OpenModem/hardware/Crypto.c

256 lines
5.8 KiB
C
Raw Normal View History

2019-02-04 14:30:52 -07:00
#include "Crypto.h"
2019-02-08 05:18:49 -07:00
#include "util/Config.h"
2019-02-04 14:30:52 -07:00
2019-02-07 05:16:42 -07:00
bool encryption_enabled = false;
uint8_t active_key[CRYPTO_KEY_SIZE];
uint8_t active_iv[CRYPTO_KEY_SIZE];
2019-02-04 14:30:52 -07:00
aes_128_context_t context;
2019-02-07 05:16:42 -07:00
uint8_t current_vector[CRYPTO_KEY_SIZE];
uint32_t entropy;
uint32_t entropy_index = 0;
bool entropy_loaded = false;
uint8_t ivs_generated = 0;
FIL crypto_fp; // File buffer
char crypto_fb[CRYPTO_KEY_SIZE]; // File read buffer
FRESULT crypto_fr; // Result codes
2019-02-04 14:30:52 -07:00
void crypto_init(void) {
2019-02-07 05:16:42 -07:00
encryption_enabled = false;
2019-02-08 05:18:49 -07:00
if (should_disable_enryption()) {
if (config_crypto_lock) config_crypto_lock_disable();
} else {
if (load_key()) {
if (load_entropy_index() && load_entropy()) {
config_crypto_lock_enable();
encryption_enabled = true;
}
}
if (config_crypto_lock) {
if (encryption_enabled) {
LED_indicate_enabled_crypto();
} else {
LED_indicate_error_crypto();
}
2019-02-07 05:16:42 -07:00
}
}
2019-02-08 05:18:49 -07:00
}
2019-02-07 05:16:42 -07:00
2019-02-08 05:18:49 -07:00
bool crypto_wait(void) {
size_t wait_timer = 0;
size_t interval_ms = 100;
while (!crypto_enabled()) {
delay_ms(100);
wait_timer++;
sd_jobs();
if (wait_timer*interval_ms > CRYPTO_WAIT_TIMEOUT_MS) {
return false;
}
2019-02-07 05:16:42 -07:00
}
2019-02-08 05:18:49 -07:00
return true;
2019-02-04 14:30:52 -07:00
}
2019-02-07 10:36:40 -07:00
void crypto_generate_hmac(uint8_t *data, size_t length) {
hmac_md5(crypto_work_block, active_key, CRYPTO_KEY_SIZE_BITS, data, length*8);
}
bool crypto_enabled(void) {
return encryption_enabled;
}
void crypto_prepare(void) {
2019-02-04 14:30:52 -07:00
// Initialise the context with the key
2019-02-07 10:36:40 -07:00
aes_128_init(&context, active_key);
2019-02-04 14:30:52 -07:00
// Copy the IV into the current vector array
2019-02-07 10:36:40 -07:00
memcpy(current_vector, active_iv, CRYPTO_KEY_SIZE);
2019-02-04 14:30:52 -07:00
}
2019-02-07 05:16:42 -07:00
void crypto_encrypt_block(uint8_t block[CRYPTO_KEY_SIZE]) {
2019-02-04 14:30:52 -07:00
int i;
// XOR the current vector with the block before encrypting
2019-02-07 05:16:42 -07:00
for (i = 0; i < CRYPTO_KEY_SIZE; i++) {
2019-02-04 14:30:52 -07:00
block[i] ^= current_vector[i];
}
// Encrypt the block
aes_128_encrypt(&context, block);
// Copy the cipher output to the current vector
2019-02-07 05:16:42 -07:00
memcpy(current_vector, block, CRYPTO_KEY_SIZE);
2019-02-04 14:30:52 -07:00
}
2019-02-07 05:16:42 -07:00
void crypto_decrypt_block(uint8_t block[CRYPTO_KEY_SIZE]) {
uint8_t temp_vector[CRYPTO_KEY_SIZE];
2019-02-04 14:30:52 -07:00
int i;
// Copy the cipher output to the temporary vector
2019-02-07 05:16:42 -07:00
memcpy(temp_vector, block, CRYPTO_KEY_SIZE);
2019-02-04 14:30:52 -07:00
// Decrypt the block
aes_128_decrypt(&context, block);
// XOR the output with the current vector to fully decrypt
2019-02-07 05:16:42 -07:00
for (i = 0; i < CRYPTO_KEY_SIZE; i++) {
2019-02-04 14:30:52 -07:00
block[i] ^= current_vector[i];
}
// Copy the temporary vector to the current vector
2019-02-07 05:16:42 -07:00
memcpy(current_vector, temp_vector, CRYPTO_KEY_SIZE);
2019-02-04 14:30:52 -07:00
}
2019-02-07 05:16:42 -07:00
bool load_entropy_index(void) {
if (sd_mounted()) {
crypto_fr = f_open(&crypto_fp, PATH_ENTROPY_INDEX, FA_READ);
