/*---------------------------------------------------------------------------*/ void adaptivesec_aead(uint8_t *key, int shall_encrypt, uint8_t *result, int forward) { uint8_t nonce[CCM_STAR_NONCE_LENGTH]; uint8_t *m; uint8_t m_len; uint8_t *a; uint8_t a_len; ccm_star_packetbuf_set_nonce(nonce, forward); a = packetbuf_hdrptr(); if(shall_encrypt) { #if AKES_NBR_WITH_GROUP_KEYS && PACKETBUF_WITH_UNENCRYPTED_BYTES a_len = packetbuf_hdrlen() + packetbuf_attr(PACKETBUF_ATTR_UNENCRYPTED_BYTES); #else /* AKES_NBR_WITH_GROUP_KEYS && PACKETBUF_WITH_UNENCRYPTED_BYTES */ a_len = packetbuf_hdrlen(); #endif /* AKES_NBR_WITH_GROUP_KEYS && PACKETBUF_WITH_UNENCRYPTED_BYTES */ m = a + a_len; m_len = packetbuf_totlen() - a_len; } else { a_len = packetbuf_totlen(); m = NULL; m_len = 0; } AES_128_GET_LOCK(); ADAPTIVESEC_SET_KEY(key); CCM_STAR.aead(nonce, m, m_len, a, a_len, result, adaptivesec_mic_len(), forward); AES_128_RELEASE_LOCK(); }
/* * We use AES-128 as a key derivation function (KDF). This is possible due to * simple circumstances. Speaking in terms of the extract-then-expand paradigm * [RFC 5869], we can skip over the extraction step since we already have a * uniformly-distributed key which we want to expand into session keys. For * implementing the expansion step, we may just use AES-128 [Paar and Pelzl, * Understanding Cryptography]. */ static void generate_pairwise_key(uint8_t *result, uint8_t *shared_secret) { AES_128_GET_LOCK(); AES_128.set_key(shared_secret); AES_128.encrypt(result); AES_128_RELEASE_LOCK(); }
/* * We use output feedback mode (OFB) for generating cryptographic pseudo-random * numbers [RFC 4086]. A potential problem with OFB is that OFB at some point * enters a cycle. However, the expected cycle length given a random key and a * random starting point is about 2^127 in our instantiation [Davies and Parkin, * The Average Cycle Size of The Key Stream in Output Feedback Encipherment]. */ void csprng_rand(uint8_t *result, uint8_t len) { uint16_t pos; AES_128_GET_LOCK(); AES_128.set_key(seed.key); for(pos = 0; pos < len; pos += 16) { AES_128.encrypt(seed.state); memcpy(result + pos, seed.state, MIN(len - pos, 16)); } AES_128_RELEASE_LOCK(); }