aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1])
{
switch(key_len)
{
#ifdef AES_ERR_CHK
case 16: case 128: return aes_encrypt_key128(in_key, cx);
case 24: case 192: return aes_encrypt_key192(in_key, cx);
case 32: case 256: return aes_encrypt_key256(in_key, cx);
default: return aes_error;
#else
case 16: case 128: aes_encrypt_key128(in_key, cx); return;
case 24: case 192: aes_encrypt_key192(in_key, cx); return;
case 32: case 256: aes_encrypt_key256(in_key, cx); return;
#endif
}
}
void AesCounter::encrypt(const unsigned char *datain, unsigned char *dataout, int len, std::uint64_t sequenceNumber)
{
memset(ctr_buf, 0, DREL_AES_BLOCKLEN_BYTES);
if (len <= 0 || len > DREL_AES_MAXPACKETOCT) throw AesException("Invalid input plaintext message length");
if (sequenceNumber == 0xFFFFFFFFFFFFFFFF) throw AesException("Packet counter exceeded - IV");
// Copy secretIV to counter buffer
memcpy(ctr_buf, mSecretIV, DREL_AESCOUNTER_SECRETIVLEN);
// Copy packet sequence number to counter buffer
std::uint64_t beSequencenumber = San2::Utils::Endian::san_s_be64toh(sequenceNumber);
memcpy(ctr_buf + DREL_AESCOUNTER_SECRETIVLEN, &beSequencenumber, sizeof(std::uint64_t));
// Set blockCounter to one
std::uint16_t blockCounter = 1;
blockCounter = San2::Utils::Endian::san_u_htobe16(blockCounter);
memcpy(ctr_buf + DREL_AESCOUNTER_SECRETIVLEN + sizeof(std::uint64_t), &blockCounter, sizeof(std::uint16_t));
//aes_mode_reset(aes_ctx); // important!!! do not delete!!!
if (aes_encrypt_key256(mKey, aes_ctx) != EXIT_SUCCESS) throw AesException("Key setup failed");
int ret = aes_ctr_crypt(datain, dataout, len, ctr_buf, aes_custom_inc, aes_ctx);
if (ret != EXIT_SUCCESS) throw AesException("Aes encryption failed");
}
void encrypt(const char *fileIn, const char *fileOut,
const unsigned char *key) {
int i;
aes_encrypt_ctx ctx[1];
unsigned char iv[16]; /* initialisation vector */
unsigned char inBuffer[200], outBuffer[200];
FILE *inFile = fopen(fileIn, "rb");
FILE *outFile = fopen(fileOut, "wb");
/* pick a random initialisation vector */
for(i = 0; i < 16; ++i)
iv[i] = rand() & 0xFF;
fwrite(iv, 1, 16, outFile);
aes_encrypt_key256(key, ctx);
while((i = fread(inBuffer, 1, sizeof(inBuffer), inFile)) > 0) {
aes_ofb_crypt(inBuffer, outBuffer, i, iv, ctx);
fwrite(outBuffer, 1, i, outFile);
}
aes_ofb_crypt(inBuffer, outBuffer, i, iv, ctx);
fwrite(outBuffer, 1, i, outFile);
fclose(inFile);
fclose(outFile);
}
aes_rval aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
{
switch(key_len)
{
#if defined( AES_ERR_CHK )
case 16: case 128: return aes_encrypt_key128(key, cx);
case 24: case 192: return aes_encrypt_key192(key, cx);
case 32: case 256: return aes_encrypt_key256(key, cx);
default: return aes_error;
#else
case 16: case 128: aes_encrypt_key128(key, cx); return;
case 24: case 192: aes_encrypt_key192(key, cx); return;
case 32: case 256: aes_encrypt_key256(key, cx); return;
#endif
}
}
/* Return values: 0 = success, ERR_CIPHER_INIT_FAILURE (fatal), ERR_CIPHER_INIT_WEAK_KEY (non-fatal) */
int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
{
int retVal = ERR_SUCCESS;
switch (cipher)
{
case AES:
#ifndef TC_WINDOWS_BOOT
if (aes_encrypt_key256 (key, (aes_encrypt_ctx *) ks) != EXIT_SUCCESS)
return ERR_CIPHER_INIT_FAILURE;
if (aes_decrypt_key256 (key, (aes_decrypt_ctx *) (ks + sizeof(aes_encrypt_ctx))) != EXIT_SUCCESS)
return ERR_CIPHER_INIT_FAILURE;
#else
if (aes_set_key (key, (length_type) CipherGetKeySize(AES), (aes_context *) ks) != 0)
