/* [identical to Skein_256_Init() when keyBytes == 0 && treeInfo == SKEIN_CFG_TREE_INFO_SEQUENTIAL] */
int Skein_256_InitExt(Skein_256_Ctxt_t *ctx,size_t hashBitLen,u64b_t treeInfo, const u08b_t *key, size_t keyBytes)
{
union
{
u08b_t b[SKEIN_256_STATE_BYTES];
u64b_t w[SKEIN_256_STATE_WORDS];
} cfg; /* config block */
Skein_Assert(hashBitLen > 0,SKEIN_BAD_HASHLEN);
Skein_Assert(keyBytes == 0 || key != NULL,SKEIN_FAIL);
/* compute the initial chaining values ctx->X[], based on key */
if (keyBytes == 0) /* is there a key? */
{
memset(ctx->X,0,sizeof(ctx->X)); /* no key: use all zeroes as key for config block */
}
else /* here to pre-process a key */
{
Skein_assert(sizeof(cfg.b) >= sizeof(ctx->X));
/* do a mini-Init right here */
ctx->h.hashBitLen=8*sizeof(ctx->X); /* set output hash bit count = state size */
Skein_Start_New_Type(ctx,KEY); /* set tweaks: T0 = 0; T1 = KEY type */
memset(ctx->X,0,sizeof(ctx->X)); /* zero the initial chaining variables */
Skein_256_Update(ctx,key,keyBytes); /* hash the key */
Skein_256_Final_Pad(ctx,cfg.b); /* put result into cfg.b[] */
memcpy(ctx->X,cfg.b,sizeof(cfg.b)); /* copy over into ctx->X[] */
#if SKEIN_NEED_SWAP
{
uint_t i;
for (i=0;i<SKEIN_256_STATE_WORDS;i++) /* convert key bytes to context words */
ctx->X[i] = Skein_Swap64(ctx->X[i]);
}
#endif
}
/* build/process the config block, type == CONFIG (could be precomputed for each key) */
ctx->h.hashBitLen = hashBitLen; /* output hash bit count */
Skein_Start_New_Type(ctx,CFG_FINAL);
memset(&cfg.w,0,sizeof(cfg.w)); /* pre-pad cfg.w[] with zeroes */
cfg.w[0] = Skein_Swap64(SKEIN_SCHEMA_VER);
cfg.w[1] = Skein_Swap64(hashBitLen); /* hash result length in bits */
cfg.w[2] = Skein_Swap64(treeInfo); /* tree hash config info (or SKEIN_CFG_TREE_INFO_SEQUENTIAL) */
Skein_Show_Key(256,&ctx->h,key,keyBytes);
/* compute the initial chaining values from config block */
Skein_256_Process_Block(ctx,cfg.b,1,SKEIN_CFG_STR_LEN);
/* The chaining vars ctx->X are now initialized */
/* Set up to process the data message portion of the hash (default) */
ctx->h.bCnt = 0; /* buffer b[] starts out empty */
Skein_Start_New_Type(ctx,MSG);
return SKEIN_SUCCESS;
}
int skeinUpdate(SkeinCtx_t *ctx, const uint8_t *msg,
size_t msgByteCnt)
{
int ret = SKEIN_FAIL;
Skein_Assert(ctx, SKEIN_FAIL);
switch (ctx->skeinSize) {
case Skein256:
ret = Skein_256_Update(&ctx->m.s256, (const u08b_t*)msg, msgByteCnt);
break;
case Skein512:
ret = Skein_512_Update(&ctx->m.s512, (const u08b_t*)msg, msgByteCnt);
break;
case Skein1024:
ret = Skein1024_Update(&ctx->m.s1024, (const u08b_t*)msg, msgByteCnt);
break;
}
return ret;
}
uint8_t *
calc_mac(uint8_t *snum, uint8_t *mkey, uint8_t *nonce, int nonce_len)
{
EKeySkein sk_mac;
uint8_t macbuf[32];
uint8_t *mac;
mac = calloc(1, 6);
PrepareSkein(&sk_mac, snum, mkey, EKEY_SKEIN_PERSONALISATION_LKMS);
Skein_256_Update(&sk_mac, nonce, nonce_len);
Skein_256_Final_Pad(&sk_mac, macbuf);
mac[0] = macbuf[0];
mac[1] = macbuf[1];
mac[2] = macbuf[2];
mac[3] = macbuf[29];
mac[4] = macbuf[30];
mac[5] = macbuf[31];
return mac;
}
int
main(int argc, char **argv)
{
uint8_t *mkey = NULL; /** Master key. */
uint8_t *snum = NULL; /** Serial number */
char *key_path = NULL;
estream_state_t *key_stream ; /** The input stream. */
epkt_state_t *epkt; /* The packet handler attached to the framer. */
int opt;
int res;
uint8_t data[128];
uint8_t nonce[12];
uint8_t *mac;
EKeySkein rekeying_state;
uint8_t session_key[32];
int retries;
char *keyring_filename;
bool nokeyring = false;
keyring_filename = strdup(KEYRINGFILE);
while ((opt = getopt(argc, argv, "vhnf:s:m:")) != -1) {
switch (opt) {
case 's': /* set serial number */
snum = malloc(12);
res = pem64_decode_bytes(optarg, 16, snum);
if (res != 12) {
fprintf(stderr, "The serial number given is not the correct length. (%d/12)\n", res);
return EXIT_CODE_CMDLINE;
}
break;
case 'm': /* set master key */
mkey = extract_master_key(optarg, strlen(optarg));
if (mkey == NULL)
return EXIT_CODE_CMDLINE;
break;
case 'f': /* set keyring filename */
free(keyring_filename);
keyring_filename = strdup(optarg);
break;
case 'n': /* do not update the keyring */
nokeyring = true;
break;
case 'v': /* print version number */
printf("%s: Version 1.1\n", argv[0]);
