Changes

AES-CCM Attack

2,391 bytes added, 21:48, 2 November 2016
no edit summary
=== Step #5: AES-CTR Pad ===
 
== Example Bootloader ==
 
The example bootloader has a simplified AES-CCM implementation (NB: do NOT use this as a reference for a good implementation!). It accomplishes the basic goals only of having:
 
* Header data that is authenticated but not encrypted
* An encrypted MAC tag
* A bunch of encrypted firmware blocks
 
Each block sent to the bootloader is 19 bytes long. The first byte indicates the type - header, auth tag, or data. If a new 'header' message is received it will abort any ongoing processing of existing data and restart the bootloader process.
 
The following shows the three message types, where length in the header is the number of encrypted data frames. This is used for the bootloader to know when to perform the AES-MAC comparison.
 
This frame has four parts:
* <code>0x00</code>: 1 byte of fixed header
* Signature: A secret 4 byte constant. The bootloader will confirm that this signature is correct after decrypting the frame.
* Data: 12 bytes of the incoming firmware. This system forces us to send the code 12 bytes at a time; more complete bootloaders may allow longer variable-length frames.
* CRC-16: A 16-bit checksum using the CRC-CCITT polynomial (0x1021). The LSB of the CRC is sent first, followed by the MSB. The bootloader will reply over the serial port, describing whether or not this CRC check was valid.
 
<pre>
+------+------+------+------+ .... +------+------+------+------+
| 0x01 | Header Info (14 bytes)| Length | CRC-16 |
+------+------+------+------+ .... +------+------+------+------+
</pre>
 
<pre>
|<----- Encrypted block (16 bytes) ------>|
| AES-CTR Encryption with CTR=0 |
| |
+------+------+------+------+ .... +------+------+------+------+
| 0x02 | Auth-Tag (encrypted MAC) | CRC-16 |
+------+------+------+------+ .... +------+------+------+------+
</pre>
 
 
<pre>
|<----- Encrypted block (16 bytes) ------>|
| AES-CTR Encryption with CTR=1,2,3..N |
| |
+------+------+------+------+ .... +------+------+------+------+
| 0x03 | Data (16 Bytes) | CRC-16 |
+------+------+------+------+ .... +------+------+------+------+
</pre>
 
 
The bootloader responds to each command with a single byte indicating if the CRC-16 was OK or not:
Approved_users, bureaucrat, administrator
1,956
edits