hexdump(data, 16); aes128_dec(data, &ctx); cli_putstr("\r\n plaintext: "); cli_hexdump(data, 16); cli_putstr("\r\n testing bcal:"); bcgen_ctx_t bcal_ctx; uint8_t r; r = bcal_cipher_init(&aes128_desc, key, 128, &bcal_ctx); cli_putstr("\r\n init = 0x"); cli_hexdump(&r, 1); bcal_cipher_enc(data, &bcal_ctx); cli_putstr("\r\n ciphertext: "); cli_hexdump(data, 16); bcal_cipher_dec(data, &bcal_ctx); cli_putstr("\r\n plaintext: "); cli_hexdump(data, 16); bcal_cipher_free(&bcal_ctx); }
void aes_128_ctr(unsigned char *key, size_t length, unsigned char nonce_counter[16], const unsigned char *input, unsigned char *output) { int c, i; size_t n = 0; unsigned char stream_block[16]; aes128_ctx_t ctx; aes128_init(key, &ctx); while( length-- ) { if( n == 0 ) { memcpy(stream_block,nonce_counter,16); aes128_enc(stream_block, &ctx); for( i = 16; i > 0; i-- ) if( ++nonce_counter[i - 1] != 0 ) break; } c = *input++; *output++ = (unsigned char)( c ^ stream_block[n] ); n = (n + 1) & 0x0F; } }
void testrun_test_aes(void){ uint8_t key[16] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; uint8_t data[16] = { 0x32, 0x43, 0xf6, 0xa8, 0x88, 0x5a, 0x30, 0x8d, 0x31, 0x31, 0x98, 0xa2, 0xe0, 0x37, 0x07, 0x34 }; aes128_ctx_t ctx; aes128_init(key, &ctx); cli_putstr_P(PSTR("\r\n\r\n cipher test (FIPS 197):\r\n key: ")); cli_hexdump(key, 16); cli_putstr_P(PSTR("\r\n plaintext: ")); cli_hexdump(data, 16); aes128_enc(data, &ctx); cli_putstr_P(PSTR("\r\n ciphertext: ")); cli_hexdump(data, 16); aes128_dec(data, &ctx); cli_putstr_P(PSTR("\r\n plaintext: ")); cli_hexdump(data, 16); }
int main ( void ) { uint8_t *bufcontents; uint8_t i; uint8_t tv[] = "foobar1"; uint16_t ticker = 0; uint8_t rc; aes128_ctx_t ctx; uint8_t key[] = "0123456789ABCDEF"; uint8_t IV[] = "FEDCBA9876543210"; uint8_t text[] = "Hello rfm12 world. I've gonna cipher you "; drive(LED1); drive(LED2); toggle_output(LED1); uart_init(); _delay_ms(250); _delay_ms(250); sei(); toggle_output(LED2); uart_putstr ("AVR Boot Ok\r\n"); _delay_ms(250); toggle_output(LED2); aes128_init(key,&ctx); while (1) { uart_putstr("key = "); uart_putstr(key); uart_putstr("\r\n"); uart_putstr("text = "); uart_putstr(text); uart_putstr("\r\n"); /* Ciphering in CBC mode */ memxor(text,IV,16); aes128_enc(text,&ctx); memxor(text+16,text,16); aes128_enc(text+16,&ctx); memxor(text+32,text+16,16); aes128_enc(text+32,&ctx); uart_putstr("text ciphered = \r\n"); uart_hexdump(text,sizeof(text)); /* Deciphering in CBC mode */ aes128_dec(text+32,&ctx); memxor(text+32,text+16,16); aes128_dec(text+16,&ctx); memxor(text+16,text,16); aes128_dec(text,&ctx); memxor(text,IV,16); uart_putstr("text unciphered = "); uart_putstr(text); uart_putstr("\r\n"); /* Let change the IV */ IV[0]++; _delay_ms(250); _delay_ms(250); _delay_ms(250); _delay_ms(250); } }
