Transport Encryption for Mitosis

.gitignore

@@ -0,0 +1 @@
+_build/

mitosis-crypto/mitosis-aes-ctr.c

@@ -0,0 +1,48 @@
+#include <stdint.h>
+#include <stdbool.h>
+#include <string.h>
+#include "mitosis-aes-ctr.h"
+
+bool mitosis_aes_ctr_init(const uint8_t* key, const uint8_t* nonce, mitosis_encrypt_context_t* context)
+{
+    memset(context, 0, sizeof(*context));
+    memcpy(context->ctr.key, key, sizeof(context->ctr.key));
+    memcpy(context->ctr.iv_bytes, nonce, sizeof(context->ctr.iv_bytes));
+    return mitosis_aes_ecb_init(&context->ecb);
+}
+
+static inline
+void xor(const uint8_t* left, const uint8_t* right, size_t len, uint8_t* out)
+{
+    int idx = 0;
+    for (; len >= 4; idx += 4, len -= 4)
+    {
+        *((uint32_t*) &out[idx]) = *((uint32_t*) &left[idx]) ^ *((uint32_t*) &right[idx]);
+    }
+    if (len >= 2)
+    {
+        *((uint16_t*) &out[idx]) = *((uint16_t*) &left[idx]) ^ *((uint16_t*) &right[idx]);
+        idx += 2;
+        len -= 2;
+    }
+    if (len > 0)
+    {
+        out[idx] = left[idx] ^ right[idx];
+    }
+}
+
+bool mitosis_aes_ctr_encrypt(mitosis_encrypt_context_t* context, uint32_t datalen, const uint8_t* plaintext, uint8_t* ciphertext)
+{
+    if (datalen > AES_BLOCK_SIZE)
+    {
+        return false;
+    }
+
+    if (!mitosis_aes_ecb_encrypt(&context->ecb))
+    {
+        return false;
+    }
+    xor(plaintext, context->ctr.scratch, datalen, ciphertext);
+
+    return true;
+}

mitosis-crypto/mitosis-aes-ctr.h

@@ -0,0 +1,32 @@
+/*
+Interface for AES in CTR mode for mitosis
+*/
+#include "mitosis-aes-ecb.h"
+
+typedef struct _mitosis_aes_ctr_context_t {
+    uint8_t key[AES_BLOCK_SIZE];
+    union {
+        struct {
+            uint8_t nonce[AES_BLOCK_SIZE - sizeof(uint32_t)];
+            uint32_t counter;
+        } iv;
+        uint8_t iv_bytes[AES_BLOCK_SIZE];
+    };
+    uint8_t scratch[AES_BLOCK_SIZE];
+} mitosis_aes_ctr_context_t;
+
+_Static_assert(sizeof(mitosis_aes_ctr_context_t) == sizeof(mitosis_aes_ecb_context_t));
+
+typedef union _mitosis_encrypt_context_t {
+    mitosis_aes_ecb_context_t ecb;
+    mitosis_aes_ctr_context_t ctr;
+} mitosis_encrypt_context_t;
+
+/*
+Key and nonce are 16 bytes for consistency.
+*/
+bool mitosis_aes_ctr_init(const uint8_t* key, const uint8_t* nonce, mitosis_encrypt_context_t* context);
+
+bool mitosis_aes_ctr_encrypt(mitosis_encrypt_context_t* context, uint32_t datalen, const uint8_t* plaintext, uint8_t* ciphertext);
+
+#define mitosis_aes_ctr_decrypt(context, datalen, ciphertext, plaintext) mitosis_aes_ctr_encrypt(context, datalen, ciphertext, plaintext)

mitosis-crypto/mitosis-aes-ecb.c

@@ -0,0 +1,57 @@
+#include <stdint.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <nrf.h>
+#include "mitosis-aes-ecb.h"
+
+#define ENCRYPT_WAIT 0x1000000
+
+static uint32_t wait_counts = 0;
+static uint32_t encrypt_count = 0;
+
+bool mitosis_aes_ecb_init(mitosis_aes_ecb_context_t* state)
+{
+    if (state == NULL)
+    {
+        return false;
+    }
+
+    NRF_ECB->ECBDATAPTR = (uint32_t) state;
+    return true;
+}
+
+bool mitosis_aes_ecb_encrypt(mitosis_aes_ecb_context_t* state)
+{
+    if (state == NULL)
+    {
+        return false;
+    }
+
+    if (NRF_ECB->ECBDATAPTR != (uint32_t) state)
+    {
+        NRF_ECB->ECBDATAPTR = (uint32_t) state;
+    }
+
+    uint32_t wait_counter = ENCRYPT_WAIT;
+
+    NRF_ECB->EVENTS_ERRORECB = 0;
+    NRF_ECB->EVENTS_ENDECB = 0;
+    NRF_ECB->TASKS_STARTECB = 1;
+    while (!(NRF_ECB->EVENTS_ENDECB | NRF_ECB->EVENTS_ERRORECB))
+    {
+        wait_counter--;
+        if(wait_counter == 0)
+        {
+            return false;
+        }
+    }
+    ++encrypt_count;
+    wait_counts += (ENCRYPT_WAIT - wait_counter);
+    NRF_ECB->EVENTS_ENDECB = 0;
+    if (NRF_ECB->EVENTS_ERRORECB)
+    {
+        NRF_ECB->EVENTS_ERRORECB = 0;
+        return false;
+    }
+    return true;
+}

mitosis-crypto/mitosis-aes-ecb.h

@@ -0,0 +1,21 @@
+/*
+    This file provides an alternate interface to the underlying AES engine.
+    The point is to reduce the number of calls to memcpy().
+*/
+
+#ifndef _MITOSIS_AES_ECB
+#define _MITOSIS_AES_ECB
+
+#define AES_BLOCK_SIZE 16
+
+typedef struct _mitosis_aes_ecb_context_t {
+    uint8_t key[AES_BLOCK_SIZE];
+    uint8_t plaintext[AES_BLOCK_SIZE];
+    uint8_t ciphertext[AES_BLOCK_SIZE];
+} mitosis_aes_ecb_context_t;
+
+bool mitosis_aes_ecb_init(mitosis_aes_ecb_context_t* state);
+
+bool mitosis_aes_ecb_encrypt(mitosis_aes_ecb_context_t* state);
+
+#endif

mitosis-crypto/mitosis-ckdf.c

@@ -0,0 +1,85 @@
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <string.h>
+#include <mitosis-cmac.h>
+#include "mitosis-ckdf.h"
+
+bool mitosis_ckdf_extract(const uint8_t* ikm, size_t ikm_len, const uint8_t* salt, size_t salt_len, uint8_t* prk)
+{
+    mitosis_cmac_context_t state;
+
+    if (!mitosis_cmac_init(&state, salt, salt_len))
+    {
+        return false;
+    }
+    return mitosis_cmac_compute(&state, ikm, ikm_len, prk);
+}
+
+bool
+mitosis_ckdf_expand(const uint8_t* prk, size_t prk_len, const uint8_t* info, size_t info_len, uint8_t* okm, size_t okm_len)
+{
+    mitosis_cmac_context_t state;
+    uint8_t scratch[AES_BLOCK_SIZE];
+    uint8_t iterations;
+    uint16_t offset = 0;
+
+    if (okm_len > 255 * AES_BLOCK_SIZE)
+    {
+        return false;
+    }
+
+    if (okm_len % AES_BLOCK_SIZE)
+    {
+        iterations = (uint8_t)(okm_len / AES_BLOCK_SIZE) + 1;
+    }
+    else
+    {
+        iterations = (uint8_t)(okm_len / AES_BLOCK_SIZE);
+    }
+
+    // i starts at 1 so it can be used to save the memory needed for a separate
+    // block counter.
+    for (uint8_t i = 1; i <= iterations && i > 0; ++i)
+    {
+        if (!mitosis_cmac_init(&state, prk, prk_len))
+        {
+            return false;
+        }
+
+        if (i > 1)
+        {
+            if (!mitosis_cmac_hash(&state, scratch, sizeof(scratch)))
+            {
+                return false;
+            }
+        }
+
+        if (!mitosis_cmac_hash(&state, info, info_len))
+        {
+            return false;
+        }
+
+        if (!mitosis_cmac_hash(&state, &i, 1))
+        {
+            return false;
+        }
+
+        if (!mitosis_cmac_complete(&state, scratch))
+        {
+            return false;
+        }
+
+        if (okm_len > sizeof(scratch))
+        {
+            memcpy(okm + offset, scratch, sizeof(scratch));
+            okm_len -= sizeof(scratch);
+            offset += sizeof(scratch);
+        }
+        else
+        {
+            memcpy(okm + offset, scratch, okm_len);
+        }
+    }
+    return true;
+}

mitosis-crypto/mitosis-ckdf.h

@@ -0,0 +1,10 @@
+/*
+CKDF interface for Mitosis keyboard
+
+Based on draft-agl-ckdf-01 (https://tools.ietf.org/html/draft-agl-ckdf-01)
+*/
+
+
+bool mitosis_ckdf_extract(const uint8_t* ikm, size_t ikm_len, const uint8_t* salt, size_t salt_len, uint8_t* prk);
+
+bool mitosis_ckdf_expand(const uint8_t* prk, size_t prk_len, const uint8_t* info, size_t info_len, uint8_t* okm, size_t okm_len);