summaryrefslogtreecommitdiff
path: root/cesar/cp/secu/inc
diff options
context:
space:
mode:
authorsave2008-04-07 14:17:42 +0000
committersave2008-04-07 14:17:42 +0000
commit3d58a62727346b7ac1a6cb36fed1a06ed72228dd (patch)
treed7788c3cf9f76426aef0286d0202e2097f0fa0eb /cesar/cp/secu/inc
parent095dca4b0a8d4924093bab424f71f588fdd84613 (diff)
Moved the complete svn base into the cesar directory.
git-svn-id: svn+ssh://pessac/svn/cesar/trunk@1769 017c9cb6-072f-447c-8318-d5b54f68fe89
Diffstat (limited to 'cesar/cp/secu/inc')
-rw-r--r--cesar/cp/secu/inc/secu_aes.h113
-rw-r--r--cesar/cp/secu/inc/secu_p_run.h60
-rw-r--r--cesar/cp/secu/inc/secu_pbkdf1.h46
-rw-r--r--cesar/cp/secu/inc/secu_sha2.h129
-rw-r--r--cesar/cp/secu/inc/secu_types.h126
5 files changed, 474 insertions, 0 deletions
diff --git a/cesar/cp/secu/inc/secu_aes.h b/cesar/cp/secu/inc/secu_aes.h
new file mode 100644
index 0000000000..2b7fc19199
--- /dev/null
+++ b/cesar/cp/secu/inc/secu_aes.h
@@ -0,0 +1,113 @@
+/* Cesar project {{{
+ *
+ * Copyright (C) 2007 Spidcom
+ *
+ * <<<Licence>>>
+ *
+ * }}} */
+/**
+ * \file cp/secu/aes.h
+ * \brief AES method
+ * \ingroup cp_secu
+ */
+
+#ifndef uint8
+#define uint8 unsigned char
+#endif
+
+#ifndef uint32
+#define uint32 unsigned long
+#endif
+
+/*
+ * 32-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i) \
+{ \
+ (n) = ( (uint32) (b)[(i) ] << 24 ) \
+ | ( (uint32) (b)[(i) + 1] << 16 ) \
+ | ( (uint32) (b)[(i) + 2] << 8 ) \
+ | ( (uint32) (b)[(i) + 3] ); \
+}
+#endif
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i) \
+{ \
+ (b)[(i) ] = (uint8) ( (n) >> 24 ); \
+ (b)[(i) + 1] = (uint8) ( (n) >> 16 ); \
+ (b)[(i) + 2] = (uint8) ( (n) >> 8 ); \
+ (b)[(i) + 3] = (uint8) ( (n) ); \
+}
+#endif
+
+#ifndef _AES_H
+#define _AES_H
+
+#include <string.h>
+
+/**
+ * \brief AES context structure
+ */
+typedef struct
+{
+ unsigned long erk[64]; /*!< encryption round keys */
+ unsigned long drk[64]; /*!< decryption round keys */
+ int nr; /*!< number of rounds */
+} aes_context;
+
+/**
+ * \brief AES key schedule
+ *
+ * \param ctx AES context to be initialized
+ * \param key the secret key
+ * \param keysize must be 128, 192 or 256 bits long
+ */
+void
+aes_set_key (aes_context *ctx, unsigned char *key, int keysize);
+
+/**
+ * \brief AES block encryption (ECB mode)
+ *
+ * \param ctx AES context
+ * \param input plaintext block (16 bytes)
+ * \param output ciphertext block (16 bytes)
+ */
+void
+aes_encrypt (aes_context *ctx, unsigned char input[16], unsigned char output[16]);
+
+/**
+ * \brief AES block decryption (ECB mode)
+ *
+ * \param ctx AES context
+ * \param input ciphertext block (16 bytes)
+ * \param output plaintext block (16 bytes)
+ */
+void
+aes_decrypt (aes_context *ctx, unsigned char input[16], unsigned char output[16]);
+
+/**
+ * \brief AES-CBC buffer encryption
+ *
+ * \param ctx AES context
+ * \param iv initialization vector (modified after use) (16 bytes)
+ * \param input buffer holding the plaintext
+ * \param output buffer holding the ciphertext
+ * \param len length of the data to be encrypted
+ */
+void
+aes_cbc_encrypt (aes_context *ctx, unsigned char iv[16], unsigned char *input, unsigned char *output, int len);
+
+/**
+ * \brief AES-CBC buffer decryption
+ *
+ * \param ctx AES context
+ * \param iv initialization vector (modified after use)
+ * \param input buffer holding the ciphertext
+ * \param output buffer holding the plaintext
+ * \param len length of the data to be decrypted