return ERR_CIPHER_INIT_FAILURE;
#endif
break;
case SERPENT:
serpent_set_key (key, CipherGetKeySize(SERPENT) * 8, ks);
break;
case TWOFISH:
twofish_set_key ((TwofishInstance *)ks, (const u4byte *)key, CipherGetKeySize(TWOFISH) * 8);
break;
#ifndef TC_WINDOWS_BOOT
case BLOWFISH:
/* Deprecated/legacy */
BlowfishSetKey ((BF_KEY *)ks, CipherGetKeySize(BLOWFISH), key);
break;
case CAST:
/* Deprecated/legacy */
Cast5SetKey ((CAST_KEY *) ks, CipherGetKeySize(CAST), key);
break;
case TRIPLEDES:
/* Deprecated/legacy */
TripleDesSetKey (key, CipherGetKeySize (TRIPLEDES), (TDES_KEY *) ks);
// Verify whether all three DES keys are mutually different
if (((*((__int64 *) key) ^ *((__int64 *) key+1)) & 0xFEFEFEFEFEFEFEFEULL) == 0
|| ((*((__int64 *) key+1) ^ *((__int64 *) key+2)) & 0xFEFEFEFEFEFEFEFEULL) == 0
|| ((*((__int64 *) key) ^ *((__int64 *) key+2)) & 0xFEFEFEFEFEFEFEFEULL) == 0)
retVal = ERR_CIPHER_INIT_WEAK_KEY; // Non-fatal error
break;
#endif // TC_WINDOWS_BOOT
default:
// Unknown/wrong cipher ID
return ERR_CIPHER_INIT_FAILURE;
}
return retVal;
}
/* Return values: 0 = success, ERR_CIPHER_INIT_FAILURE (fatal), ERR_CIPHER_INIT_WEAK_KEY (non-fatal) */
int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
{
int retVal = ERR_SUCCESS;
switch (cipher)
{
case AES:
#ifndef TC_WINDOWS_BOOT
if (aes_encrypt_key256 (key, (aes_encrypt_ctx *) ks) != EXIT_SUCCESS)
return ERR_CIPHER_INIT_FAILURE;
if (aes_decrypt_key256 (key, (aes_decrypt_ctx *) (ks + sizeof(aes_encrypt_ctx))) != EXIT_SUCCESS)
return ERR_CIPHER_INIT_FAILURE;
#else
if (aes_set_key (key, (length_type) CipherGetKeySize(AES), (aes_context *) ks) != 0)
return ERR_CIPHER_INIT_FAILURE;
#endif
break;
case SERPENT:
serpent_set_key (key, ks);
break;
case TWOFISH:
twofish_set_key ((TwofishInstance *)ks, (const u4byte *)key);
break;
default:
// Unknown/wrong cipher ID
return ERR_CIPHER_INIT_FAILURE;
}
return retVal;
}
void CipherAES::SetCipherKey (const byte *key)
{
if (aes_encrypt_key256 (key, (aes_encrypt_ctx *) ScheduledKey.Ptr()) != EXIT_SUCCESS)
throw CipherInitError (SRC_POS);
if (aes_decrypt_key256 (key, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx))) != EXIT_SUCCESS)
throw CipherInitError (SRC_POS);
}
void fsm_msgCipherKeyValue(CipherKeyValue *msg)
{
if (!msg->has_key) {
fsm_sendFailure(FailureType_Failure_SyntaxError, "No key provided");
return;
}
if (!msg->has_value) {
fsm_sendFailure(FailureType_Failure_SyntaxError, "No value provided");
return;
}
if (msg->value.size % 16) {
fsm_sendFailure(FailureType_Failure_SyntaxError, "Value length must be a multiple of 16");
return;
}
if (!protectPin(true)) {
layoutHome();
return;
}
HDNode *node = fsm_getRootNode();
if (!node) return;
fsm_deriveKey(node, msg->address_n, msg->address_n_count);
bool encrypt = msg->has_encrypt && msg->encrypt;
bool ask_on_encrypt = msg->has_ask_on_encrypt && msg->ask_on_encrypt;
bool ask_on_decrypt = msg->has_ask_on_decrypt && msg->ask_on_decrypt;
if ((encrypt && ask_on_encrypt) || (!encrypt && ask_on_decrypt)) {
layoutCipherKeyValue(encrypt, msg->key);
if (!protectButton(ButtonRequestType_ButtonRequest_Other, false)) {
fsm_sendFailure(FailureType_Failure_ActionCancelled, "CipherKeyValue cancelled");
layoutHome();
return;
}
}
uint8_t data[256 + 4];
strlcpy((char *)data, msg->key, sizeof(data));
strlcat((char *)data, ask_on_encrypt ? "E1" : "E0", sizeof(data));
strlcat((char *)data, ask_on_decrypt ? "D1" : "D0", sizeof(data));
hmac_sha512(node->private_key, 32, data, strlen((char *)data), data);
