u8 InitRamdomBaseForHiddenKey (void) { u8 BaseKey_au8[AES_KEYSIZE_256_BIT]; LA_SC_StartSmartcard (); CI_TickLocalPrintf ("InitRamdomBaseForHiddenKey\r\n"); // Get a random number for the base key if (FALSE == GetRandomNumber_u32 (AES_KEYSIZE_256_BIT / 2, BaseKey_au8)) { CI_LocalPrintf ("GetRandomNumber fails\n\r"); return (FALSE); } // Get a random number for the storage key if (FALSE == GetRandomNumber_u32 (AES_KEYSIZE_256_BIT / 2, &BaseKey_au8[AES_KEYSIZE_256_BIT / 2])) { CI_LocalPrintf ("GetRandomNumber fails\n\r"); return (FALSE); } CI_LocalPrintf ("Base key : "); HexPrint (AES_KEYSIZE_256_BIT, BaseKey_au8); CI_LocalPrintf ("\r\n"); // Save base key WriteHiddenVolumeSlotKey (BaseKey_au8); // Invalidate hidden volume data DecryptedHiddenVolumeSlotsActive_u8 = FALSE; return (TRUE); }
u8 HV_InitAllSlotData (void) { // u8 RandomCharArray_au8[16]; u32 i; // Create salt for (i = 0; i < 2; i++) { // Get a random number from smart card if (FALSE == GetRandomNumber_u32 (16, &DecryptedHiddenVolumeSlotsData_au8[i * 16])) { CI_LocalPrintf ("GetRandomNumber fails\n\r"); return (FALSE); } } // Fill hidden volume flash page with random chars for (i = 0; i < 16; i++) { // Get a random number from smart card if (FALSE == GetRandomNumber_u32 (16, &DecryptedHiddenVolumeSlotsData_au8[HV_SALT_SIZE + i * 16])) { CI_LocalPrintf ("GetRandomNumber fails\n\r"); return (FALSE); } } // Write magic number to flash DecryptedHiddenVolumeMagicNumber_u32 = HV_MAGIC_NUMBER_INIT; flashc_memcpy ((u8 *) HV_MAGIC_NUMBER_ADDRESS, &DecryptedHiddenVolumeMagicNumber_u32, HV_MAGIC_NUMBER_SIZE, TRUE); // Write ram data to flash flashc_memcpy ((u8 *) HV_SALT_START_ADDRESS, DecryptedHiddenVolumeSlotsData_au8, HV_SALT_SIZE + HV_SLOT_SIZE * HV_SLOT_COUNT, TRUE); CI_LocalPrintf ("Init hidden volume slot data\r\n"); CI_LocalPrintf ("Salt\r\n"); CI_LocalPrintf ("Encrypted data :\r\n"); HexPrint (HV_SALT_SIZE, DecryptedHiddenVolumeSlotsData_au8); CI_LocalPrintf ("\r\n\r\n"); for (i = 0; i < HV_SLOT_COUNT; i++) { CI_LocalPrintf ("Slot %d\r\n", i); CI_LocalPrintf ("Encrypted data :\r\n"); HexPrint (HV_SLOT_SIZE, DecryptedHiddenVolumeSlotsData_au8 + HV_SALT_SIZE + i * HV_SLOT_SIZE); CI_LocalPrintf ("\r\n\r\n"); } return (TRUE); }
u8 PWM_InitRandomChar (void) { u8 i; static u8 InitCalls_u8 = 200; // First call generates random numbers // InitCalls_u8++; if (100 > InitCalls_u8) { return (TRUE); } InitCalls_u8 = 0; // LA_RestartSmartcard_u8 (); // Todo lock transcation if (FALSE == GetRandomNumber_u32 (PWM_RAMDOMCHAR_BUFFERSIZE, PWM_Randomchars_au8)) { CI_LocalPrintf ("GetRandomNumber_u32: Failed to get random numbers from smartcard\r\n"); // Get local random numbers for (i = 0; i < PWM_RAMDOMCHAR_BUFFERSIZE; i++) { PWM_Randomchars_au8[i] = rand () % 10; } } else { for (i = 0; i < PWM_RAMDOMCHAR_BUFFERSIZE; i++) { PWM_Randomchars_au8[i] = PWM_Randomchars_au8[i] % 10; // Todo: for testing no symmetric random numbers } } PWM_RandomcharsPointer_u8 = 0; // LA_RestartSmartcard_u8 (); ISO7816_SetLockCounter (0); CCID_SmartcardOff_u8 (); // To avoid smartcard error - after GetRandomNumber_u32 return (TRUE); }