void aes_indep_enc(uint8_t * pt) { aes128_enc(pt, &ctx); /* encrypting the data block */ }
void cbc_encrypt(cbc_state_t *state, aes_ctx_t *ctx) { xor_buf(state->data, state->iv, AES_BUF_LEN); aes128_enc(state->data, ctx); memcpy(state->iv, state->data, AES_BUF_LEN); }
// TODO vérifier les tailles des copies static void add_auth_data(rijndael_ctx *ctx, const unsigned char *msg, size_t la, unsigned char B[DTLS_CCM_BLOCKSIZE], unsigned char X[DTLS_CCM_BLOCKSIZE]) { size_t i,j; #ifdef NOUVELLE_IMPLE_AES memcpy(X, B, DTLS_CCM_BLOCKSIZE); aes128_enc(X, ctx); #endif #ifdef ANCIENNE_IMPLE_AES rijndael_encrypt(ctx, B, X); #endif memset(B, 0, DTLS_CCM_BLOCKSIZE); if (!la) return; #ifndef WITH_CONTIKI if (la < 0xFF00) { /* 2^16 - 2^8 */ j = 2; dtls_int_to_uint16(B, la); } else if (la <= UINT32_MAX) { j = 6; dtls_int_to_uint16(B, 0xFFFE); dtls_int_to_uint32(B+2, la); } else { j = 10; dtls_int_to_uint16(B, 0xFFFF); dtls_int_to_uint64(B+2, la); } #else /* WITH_CONTIKI */ /* With Contiki, we are building for small devices and thus * anticipate that the number of additional authentication bytes * will not exceed 65280 bytes (0xFF00) and we can skip the * workarounds required for j=6 and j=10 on devices with a word size * of 32 bits or 64 bits, respectively. */ assert(la < 0xFF00); j = 2; dtls_int_to_uint16(B, la); #endif /* WITH_CONTIKI */ i = min(DTLS_CCM_BLOCKSIZE - j, la); memcpy(B + j, msg, i); la -= i; msg += i; memxor(B, X, DTLS_CCM_BLOCKSIZE); #ifdef NOUVELLE_IMPLE_AES // TODO vérifier les tailles des copies memcpy(X, B, DTLS_CCM_BLOCKSIZE); aes128_enc(X, ctx); #endif #ifdef ANCIENNE_IMPLE_AES rijndael_encrypt(ctx, B, X); #endif while (la > DTLS_CCM_BLOCKSIZE) { for (i = 0; i < DTLS_CCM_BLOCKSIZE; ++i) B[i] = X[i] ^ *msg++; la -= DTLS_CCM_BLOCKSIZE; #ifdef NOUVELLE_IMPLE_AES // TODO vérifier les tailles des copies memcpy(X, B, DTLS_CCM_BLOCKSIZE); aes128_enc(X, ctx); #endif #ifdef ANCIENNE_IMPLE_AES rijndael_encrypt(ctx, B, X); #endif } if (la) { memset(B, 0, DTLS_CCM_BLOCKSIZE); memcpy(B, msg, la); memxor(B, X, DTLS_CCM_BLOCKSIZE); #ifdef NOUVELLE_IMPLE_AES // TODO vérifier les tailles des copies memcpy(X, B, DTLS_CCM_BLOCKSIZE); aes128_enc(X, ctx); #endif #ifdef ANCIENNE_IMPLE_AES rijndael_encrypt(ctx, B, X); #endif } }
long int dtls_ccm_decrypt_message(rijndael_ctx *ctx, size_t M, size_t L, unsigned char nonce[DTLS_CCM_BLOCKSIZE], unsigned char *msg, size_t lm, const unsigned char *aad, size_t la) { size_t len; unsigned long counter_tmp; unsigned long counter = 1; /* \bug does not work correctly on ia32 when lm >= 2^16 */ unsigned char A[DTLS_CCM_BLOCKSIZE]; /* A_i blocks for encryption input */ unsigned char B[DTLS_CCM_BLOCKSIZE]; /* B_i blocks for CBC-MAC input */ unsigned char S[DTLS_CCM_BLOCKSIZE]; /* S_i = encrypted A_i blocks */ unsigned char X[DTLS_CCM_BLOCKSIZE]; /* X_i = encrypted B_i blocks */ if (lm < M) goto error; len = lm; /* save original length */ lm -= M; /* detract MAC size*/ /* create the initial authentication block B0 */ block0(M, L, la, lm, nonce, B); add_auth_data(ctx, aad, la, B, X); /* initialize block template */ A[0] = L-1; /* copy the nonce */ memcpy(A + 1, nonce, DTLS_CCM_BLOCKSIZE - L); while (lm >= DTLS_CCM_BLOCKSIZE) { /* decrypt */ encrypt(ctx, L, counter, msg, DTLS_CCM_BLOCKSIZE, A, S); /* calculate MAC */ mac(ctx, msg, DTLS_CCM_BLOCKSIZE, B, X); /* update local pointers */ lm -= DTLS_CCM_BLOCKSIZE; msg += DTLS_CCM_BLOCKSIZE; counter++; } if (lm) { /* decrypt */ encrypt(ctx, L, counter, msg, lm, A, S); /* Calculate MAC. Note that msg ends in the MAC so we must * construct B to contain X ^ msg for the first lm bytes (done in * mac() and X ^ 0 for the remaining DTLS_CCM_BLOCKSIZE - lm bytes * (i.e., we can use memcpy() here). */ memcpy(B + lm, X + lm, DTLS_CCM_BLOCKSIZE - lm); mac(ctx, msg, lm, B, X); /* update local pointers */ msg += lm; } /* calculate S_0 */ SET_COUNTER(A, L, 0, counter_tmp); #ifdef NOUVELLE_IMPLE_AES memcpy(S, A, DTLS_CCM_BLOCKSIZE); aes128_enc(S, ctx); #endif #ifdef ANCIENNE_IMPLE_AES rijndael_encrypt(ctx, A, S); #endif memxor(msg, S, M); /* return length if MAC is valid, otherwise continue with error handling */ if (equals(X, msg, M)) return len - M; error: return -1; }
long int dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, unsigned char nonce[DTLS_CCM_BLOCKSIZE], unsigned char *msg, size_t lm, const unsigned char *aad, size_t la) { size_t i, len; unsigned long counter_tmp; unsigned long counter = 1; /* \bug does not work correctly on ia32 when lm >= 2^16 */ unsigned char A[DTLS_CCM_BLOCKSIZE]; /* A_i blocks for encryption input */ unsigned char B[DTLS_CCM_BLOCKSIZE]; /* B_i blocks for CBC-MAC input */ unsigned char S[DTLS_CCM_BLOCKSIZE]; /* S_i = encrypted A_i blocks */ unsigned char X[DTLS_CCM_BLOCKSIZE]; /* X_i = encrypted B_i blocks */ len = lm; /* save original length */ /* create the initial authentication block B0 */ block0(M, L, la, lm, nonce, B); add_auth_data(ctx, aad, la, B, X); /* initialize block template */ A[0] = L-1; /* copy the nonce */ memcpy(A + 1, nonce, DTLS_CCM_BLOCKSIZE - L); while (lm >= DTLS_CCM_BLOCKSIZE) { /* calculate MAC */ mac(ctx, msg, DTLS_CCM_BLOCKSIZE, B, X); /* encrypt */ encrypt(ctx, L, counter, msg, DTLS_CCM_BLOCKSIZE, A, S); /* update local pointers */ lm -= DTLS_CCM_BLOCKSIZE; msg += DTLS_CCM_BLOCKSIZE; counter++; } if (lm) { /* Calculate MAC. The remainder of B must be padded with zeroes, so * B is constructed to contain X ^ msg for the first lm bytes (done in * mac() and X ^ 0 for the remaining DTLS_CCM_BLOCKSIZE - lm bytes * (i.e., we can use memcpy() here). */ memcpy(B + lm, X + lm, DTLS_CCM_BLOCKSIZE - lm); mac(ctx, msg, lm, B, X); /* encrypt */ encrypt(ctx, L, counter, msg, lm, A, S); /* update local pointers */ msg += lm; } /* calculate S_0 */ SET_COUNTER(A, L, 0, counter_tmp); #ifdef NOUVELLE_IMPLE_AES memcpy(S, A, DTLS_CCM_BLOCKSIZE); aes128_enc(S, ctx); #endif #ifdef ANCIENNE_IMPLE_AES rijndael_encrypt(ctx, A, S); #endif for (i = 0; i < M; ++i) *msg++ = X[i] ^ S[i]; return len + M; }