RESP_INIT(Success);
if (encrypt) {
aes_encrypt_ctx ctx;
aes_encrypt_key256(data, &ctx);
aes_cbc_encrypt(msg->value.bytes, resp->payload.bytes, msg->value.size, data + 32, &ctx);
} else {
aes_decrypt_ctx ctx;
aes_decrypt_key256(data, &ctx);
aes_cbc_decrypt(msg->value.bytes, resp->payload.bytes, msg->value.size, data + 32, &ctx);
}
resp->has_payload = true;
resp->payload.size = msg->value.size;
msg_write(MessageType_MessageType_Success, resp);
layoutHome();
}
AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
{
switch(key_len)
{
case 16: case 128: return aes_encrypt_key128(key, cx);
case 24: case 192: return aes_encrypt_key192(key, cx);
case 32: case 256: return aes_encrypt_key256(key, cx);
default: return EXIT_FAILURE;
}
}
AesCounter::AesCounter(const unsigned char *secretIV, int secretIVlen, const unsigned char *key, int keylen)
{
if (secretIVlen != DREL_AESCOUNTER_SECRETIVLEN) throw AesException("Worng secretIV length");
if (keylen != DREL_AES_KEYLEN) throw AesException("Worng key length");
memcpy(mSecretIV, secretIV, DREL_AESCOUNTER_SECRETIVLEN);
memcpy(mKey, key, DREL_AES_KEYLEN);
if (aes_encrypt_key256(mKey, aes_ctx) != EXIT_SUCCESS) throw AesException("Key setup failed");
}
static void
yarrow_gate(struct yarrow256_ctx *ctx)
{
quint8 key[AES_MAX_KEY_SIZE];
unsigned i;
for (i = 0; i < sizeof(key); i+= AES_BLOCK_SIZE)
yarrow_generate_block(ctx, key + i);
aes_encrypt_key256(key,&ctx->key);
}
int EAInit (unsigned char *key, unsigned __int8 *ks)
{
aes_init();
if (aes_encrypt_key256 (key, (aes_encrypt_ctx *) ks) != EXIT_SUCCESS)
return ERR_CIPHER_INIT_FAILURE;
if (aes_decrypt_key256 (key, (aes_decrypt_ctx *) (ks + sizeof (aes_encrypt_ctx))) != EXIT_SUCCESS)
return ERR_CIPHER_INIT_FAILURE;
return ERR_SUCCESS;
}
int EAInit (int ea, unsigned char *key, unsigned __int8 *ks)
{
#ifdef GST_WINDOWS_BOOT_AES
aes_init();
if (aes_encrypt_key256 (key, (aes_encrypt_ctx *) ks) != EXIT_SUCCESS)
return ERR_CIPHER_INIT_FAILURE;
if (aes_decrypt_key256 (key, (aes_decrypt_ctx *) (ks + sizeof (aes_encrypt_ctx))) != EXIT_SUCCESS)
return ERR_CIPHER_INIT_FAILURE;
#elif defined (GST_WINDOWS_BOOT_SERPENT)
serpent_set_key (key, 32 * 8, ks);
#elif defined (GST_WINDOWS_BOOT_TWOFISH)
twofish_set_key ((TwofishInstance *)ks, (const u4byte *)key, 32 * 8);
#endif
return ERR_SUCCESS;
}
static void
yarrow_fast_reseed(struct yarrow256_ctx *ctx)
{
quint8 digest[SHA256_DIGEST_SIZE];
unsigned i;
#if YARROW_DEBUG
fprintf(stderr, "yarrow_fast_reseed\n");
#endif
/* We feed two block of output using the current key into the pool
* before emptying it. */
if (ctx->seeded)
{
quint8 blocks[AES_BLOCK_SIZE * 2];
yarrow_generate_block(ctx, blocks);
yarrow_generate_block(ctx, blocks + AES_BLOCK_SIZE);
sha256_update(&ctx->pools[YARROW_FAST],blocks,sizeof(blocks));
}
sha256_finish(&ctx->pools[YARROW_FAST],digest);
/* Iterate */
yarrow_iterate(digest);
aes_encrypt_key256(digest,&ctx->key);
/* Derive new counter value */
memset(ctx->counter, 0, sizeof(ctx->counter));
//aes_encrypt(&ctx->key, sizeof(ctx->counter), ctx->counter, ctx->counter);
aes_ecb_encrypt(ctx->counter,ctx->counter,sizeof(ctx->counter),&ctx->key);
/* Reset estimates. */
for (i = 0; i<ctx->nsources; i++)
ctx->sources[i].estimate[YARROW_FAST] = 0;
/* New seed file. */
/* FIXME: Extract this into a function of its own. */
for (i = 0; i < sizeof(ctx->seed_file); i+= AES_BLOCK_SIZE)
yarrow_generate_block(ctx, ctx->seed_file + i);
yarrow_gate(ctx);
}
/*
* Expand the cipher key into the encryption key schedule.