void IBN_HV_Tests (unsigned char nParamsGet_u8, unsigned char CMD_u8, unsigned int Param_u32, unsigned char* String_pu8) { HiddenVolumeKeySlot_tst SlotData_st; u8 HiddenVolumeSlotKey_u8[32]; u8 DummyKey_au8[32]; u8 i; if (0 == nParamsGet_u8) { CI_LocalPrintf ("Hidden volume test functions\r\n"); CI_LocalPrintf ("\r\n"); // CI_LocalPrintf ("0 nr Init slot [nr]\r\n"); CI_LocalPrintf ("1 nr Read slot [nr]\r\n"); // CI_LocalPrintf ("2 Test key generation\r\n"); #ifdef TEST_PBKDF2 CI_LocalPrintf ("3 PBKDF2 test\r\n"); #endif CI_LocalPrintf ("4 Get hidden volume slot key\r\n"); CI_LocalPrintf ("5 [pw] Get AES key. pw = password\r\n"); CI_LocalPrintf ("6 Init hidden slots\r\n"); CI_LocalPrintf ("7 Hidden slots status\r\n"); CI_LocalPrintf ("8 nr pw Write slot [nr] [password]\r\n"); CI_LocalPrintf ("\r\n"); return; } switch (CMD_u8) { case 0: break; case 1: CI_LocalPrintf ("Read slot : %d\r\n", Param_u32); if (FALSE == DecryptedHiddenVolumeSlotsActive_u8) { CI_LocalPrintf ("\r\nHidden slots key not decrypted\r\n"); break; } if (NULL == String_pu8) { String_pu8 = "aaaa"; CI_LocalPrintf ("No password set. Set it to -%s-\r\n", String_pu8); } CI_LocalPrintf ("Check for password : %s\r\n", String_pu8); CI_LocalPrintf ("Decrypted slots key : "); HexPrint (AES_KEYSIZE_256_BIT, DecryptedHiddenVolumeSlotsKey_au8); CI_LocalPrintf ("\r\n"); GetHiddenVolumeSlotKey (HiddenVolumeSlotKey_u8, String_pu8, strlen ((char *) String_pu8), DecryptedHiddenVolumeSlotsData_au8, HV_SALT_SIZE); CI_LocalPrintf ("Hidden volume slot key : "); HexPrint (AES_KEYSIZE_256_BIT, HiddenVolumeSlotKey_u8); CI_LocalPrintf ("\r\n"); HV_ReadSlot_u8 (Param_u32, &SlotData_st, (u8 *) HiddenVolumeSlotKey_u8); HV_PrintSlotData_u8 (Param_u32, &SlotData_st); break; case 2: break; #ifdef TEST_PBKDF2 case 3: pbkdf2_test (); break; #endif case 4: DecryptedHiddenVolumeSlotsData (); break; case 5: CI_LocalPrintf ("Get key for password : %s\r\n", String_pu8); GetHiddenVolumeDataKeyFromUserpassword (String_pu8, DummyKey_au8); break; case 6: CI_LocalPrintf ("Init hidden slots\r\n"); InitHiddenSlots (); break; case 7: CI_LocalPrintf ("Hidden slots status\r\n"); if (NULL == String_pu8) { String_pu8 = "aaaa"; CI_LocalPrintf ("No password set. Set it to -%s-\r\n", String_pu8); } CI_LocalPrintf ("Check for password : %s\r\n", String_pu8); if (FALSE == DecryptedHiddenVolumeSlotsActive_u8) { CI_LocalPrintf ("\r\nHidden slots key not decrypted\r\n"); break; } CI_LocalPrintf ("Decrypted slots key : "); HexPrint (AES_KEYSIZE_256_BIT, DecryptedHiddenVolumeSlotsKey_au8); CI_LocalPrintf ("\r\n"); GetHiddenVolumeSlotKey (HiddenVolumeSlotKey_u8, String_pu8, strlen ((char *) String_pu8), DecryptedHiddenVolumeSlotsData_au8, HV_SALT_SIZE); CI_LocalPrintf ("Hidden volume slot key : "); HexPrint (AES_KEYSIZE_256_BIT, HiddenVolumeSlotKey_u8); CI_LocalPrintf ("\r\n"); for (i = 0; i < HV_SLOT_COUNT; i++) { CI_LocalPrintf ("Slot %d\r\n", i); if (TRUE == HV_ReadSlot_u8 (i, &SlotData_st, HiddenVolumeSlotKey_u8)) { HV_PrintSlotData_u8 (i, &SlotData_st); } else { CI_LocalPrintf ("*** Invalid data ***\r\n"); } } break; case 8: CI_LocalPrintf ("Write slots status\r\n"); if (FALSE == DecryptedHiddenVolumeSlotsActive_u8) { CI_LocalPrintf ("\r\nHidden slots key not decrypted\r\n"); break; } if (NULL == String_pu8) { String_pu8 = "aaaa"; CI_LocalPrintf ("No password set. Set it to -%s-\r\n", String_pu8); } CI_LocalPrintf ("Check for password : %s\r\n", String_pu8); CI_LocalPrintf ("Decrypted slots key : "); HexPrint (AES_KEYSIZE_256_BIT, DecryptedHiddenVolumeSlotsKey_au8); CI_LocalPrintf ("\r\n"); GetHiddenVolumeSlotKey (HiddenVolumeSlotKey_u8, String_pu8, strlen ((char *) String_pu8), DecryptedHiddenVolumeSlotsData_au8, HV_SALT_SIZE); CI_LocalPrintf ("Hidden volume slot key : "); HexPrint (AES_KEYSIZE_256_BIT, HiddenVolumeSlotKey_u8); CI_LocalPrintf ("\r\n"); SlotData_st.StartBlock_u32 = 1000000; SlotData_st.EndBlock_u32 = 2000000; // Get a random number for the data key if (FALSE == GetRandomNumber_u32 (AES_KEYSIZE_256_BIT / 2, SlotData_st.AesKey_au8)) { CI_LocalPrintf ("GetRandomNumber fails\n\r"); return; } // Get a random number for the data key if (FALSE == GetRandomNumber_u32 (AES_KEYSIZE_256_BIT / 2, &SlotData_st.AesKey_au8[AES_KEYSIZE_256_BIT / 2])) { CI_LocalPrintf ("GetRandomNumber fails\n\r"); return; } HV_WriteSlot_u8 (Param_u32, &SlotData_st, HiddenVolumeSlotKey_u8); break; } }
u8 SetupUpHiddenVolumeSlot (HiddenVolumeSetup_tst * HV_Setup_st) { u8 HiddenVolumeSlotKey_u8[AES_KEYSIZE_256_BIT]; HiddenVolumeKeySlot_tst SlotData_st; HV_Setup_st->HiddenVolumePassword_au8[MAX_HIDDEN_VOLUME_PASSOWORD_SIZE] = 0; CI_LocalPrintf ("SetupUpHiddenVolumeSlot %d\r\n", HV_Setup_st->SlotNr_u8); CI_LocalPrintf ("Start block at %d %% of sd size\r\n", HV_Setup_st->StartBlockPercent_u8); CI_LocalPrintf ("End block at %d %% of sd size\r\n", HV_Setup_st->EndBlockPercent_u8); CI_LocalPrintf ("Password : -%s-\r\n", HV_Setup_st->HiddenVolumePassword_au8); // Is the hidden volume system initialised ? if (FALSE == HV_CheckFlashPageIsInitiated ()) { CI_LocalPrintf ("Hidden volume flash page isn't initiated\r\n"); InitHiddenSlots (); } // Are the hidden volume slots decrypted ? if (TRUE != DecryptedHiddenVolumeSlotsActive_u8) { if (FALSE == DecryptedHiddenVolumeSlotsData ()) // Decrypt new keys { CI_LocalPrintf ("Slot data not encrypted - used smartcard user password\r\n"); return (HIDDEN_VOLUME_OUTPUT_STATUS_NO_USER_PASSWORD_UNLOCK); } } if (HV_SLOT_COUNT <= HV_Setup_st->SlotNr_u8) { CI_LocalPrintf ("Wrong slot nr\r\n"); return (HIDDEN_VOLUME_OUTPUT_STATUS_WRONG_PASSWORD); } CI_LocalPrintf ("Decrypted slots key : "); HexPrint (AES_KEYSIZE_256_BIT, DecryptedHiddenVolumeSlotsKey_au8); CI_LocalPrintf ("\r\n"); // Get AES key for slot GetHiddenVolumeSlotKey (HiddenVolumeSlotKey_u8, HV_Setup_st->HiddenVolumePassword_au8, strlen ((char *) HV_Setup_st->HiddenVolumePassword_au8), DecryptedHiddenVolumeSlotsData_au8, HV_SALT_SIZE); CI_LocalPrintf ("Hidden volume slot key : "); HexPrint (AES_KEYSIZE_256_BIT, HiddenVolumeSlotKey_u8); CI_LocalPrintf ("\r\n"); SlotData_st.StartBlock_u32 = (u32) ((u64) gSdEndOfCard_u32 * (u64) HV_Setup_st->StartBlockPercent_u8 / (u64) 100) + 1; SlotData_st.EndBlock_u32 = (u32) ((u64) gSdEndOfCard_u32 * (u64) HV_Setup_st->EndBlockPercent_u8 / (u64) 100) - 1; // Get a random number for the data key if (FALSE == GetRandomNumber_u32 (AES_KEYSIZE_256_BIT / 2, SlotData_st.AesKey_au8)) { CI_LocalPrintf ("GetRandomNumber fails\n\r"); return (HIDDEN_VOLUME_OUTPUT_STATUS_SMARTCARD_ERROR); } // Get a random number for the data key if (FALSE == GetRandomNumber_u32 (AES_KEYSIZE_256_BIT / 2, &SlotData_st.AesKey_au8[AES_KEYSIZE_256_BIT / 2])) { CI_LocalPrintf ("GetRandomNumber fails\n\r"); return (HIDDEN_VOLUME_OUTPUT_STATUS_SMARTCARD_ERROR); } HV_PrintSlotData_u8 (HV_Setup_st->SlotNr_u8, &SlotData_st); HV_WriteSlot_u8 (HV_Setup_st->SlotNr_u8, &SlotData_st, HiddenVolumeSlotKey_u8); return (HIDDEN_VOLUME_OUTPUT_STATUS_OK); }