// encrypt single 128bit block. data is assumed to be 16 uint8_t's // key and iv are assumed to be both 128bit thus 16 uint8_t's void aes128_enc_single(const uint8_t* key, void* data){ aes128_ctx_t ctx; aes128_init(key, &ctx); aes128_enc(data, &ctx); }
int main(void) { io_init(); uint8_t input[16]; aes128_ctx_t ks, iks; printf("Build Date: %s\n", build_date); printf("Git: %s\n\n", build_git_sha); printf(" Photon DA AES\n"); printf("-----------------\n"); printf("ROUNDS = %lu\n", (unsigned long) ROUNDS); printf("DELAY = %lu\n", (unsigned long) DELAY); printf("STARTUP = %lu\n", (unsigned long) STARTUP); printf("-----------------\n"); printf("SBOX: 0x%.2X\n", (unsigned int) aes_sbox); printf("Input: 0x%.2X\n", (unsigned int) input); printf("Key: 0x%.2X\n", (unsigned int) key); printf("-----------------\n"); #if ROUNDS == 0 uint16_t writes = eeprom_read_word(&write_cycles); uint8_t byte = eeprom_read_byte(&input_byte); printf("write_cycles = %u\n", writes); printf("input_byte = 0x%.2X\n", byte); #endif #ifdef PHOTON printf("Computing S-Box only!\n"); #endif printf("\n"); #if STARTUP > 0 _delay_ms(STARTUP * 1000); #endif #ifdef VERBOSE printf("Printing AES Key:\n"); print_128(key); printf("\n"); #endif // aes128_init(const void* key, aes128_ctx_t* ctx); aes128_init(key, &ks); #ifdef VERBOSE printf("Printing AES SBOX:\n"); uint16_t s = 0; for(s=0; s < 256; s++) { printf("%.2X", aes_sbox[s]); if((s + 1) % 16 == 0) printf("\n"); } printf("\n"); #endif #if ROUNDS > 0 unsigned long round = 1; uint8_t i=0; unsigned long total_rounds = 256 * ROUNDS; while(round <= total_rounds) { reset_input(input, i); #else reset_input(input, byte); memcpy(&init,&input,sizeof(uint8_t)*16); printf("Input:\n"); print_128(input); printf("\n"); while(1) { memcpy(&input,&init,sizeof(uint8_t)*16); #endif memcpy(&iks,&ks,sizeof(aes128_ctx_t)); #ifdef VERBOSE #if ROUNDS > 0 printf("[%6ld]: Input:\n", round); #else printf("Input:\n"); #endif print_128(input); printf("\n"); #endif // void aes128_enc(void* buffer, aes128_ctx_t* ctx); aes128_enc(input, &ks); #ifdef VERBOSE #if ROUNDS > 0 printf("[%6ld]: Result:\n", round); #else printf("Result:\n"); #endif //Result gets written back to the input print_128(input); printf("\n"); #endif #if ROUNDS > 0 round++; if ( (round - 1) % ROUNDS == 0) i++; #endif #if DELAY > 0 _delay_ms(DELAY); #endif } #if ROUNDS > 0 printf("Exiting... after round %li\n", round - 1); #endif return(0); }