diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..499a618 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.o +*.swp diff --git a/AESKDFtest.c b/AESKDFtest.c index 97e5fd6..08d2150 100644 --- a/AESKDFtest.c +++ b/AESKDFtest.c @@ -18,9 +18,10 @@ //////////////////////////////////////////////////////////////////////////////// int main(int argc, char const* argv[]) { - char *msg1 = "0123456789012345"; - char *msg2 = "1123456789012345"; - char *msg3 = "0123456789112345"; + char msg1[] = "0123456789012345"; + char msg2[] = "1123456789012345"; + char msg3[] = "0123456789112345"; + char msg4[] = "0123456789012345" "0123456789012345"; uint mac[4]; @@ -28,13 +29,15 @@ 0x00, 0x34, 0x00, 0x78, 0x00, 0x00, 0x56, 0x78,}; #define DUMP(msg) \ printf("%-30s- ", msg);\ - memcpy(mac, (uint8*)AES_KDF((uint *)msg, 1), aes_datalen);\ + memcpy(mac, (uint8*)AES_KDF((uint *)msg, sizeof(msg)/16), aes_datalen);\ dump(#msg " CMAC = ", (uint8*)mac, aes_datalen); DUMP(msg1); DUMP(msg2); DUMP(msg3); + DUMP(msg4); DUMP(msg1); + DUMP(msg4); return 0; } diff --git a/Makefile b/Makefile index 2284cab..6be6ca2 100644 --- a/Makefile +++ b/Makefile @@ -1,11 +1,14 @@ .PHONY: all clean -ALL:= AEStest AESCMACtest AESKDFtest +ALL:= AEStest AESCMACtest AESKDFtest main all: ${ALL} AEStest: AEStest.o aes128.o AESCMACtest: AESCMACtest.o aes_cmac.o aes128.o AESKDFtest: AESKDFtest.o aes_kdf.o aes128.o +main: main.o utility.o +utility.o: utility.c + clean: rm -f *.o ${ALL} diff --git a/SensorBoard_API.c b/SensorBoard_API.c new file mode 100644 index 0000000..64e0df7 --- /dev/null +++ b/SensorBoard_API.c @@ -0,0 +1,39 @@ +#include "api.h" + +#define NULL 0 + +ODAT* SB_B_ENC_ECB(IDATNUM n, KEY_ID keyid, IDAT idat) +{ + return NULL; +}; +ODAT* SB_B_ENC_CBC(IDATNUM n, KEY_ID keyid, IV initial, IDAT idat) +{ + return NULL; +}; + +ODAT* SB_B_DEC_ECB(IDATNUM n, KEY_ID keyid, IDAT idat) +{ + return NULL; +}; + +ODAT* SB_B_DEC_CBC(IDATNUM n, KEY_ID keyid, IV initial, IDAT idat) +{ + return NULL; +}; + +SB_B_GENERATE_MAC +SB_B_VERIFY_MAC + +SB_B_LOAD_KEY +SB_B_LOAD_PLAIN_KEY +SB_B_EXPORT_RAM_KEY +SB_B_INIT_RNG +SB_B_EXTEND_SEED +SB_B_RND + +SB_B_GET_STATUS +SB_B_GET_ID +SB_B_CANCEL +SB_B_IMPORT_KEY +SB_B_EXPORT_KEY + diff --git a/api.h b/api.h new file mode 100644 index 0000000..3b89cd3 --- /dev/null +++ b/api.h @@ -0,0 +1,33 @@ +#ifndef __SECURE_API__ +#define __SECURE_API__ +#include "secure_types.h" + +// blocking functions +ODAT* SB_B_ENC_ECB(IDATNUM, KEY_ID, IDAT) ; +ODAT* SB_B_ENC_CBC(IDATNUM, KEY_ID, IV, IDAT) ; + +ODAT* SB_B_DEC_ECB(IDATNUM, KEY_ID, IDAT) ; +ODAT* SB_B_DEC_CBC(IDATNUM, KEY_ID, IV, IDAT) ; + +void SB_B_GENERATE_MAC(IDAT, KEY_ID, IDAT) ; +void SB_B_VERIFY_MAC(IDAT, KEY_ID, IDAT) ; + +//void SB_B_LOAD_KEY(M1, M2, M3) ; +//void SB_B_LOAD_PLAIN_KEY(IDAT1) ; +void SB_B_EXPORT_RAM_KEY(void) ; +void SB_B_INIT_RNG(void) ; +void SB_B_EXTEND_SEED(void) ; +void SB_B_RND(void) ; + +void SB_B_GET_STATUS(IDAT); +void SB_B_GET_ID(void); +void SB_B_CANCEL(void); +//void SB_B_IMPORT_KEY(M2); +// M2 SB_B_EXPORT_KEY(void); +// non-blocking functions +ODAT* SB_NB_ENC_ECB(IDATNUM, KEY_ID, IDAT) ; +ODAT* SB_NB_ENC_CBC(IDATNUM, KEY_ID, IV, IDAT) ; + + + +#endif/*__SECURE_API__*/ diff --git a/main.c b/main.c new file mode 100644 index 0000000..43d657f --- /dev/null +++ b/main.c @@ -0,0 +1,14 @@ +#include +#include "api.h" +#include "utility.h" + +int main(int argc, char const* argv[]) +{ + IV iv = {0x80, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x90, 0x80, 0x70, 0x60, 0x50, 0x40, 0x30, 0x07, + }; + for (int i = 0; i< sizeof(iv.uc); i++) { + printf("%02x ", iv.uc[i]); + } + return 0; +} diff --git a/md5.h b/md5.h index ff26f06..44d6646 100644 --- a/md5.h +++ b/md5.h @@ -1,14 +1,6 @@ #ifndef _MD5_H #define _MD5_H -#ifndef uint8 -#define uint8 unsigned char -#endif - -#ifndef uint32 -#define uint32 unsigned long int -#endif - typedef struct { uint32 total[2]; diff --git a/secure_types.h b/secure_types.h index d822dd0..67126bf 100644 --- a/secure_types.h +++ b/secure_types.h @@ -7,26 +7,31 @@ typedef unsigned int uint; -union u128 { +typedef union u128 { uint8 uc[16]; uint16 us[8]; uint32 ul[4]; -}; +} u128; + +typedef struct { + u128 key; + int counter; + int key_flg; +} KEY_TABLE; typedef uint32 IDATNUM; typedef uint8 KEY_ID; -typedef union u128 IDAT; -typedef union u128 IV; -typedef union u128 ODAT; -typedef uint32 KEY; -typedef union u128 KEY128; +typedef u128 IDAT; +typedef u128 IV; +typedef u128 ODAT; +typedef uint32 KEY[4]; +typedef u128 KEY128; typedef uint32 KEY_FLG; typedef uint32 M1; typedef uint32 M2; typedef uint32 M3; typedef uint32 M4; typedef uint32 M5; -typedef uint32 UID; typedef uint32 AUTHKEY_ID; #endif/*__SECURE_TYPES__*/ diff --git a/utility.c b/utility.c new file mode 100644 index 0000000..9a459ca --- /dev/null +++ b/utility.c @@ -0,0 +1,300 @@ +/* + * SensorBoard Secure Library + * Subject: Utility Functions Implementation