+ */
+void
+aes_cbc_decrypt (aes_context *ctx, unsigned char iv[16], unsigned char *input, unsigned char *output, int len);
+
+#endif /* aes.h */
diff --git a/cesar/cp/secu/inc/secu_p_run.h b/cesar/cp/secu/inc/secu_p_run.h
new file mode 100644
index 0000000000..0d0444bd60
--- /dev/null
+++ b/cesar/cp/secu/inc/secu_p_run.h
@@ -0,0 +1,60 @@
+/* Cesar project {{{
+ *
+ * Copyright (C) 2007 Spidcom
+ *
+ * <<<Licence>>>
+ *
+ * }}} */
+/**
+ * \file cp/secu/seculib.h
+ * \brief All functions related to protocolrun
+ * \ingroup cp_secu
+ */
+#ifndef SECU_PRUN_H_
+#define SECU_PRUN_H_
+
+#include "cp/secu/secu.h"
+
+
+void
+secu_p_run_init(void);
+
+/**
+ * nonce generation
+ * \param p_sec station security context
+ * \return error code or 0 if success
+ */
+void
+secu_gen_nonce (const tei_t tei);
+
+
+/**
+ * Re-init protocol run parameters
+ * \param p_sec security context of station or CCO
+ * \param PID PID of the futur protocol run
+ * \return error code or 0 if success
+ */
+void
+secu_start_new_protocol_run(const tei_t tei, const cp_pid_t pid, protocol_run_t *p_run);
+
+/**
+ * Check parameters of received protocol run
+ * \param p_sec security context of station or CCO
+ * \param to_check the parameters to check
+ * \return error code or 0 if success
+ */
+E_ErrCode
+secu_check_protocol_run_param (const tei_t tei, const protocol_run_t to_check);
+
+/**
+ * generate parameters of the received protocol run
+ * \param p_sec security context of station or CCO
+ * \param gen the generated parameters
+ * \param last_msg set true if this is the last message of the protocol run
+ * \return error code or 0 if success
+ */
+E_ErrCode
+secu_gen_protocol_run_param (const tei_t tei, const bool last_msg, protocol_run_t *gen);
+
+
+#endif /*SECU_PRUN_H_*/
diff --git a/cesar/cp/secu/inc/secu_pbkdf1.h b/cesar/cp/secu/inc/secu_pbkdf1.h
new file mode 100644
index 0000000000..9d12c891e5
--- /dev/null
+++ b/cesar/cp/secu/inc/secu_pbkdf1.h
@@ -0,0 +1,46 @@
+/* Cesar project {{{
+ *
+ * Copyright (C) 2007 Spidcom
+ *
+ * <<<Licence>>>
+ *
+ * }}} */
+/**
+ * \file cp/secu/secu_pbkdf1.h
+ * \brief Fonction PBKDF1.
+ * \ingroup cp_secu
+ */
+
+#ifndef pbkdf1__h__
+#define pbkdf1__h__
+
+#include <string.h>
+
+#include "cp/secu/inc/secu_types.h"
+#include "cp/secu/inc/secu_sha2.h"
+#include "cp/secu/inc/secu_aes.h"
+
+/**
+ * Check that password is Homeplug AV compliant
+ * Homeplug AV 1.0.10 chap 7.10.7.1
+ * \param pwd_type password type (DPW, NMK, NPW)
+ * \param password password to check
+ * \return error code or 0 if success
+ */
+E_ErrCode
+secu_check_password_validity (pwd_type_t pwd_type, u8 password[]);
+
+/**
+ * pbkdf1
+ * \param input the input data to hash (can be a clear ascii password)
+ * \param input_len length of input
+ * \param salt salt to apply to input data
+ * \param salt_len length of salt
+ * \param it_count iteration number for the hash function
+ * \param output_key result of hash
+ * \return error code or 0 if success
+ */
+E_ErrCode
+secu_pbkdf1 (u8 input[], int input_len, u8 salt[], int salt_len, int it_count, u8 output_key[]);
+
+#endif
diff --git a/cesar/cp/secu/inc/secu_sha2.h b/cesar/cp/secu/inc/secu_sha2.h
new file mode 100644
index 0000000000..a752a6fc8a
--- /dev/null
+++ b/cesar/cp/secu/inc/secu_sha2.h
@@ -0,0 +1,129 @@
+/* Cesar project {{{
+ *
+ * Copyright (C) 2007 Spidcom
+ *
+ * <<<Licence>>>
+ *
+ * }}} */
+/**
+ * \file cp/secu/secu_sha2.h
