Commit e10d43d2 authored by Jonas Hundseder's avatar Jonas Hundseder
Browse files

26.10.21

parent 3541b2f4
#ifndef MAIN_H
#define MAIN_H
#define MBEDTLS_CIPHER_MODE_CTR
#endif
\ No newline at end of file
......@@ -4,6 +4,7 @@
#include <sha256.h>
#include <hal/trng_api.h>
#include <rsa.h>
#include "main.h"
#define SMI_SHORT_HASH_LENGTH (3*4-1)
#define SMI_TAGID_LENGTH 7
......@@ -152,9 +153,8 @@ void random_numbers(uint8_t number[16])
size_t outlen;
trng_get_bytes(&rngctx, buffer, sizeof(buffer), &outlen);
trng_free(&rngctx);
printf("Random number: ");
printfhex(buffer,16);
memcpy(number,buffer,sizeof(buffer));
}
......@@ -211,6 +211,33 @@ HttpRequest create_request_public_key(void)
}
HttpRequest create_request_client_aes(void)
{
WiFiInterface *wifi = WiFiInterface::get_default_instance();
HttpRequest request(wifi, HTTP_GET, "http://smi-server.stefan-hackenberg.de/crypto/rsa/client_aes");
return request;
}
HttpRequest create_request_test_exKey(void)
{
WiFiInterface *wifi = WiFiInterface::get_default_instance();
HttpRequest request(wifi, HTTP_GET, "http://smi-server.stefan-hackenberg.de/aes_ctr/echo");
return request;
}
void send_request_test_exKey(HttpRequest *request, uint8_t data[32], uint8_t respon_data[32])
{
HttpResponse *response = request->send(data,32);
memcpy(respon_data,response->get_body(),32);
}
void send_request_public_key(HttpRequest *request, uint8_t public_key[256])
{
HttpResponse *response = request->send(NULL,0);
......@@ -218,6 +245,55 @@ void send_request_public_key(HttpRequest *request, uint8_t public_key[256])
memcpy(public_key,response->get_body(),256);
}
void send_request_client_aes(HttpRequest *request,uint8_t client_half_aes_key_enc[256], uint8_t server_half_aes_key_enc[256])
{
HttpResponse *response = request->send(client_half_aes_key_enc,256);
memcpy(server_half_aes_key_enc,response->get_body(),256);
}
mbedtls_rsa_context generate_rsa_key(trng_t *rngc)
{
int nbits = 2048;
int exp = 0x10001;
mbedtls_rsa_context ctx;
mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
mbedtls_rsa_gen_key(&ctx,crypto_trng_generate,rngc,nbits,exp);
return ctx;
}
mbedtls_rsa_context create_and_send_client_modulus(uint8_t buffer[256])
{
trng_t rngctx;
trng_init(&rngctx);
//uint8_t buffer[256];
//size_t olength = 5;
//uint8_t output[5];
//size_t output_max_length = 5;
mbedtls_rsa_context ctx = generate_rsa_key(&rngctx);
WiFiInterface *wifi = WiFiInterface::get_default_instance();
HttpRequest request(wifi, HTTP_GET, "http://smi-server.stefan-hackenberg.de/crypto/rsa/client_modulus");
mbedtls_mpi_write_binary(&ctx.N, buffer, 256);
printf("Client Public Key: ");
printfhex(buffer, sizeof(buffer));
request.send(buffer,256);
//mbedtls_rsa_rsaes_oaep_decrypt(&ctx,crypto_trng_generate,&rngctx,MBEDTLS_RSA_PRIVATE,NULL,0,&olength,(unsigned char*) respon->get_body(),output,output_max_length);
trng_free(&rngctx);
return ctx;
}
uint8_t block [64][SMI_SHORT_HASH_LENGTH];
uint8_t bufferID[SMI_TAGID_LENGTH + 1];
......@@ -225,34 +301,60 @@ HttpResponse *response;
uint8_t hash_snippet[32] = {0};
uint8_t hash_equal_index[64] = {0};
uint8_t buffer[256] = {0};
uint8_t public_key[256] = {0};
uint8_t public_key_server[256] = {0};
uint8_t *index_hash = (uint8_t *) malloc(64);
uint8_t *sn = (uint8_t*) malloc(4500);
uint8_t *sn = (uint8_t*) malloc(4500);
uint8_t bufferCM[256] = {0};
uint8_t our_half_aes_key_enc[256] = {0};
uint8_t server_half_aes_key_enc[256] = {0};
mbedtls_rsa_context rsactx_client;
mbedtls_rsa_context rsactx_server;
uint8_t our_half_aes_key_buffer[256] = {0};
int main(void)
{
extern uint8_t block[64][SMI_SHORT_HASH_LENGTH];
extern uint8_t public_key[256];
extern uint8_t public_key_server[256];
extern uint8_t bufferID[SMI_TAGID_LENGTH + 1];
extern uint8_t hash_snippet[32];
extern uint8_t hash_equal_index[64];
extern uint8_t buffer[256];
extern uint8_t bufferCM[256];
extern uint8_t *index_hash;
extern uint8_t *sn;
extern uint8_t our_half_aes_key_enc[256];
extern uint8_t server_half_aes_key_enc[256];
extern mbedtls_rsa_context rsactx_client;
extern mbedtls_rsa_context rsactx_server;
extern uint8_t our_half_aes_key_buffer[256];
