bsigning.nc

nesC写的heed算法

/*									tab:4
 *
 *
 * "Copyright (c) 2000-2002 The Regents of the University  of California.  
 * All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software and
 * its documentation for any purpose, without fee, and without written
 * agreement is hereby granted, provided that the above copyright
 * notice, the following two paragraphs and the author appear in all
 * copies of this software.
 * 
 * IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY
 * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL
 * DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS
 * DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 * 
 * THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES,
 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE SOFTWARE
 * PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND THE UNIVERSITY OF
 * CALIFORNIA HAS NO OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT,
 * UPDATES, ENHANCEMENTS, OR MODIFICATIONS."
 *
 */
/*									tab:4
 *  IMPORTANT: READ BEFORE DOWNLOADING, COPYING, INSTALLING OR USING.  By
 *  downloading, copying, installing or using the software you agree to
 *  this license.  If you do not agree to this license, do not download,
 *  install, copy or use the software.
 *
 *  Intel Open Source License 
 *
 *  Copyright (c) 2002 Intel Corporation 
 *  All rights reserved. 
 *  Redistribution and use in source and binary forms, with or without
 *  modification, are permitted provided that the following conditions are
 *  met:
 * 
 *	Redistributions of source code must retain the above copyright
 *  notice, this list of conditions and the following disclaimer.
 *	Redistributions in binary form must reproduce the above copyright
 *  notice, this list of conditions and the following disclaimer in the
 *  documentation and/or other materials provided with the distribution.
 *      Neither the name of the Intel Corporation nor the names of its
 *  contributors may be used to endorse or promote products derived from
 *  this software without specific prior written permission.
 *  
 *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 *  ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 *  PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE INTEL OR ITS
 *  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 *  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 *  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 * 
 * 
 */
/*
 * Authors:   Philip Levis
 * History:   Nov 21, 2002
 *	     
 *
 */

/**
 * @author Philip Levis
 */


includes Bombilla;

module BSigning {
  provides interface StdControl;
  provides interface BombillaSigning as Signing;
  uses interface BombillaError;
}

implementation {

  enum {
    BSIGN_IDLE = 0,
    BSIGN_PENDING = 1,
    BSIGN_WORKING = 2,
    BSIGN_CANCELLED = 3
  };

  uint64_t n;
  uint8_t e;
  uint32_t A, B, C, D;
  result_t signSuccess;
  
  uint8_t state;
  BombillaCapsule* input;
  BombillaCapsule* output;
  int msgLen;
  int chunkLen;
  int capsuleLen;

  result_t checkSig(BombillaCapsule* capsule);
  
  command result_t StdControl.init() {
    e = 79;
    n = 3337;

    chunkLen = 64;
    msgLen = chunkLen - sizeof(uint64_t);
    capsuleLen = sizeof(BombillaCapsule) - sizeof(uint64_t);

    /*
      for (i = 0; i < sizeof(BombillaCapsule); i++) {
      ((uint8_t*)&capsule)[i] = 0;
      }
    
    capsule.version = 33;
    capsule.type = 2;
    capsule.options = 0;
    capsule.code[0] = 0xc1; // push 1
    capsule.code[1] = 0x60; // getvar 0
    capsule.code[2] = 0x37; // add 1
    capsule.code[3] = 0x1d; // copy
    capsule.code[4] = 0x70; // setvar 0
    capsule.code[5] = 0xc7; // push 7
    capsule.code[6] = 0x31; // land
    capsule.code[7] = 0x23; // putled
    capsule.code[8] = 0x03; // test
    capsule.code[9] = 0x00; // halt
    capsule.signature = 0x72c5236b;
    capsule.signature = capsule.signature << 32;
    capsule.signature |= 0x80ec3d70;

    if (checkSig(&capsule) == SUCCESS) {
      dbg(DBG_CRYPTO, "Signature checks successful.\n");
    }
    else {
      dbg(DBG_CRYPTO, "Signature check failed.\n");
    }
    */
    state = BSIGN_CANCELLED;
    return SUCCESS;
  }

  command result_t StdControl.start() {
    state = BSIGN_IDLE;
    return SUCCESS;
  }

  command result_t StdControl.stop() {
    state = BSIGN_CANCELLED;
    return SUCCESS;
  }

  void fillBuffer(uint8_t* buffer, BombillaCapsule* capsule) {
    int i;
    uint64_t* lenPtr;
    nmemcpy(buffer, capsule, capsuleLen);
    dbg(DBG_CRYPTO, "Starting buffer:\n  ");
    for (i = 0; i < chunkLen; i++) {
      dbg_clear(DBG_CRYPTO, "%02hhx ", buffer[i]);
      if ((i + 1) % 8 == 0) {dbg_clear(DBG_CRYPTO, "\n  ");} 
    }
    dbg(DBG_CRYPTO, "Filled in %i bytes of capsule.\n", capsuleLen);
    buffer[capsuleLen] = (uint8_t)0x80;
    dbg(DBG_CRYPTO, "Appended 0x80.\n");
    for (i = capsuleLen + 1; i < msgLen; i++) {
      buffer[i] = 0;
    }
    dbg(DBG_CRYPTO, "Filled in %i zeroes for total length of %i.\n", msgLen - capsuleLen - 1, msgLen);
    lenPtr = (uint64_t*)&(buffer[msgLen]);
    *lenPtr = (uint64_t)msgLen;
    dbg(DBG_CRYPTO, "Filled in length filed for total length of %i\n", msgLen + sizeof(uint64_t));
    dbg(DBG_CRYPTO, "Final buffer:\n  ");
    for (i = 0; i < chunkLen; i++) {
      dbg_clear(DBG_CRYPTO, "%02hhx ", buffer[i]);
      if ((i + 1) % 8 == 0) {dbg_clear(DBG_CRYPTO, "\n  ");} 
    }
  }

