summaryrefslogtreecommitdiff
path: root/cp/secu
diff options
context:
space:
mode:
authorGuillaume2007-11-29 16:42:23 +0000
committerGuillaume2007-11-29 16:42:23 +0000
commitc7ad0c479cc8cff6fcc1f7d849f638102551ab14 (patch)
treef3ad8039d2c0249a480afec539189aa49030703e /cp/secu
parentd3143d582541dd2db2a1a661766f9cc599d3ba57 (diff)
change secu module for multi station prn
working on cm_encrypted_payload.ind message git-svn-id: svn+ssh://pessac/svn/cesar/trunk@1072 017c9cb6-072f-447c-8318-d5b54f68fe89
Diffstat (limited to 'cp/secu')
-rw-r--r--cp/secu/Module2
-rw-r--r--cp/secu/inc/secu_p_run.h60
-rw-r--r--cp/secu/inc/secu_types.h24
-rw-r--r--cp/secu/secu.h35
-rw-r--r--cp/secu/src/secu_lib.c96
-rw-r--r--cp/secu/src/secu_p_run.c114
6 files changed, 210 insertions, 121 deletions
diff --git a/cp/secu/Module b/cp/secu/Module
index 715e01c871..7b71337d21 100644
--- a/cp/secu/Module
+++ b/cp/secu/Module
@@ -1,2 +1,2 @@
-SOURCES := secu_aes.c secu_lib.c secu_pbkdf1.c secu_sha2.c
+SOURCES := secu_aes.c secu_lib.c secu_pbkdf1.c secu_sha2.c secu_p_run.c
diff --git a/cp/secu/inc/secu_p_run.h b/cp/secu/inc/secu_p_run.h
new file mode 100644
index 0000000000..b90dad849c
--- /dev/null
+++ b/cp/secu/inc/secu_p_run.h
@@ -0,0 +1,60 @@
+/* Cesar project {{{
+ *
+ * Copyright (C) 2007 Spidcom
+ *
+ * <<<Licence>>>
+ *
+ * }}} */
+/**
+ * \file cp/secu/seculib.h
+ * \brief All functions related to protocolrun
+ * \ingroup cp_secu
+ */
+#ifndef SECU_PRUN_H_
+#define SECU_PRUN_H_
+
+#include "cp/secu/secu.h"
+
+
+void
+secu_p_run_init(void);
+
+/**
+ * nonce generation
+ * \param p_sec station security context
+ * \return error code or 0 if success
+ */
+void
+secu_gen_nonce (const tei_t tei);
+
+
+/**
+ * Re-init protocol run parameters
+ * \param p_sec security context of station or CCO
+ * \param PID PID of the futur protocol run
+ * \return error code or 0 if success
+ */
+void
+secu_start_new_protocol_run(const tei_t tei, const pid_t pid, protocol_run_t *p_run);
+
+/**
+ * Check parameters of received protocol run
+ * \param p_sec security context of station or CCO
+ * \param to_check the parameters to check
+ * \return error code or 0 if success
+ */
+E_ErrCode
+secu_check_protocol_run_param (const tei_t tei, const protocol_run_t to_check);
+
+/**
+ * generate parameters of the received protocol run
+ * \param p_sec security context of station or CCO
+ * \param gen the generated parameters
+ * \param last_msg set true if this is the last message of the protocol run
+ * \return error code or 0 if success
+ */
+E_ErrCode
+secu_gen_protocol_run_param (const tei_t tei, const bool last_msg, protocol_run_t *gen);
+
+
+#endif /*SECU_PRUN_H_*/
diff --git a/cp/secu/inc/secu_types.h b/cp/secu/inc/secu_types.h
index ef23656a28..2cfc31faee 100644
--- a/cp/secu/inc/secu_types.h
+++ b/cp/secu/inc/secu_types.h
@@ -32,6 +32,29 @@
#define NID_SIZE 7 // NID size (byte)
#define PMN_LAST_MSG 255 // protocol run last message
+typedef u8 aes_key_t[AES_KEY_SIZE];
+
+// payload encryption key select see p122
+typedef enum peks_t
+{
+ PEKS_DESTINATION_STA_DAK = 0x0,
+ PEKS_NMK = 0x1,
+ PEKS_TEK1 = 0x2,
+ PEKS_TEK2 = 0x3,
+ PEKS_TEK3 = 0x4,
+ PEKS_TEK4 = 0x5,
+ PEKS_TEK5 = 0x6,
+ PEKS_TEK6 = 0x7,
+ PEKS_TEK7 = 0x8,
+ PEKS_TEK8 = 0x9,
+ PEKS_TEK9 = 0xA,
+ PEKS_TEKA = 0xB,
+ PEKS_TEKB = 0xC,
+ PEKS_TEKC = 0xD,
+ PEKS_TEKD = 0xE,
+ PEKS_NOT_ENCRYPTED = 0xF
+} __attribute__ ((packed)) peks_t;
+
typedef enum key_type_t
{ DAK, NMK, NID, TEST} key_type_t;
@@ -91,7 +114,6 @@ typedef struct gen_key_t //(7.10.7.2) parameters for key generation