MFRC522 nfc(P9_0, P9_1, P9_2, P9_3, P9_4);
uint8_t j = 0;
uint8_t bufferIN;
nsapi_error_t error;
nsapi_error_t error = 0;
uint8_t indexnr = 0;
size_t size_snippet = 0;
mbedtls_rsa_context ctx;
mbedtls_rsa_context rsactx;
const uint8_t public_exponent[3] = {0x01, 0x00, 0x01};
uint8_t our_half_aes_key[16];
uint8_t our_half_aes_key[16] = {0};
uint8_t server_half_aes_key[16] = {0};
size_t aes_key_length = 16;
uint8_t aes_key[16] = {0};
uint8_t aes_test_server_enc[32] = {0};
mbedtls_aes_context aesctx;
uint8_t aes_test[32] = {0x62, 0xe9, 0x4b, 0xd4, 0xef, 0x2a, 0x2c, 0x3b,
0x81, 0x4c, 0xfa, 0x59, 0xca, 0xc4, 0x2b, 0x2e,
0x55, 0xe2, 0xac, 0xde, 0xfa, 0x7e, 0x30, 0x61,
0xe3, 0x7f, 0x1d, 0x57, 0xab, 0xe7, 0x45, 0x5a};
uint8_t aes_test_enc[32] = {0};
uint8_t aes_test_final[32] = {0};
size_t *nc_off = NULL;
uint8_t nonce_counter[16] = {0};
uint8_t stream_block[16] = {0};
trng_t rngctx_server;
trng_t rngctx_client;
nfc.PCD_Init();
......@@ -301,26 +403,69 @@ HttpRequest request_solve = create_request_solve();
send_request_solve(&request_solve, nfc.uid.uidByte, hash_equal_index);
random_numbers();
//test_rsa();
HttpRequest request_public_key = create_request_public_key();
mbedtls_rsa_init(&rsactx, MBEDTLS_RSA_PKCS_V15, 0);
mbedtls_rsa_init(&rsactx_server, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
send_request_public_key(&request_public_key, public_key);
printf("Get public modulus server\n");
send_request_public_key(&request_public_key, public_key_server);
printf("public Modulus from Server: ");
printfhex(public_key,256);
printfhex(public_key_server,256);
mbedtls_rsa_import_raw(&rsactx_server,public_key_server, 256,NULL,0,NULL,0,NULL,0,public_exponent,sizeof(public_exponent));
mbedtls_rsa_import_raw(&rsactx,public_key, 256,NULL,0,NULL,0,NULL,0,public_exponent,sizeof(public_exponent));
printf("send and create client modulus\n");
rsactx_client = create_and_send_client_modulus(bufferCM);
random_numbers(our_half_aes_key);
printf("Random number for client half aes key: ");
printfhex(our_half_aes_key,16);
trng_init(&rngctx_server);
memcpy(our_half_aes_key_buffer,our_half_aes_key,16);
printfhex(our_half_aes_key_buffer,256);
error = mbedtls_rsa_rsaes_oaep_encrypt(&rsactx_server,crypto_trng_generate,&rngctx_server,MBEDTLS_RSA_PUBLIC,NULL,0,16,our_half_aes_key,our_half_aes_key_enc);
printf("Fehlermeldung encrypt: %02x\n", error);
printf("Client half aes key encrypted: ");
printfhex(our_half_aes_key_enc,256);
trng_free(&rngctx_server);
HttpRequest request_aes_key = create_request_client_aes();
printf("send request server half aes key\n");
send_request_client_aes(&request_aes_key,our_half_aes_key_enc,server_half_aes_key_enc);
trng_init(&rngctx_client);
mbedtls_rsa_rsaes_oaep_decrypt(&rsactx_client,crypto_trng_generate,&rngctx_client,MBEDTLS_RSA_PRIVATE,NULL,0,&aes_key_length,server_half_aes_key_enc,server_half_aes_key,16);
mbedtls_rsa_rsaes_oaep_encrypt(&rsactx,NULL,NULL,MBEDTLS_RSA_PUBLIC,NULL,0,)
trng_free(&rngctx_client);
printf("Server half aes key: ");
printfhex(server_half_aes_key,16);
for (int i = 0; i < 16; ++i) {
aes_key[i] = server_half_aes_key[i] ^ our_half_aes_key[i];
}
printfhex(aes_key,16);
HttpRequest test_exKey = create_request_test_exKey();
mbedtls_aes_init(&aesctx);
mbedtls_aes_setkey_enc(&aesctx,aes_key,128);
mbedtls_aes_crypt_ctr(&aesctx,32, nc_off,nonce_counter,stream_block,aes_test,aes_test_enc);
send_request_test_exKey(&test_exKey, aes_test_enc, aes_test_server_enc);
mbedtls_aes_crypt_ctr(&aesctx, 32,nc_off,nonce_counter,stream_block,aes_test_server_enc,aes_test_final);
mbedtls_aes_free(&aesctx);
free(sn);
free(index_hash);
......
......@@ -4,7 +4,7 @@
#include <http_request.h>
#include <sha256.h>
#include <hal/trng_api.h>
#include <aes.h>
#include <rsa.h>
#include <cmac.h>
#define FIRM_VER 0x92
......@@ -282,9 +282,9 @@ int main (void)
RUN_TEST(test_hello);
RUN_TEST(test_echo);
RUN_TEST(test_sha256);
// RUN_TEST(test_rsa);
RUN_TEST(test_rsa);
RUN_TEST(test_aes16);
RUN_TEST(test_AES32);
// RUN_TEST(test_AES32);
RUN_TEST(test_mac);
UNITY_END();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment