WIP cryptographic design

4 files changed, 82 insertions, 3 deletions

diff --git a/controller/fw/src/crypto.c b/controller/fw/src/crypto.c
new file mode 100644
index 0000000..73ad783
--- /dev/null
+++ b/controller/fw/src/crypto.c
@@ -0,0 +1,48 @@
+
+#include <unistd.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <aes.h>
+
+#include "crypto.h"
+#include "simulation.h"
+
+void debug_hexdump(const char *name, uint8_t *buf, size_t len);
+void debug_hexdump(const char *name, uint8_t *buf, size_t len) {
+    DEBUG_PRINTN("%20s: ", name);
+    for (size_t i=0; i<len;) {
+        for (size_t j=0; j<8 && i<len; i++, j++)
+            DEBUG_PRINTN("%02x ", buf[i]);
+        DEBUG_PRINTN(" ");
+    }
+    DEBUG_PRINTN("\n");
+}
+
+int oob_message_received(uint8_t msg[static OOB_TRIGGER_LEN]) {
+    struct AES_ctx ctx;
+    uint8_t buf[crypto_sign_BYTES];
+
+    for (size_t serial=0; serial<PRESIG_STORE_SIZE; serial++) {
+        for (size_t dom=0; dom<_TRIGGER_DOMAIN_COUNT; dom++) {
+
+            DEBUG_PRINT("Trying domain %zd serial %zd", dom, serial);
+            debug_hexdump("oob_presig_iv", oob_presig_iv, sizeof(oob_presig_iv));
+
+            memcpy(buf, presig_store[dom][serial], crypto_sign_BYTES);
+            debug_hexdump("presig", buf, sizeof(buf));
+            AES_init_ctx_iv(&ctx, msg, oob_presig_iv);
+            AES_CBC_decrypt_buffer(&ctx, buf, crypto_sign_BYTES);
+            debug_hexdump("decrypted", buf, sizeof(buf));
+
+            if (!crypto_sign_verify_detached(buf, presig_messages[dom][serial], PRESIG_MSG_LEN, oob_trigger_pubkey)) {
+                oob_trigger_activated(dom, presig_first_serial + serial);
+                return 1;
+            }
+            DEBUG_PRINTN("\n");
+        }
+    }
+
+    return 0;
+}
diff --git a/controller/fw/src/crypto.h b/controller/fw/src/crypto.h
new file mode 100644
index 0000000..61a0da8
--- /dev/null
+++ b/controller/fw/src/crypto.h
@@ -0,0 +1,33 @@
+#ifndef __CRYPTO_H__
+#define __CRYPTO_H__
+
+#include <stdint.h>
+
+#include <sodium.h>
+
+
+#define OOB_TRIGGER_LEN 16
+#define PRESIG_MSG_LEN 16
+
+
+enum trigger_domain {
+    TRIGGER_DOMAIN_ALL,
+    TRIGGER_DOMAIN_VENDOR,
+    TRIGGER_DOMAIN_SERIES,
+    TRIGGER_DOMAIN_COUNTRY,
+    TRIGGER_DOMAIN_REGION,
+    _TRIGGER_DOMAIN_COUNT
+};
+
+extern uint8_t presig_store[_TRIGGER_DOMAIN_COUNT][PRESIG_STORE_SIZE][crypto_sign_BYTES];
+extern uint8_t oob_trigger_pubkey[crypto_sign_PUBLICKEYBYTES];
+extern uint8_t presig_messages[_TRIGGER_DOMAIN_COUNT][PRESIG_STORE_SIZE][PRESIG_MSG_LEN];
+extern uint8_t oob_presig_iv[16];
+extern int presig_first_serial;
+
+
+extern void oob_trigger_activated(enum trigger_domain domain, int serial);
+
+int oob_message_received(uint8_t msg[static OOB_TRIGGER_LEN]);
+
+#endif /* __CRYPTO_H__ */
diff --git a/controller/fw/src/dsss_demod.c b/controller/fw/src/dsss_demod.c
index 97cc039..c5a2070 100644
--- a/controller/fw/src/dsss_demod.c
+++ b/controller/fw/src/dsss_demod.c
@@ -248,7 +248,6 @@ void group_received(struct dsss_demod_state *st) {
 
     /* If we found empty entries, replace one by a new decoding starting at this group */
     if (empty_idx >= 0) {
-        DEBUG_PRINT("Writing to %zd", empty_idx);
         assert(0 <= empty_idx && empty_idx < DSSS_MATCHER_CACHE_SIZE);
         st->matcher_cache[empty_idx].last_phase = group_phase;
         st->matcher_cache[empty_idx].candidate_score = base_score;
@@ -261,7 +260,6 @@ void group_received(struct dsss_demod_state *st) {
 
     /* If the weakest decoding in cache is weaker than a new decoding starting here, replace it */
     } else if (min_score < base_score && min_idx >= 0) {
-        DEBUG_PRINT("Writing to %zd", min_idx);
         assert(0 <= min_idx && min_idx < DSSS_MATCHER_CACHE_SIZE);
         st->matcher_cache[min_idx].last_phase = group_phase;
         st->matcher_cache[min_idx].candidate_score = base_score;
diff --git a/controller/fw/src/dsss_demod.h b/controller/fw/src/dsss_demod.h
index e7e5cf9..98cf590 100644
--- a/controller/fw/src/dsss_demod.h
+++ b/controller/fw/src/dsss_demod.h
@@ -63,7 +63,7 @@ struct dsss_demod_state {
 };
 
 
-extern void handle_dsss_received(uint8_t data[TRANSMISSION_SYMBOLS]);
+extern void handle_dsss_received(uint8_t data[static TRANSMISSION_SYMBOLS]);
 
 void dsss_demod_init(struct dsss_demod_state *st);
 void dsss_demod_step(struct dsss_demod_state *st, float new_value, uint64_t ts);