typedef struct sec_t
{
sec_state_t sec_state; // (Join, Add, Accept)
- protocol_run_t protocol_run; // variables du protocol run
security_parameters_t security_parameters;
tek_t tek;
} sec_t;
diff --git a/cp/secu/secu.h b/cp/secu/secu.h
index e28fd3aa6f..5ed00a28bd 100644
--- a/cp/secu/secu.h
+++ b/cp/secu/secu.h
@@ -19,6 +19,7 @@
#include "cp/secu/inc/secu_types.h"
#include "cp/secu/inc/secu_pbkdf1.h"
+#include "cp/secu/inc/secu_p_run.h"
/**
* initialize the secu module
@@ -45,41 +46,7 @@ secu_hash (pwd_type_t pwd_type, u8 in[], u8 out[]);
E_ErrCode
secu_gen_aes_key (u8 key[]);
-/**
- * nonce generation
- * \param p_sec station security context
- * \return error code or 0 if success
- */
-E_ErrCode
-secu_gen_nonce (sec_t *p_sec);
-
-/**
- * Re-init protocol run parameters
- * \param p_sec security context of station or CCO
- * \param PID PID of the futur protocol run
- * \return error code or 0 if success
- */
-E_ErrCode
-secu_start_new_protocol_run (sec_t *p_sec, pid_t pid);
-/**
- * Check parameters of received protocol run
- * \param p_sec security context of station or CCO
- * \param to_check the parameters to check
- * \return error code or 0 if success
- */
-E_ErrCode
-secu_check_protocol_run_param (sec_t *p_sec, protocol_run_t to_check);
-
-/**
- * generate parameters of the received protocol run
- * \param p_sec security context of station or CCO
- * \param gen the generated parameters
- * \param last_msg set true if this is the last message of the protocol run
- * \return error code or 0 if success
- */
-E_ErrCode
-secu_gen_protocol_run_param (sec_t *p_sec, protocol_run_t *gen, bool last_msg);
#endif
diff --git a/cp/secu/src/secu_lib.c b/cp/secu/src/secu_lib.c
index c18dd5657b..e6cccdb651 100644
--- a/cp/secu/src/secu_lib.c
+++ b/cp/secu/src/secu_lib.c
@@ -15,13 +15,21 @@
#include "common/std.h"
#include "cp/secu/secu.h"
+static peks_t m_peks; // see p588
+static u8 m_eks; // see p122
+
+
+
void
secu_init (sec_t *p_sec)
{
dbg_assert (p_sec);
+
memset (p_sec, 0, sizeof(sec_t));
+ m_peks = PEKS_NOT_ENCRYPTED;
+ m_eks = 0xF; // 0xF : no encryption key
#ifndef DEBUG
- /*
+ /* TODO
* ici, lire DAK, NMK, Security Level
*/
#error "paramètres à charger à partir de la flash"
@@ -38,6 +46,7 @@ secu_init (sec_t *p_sec)
p_sec->security_parameters.nmk[1].sl = SIMPLE_CONNECT;
#endif
+ secu_p_run_init();
}
struct pbkdf1_params_t
@@ -106,7 +115,7 @@ secu_gen_aes_key (u8 key[])
*/
sha2 ((u8*) &sec.count, sizeof(sec.count), tmp_key, 0);
/*
- * generate an aes ke form this number
+ * generate an aes key from this number
*/
aes_set_key( &ctx, sec.key, AES_KEY_SIZE * 8);
aes_encrypt( &ctx, tmp_key, key);
@@ -114,86 +123,3 @@ secu_gen_aes_key (u8 key[])
}
-E_ErrCode
-secu_gen_nonce (sec_t *p_sec)
-{
- u8 nonce[AES_KEY_SIZE];
-
- dbg_assert (p_sec);
-
- secu_gen_aes_key (nonce);
- memcpy(&p_sec->protocol_run.nonce, nonce, sizeof(p_sec->protocol_run.nonce));
- return Success;
-}
-
-E_ErrCode
-secu_start_new_protocol_run(sec_t *p_sec, pid_t pid)
-{
- u8 rand_num[AES_KEY_SIZE];
-
- dbg_assert (p_sec);
-
- p_sec->protocol_run.pid = pid; // Protocol ID
-
- secu_gen_aes_key(rand_num);
- memcpy(&p_sec->protocol_run.prn, rand_num, sizeof(p_sec->protocol_run.prn));
-
- p_sec->protocol_run.pmn = 0; // Protocol Message Number
-
- return Success;
-}
-
-E_ErrCode
-secu_check_protocol_run_param (sec_t *p_sec, protocol_run_t to_check)
-{
- dbg_assert (p_sec);
- /*
- * check the global parameters
- */
- if (to_check.pid > HLE_PRO)
- return PID_Unknown;
- /*
- * check parameters specific to this run
- */
- if (to_check.pmn == 1)
- {
- // we start a run, so initialize station context
- memcpy (&p_sec->protocol_run, &to_check, sizeof(protocol_run_t));
- return Success;
- }
- else
- {
- if (to_check.pid != p_sec->protocol_run.pid)
- return PID_Wrong;
- if (to_check.prn != p_sec->protocol_run.prn)
- return PRN_Wrong;
- if (to_check.pmn == PMN_LAST_MSG)
- {
- // the run is over
- p_sec->protocol_run.pmn = PMN_LAST_MSG;
- p_sec->protocol_run.prn = 0;
- }
- else if (to_check.pmn != ++p_sec->protocol_run.pmn)
- return PMN_Wrong;
- return Success;
- }
-}
-
-E_ErrCode
-secu_gen_protocol_run_param (sec_t *p_sec, protocol_run_t *gen, bool last_msg)
-{
- dbg_assert (p_sec);
- dbg_assert (gen);
-
- if (last_msg)
- p_sec->protocol_run.pmn = PMN_LAST_MSG;
- else
- {
- if ( (p_sec->protocol_run.pmn == PMN_LAST_MSG)
- || (p_sec->protocol_run.pmn == PMN_LAST_MSG - 1) )
- return PRN_NotInitialised;
- p_sec->protocol_run.pmn ++;
- }
- memcpy (gen, &p_sec->protocol_run, sizeof(protocol_run_t));
- return Success;
-}
diff --git a/cp/secu/src/secu_p_run.c b/cp/secu/src/secu_p_run.c
new file mode 100644
index 0000000000..39616a5aef
--- /dev/null
+++ b/cp/secu/src/secu_p_run.c
@@ -0,0 +1,114 @@
+/* Cesar project {{{
+ *
+ * Copyright (C) 2007 Spidcom
+ *
+ * <<<Licence>>>
+ *
+ * }}} */
+/**
+ * \file cp/secu/secu_lib.c
+ * \brief all protocol run related function
+ * \ingroup cp_secu
+ *
+ */
+
+#include "common/std.h"
+#include "cp/secu/inc/secu_p_run.h"
+
+static protocol_run_t m_p_run[MAX_STA_NB]; // variables du protocol run
+
+
+void
+secu_p_run_init(void)
+{
+ memset(m_p_run, 0, sizeof(m_p_run));
+}
+
+void
+secu_gen_nonce (const tei_t tei)
+{
+ u8 nonce[AES_KEY_SIZE];
+
+ dbg_assert( tei != 0 && tei != 0xFF);
+
+ secu_gen_aes_key (nonce);
+ memcpy(&m_p_run[tei].nonce, nonce, sizeof(m_p_run[tei].nonce));
+}
+
+
+
+void
+secu_start_new_protocol_run(const tei_t tei, const pid_t pid, protocol_run_t *p_run)
+{
+ u8 rand_num[AES_KEY_SIZE];
+
+ dbg_assert( tei != 0 && tei != 0xFF);
+ dbg_assert (p_run);
+
+ m_p_run[tei].pid = pid; // Protocol ID
+
+ secu_gen_aes_key(rand_num);
+ memcpy(&m_p_run[tei].prn, rand_num, sizeof(m_p_run[tei].prn));
+
+ m_p_run[tei].pmn = 0; // Protocol Message Number
+
+ memcpy(p_run, &m_p_run[tei], sizeof(p_run));
+}
+
+E_ErrCode
+secu_check_protocol_run_param (const tei_t tei, const protocol_run_t to_check)
+{
+ dbg_assert( tei != 0 && tei != 0xFF);
+
+ // check the global parameters
+ if (to_check.pid > HLE_PRO)
+ return PID_Unknown;
+ // check parameters specific to this run
+ if(to_check.nonce != m_p_run[tei].nonce)
+ {
+ return NONCE_INCORRECT;
+ }
+ if (to_check.pmn == 1)
+ {
+ // we start a run, so initialize station context
+ memcpy (&m_p_run[tei], &to_check, sizeof(protocol_run_t));
+ return Success;
+ }
+ else
+ {
+ if (to_check.pid != m_p_run[tei].pid)
+ return PID_Wrong;
+ if (to_check.prn != m_p_run[tei].prn)
+ return PRN_Wrong;
+ if (to_check.pmn == PMN_LAST_MSG)
+ {
+ // the run is over
+ m_p_run[tei].pmn = PMN_LAST_MSG;
+ m_p_run[tei].prn = 0;
+ }
+ else if (to_check.pmn != ++m_p_run[tei].pmn)
+ return PMN_Wrong;
+ return Success;
+ }
+}
+
+E_ErrCode
+secu_gen_protocol_run_param (const tei_t tei, const bool last_msg, protocol_run_t *gen)
+{
+ dbg_assert( tei != 0 && tei != 0xFF);
+ dbg_assert (gen);
+
+ if (last_msg)
+ m_p_run[tei].pmn = PMN_LAST_MSG;
+ else
+ {
+ if ( (m_p_run[tei].pmn == PMN_LAST_MSG)
+ || (m_p_run[tei].pmn == PMN_LAST_MSG - 1) )
+ {
+ return PRN_NotInitialised;
+ }
+ m_p_run[tei].pmn ++;
+ }
+ memcpy (gen, &m_p_run[tei], sizeof(protocol_run_t));
+ return Success;
+}