diff --git a/Makefile b/Makefile index cd54b20..7f82867 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ .PHONY: all clean CFLAGS= -g -ALL:= AEStest AESCMACtest AESKDFtest apitest #main +ALL:= AEStest AESCMACtest AESKDFtest apitest utiltest all: ${ALL} AEStest: AEStest.o aes128.o @@ -10,7 +10,9 @@ main: main.o utility.o utility.o: utility.c + apitest: apitest.o aes128.o api.o aes_cmac.o sw_driver.o md5.o +utiltest: utiltest.o aes128.o utility.o aes_cmac.o sw_driver.o md5.o clean: rm -f *.o ${ALL} diff --git a/api.c b/api.c index b70aaad..0aa3203 100644 --- a/api.c +++ b/api.c @@ -9,8 +9,7 @@ static u128 buf[AES_BUFSIZE+1]; ////// key table real -// ERROR(15) is for error indication -// should be always 0 +// (KEY_TABLE[15] is for error indication should be always 0 ) KEY_TABLE key_table[16]; ////// Error Handling @@ -104,13 +103,13 @@ ODAT* SB_B_GENERATE_MAC(int n, KEY_ID keyid, u128 *idat) { - return (ODAT*)AES_cmac((uint8*)key(keyid), (uint *)idat, n); + return (ODAT*)drv_AES_cmac(key(keyid), idat, n); } uint SB_B_VERIFY_MAC(int n, int nbits, KEY_ID keyid, u128 *idat3, u128 *idat4) { uint8 *p = - (uint8*)AES_cmac((uint8*)key(keyid), (uint *)idat3, n); + (uint8*)drv_AES_cmac(key(keyid), idat3, n); uint8 *q = (uint8*) idat4; for (int i = 0; i< nbits/8; i++) { @@ -127,6 +126,7 @@ void SB_B_LOAD_KEY(u128 M1, u256 M2, u128 M3) { + } // plain key to RAMKEY(15) entry @@ -165,7 +165,12 @@ //dummy } -//SB_B_IMPORT_KEY -//SB_B_EXPORT_KEY +void SB_B_IMPORT_KEY() +{ +} +void SB_B_EXPORT_KEY() +{ +} + // vi:expandtab:foldmethod=syntax sw=2 ts=2 diff --git a/driver.h b/driver.h index 999e357..8a4b661 100644 --- a/driver.h +++ b/driver.h @@ -4,26 +4,31 @@ #include "secure_types.h" typedef struct { - int year; - int month; - int day; - int wday; - int hour; - int min; - int sec; + int year; + int month; + int day; + int wday; + int hour; + int min; + int sec; } rtc_t; enum { - DRV_RST_AES= 0x01, - DRV_RST_MD5= 0x02, - DRV_RST_PRNG=0x04, + DRV_RST_AES= 0x01, + DRV_RST_MD5= 0x02, + DRV_RST_PRNG=0x04, }; uint8 *drv_rtc_get_bin(); void drv_reset(int ); -void drv_AES_crypt(uint*, uint8*); -void drv_AES_decrypt(uint*, uint8*); +void drv_AES_crypt(uint *, uint8 *); +void drv_AES_decrypt(uint *, uint8 *); + +ODAT *drv_AES_cmac(KEY128 *, u128 *, int); + uint8 *drv_MD5(int, uint8*, uint8*); + #endif/*__SW_DRIVER__*/ +/* vi:expandtab:foldmethod=syntax sw=2 ts=2*/ diff --git a/hw_driver.c b/hw_driver.c index 4c0c149..9b045c6 100644 --- a/hw_driver.c +++ b/hw_driver.c @@ -18,3 +18,5 @@ r.sec = 0; // RSECCNT return r; } + +/* vi:expandtab:foldmethod=syntax:sw=2:ts=2 */ diff --git a/secure_types.h b/secure_types.h index 4871eb1..a7dfe8c 100644 --- a/secure_types.h +++ b/secure_types.h @@ -25,6 +25,7 @@ int key_flag; u128 M1; u256 M2; + u128 M3; } KEY_TABLE; typedef uint32 IDATNUM; @@ -32,14 +33,10 @@ typedef u128 IDAT; typedef u128 IV; typedef u128 ODAT; -typedef uint32 KEY[4]; +typedef u128 KEY; typedef u128 KEY128; -typedef uint32 M1; -typedef uint32 M2; -typedef uint32 M3; -typedef uint32 M4; -typedef uint32 M5; typedef uint32 AUTHKEY_ID; +typedef uint8 UID[120/8]; #endif/*__SECURE_TYPES__*/ diff --git a/sw_driver.c b/sw_driver.c index 7a099c9..428eca7 100644 --- a/sw_driver.c +++ b/sw_driver.c @@ -2,6 +2,7 @@ #include "aes128.h" #include "driver.h" #include "md5.h" +#include "aes_cmac.h" void drv_reset(int mask) { @@ -62,3 +63,10 @@ md5_finish(&ctx, md5sum); return md5sum; } + +ODAT *drv_AES_cmac(KEY128 *K, u128 *M, int n) +{ + return (ODAT*)AES_cmac((uint8 *)K, (uint *)M, n); +} + +/* vi:expandtab:foldmethod=syntax:sw=2:ts=2 */ diff --git a/utility.c b/utility.c index e782856..62404a0 100644 --- a/utility.c +++ b/utility.c @@ -10,13 +10,15 @@ #include "aes128.h" #include "utility.h" #include "md5.h" +#include "driver.h" // for temporary static ODAT ret; -static KEY_TABLE key_table[15]; -const u128 UID = { // valid 120-bits +static u256 ret256; +KEY_TABLE key_table[15]; +const UID uid = { // valid 120-bits 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, } ; static uint16 error_reg; @@ -29,7 +31,7 @@ // RTC start & read once memset(&ret, 0, sizeof(ODAT)); memset(key_table, 0, sizeof(key_table)); - key_table[0].key = UID; + memcpy(&key_table[0].key, uid, sizeof(uid)); // for C-base lib only error_reg = 0; @@ -74,6 +76,7 @@ ODAT sb_b_md5(IDAT ival) //{{{1 { // SOFTRST[1] = 1'b0 -> SOFTRST[1] = 1'b1 + drv_reset(DRV_RST_MD5); return ret; } @@ -81,12 +84,15 @@ #define AES_OUT (void*)0xff000000 /* FPGA/AESをリセット後に実行 */ +static u128 buf; ODAT sb_b_aes_enc(KEY key, IDAT dat) //{{{1 { // SOFTRST[0] = 1'b1 -> 1'b0 - // memcpy(AES_DATA, dat, sizeof(IDAT)); // memcpy(AES_KEY, key, sizeof(KEY)); // while (CONTROL[AES]) ; -> CONTROL[AES] |= 0x01; + //memcpy(AES_DATA, dat, sizeof(IDAT)); + drv_reset(DRV_RST_AES); + drv_AES_crypt((uint*)&buf, (uint8*)&key); memcpy(ret.uc, AES_OUT, sizeof(ODAT)); return ret; } @@ -95,7 +101,7 @@ /* SW実装したAESデコーダを実行 */ ODAT sb_b_aes_dec(KEY key, IDAT dat) //{{{1 { - AES128_decrypt(dat.ul, (uint8*)key); + drv_AES_decrypt((uint*)&dat, (uint8*)&key); memcpy(ret.uc, dat.ul, 32); return ret; } @@ -124,6 +130,7 @@ // FPGA/PRNG reset // RTC -> MD5 -> seed srand(seed); + return ret; } //}}} @@ -135,7 +142,8 @@ unsigned char md5sum[16]; md5_starts( &ctx ); - md5_update( &ctx, s, strlen(s) ); + md5_update( &ctx, s, + strlen((char*)s) ); md5_finish( &ctx, md5sum ); @@ -145,14 +153,14 @@ /* FPGA/PRNGの出力値を取得し、それを返す */ IV sb_b_gen_iv() //{{{1 { - + return ret; } //}}} // FPGA/PRNGの出力値を一度だけ取得し、それを返す。常に同じ結果を返す -KEY sb_b_gen_secrete_key() //{{{1 +uint sb_b_gen_secret_key() //{{{1 { - + return 0; } //}}} @@ -167,7 +175,7 @@ // FPGA/PRNGの出力値を取得し、それを返す。 KEY sb_b_gen_key() //{{{1 { - + return ret; } //}}} @@ -175,14 +183,14 @@ // FLAGをクリア" void sb_b_clear_key_flg(KEY_ID kid, uint8 flg) //{{{1 { - key_table[kid].key_flg = flg; +// key_table[kid].key_flg = flg; } //}}} // KEY_IDを引数として、KEY_IDに対応するKEY FRAGの値を返す -KEY_FLG sb_b_read_key_flg(KEY_ID kid) //{{{1 +uint sb_b_read_key_flg(KEY_ID kid) //{{{1 { - return key_table[kid].key_flg; + return key_table[kid].key_flag; } //}}} @@ -194,16 +202,16 @@ //}}} // KEY_IDを引数として、鍵更新回数を表すCOUNTER値を取得し返す -ODAT sb_b_read_counter(KEY_ID kid) //{{{1 +uint sb_b_read_counter(KEY_ID kid) //{{{1 { - + return key_table[kid].counter; } //}}} // ユーザ指定の乱数シードをFPGA/PRNGの乱数シードとして設定 ODAT sb_b_set_rand_seed(uint32 seed) //{{{1 { - + return ret; } //}}} @@ -237,42 +245,44 @@ //}}} // COUNTER、KEY FRAG、KEY(128bit)を引数として、計算式に従いM2(256bit)を返す -u256 sb_b_create_M2(uint32 counter, KEY_FLG flg, KEY key, KEY_ID kid) //{{{1 +u256 sb_b_create_M2(uint32 counter, uint flg, KEY key, KEY_ID kid) //{{{1 { key_table[kid].M2.ul[0] = ((counter&0xffffff) << 4) | ((flg >> 1) &1) ; key_table[kid].M2.ul[1] = ((flg&1) << 30) ; key_table[kid].M2.ul[2] = 0 ; key_table[kid].M2.ul[3] = 0 ; - memcpy(key_table[kid].M2.ul+4, key, 16); + memcpy(key_table[kid].M2.ul+4, &key, 16); return key_table[kid].M2; } //}}} // M1とM2を引数として、計算式に従いM3(128bit)を返す -u128 sb_b_create_M3(M1 m1, M2 m2) //{{{1 +u128 sb_b_create_M3(u128 m1, u256 m2) //{{{1 { - + u128 a= {0}; + return a; } //}}} // UID、KEY_ID、AuthKEY_ID、COUNTERを引数として、計算式に従いM4(256bit)を返す u128 sb_b_create_M4(u128 uid, KEY_ID kid, AUTHKEY_ID akid, uint32 counter) //{{{1 { + return ret; } //}}} // M4を引数として、計算式に従いM5(128bit)を返す -u128 sb_b_create_M5(u128 key, M4 m4) //{{{1 +u128 sb_b_create_M5(u128 key, u128 m4) //{{{1 { - + return ret; } //}}} // "COUNTER、KEY FRAG、KEY(128bit)を暗号化前のM2形式としたデータ13個から成る // データを引数として、各データを順次KEY_IDが1~13の鍵格納領域に書込む" -void sb_b_import_plain_key(uint32 counter, KEY_FLG flg, KEY key) //{{{1 +void sb_b_import_plain_key(uint counter, uint flg, KEY key) //{{{1 { } @@ -280,15 +290,15 @@ // "KEY_IDが1~13の鍵格納領域から、COUNTER、KEY FRAG、KEY(128bit)を暗号化 // 前のM2の形式のデータ13個から成るデータを取得し、これを返す" -M2 sb_b_export_plain_key() //{{{1 +u256 sb_b_export_plain_key() //{{{1 { - + return ret256; } //}}} // "KEY_IDと、COUNTER、KEY FRAG、KEY(128bit)を暗号化前のM2形式としたデータ // 1個から成るデータを引数として、KEY_IDに対応する鍵格納領域に書込む" -void sb_b_import_each_plain_key(KEY_ID kid, uint32 counter, KEY_FLG flg, KEY key) //{{{1 +void sb_b_import_each_plain_key(KEY_ID kid, uint32 counter, uint flg, KEY key) //{{{1 { } @@ -297,17 +307,17 @@ // "KEY_IDを引数として、KEY_IDに対応する鍵格納領域から、COUNTER、KEY FRAG、 // KEY(128bit)を暗号化前のM2の形式のデータ13個から成るデータを取得し、これを // 返す" -M2 sb_b_export_each_plain_key(KEY_ID kid) //{{{1 +u256 sb_b_export_each_plain_key(KEY_ID kid) //{{{1 { - + return ret256; } //}}} // "RAM_KEYの鍵格納領域から、COUNTER、KEY FRAG、KEY(128bit)を暗号化前の // M2の形式のデータを取得し、これを返す" -M2 sb_b_export_plain_ram_key() //{{{1 +u256 sb_b_export_plain_ram_key() //{{{1 { - + return ret256; } //}}} diff --git a/utility.h b/utility.h index 1a594ed..2c27c40 100644 --- a/utility.h +++ b/utility.h @@ -4,8 +4,8 @@ #include "secure_types.h" // blocking functions -uint sb_b_start_prng(uint); void sb_b_sw_rst(); +uint sb_b_start_prng(uint); //- ODAT sb_b_resume_prng(); ODAT sb_b_md5(IDAT seed); @@ -16,26 +16,26 @@ u128 sb_b_gen_uid(); void sb_b_modify_uid(); IV sb_b_gen_iv(); -u128 sb_b_gen_secrete_key(); +uint sb_b_gen_secret_key(); void sb_b_modify_secrete_key(KEY); u128 sb_b_gen_key(); void sb_b_clear_key_flg(KEY_ID, uint8); -KEY_FLG sb_b_read_key_flg(KEY_ID); +uint sb_b_read_key_flg(KEY_ID); uint32 sb_b_read_error_reg(); -ODAT sb_b_read_counter(KEY_ID); +uint sb_b_read_counter(KEY_ID); ODAT sb_b_set_rand_seed(uint32 seed); void sb_b_kdf(KEY, IDAT); void sb_b_cmac(uint32, IDAT, IDAT); u128 sb_b_create_M1(u128, KEY_ID, AUTHKEY_ID); -u256 sb_b_create_M2(uint32, KEY_FLG, KEY, KEY_ID); -u128 sb_b_create_M3(M1, M2); +u256 sb_b_create_M2(uint32, uint, KEY, KEY_ID); +u128 sb_b_create_M3(u128, u256); u128 sb_b_create_M4(u128, KEY_ID, AUTHKEY_ID, uint32); -u128 sb_b_create_M5(u128, M4); -void sb_b_import_plain_key(uint32, KEY_FLG, KEY); -M2 sb_b_export_plain_key(); -void sb_b_import_each_plain_key(KEY_ID, uint32, KEY_FLG, KEY); -M2 sb_b_export_each_plain_key(KEY_ID); -M2 sb_b_export_plain_ram_key(); +u128 sb_b_create_M5(u128, u128); +void sb_b_import_plain_key(uint32, uint, KEY); +u256 sb_b_export_plain_key(); +void sb_b_import_each_plain_key(KEY_ID, uint32, uint, KEY); +u256 sb_b_export_each_plain_key(KEY_ID); +u256 sb_b_export_plain_ram_key(); // non-blocking functions void sb_nb_sw_rst(); diff --git a/utiltest.c b/utiltest.c new file mode 100644 index 0000000..43d657f --- /dev/null +++ b/utiltest.c @@ -0,0 +1,14 @@ +#include +#include "api.h" +#include "utility.h" + +int main(int argc, char const* argv[]) +{ + IV iv = {0x80, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x90, 0x80, 0x70, 0x60, 0x50, 0x40, 0x30, 0x07, + }; + for (int i = 0; i< sizeof(iv.uc); i++) { + printf("%02x ", iv.uc[i]); + } + return 0; +}