File + * Copyright (C) 2015, T.Kurosawa + */ + +#include +#include // for rand + +#include "aes128.h" +#include "utility.h" +#include "md5.h" + +// for temporary +static ODAT ret; +static KEY_TABLE key_table[15]; +const u128 UID = { // valid 120-bits + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, +} ; + +/* "FPGA全暗号モジュールのSWリセット・割込み許可指定、及び入力データの全0設定" + in secure-C-lib do nothing */ +void sb_b_sw_rst() //{{{1 +{ + // SOFTRST[15:0] = 13'h0000 -> SOFTRST[15:0] = 13'h0007 + // INTENABLE[15:0] = 14'h0003 + // RTC start & read once + memset(&ret, 0, sizeof(ODAT)); + memset(key_table, 0, sizeof(key_table)); + key_table[0].key = UID; + + return; +} +//}}} + +/* "引数SEED(32bit)を乱数シードとしてFPGA/PRNGを起動。CONTROL/PRNG_Kを0 + に設定。ブロッキングでは割込み許可、ノンブロッキングでは割込み不許可" */ +uint sb_b_start_prng(uint seed) //{{{1 +{ + // SOFTRST[2] = 1'b0 -> 1'b1 (PRNG RST) + // PRNG_SEED = seed + srand(seed); + // INTENABLE[2] /PRNG = 1'b1 + // check CONTROL/PRNG_L == 0 -> write 1 + return 10; +} +//}}} + +/* "FPGA/PRNGを停止。*/ +void sb_nb_stop_prng() //{{{1 +{ + // SOFTRST[2] = 1'b1; + // INTENABLE_PRNG_INTE = 1'b0; +}//}}} + +/* "引数SEED(32bit)を乱数シードとしてFPGA/PRNGの再開 + ブロッキングでは割込み許可、ノンブロッキングでは割込み不許可" */ +ODAT sb_b_resume_prng(uint32 seed) //{{{1 +{ + // PRNG_SEED = seed + srand(seed); + // INTENABLE[2] /PRNG = 1'b1 + // check CONTROL/PRNG_L == 0 -> write 1 + return ret; +} +//}}} + +/* FPGA/MD5をリセット後に実行 */ +ODAT sb_b_md5(IDAT ival) //{{{1 +{ + // SOFTRST[1] = 1'b0 -> SOFTRST[1] = 1'b1 + + return ret; +} +//}}} + +#define AES_OUT (void*)0xff000000 +/* FPGA/AESをリセット後に実行 */ +ODAT sb_b_aes_enc(KEY key, IDAT dat) //{{{1 +{ + // SOFTRST[0] = 1'b1 -> 1'b0 + // memcpy(AES_DATA, dat, sizeof(IDAT)); + // memcpy(AES_KEY, key, sizeof(KEY)); + // while (CONTROL[AES]) ; -> CONTROL[AES] |= 0x01; + memcpy(ret.uc, AES_OUT, sizeof(ODAT)); + return ret; +} +//}}} + +/* SW実装したAESデコーダを実行 */ +ODAT sb_b_aes_dec(KEY key, IDAT dat) //{{{1 +{ + memcpy(ret.uc, AES128_decrypt(dat.ul, (uint8*)key), 32); + return ret; +} +//}}} + +/* FPGA/MD5の出力レジスタMD5_OUTからデータ読出し */ +ODAT sb_b_read_md5() //{{{1 +{ + // memcpy(ret, MD5_OUT, sizeof(ODAT)); + return ret; +} +//}}} + +/* FPGA/AESの出力レジスタAES_OUTからデータ読出し */ +ODAT sb_b_read_aes_enc() //{{{1 +{ + //memcpy(ret, AES_DATA, sizeof(ODAT)); + return ret; +} +//}}} + +/* FPGA/PRNGの出力値を一度だけ取得し、下位120bitを返す。