#define MASK32 0xffffffff
#define F(X,Y,Z) ((((X)&(Y)) | ((~(X))&(Z))))
#define G(X,Y,Z) ((((X)&(Y)) | ((X)&(Z)) | ((Y)&(Z))))
#define H(X,Y,Z) (((X)^(Y)^(Z)))
#define lshift(x,s) (((((x)<<(s))&MASK32) | (((x)>>(32-(s)))&MASK32)))

#define ROUND1(a,b,c,d,k,s) a = lshift((a + F(b,c,d) + M[k])&MASK32, s)
#define ROUND2(a,b,c,d,k,s) a = lshift((a + G(b,c,d) + M[k] + 0x5A827999)&MASK32,s)
#define ROUND3(a,b,c,d,k,s) a = lshift((a + H(b,c,d) + M[k] + 0x6ED9EBA1)&MASK32,s)

  uint64_t mdfour64(uint32_t *M) {
    uint32_t AA, BB, CC, DD;
    uint64_t result = 0;
    
    A = 0x67452301;
    B = 0xefcdab89;
    C = 0x98badcfe;
    D = 0x10325476;

    dbg(DBG_CRYPTO, "Initializing hash.\n");
    AA = A; BB = B; CC = C; DD = D;

    ROUND1(A,B,C,D,  0,  3);  ROUND1(D,A,B,C,  1,  7);  
    ROUND1(C,D,A,B,  2, 11);  ROUND1(B,C,D,A,  3, 19);
    ROUND1(A,B,C,D,  4,  3);  ROUND1(D,A,B,C,  5,  7);  
    ROUND1(C,D,A,B,  6, 11);  ROUND1(B,C,D,A,  7, 19);
    ROUND1(A,B,C,D,  8,  3);  ROUND1(D,A,B,C,  9,  7);  
    ROUND1(C,D,A,B, 10, 11);  ROUND1(B,C,D,A, 11, 19);
    ROUND1(A,B,C,D, 12,  3);  ROUND1(D,A,B,C, 13,  7);  
    ROUND1(C,D,A,B, 14, 11);  ROUND1(B,C,D,A, 15, 19);        
    dbg(DBG_CRYPTO, "Completed round 1.\n");
  
    ROUND2(A,B,C,D,  0,  3);  ROUND2(D,A,B,C,  4,  5);  
    ROUND2(C,D,A,B,  8,  9);  ROUND2(B,C,D,A, 12, 13);
    ROUND2(A,B,C,D,  1,  3);  ROUND2(D,A,B,C,  5,  5);  
    ROUND2(C,D,A,B,  9,  9);  ROUND2(B,C,D,A, 13, 13);
    ROUND2(A,B,C,D,  2,  3);  ROUND2(D,A,B,C,  6,  5);  
    ROUND2(C,D,A,B, 10,  9);  ROUND2(B,C,D,A, 14, 13);
    ROUND2(A,B,C,D,  3,  3);  ROUND2(D,A,B,C,  7,  5);  
    ROUND2(C,D,A,B, 11,  9);  ROUND2(B,C,D,A, 15, 13);
    dbg(DBG_CRYPTO, "Completed round 2.\n");
  
    ROUND3(A,B,C,D,  0,  3);  ROUND3(D,A,B,C,  8,  9);  
    ROUND3(C,D,A,B,  4, 11);  ROUND3(B,C,D,A, 12, 15);
    ROUND3(A,B,C,D,  2,  3);  ROUND3(D,A,B,C, 10,  9);  
    ROUND3(C,D,A,B,  6, 11);  ROUND3(B,C,D,A, 14, 15);
    ROUND3(A,B,C,D,  1,  3);  ROUND3(D,A,B,C,  9,  9);  
    ROUND3(C,D,A,B,  5, 11);  ROUND3(B,C,D,A, 13, 15);
    ROUND3(A,B,C,D,  3,  3);  ROUND3(D,A,B,C, 11,  9);  
    ROUND3(C,D,A,B,  7, 11);  ROUND3(B,C,D,A, 15, 15);
    dbg(DBG_CRYPTO, "Completed round 3.\n");
  
    A += AA; B += BB; 
    C += CC; D += DD;
  
    A &= MASK32; B &= MASK32; 
    C &= MASK32; D &= MASK32;

    dbg(DBG_CRYPTO, "Hash: 0x%x%x%x%x (0x%x%x)\n", A, B, C, D, C, D);

    result = C;
    result = result << 32;
    result |= D;
    
    return result;
  }
  
  result_t checkSig(BombillaCapsule* capsule) {
    uint32_t buffer[(chunkLen >> 2)];
    uint64_t result;
    fillBuffer((uint8_t*)buffer, capsule);
    result = mdfour64(buffer);
    dbg(DBG_CRYPTO, "Capsule: 0x%llx, Computed: 0x%llx\n", capsule->signature, result);
    return (result == capsule->signature)? SUCCESS:FAIL;
  }

  task void checkCompleteTask() {
    result_t success = signSuccess;
    if (state != BSIGN_PENDING) {return;}
    state = BSIGN_IDLE;
    signal Signing.checkComplete(input, success);
  }
  
  task void signingTask() {
    if (state != BSIGN_PENDING) {return;}
    signSuccess = checkSig(input);
    post checkCompleteTask();
  }
  
  command result_t Signing.checkSignature(BombillaCapsule* capsule) {
    if (state != BSIGN_IDLE) {
      return FAIL;
    }
    state = BSIGN_PENDING;
    input = capsule;
    post signingTask();
    return SUCCESS;
  }
  
}