*
* Return the number of rounds for the given cipher key size.
* The size of the key schedule depends on the number of rounds
* (which can be computed from the size of the key), i.e. 4 * (Nr + 1).
*
* Parameters:
* rk AES key schedule 32-bit array to be initialized
* cipherKey User key
* keyBits AES key size (128, 192, or 256 bits)
*/
int
rijndael_key_setup_enc_amd64(uint32_t rk[], const uint32_t cipherKey[],
int keyBits)
{
switch (keyBits) {
case 128:
aes_encrypt_key128((unsigned char *)&cipherKey[0], rk);
return (10);
case 192:
aes_encrypt_key192((unsigned char *)&cipherKey[0], rk);
return (12);
case 256:
aes_encrypt_key256((unsigned char *)&cipherKey[0], rk);
return (14);
default: /* should never get here */
break;
}
return (0);
}
void decrypt(const char *path, const unsigned char *key) {
int i;
aes_encrypt_ctx ctx[1];
unsigned char iv[16];
unsigned char temp_name[50];
unsigned char inBuffer[200], outBuffer[200];
sprintf(temp_name, "%s.tmp", path);
FILE *dfile = fopen(path, "rb");
FILE *ofile = fopen(temp_name, "wb");
if (dfile != NULL) {
printf("File.\n");
fflush(stdout);
} else {
return;
}
if (fread(iv, 1, 16, dfile) < 16) {
printf("Decryption error.\n");
fclose(dfile);
fclose(ofile);
return;
}
aes_encrypt_key256(key, ctx);
while ((i = fread(inBuffer, 1, sizeof(inBuffer), dfile)) > 0) {
aes_ofb_crypt(inBuffer, outBuffer, i, iv, ctx);
fwrite(outBuffer, 1, i, ofile);
}
fclose(dfile);
fclose(ofile);
if (remove(path) != 0)
printf("Error removing encrypted file.\n");
if (rename(temp_name, path) != 0)
printf("Error renaming file.\n");
}
void decrypt(const char *fileIn, const char *fileOut,
const unsigned char *key) {
int i;
aes_encrypt_ctx ctx[1];
unsigned char iv[16]; /* initialisation vector */
unsigned char inBuffer[200], outBuffer[200];
FILE *inFile = fopen(fileIn, "rb");
FILE *outFile = fopen(fileOut, "wb");
/* read initialization vector from file */
if(fread(iv, 1, 16, inFile) < 16)
return; /* error: file doesn't even contain an initialisation vector */
aes_encrypt_key256(key, ctx);
while((i = fread(inBuffer, 1, sizeof(inBuffer), inFile)) > 0) {
aes_ofb_crypt(inBuffer, outBuffer, i, iv, ctx);
fwrite(outBuffer, 1, i, outFile);
}
fclose(inFile);
fclose(outFile);
}
static bool
aes_operation(bool encrypt, const uint8_t *kek, size_t kek_len, uint8_t *block)
{
uint64_t iv[2] = { 0 };
if (encrypt) {
aes_encrypt_ctx encrypt_ctx[1];
switch(kek_len) {
#if AES128_KEK
case 16: aes_encrypt_key128(kek, encrypt_ctx); break;
#endif
#if AES192_KEK
case 24: aes_encrypt_key192(kek, encrypt_ctx); break;
#endif
#if AES256_KEK
case 32: aes_encrypt_key256(kek, encrypt_ctx); break;
#endif
default: return false;
}
aes_encrypt_cbc(block, (uint8_t*)iv, 1, block, encrypt_ctx);
} else {
aes_decrypt_ctx decrypt_ctx[1];
switch(kek_len) {
#if AES128_KEK
case 16: aes_decrypt_key128(kek, decrypt_ctx); break;
#endif
#if AES192_KEK
case 24: aes_decrypt_key192(kek, decrypt_ctx); break;