+ * \brief SHA256 fonction
+ * \ingroup cp_secu
+ */
+
+#ifndef _SHA2_H
+#define _SHA2_H
+
+#include <string.h>
+#include <stdio.h>
+
+/**
+ * \brief SHA-256 context structure
+ */
+typedef struct
+{
+ unsigned long total[2]; /*!< number of bytes processed */
+ unsigned long state[8]; /*!< intermediate digest state */
+ unsigned char buffer[64]; /*!< data block being processed */
+ unsigned char ipad[64]; /*!< HMAC: inner padding */
+ unsigned char opad[64]; /*!< HMAC: outer padding */
+ int is224; /*!< 0 if SHA-256, 1 if SHA-224 */
+} sha2_context;
+
+/**
+ * \brief SHA-256 context setup
+ *
+ * \param ctx context to be initialized
+ * \param is224 0 = use SHA256, 1 = use SHA224
+ */
+void
+sha2_starts (sha2_context *ctx, int is224);
+
+/**
+ * \brief SHA-256 process buffer
+ *
+ * \param ctx SHA-256 context
+ * \param input buffer holding the data
+ * \param ilen length of the input data
+ */
+void
+sha2_update (sha2_context *ctx, unsigned char *input, int ilen);
+
+/**
+ * \brief SHA-256 final digest
+ *
+ * \param ctx SHA-256 context
+ * \param output SHA-224/256 checksum result
+ */
+void
+sha2_finish (sha2_context *ctx, unsigned char *output);
+
+/**
+ * \brief Output = SHA-256( input buffer )
+ *
+ * \param input buffer holding the data
+ * \param ilen length of the input data
+ * \param output SHA-224/256 checksum result size is SHA256OutputSize bytes
+ * \param is224 0 = use SHA256, 1 = use SHA224
+ */
+void
+sha2 (unsigned char *input, int ilen, unsigned char *output, int is224);
+
+/**
+ * \brief Output = SHA-256( file contents )
+ *
+ * \param path input file name
+ * \param output SHA-224/256 checksum result
+ * \param is224 0 = use SHA256, 1 = use SHA224
+ *
+ * \return 0 if successful, 1 if fopen failed,
+ * or 2 if fread failed
+ */
+//int
+//sha2_file( char *path, unsigned char *output, int is224 );
+
+/**
+ * \brief SHA-256 HMAC context setup
+ *
+ * \param ctx HMAC context to be initialized
+ * \param is224 0 = use SHA256, 1 = use SHA224
+ * \param key HMAC secret key
+ * \param keylen length of the HMAC key
+ */
+/*void sha2_hmac_starts( sha2_context *ctx, int is224,
+ unsigned char *key, int keylen );
+ */
+/**
+ * \brief SHA-256 HMAC process buffer
+ *
+ * \param ctx HMAC context
+ * \param input buffer holding the data
+ * \param ilen length of the input data
+ */
+/*void sha2_hmac_update( sha2_context *ctx,
+ unsigned char *input, int ilen );
+ */
+/**
+ * \brief SHA-256 HMAC final digest
+ *
+ * \param ctx HMAC context
+ * \param output SHA-224/256 HMAC checksum result
+ */
+//void sha2_hmac_finish( sha2_context *ctx, unsigned char *output );
+
+/**
+ * \brief Output = HMAC-SHA-256( hmac key, input buffer )
+ *
+ * \param key HMAC secret key
+ * \param keylen length of the HMAC key
+ * \param input buffer holding the data
+ * \param ilen length of the input data
+ * \param output HMAC-SHA-224/256 result
+ * \param is224 0 = use SHA256, 1 = use SHA224
+ */
+/*void sha2_hmac( unsigned char *key, int keylen,
+ unsigned char *input, int ilen,
+ unsigned char *output, int is224 );
+ */
+
+#endif /* sha2.h */
diff --git a/cesar/cp/secu/inc/secu_types.h b/cesar/cp/secu/inc/secu_types.h
new file mode 100644
index 0000000000..4d29da5857
--- /dev/null
+++ b/cesar/cp/secu/inc/secu_types.h
@@ -0,0 +1,126 @@
+/* Cesar project {{{
+ *
+ * Copyright (C) 2007 Spidcom
+ *
+ * <<<Licence>>>
+ *
+ * }}} */
+/**
+ * \file cp/secu/secutypes.h
+ * \brief AES keys and protocol run.
+ * \ingroup cp_secu
+ */
+
+#ifndef secutypes__h__
+#define secutypes__h__
+
+#include "cp/cp_types.h"
+
+/*
+ * HPAV const definition
+ */
+
+#define MAC_ADDR_SIZE 6
+
+#define MIN_PWD_ASCII_CHAR 32 // lower ASCII char accepted for password
+#define MAX_PWD_ASCII_CHAR 127 // upper ASCII char accepted for password
+#define MIN_DPW_SIZE 16 // min size of DPW password
+#define MIN_NPW_SIZE 8 // min size of NPW password
+#define MAX_PWD_SIZE 64 // max size of password
+#define MAX_HFID_SIZE 64 // max size of hfid (human-friendly identifier)
+#define AES_KEY_SIZE 16 // AES key size (in byte)
+#define SHA256_OUTPUT_SIZE 32 // SHA 256 generated key size
+#define OUTPUT_KEY_SIZE AES_KEY_SIZE // pbkdf1 generated key size
+#define SALT_SIZE 8 // salt size (byte)
+#define NID_SIZE 7 // NID size (byte)
+#define PMN_LAST_MSG 255 // protocol run last message
+
+typedef u8 aes_key_t[AES_KEY_SIZE];
+
+// payload encryption key select see p122
+typedef enum peks_t
+{
+ PEKS_DESTINATION_STA_DAK = 0x0,
+ PEKS_NMK = 0x1,
+ PEKS_TEK1 = 0x2,
+ PEKS_TEK2 = 0x3,
+ PEKS_TEK3 = 0x4,
+ PEKS_TEK4 = 0x5,
+ PEKS_TEK5 = 0x6,
+ PEKS_TEK6 = 0x7,
+ PEKS_TEK7 = 0x8,
+ PEKS_TEK8 = 0x9,
+ PEKS_TEK9 = 0xA,
+ PEKS_TEKA = 0xB,
+ PEKS_TEKB = 0xC,
+ PEKS_TEKC = 0xD,
+ PEKS_TEKD = 0xE,
+ PEKS_NOT_ENCRYPTED = 0xF
+} __attribute__ ((packed)) peks_t;
+
+typedef enum key_type_t
+{ DAK, NMK, NID, TEST} key_type_t;
+
+typedef enum pwd_type_t
+{ PWD_DPW, PWD_NMK, PWD_NMK_HS, PWD_TEST, PWD_NPW} pwd_type_t;
+
+typedef enum sec_level_t
+{ SIMPLE_CONNECT, SECURE} sec_level_t;
+
+typedef enum sec_state_t
+{ JOIN, ADD, ACCEPT} sec_state_t;
+
+typedef enum cp_pid_t
+{ AUTH_REQ_BY_NEW_STA = 0x0,
+ PROV_AUTH_STA_WITH_NEK = 0x1,
+ PROV_STA_WITH_NMK_U_DAK = 0x2,
+ PROV_STA_WITH_NMK_U_UKE = 0x3,
+ HLE_PRO = 0x4
+} cp_pid_t;
+
+typedef struct protocol_run_t
+{
+ cp_pid_t pid; // Protocol ID
+ s16 prn; // Protocol Run Number
+ u8 pmn; // Protocol Message Number
+ s32 nonce;
+} protocol_run_t;
+
+typedef struct nmk_t
+{
+ u8 nmk[AES_KEY_SIZE]; // (7.10.2.3)
+ u8 nid[NID_SIZE]; // (default is NMK hash)
+ sec_level_t sl; //Security Level associated with NMK
+} nmk_t;
+
+typedef struct security_parameters_t
+{
+ sec_level_t sl; // Security Level (7.10.3.1)
+ u8 dak[MAX_PWD_SIZE]; // Device Access Key (7.10.2.1)
+ nmk_t nmk[2]; // Network Membership Key
+ u8 nek[AES_KEY_SIZE];
+} security_parameters_t;
+
+typedef struct tek_t //(7.10.2.6) used for CM_ENCRYPTED_PAYLOAD.IND
+{
+ u8 tek[AES_KEY_SIZE];
+ //cyg_tick_count_t expires_date; // expiration date of tek
+ u32 expires_date; // expiration date of tek TODO change this
+} tek_t;
+
+typedef struct gen_key_t //(7.10.7.2) parameters for key generation
+{
+ u8 key[AES_KEY_SIZE]; // secret key for key generation
+ int count; // internal counter
+} gen_key_t;
+
+typedef struct cp_secu_t
+{
+ sec_state_t sec_state; // (Join, Add, Accept)
+ security_parameters_t security_parameters;
+ tek_t tek;
+ bool kbc;
+ u8 eks;
+} cp_secu_t;
+
+#endif