常に同じ結果を返す */ +u128 sb_b_gen_uid() //{{{1 +{ + uint32 seed; + // FPGA/PRNG reset + // RTC -> MD5 -> seed + srand(seed); +} +//}}} + +/* 関数をコールする事で、sb_gen_uidが新たなUIDを1値度だけ生成可能となる */ +void sb_b_modify_uid() //{{{1 +{ + md5_context ctx; + unsigned char md5sum[16]; + + md5_starts( &ctx ); + md5_update( &ctx, (uint8 *) &argv[i][2], strlen( &argv[i][2] ) ); + md5_finish( &ctx, md5sum ); + + +} +//}}} + +/* FPGA/PRNGの出力値を取得し、それを返す */ +IV sb_b_gen_iv() //{{{1 +{ + +} +//}}} + +// FPGA/PRNGの出力値を一度だけ取得し、それを返す。常に同じ結果を返す +KEY sb_b_gen_secrete_key() //{{{1 +{ + +} +//}}} + +// "関数をコールする事で、sb_gen_secret_keyが新たなSECRET_KEYを1値度だけ生成 +// 可能となる" +void sb_b_modify_secrete_key(KEY key) //{{{1 +{ + +} +//}}} + +// FPGA/PRNGの出力値を取得し、それを返す。 +KEY sb_b_gen_key() //{{{1 +{ + +} +//}}} + +// "KEY_IDとビット列を引数として、指定したビット列に従い、KEY IDに対応するKEY +// FLAGをクリア" +void sb_b_clear_key_flg(KEY_ID kid, uint8 flg) //{{{1 +{ + key_table[kid].key_flg = flg; +} +//}}} + +// KEY_IDを引数として、KEY_IDに対応するKEY FRAGの値を返す +KEY_FLG sb_b_read_key_flg(KEY_ID kid) //{{{1 +{ + return key_table[kid].key_flg; +} +//}}} + +// エラーレジスタの値を返す +uint32 sb_b_read_error_reg() //{{{1 +{ + +} +//}}} + +// KEY_IDを引数として、鍵更新回数を表すCOUNTER値を取得し返す +ODAT sb_b_read_counter(KEY_ID kid) //{{{1 +{ + +} +//}}} + +// ユーザ指定の乱数シードをFPGA/PRNGの乱数シードとして設定 +ODAT sb_b_set_rand_seed(uint32 seed) //{{{1 +{ + +} +//}}} + +// 内容 +// "h(128bit)とm(256bit)を引数として、mを上位・下位128bitのm1、m0として、 +// AES(h,m1) xor AES(0,m0) xor m0 xor m1 を算出し、これを返す +// ※ここで、AES関数は、AES(鍵、平文)の形式" +void sb_b_kdf(KEY key , IDAT dat) //{{{1 +{ + +} +//}}} + +// "データ長(64bit)、鍵K(128bit)、データ(128×nbit)を引数として、下記RFCの +// AES-CMAC生成アルゴリズム(概ねAESをCBCモードで実行)を用いてCMAC +// (128bit)を算出し、それを返す +// http://tools.ietf.org/html/rfc4493" +void sb_b_cmac(uint32 len, KEY128 key, IDAT dat) //{{{1 +{ + +} +//}}} + +// UID,KEY_ID、AuthKEY_IDを引数として、計算式に従いM1(128bit)を返す +M1 sb_b_create_M1(u128 UID, KEY_ID kid, AUTHKEY_ID akid) //{{{1 +{ + +} +//}}} + +// COUNTER、KEY FRAG、KEY(128bit)を引数として、計算式に従いM2(256bit)を返す +M2 sb_b_create_M2(uint32 counter, KEY_FLG flg, KEY key, KEY_ID kid) //{{{1 +{ + +} +//}}} + +// M1とM2を引数として、計算式に従いM3(128bit)を返す +M3 sb_b_create_M3(M1 m1, M2 m2) //{{{1 +{ + +} +//}}} + +// UID、KEY_ID、AuthKEY_ID、COUNTERを引数として、計算式に従いM4(256bit)を返す +M4 sb_b_create_M4(u128 uid, KEY_ID kid, AUTHKEY_ID akid, uint32 counter) //{{{1 +{ + +} +//}}} + +// M4を引数として、計算式に従いM5(128bit)を返す +M5 sb_b_create_M5(u128 key, M4 m4) //{{{1 +{ + +} +//}}} + +// "COUNTER、KEY FRAG、KEY(128bit)を暗号化前のM2形式としたデータ13個から成る +// データを引数として、各データを順次KEY_IDが1~13の鍵格納領域に書込む" +void sb_b_import_plain_key(uint32 counter, KEY_FLG flg, KEY key) //{{{1 +{ + +} +//}}} + +// "KEY_IDが1~13の鍵格納領域から、COUNTER、KEY FRAG、KEY(128bit)を暗号化 +// 前のM2の形式のデータ13個から成るデータを取得し、これを返す" +M2 sb_b_export_plain_key() //{{{1 +{ + +} +//}}} + +// "KEY_IDと、COUNTER、KEY FRAG、KEY(128bit)を暗号化前のM2形式としたデータ +// 1個から成るデータを引数として、KEY_IDに対応する鍵格納領域に書込む" +void sb_b_import_each_plain_key(KEY_ID kid, uint32 counter, KEY_FLG flg, KEY key) //{{{1 +{ + +} +//}}} + +// "KEY_IDを引数として、KEY_IDに対応する鍵格納領域から、COUNTER、KEY FRAG、 +// KEY(128bit)を暗号化前のM2の形式のデータ13個から成るデータを取得し、これを +// 返す" +M2 sb_b_export_each_plain_key(KEY_ID kid) //{{{1 +{ + +} +//}}} + +// "RAM_KEYの鍵格納領域から、COUNTER、KEY FRAG、KEY(128bit)を暗号化前の +// M2の形式のデータを取得し、これを返す" +M2 sb_b_export_plain_ram_key() //{{{1 +{ + +} +//}}} + +// vi:expandtab:foldmethod=marker sw=4 ts=4 diff --git a/utility.h b/utility.h new file mode 100644 index 0000000..e5fff49 --- /dev/null +++ b/utility.h @@ -0,0 +1,75 @@ +#ifndef __SECURE_UTIL__ +#define __SECURE_UTIL__ + +#include "secure_types.h" + +// blocking functions +uint sb_b_start_prng(uint); +void sb_b_sw_rst(); +//- +ODAT sb_b_resume_prng(); +ODAT sb_b_md5(IDAT seed); +ODAT sb_b_aes_enc(KEY, IDAT); +ODAT sb_b_aes_dec(KEY, IDAT); +ODAT sb_b_read_md5(); +ODAT sb_b_read_aes_enc(); +u128 sb_b_gen_uid(); +void sb_b_modify_uid(); +IV sb_b_gen_iv(); +u128 sb_b_gen_secrete_key(); +void sb_b_modify_secrete_key(KEY); +u128 sb_b_gen_key(); +void sb_b_clear_key_flg(KEY_ID, uint8); +KEY_FLG sb_b_read_key_flg(KEY_ID); +uint32 sb_b_read_error_reg(); +ODAT sb_b_read_counter(KEY_ID); +ODAT sb_b_set_rand_seed(uint32 seed); +void sb_b_kdf(KEY, IDAT); +void sb_b_cmac(uint32, IDAT, IDAT); +M1 sb_b_create_M1(u128, KEY_ID, AUTHKEY_ID); +M2 sb_b_create_M2(uint32, KEY_FLG, KEY, KEY_ID); +M3 sb_b_create_M3(M1, M2); +M4 sb_b_create_M4(u128, KEY_ID, AUTHKEY_ID, uint32); +M5 sb_b_create_M5(u128, M4); +void sb_b_import_plain_key(uint32, KEY_FLG, KEY); +M2 sb_b_export_plain_key(); +void sb_b_import_each_plain_key(KEY_ID, uint32, KEY_FLG, KEY); +M2 sb_b_export_each_plain_key(KEY_ID); +M2 sb_b_export_plain_ram_key(); + +// non-blocking functions +void sb_nb_sw_rst(); +void sb_nb_start_prng(); +void sb_nb_stop_prng(); +void sb_nb_resume_prng(); +void sb_nb_md5(); +void sb_nb_aes_enc(); +//- +//- +//- +//- +//- +//- +//- +//- +//- +//- +//- +//- +//- +void sb_nb_set_rand_seed(); +void sb_nb_kdf(); +void sb_nb_cmac(); +//- +void sb_nb_create_M2(); +void sb_nb_create_M3(); +//- +void sb_nb_create_M5(); +//- +//- +//- +//- +//- + +#endif/*__SECURE_UTIL__*/ +