return 0;
case 'h':
default:
fprintf(stderr, usage, argv[0]);
return EXIT_CODE_CMDLINE;
}
}
if (optind >= argc) {
if (snum == NULL) {
fprintf(stderr, "A device path must be given.\n");
fprintf(stderr, usage, argv[0]);
return EXIT_CODE_CMDLINE;
} else {
key_path = calloc(1, 17 + strlen(DEVEKEY));
memcpy(key_path, DEVEKEY, 1 + strlen(DEVEKEY));
pem64_encode_bytes(snum, 12, key_path + 16);
}
} else {
key_path = strdup(argv[optind]);
}
/* load keyring */
if (nokeyring == false) {
if (get_keyring(keyring_filename) < 0) {
free(key_path);
return EXIT_CODE_LOADKEYRING;
}
}
/* ensure master key */
if (mkey == NULL) {
char s[55];
int sidx;
int sodx;
int slen;
if (isatty(STDIN) == 0) {
fprintf(stderr, "A master key must be given.\n");
free(key_path);
return EXIT_CODE_MASTERKEY;
}
printf("Please enter a master key: ");
if (fgets(s, sizeof(s), stdin) == NULL) {
perror("fgets");
}
/* we must allow for the user entering spaces in the input */
slen = strlen(s);
sidx = sodx = 0;
while ((sidx < slen) && (s[sidx] != 0)) {
s[sodx] = s[sidx];
if (s[sidx] != ' ') {
sodx++;
}
sidx++;
}
s[sodx] = 0;
mkey = extract_master_key(s, sodx);
if (mkey == NULL) {
free(key_path);
return EXIT_CODE_MASTERKEY;
}
}
/* open entropy key device */
key_stream = estream_open(key_path);
if (key_stream == NULL) {
perror("Error");
fprintf(stderr, "Unable to open %s as the entropy key device.\n", key_path);
free(key_path);
return EXIT_CODE_EKEYERR;
}
free(key_path);
epkt = epkt_open(eframe_open(key_stream));
/* reset key */
estream_write(key_stream, reset, 1);
epkt_setsessionkey(epkt, NULL, default_session_key);
/* wait for serial packet */
retries = 20;
do {
res = epkt_read(epkt, data, 128);
if (res <= 0) {
if (errno == EWOULDBLOCK)
continue;
perror("Unexpected error");
return 2;
} else if (epkt->pkt_type == PKTTYPE_SNUM) {
break;
}
/* reset key */
estream_write(key_stream, reset, 1);
epkt_setsessionkey(epkt, NULL, default_session_key);
retries--;
} while (retries > 0);
if (retries == 0) {
fprintf(stderr, "Timeout obtaining serial number from key.\n");
return 3;
}
if (res != 12) {
fprintf(stderr, "Bad serial number from key.\n");
return 4;
}
if (snum == NULL) {
/* no serial number */
snum = malloc(res);
memcpy(snum, data, res);
} else {
/* ensure serial number matches */
if (memcmp(snum, data, 12) != 0) {
fprintf(stderr, "Serial number did not match the one specified.\n");
return 4;
}
}
/* Initialise the MAC checksum using the serial number and the default
* shared key
*/
epkt_setsessionkey(epkt, snum, default_session_key);
/* Prepare a nonce */
if (fill_nonce(nonce, 12) != true) {
fprintf(stderr, "Unable to generate nonce.\n");
return 1;
}
close_nonce();
/* send nonce MAC */
mac = calc_mac(snum, mkey, nonce, 12);
data[0] = 'M';
pem64_encode_bytes(mac, 6, (char *)data + 1);
estream_write(key_stream, data, 9);
/* wait for MAC ack packet */
retries = 20;
do {
res = epkt_read(epkt, data, 128);
if (res <= 0) {
if (errno == EWOULDBLOCK)
continue;
perror("Unexpected error");
return 2;
}
if (epkt->pkt_type == PKTTYPE_LTREKEYMAC)
break;
retries--;
} while (retries > 0);
if (retries == 0) {
fprintf(stderr, "Timeout obtaining MAC acknowledgement packet.\n");
return 3;
}
data[0] = 'L';
data[17] = '.';
pem64_encode_bytes(nonce, 12, (char *)data + 1);
estream_write(key_stream, data, 18);
/* wait for rekey ack packet */
do {
res = epkt_read(epkt, data, 128);
if (res <= 0) {
if (errno == EWOULDBLOCK)
continue;
if (errno == EPROTO) {
fprintf(stderr, "Provided master key does not match the device's.\n");
return 2;
}
perror("Unexpected error");
return 2;
}
} while (epkt->pkt_type != PKTTYPE_LTREKEY);
/* calculate new longterm key */
PrepareSkein(&rekeying_state, snum, &(mkey[0]), EKEY_SKEIN_PERSONALISATION_LRS);
Skein_256_Update(&rekeying_state, &(data[0]), 32);
Skein_256_Update(&rekeying_state, nonce, 12);
Skein_256_Final(&rekeying_state, session_key);
if (nokeyring == false) {
add_ltkey(snum, session_key);
if (put_keyring(keyring_filename) < 0)
return EXIT_CODE_WRITEKEYRING;
} else {
/* just display new key */
output_key(stdout, snum, session_key);
}
return 0;
}
void
SKEIN256_Update(SKEIN256_CTX * ctx, const void *in, size_t len)
{
Skein_256_Update(ctx, in, len);
}
