我正在研究固件更新方案,该方案需要对固件映像进行端到端加密。目标设备是蓝牙低功耗芯片,硬件支持Blueooth Spec,AES-CCM中指定的加密技术。我们希望利用这些硬件来最小化代码大小和速度,因此我们需要以构建硬件的格式加密固件映像。
所以,我正在尝试使用.NET AesManaged class,以便我可以重现Bluetooth Spec(p 1547)中给出的数据样本,但我没有得到相同的输出。以下是示例数据:
有效载荷字节长度:08
K:89678967 89678967 45234523 45234523
有效载荷计数器:0000bc614e
零长度ACL-U继续:0
方向:0
初始化载体:66778899 aabbccdd
LT_ADDR:1
包类型:3
LLID:2
有效载荷:68696a6b 6c6d6e6fB0:494e61bc 0000ddcc bbaa9988 77660008
B1:00190200 00000000 00000000 00000000
B2:68696a6b 6c6d6e6f 00000000 00000000Y0:95ddc3d4 2c9a70f1 61a28ee2 c08271ab
Y1:418635ff 54615443 8aceca41 fe274779
Y2:08d78b32 9d78ed33 b285fc42 e178d781T:08d78b32
CTR0:014e61bc 0000ddcc bbaa9988 77660000
CTR1:014e61bc 0000ddcc bbaa9988 77660001S0:b90f2b23 f63717d3 38e0559d 1e7e785e
S1:d8c7e3e1 02050abb 025d0895 17cbe5fbMIC:b1d8a011
加密的有效载荷:b0ae898a 6e6864d4
现在,我很高兴只是在没有身份验证的情况下使加密工作。我注意到MIC和加密有效载荷分别与S0和S1进行了T和Payload XOR,因此我的目标只是生成S0。我的理解是,我应该能够通过ECB使用密钥K来执行CTR0数组:
//I've tried a few endian-ness permutations of K, none work
byte[] sampleKey = { 0x23, 0x45, 0x23, 0x45, 0x23, 0x45, 0x23, 0x45,
0x67, 0x89, 0x67, 0x89, 0x67, 0x89, 0x67, 0x89};
byte[] sampleCtr0 = { 01, 0x4e, 0x61, 0xbc, 00, 00, 0xdd, 0xcc,
0xbb, 0xaa, 0x99, 0x88, 0x77, 0x66, 00, 00 };
byte[] encrypted;
using (AesManaged aesAlg = new AesManaged())
{
aesAlg.Mode = CipherMode.ECB; //CTR implemented as ECB w/ manually-incrementing counter
// Create an encrytor to perform the stream transform.
ICryptoTransform encryptor = aesAlg.CreateEncryptor(sampleKey, zeros); //zeros is a byte array of 16 0's
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(sampleCtr0);
}
encrypted = msEncrypt.ToArray();
}
}
}
我希望在加密中看到S0,但我没有。怎么了?
答案 0 :(得分:1)
原来使用StreamWriter是个问题。删除它并用csEncrypt.Write()替换它后,我得到了我预期的输出。
我仍然不理解我的修复,所以我即将编辑这个问题,但看到问题可能与加密无关,我认为这可以作为一个单独的问题更好地解决。或者,如果有人可以解释修复,我会更改已接受的答案。
答案 1 :(得分:0)
该流或其源流之一在复制之前可能需要flush()。否则,如果未完成,它可以截断结尾。
答案 2 :(得分:0)
这是我的AES-CCM实现,与C#2.0兼容:
请注意,需要一些here可用的字节操作类(例如XOR):
/* Copyright (C) 2020 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
*
* You can redistribute this program and/or modify it under the terms of
* the GNU Lesser Public License as published by the Free Software Foundation,
* either version 3 of the License, or (at your option) any later version.
*/
using System;
using System.IO;
using System.Security.Cryptography;
namespace Utilities
{
/// <summary>
/// Implements the Counter with CBC-MAC (CCM) detailed in RFC 3610
/// </summary>
public static class AesCcm
{
private static byte[] CalculateMac(byte[] key, byte[] nonce, byte[] data, byte[] associatedData, int signatureLength)
{
byte[] messageToAuthenticate = BuildB0Block(nonce, true, signatureLength, data.Length);
if (associatedData.Length > 0)
{
if (associatedData.Length >= 65280)
{
throw new NotSupportedException("Associated data length of 65280 or more is not supported");
}
byte[] associatedDataLength = BigEndianConverter.GetBytes((ushort)associatedData.Length);
messageToAuthenticate = ByteUtils.Concatenate(messageToAuthenticate, associatedDataLength);
messageToAuthenticate = ByteUtils.Concatenate(messageToAuthenticate, associatedData);
int associatedDataPaddingLength = (16 - (messageToAuthenticate.Length % 16)) % 16;
messageToAuthenticate = ByteUtils.Concatenate(messageToAuthenticate, new byte[associatedDataPaddingLength]);
}
messageToAuthenticate = ByteUtils.Concatenate(messageToAuthenticate, data);
int dataPaddingLength = (16 - (messageToAuthenticate.Length % 16)) % 16;
messageToAuthenticate = ByteUtils.Concatenate(messageToAuthenticate, new byte[dataPaddingLength]);
byte[] encrypted = AesEncrypt(key, new byte[16], messageToAuthenticate, CipherMode.CBC);
return ByteReader.ReadBytes(encrypted, messageToAuthenticate.Length - 16, signatureLength);
}
public static byte[] Encrypt(byte[] key, byte[] nonce, byte[] data, byte[] associatedData, int signatureLength, out byte[] signature)
{
if (nonce.Length < 7 || nonce.Length > 13)
{
throw new ArgumentException("nonce length must be between 7 and 13 bytes");
}
if (signatureLength < 4 || signatureLength > 16 || (signatureLength % 2 == 1))