if (crypto_fr == FR_NO_FILE) {
f_close(&crypto_fp);
crypto_fr = f_open(&crypto_fp, PATH_ENTROPY_INDEX, FA_CREATE_NEW | FA_WRITE);
if (crypto_fr == FR_OK) {
entropy_index = 0x00000000;
memcpy(crypto_fb, &entropy_index, sizeof(entropy_index));
UINT written = 0;
crypto_fr = f_write(&crypto_fp, crypto_fb, sizeof(entropy_index), &written);
f_close(&crypto_fp);
if (crypto_fr == FR_OK && written == sizeof(entropy_index)) {
//printf("Wrote new index to index file\r\n");
} else {
//printf("Could not write index to index file\r\n");
}
}
crypto_fr = f_open(&crypto_fp, PATH_ENTROPY_INDEX, FA_READ);
}
if (crypto_fr == FR_OK) {
UINT read = 0;
crypto_fr = f_read(&crypto_fp, crypto_fb, sizeof(entropy_index), &read);
f_close(&crypto_fp);
if (crypto_fr == FR_OK && read == sizeof(entropy_index)) {
memcpy(&entropy_index, crypto_fb, sizeof(entropy_index));
return true;
}
}
}
f_close(&crypto_fp);
return false;
2019-02-04 14:30:52 -07:00
}
2019-02-07 05:16:42 -07:00
bool update_entropy_index(void) {
crypto_fr = f_open(&crypto_fp, PATH_ENTROPY_INDEX, FA_WRITE);
if (crypto_fr == FR_OK) {
entropy_index += sizeof(entropy);
memcpy(crypto_fb, &entropy_index, sizeof(entropy_index));
UINT written = 0;
crypto_fr = f_write(&crypto_fp, crypto_fb, sizeof(entropy_index), &written);
2019-11-03 07:55:35 -07:00
f_close(&crypto_fp);
2019-02-07 05:16:42 -07:00
if (crypto_fr == FR_OK && written == sizeof(entropy_index)) {
return true;
}
}
return false;
2019-02-04 14:30:52 -07:00
}
2019-02-07 05:16:42 -07:00
bool load_entropy(void) {
if (sd_mounted()) {
if (update_entropy_index()) {
crypto_fr = f_open(&crypto_fp, PATH_ENTROPY_SOURCE, FA_READ);
if (crypto_fr == FR_OK) {
uint32_t fsize = f_size(&crypto_fp);
2019-02-07 10:36:40 -07:00
2019-02-07 05:16:42 -07:00
crypto_fr = f_lseek(&crypto_fp, entropy_index);
if (crypto_fr == FR_OK && crypto_fp.fptr < fsize-sizeof(entropy)) {
UINT read = 0;
crypto_fr = f_read(&crypto_fp, crypto_fb, sizeof(entropy), &read);
f_close(&crypto_fp);
if (crypto_fr == FR_OK) {
memcpy(&entropy, crypto_fb, sizeof(entropy));
srandom(entropy);
entropy_loaded = true;
ivs_generated = 0;
return true;
}
} else {
f_close(&crypto_fp);
LED_indicate_error_crypto();
}
}
}
}
f_close(&crypto_fp);
return false;
}
2019-02-08 05:18:49 -07:00
bool should_disable_enryption(void) {
if (sd_mounted()) {
crypto_fr = f_open(&crypto_fp, PATH_CRYPTO_DISABLE, FA_READ);
if (crypto_fr == FR_OK) {
f_close(&crypto_fp);
return true;
}
}
return false;
}
2019-02-07 05:16:42 -07:00
bool load_key(void) {
if (sd_mounted()) {
crypto_fr = f_open(&crypto_fp, PATH_AES_128_KEY, FA_READ);
if (crypto_fr == FR_OK) {
UINT read = 0;
crypto_fr = f_read(&crypto_fp, crypto_fb, CRYPTO_KEY_SIZE, &read);
f_close(&crypto_fp);
if (crypto_fr == FR_OK && read == CRYPTO_KEY_SIZE) {
for (uint8_t i = 0; i < 16; i++) {
active_key[i] = crypto_fb[i];
}
2019-02-07 10:36:40 -07:00
2019-02-07 05:16:42 -07:00
return true;
}
}
}
return false;
}
2019-02-07 10:36:40 -07:00
bool crypto_generate_iv(void) {
2019-02-07 05:16:42 -07:00
if (entropy_loaded) {
for (uint8_t i = 0; i < 16; i++) {
active_iv[i] = (uint8_t)random();
}
ivs_generated++;
if (ivs_generated >= MAX_IVS_PER_ENTROPY_BLOCK) {
load_entropy();
}
return true;
} else {
return false;
}
}
2019-02-07 10:36:40 -07:00
uint8_t *crypto_get_iv(void) {
return active_iv;
}
2019-02-07 05:16:42 -07:00
2019-02-07 10:36:40 -07:00
void crypto_set_iv_from_workblock(void) {
memcpy(active_iv, crypto_work_block, CRYPTO_KEY_SIZE);
2019-02-07 05:16:42 -07:00
}
// TODO: test entropy exhaustion