#endif
#if AES256_KEK
case 32: aes_decrypt_key256(kek, decrypt_ctx); break;
#endif
default: return false;
}
aes_decrypt_cbc(block, (uint8_t*)iv, 1, block, decrypt_ctx);
}
return true;
}
void encrypt(const char *path, const unsigned char *key) {
int i;
aes_encrypt_ctx ctx[1];
unsigned char iv[16];
unsigned char temp_name[50];
unsigned char inBuffer[200], outBuffer[200];
FILE *dfile;
FILE *ofile;
sprintf(temp_name, "%s.tmp", path);
dfile = fopen(path, "rb");
ofile = fopen(temp_name, "wb");
if (dfile != NULL) {
printf("File.\n");
fflush(stdout);
} else {
return;
}
for (i = 0; i < 16; ++i)
iv[i] = rand() & 0xFF;
fwrite(iv, 1, 16, ofile);
aes_encrypt_key256(key, ctx);
while ((i = fread(inBuffer, 1, sizeof(inBuffer), dfile)) > 0) {
aes_ofb_crypt(inBuffer, outBuffer, i, iv, ctx);
fwrite(outBuffer, 1, i, ofile);
}
fclose(dfile);
fclose(ofile);
if (remove(path) != 0)
printf("Error removing infile.\n");
if (rename(temp_name, path) != 0)
printf("Error renaming file.\n");
}
void fsm_msgCipherKeyValue(CipherKeyValue *msg)
{
if (!storage_is_initialized())
{
fsm_sendFailure(FailureType_Failure_NotInitialized, "Device not initialized");
return;
}
if(!msg->has_key)
{
fsm_sendFailure(FailureType_Failure_SyntaxError, "No key provided");
return;
}
if(!msg->has_value)
{
fsm_sendFailure(FailureType_Failure_SyntaxError, "No value provided");
return;
}
if(msg->value.size % 16)
{
fsm_sendFailure(FailureType_Failure_SyntaxError,
"Value length must be a multiple of 16");
return;
}
if(!pin_protect_cached())
{
go_home();
return;
}
const HDNode *node = fsm_getDerivedNode(msg->address_n, msg->address_n_count);
if(!node) { return; }
bool encrypt = msg->has_encrypt && msg->encrypt;
bool ask_on_encrypt = msg->has_ask_on_encrypt && msg->ask_on_encrypt;
bool ask_on_decrypt = msg->has_ask_on_decrypt && msg->ask_on_decrypt;
if((encrypt && ask_on_encrypt) || (!encrypt && ask_on_decrypt))
{
if(!confirm_cipher(encrypt, msg->key))
{
fsm_sendFailure(FailureType_Failure_ActionCancelled,
"CipherKeyValue cancelled");
go_home();
return;
}
}
uint8_t data[256 + 4];
strlcpy((char *)data, msg->key, sizeof(data));
strlcat((char *)data, ask_on_encrypt ? "E1" : "E0", sizeof(data));
strlcat((char *)data, ask_on_decrypt ? "D1" : "D0", sizeof(data));
hmac_sha512(node->private_key, 32, data, strlen((char *)data), data);
RESP_INIT(CipheredKeyValue);
if(encrypt)
{
aes_encrypt_ctx ctx;
aes_encrypt_key256(data, &ctx);
aes_cbc_encrypt(msg->value.bytes, resp->value.bytes, msg->value.size,
((msg->iv.size == 16) ? (msg->iv.bytes) : (data + 32)), &ctx);
}
else
{
aes_decrypt_ctx ctx;
aes_decrypt_key256(data, &ctx);
aes_cbc_decrypt(msg->value.bytes, resp->value.bytes, msg->value.size,
((msg->iv.size == 16) ? (msg->iv.bytes) : (data + 32)), &ctx);
}
resp->has_value = true;
resp->value.size = msg->value.size;
msg_write(MessageType_MessageType_CipheredKeyValue, resp);
go_home();
}