{
throw new ArgumentException("signature length must be an even number between 4 and 16 bytes");
}
byte[] keyStream = BuildKeyStream(key, nonce, data.Length);
byte[] mac = CalculateMac(key, nonce, data, associatedData, signatureLength);
signature = ByteUtils.XOR(keyStream, 0, mac, 0, mac.Length);
return ByteUtils.XOR(data, 0, keyStream, 16, data.Length);
}
public static byte[] DecryptAndAuthenticate(byte[] key, byte[] nonce, byte[] encryptedData, byte[] associatedData, byte[] signature)
{
if (nonce.Length < 7 || nonce.Length > 13)
{
throw new ArgumentException("nonce length must be between 7 and 13 bytes");
}
if (signature.Length < 4 || signature.Length > 16 || (signature.Length % 2 == 1))
{
throw new ArgumentException("signature length must be an even number between 4 and 16 bytes");
}
byte[] keyStream = BuildKeyStream(key, nonce, encryptedData.Length);
byte[] data = ByteUtils.XOR(encryptedData, 0, keyStream, 16, encryptedData.Length);
byte[] mac = CalculateMac(key, nonce, data, associatedData, signature.Length);
byte[] expectedSignature = ByteUtils.XOR(keyStream, 0, mac, 0, mac.Length);
if (!ByteUtils.AreByteArraysEqual(expectedSignature, signature))
{
throw new CryptographicException("The computed authentication value did not match the input");
}
return data;
}
private static byte[] BuildKeyStream(byte[] key, byte[] nonce, int dataLength)
{
int paddingLength = (16 - (dataLength % 16) % 16);
int keyStreamLength = 16 + dataLength + paddingLength;
int KeyStreamBlockCount = keyStreamLength / 16;
byte[] keyStreamInput = new byte[keyStreamLength];
for (int index = 0; index < KeyStreamBlockCount; index++)
{
byte[] aBlock = BuildABlock(nonce, index);
ByteWriter.WriteBytes(keyStreamInput, index * 16, aBlock);
}
return AesEncrypt(key, new byte[16], keyStreamInput, CipherMode.ECB);
}
private static byte[] BuildB0Block(byte[] nonce, bool hasAssociatedData, int signatureLength, int messageLength)
{
byte[] b0 = new byte[16];
Array.Copy(nonce, 0, b0, 1, nonce.Length);
int lengthFieldLength = 15 - nonce.Length;
b0[0] = ComputeFlagsByte(hasAssociatedData, signatureLength, lengthFieldLength);
int temp = messageLength;
for (int index = 15; index > 15 - lengthFieldLength; index--)
{
b0[index] = (byte)(temp % 256);
temp /= 256;
}
return b0;
}
private static byte[] BuildABlock(byte[] nonce, int blockIndex)
{
byte[] aBlock = new byte[16];
Array.Copy(nonce, 0, aBlock, 1, nonce.Length);
int lengthFieldLength = 15 - nonce.Length;
aBlock[0] = (byte)(lengthFieldLength - 1);
int temp = blockIndex;
for (int index = 15; index > 15 - lengthFieldLength; index--)
{
aBlock[index] = (byte)(temp % 256);
temp /= 256;
}
return aBlock;
}
private static byte ComputeFlagsByte(bool hasAssociatedData, int signatureLength, int lengthFieldLength)
{
byte flags = 0;
if (hasAssociatedData)
{
flags |= 0x40;
}
flags |= (byte)(lengthFieldLength - 1); // L'
flags |= (byte)(((signatureLength - 2) / 2) << 3); // M'
return flags;
}
private static byte[] AesEncrypt(byte[] key, byte[] iv, byte[] data, CipherMode cipherMode)
{
using (MemoryStream ms = new MemoryStream())
{
RijndaelManaged aes = new RijndaelManaged();
aes.Mode = cipherMode;
aes.Padding = PaddingMode.None;
using (CryptoStream cs = new CryptoStream(ms, aes.CreateEncryptor(key, iv), CryptoStreamMode.Write))
{
cs.Write(data, 0, data.Length);
cs.FlushFinalBlock();
return ms.ToArray();
}
}
}
}
}
答案 3 :(得分:0)
没有方法StreamWriter.Write(byte[])。相反,您正在调用StreamWriter.Write(object),后者在对象上调用ToString。这将返回“ System.Byte []”,然后对它进行UTF8编码并将其写入您的CryptoStream。
byte[] sampleCtr0 = { 01, 0x4e, 0x61, 0xbc, 00, 00, 0xdd, 0xcc,
0xbb, 0xaa, 0x99, 0x88, 0x77, 0x66, 00, 00 };
using (var mem = new MemoryStream())
{
using (var wri = new StreamWriter(mem))
{
//Write all data to the stream.
wri.Write(sampleCtr0);
}
Console.WritELine(Encoding.UTF8.GetString(mem.ToArray()));
}
产生:
System.Byte[]
请勿使用StreamWriter将二进制数据写入流。使用Stream.Write将数据直接写入流中(如您所做的那样),或者使用BinaryWriter。
StreamWriter用于编写必须通过传递到构造函数的Encoding编码为字节的字符。默认为Encoding.UTF8。