1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
/* packet-knxip_decrypt.h
* Decryption keys and decryption functions for KNX/IP Dissector
* Copyright 2018, ise GmbH <Ralf.Nasilowski@ise.de>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#ifndef KNXIP_CRYPT_H
#define KNXIP_CRYPT_H
#define KNX_KEY_LENGTH 16
// Calculate MAC for KNX IP Security or KNX Data Security
void knx_ccm_calc_cbc_mac( uint8_t p_mac[ KNX_KEY_LENGTH ], const uint8_t key[ KNX_KEY_LENGTH ],
const uint8_t* a_bytes, int a_length, const uint8_t* p_bytes, int p_length,
const uint8_t b_0[ KNX_KEY_LENGTH ] );
// Calculate MAC for KNX IP Security
void knxip_ccm_calc_cbc_mac( uint8_t p_mac[ KNX_KEY_LENGTH ], const uint8_t key[ KNX_KEY_LENGTH ],
const uint8_t* a_bytes, int a_length, const uint8_t* p_bytes, int p_length,
const uint8_t* nonce, uint8_t nonce_length );
// Encrypt for KNX IP Security or KNX Data Security
uint8_t* knx_ccm_encrypt( uint8_t* p_result, const uint8_t key[ KNX_KEY_LENGTH ], const uint8_t* p_bytes, int p_length,
const uint8_t* mac, uint8_t mac_length, const uint8_t ctr_0[ KNX_KEY_LENGTH ], uint8_t s0_bytes_used_for_mac);
// Encrypt for KNX IP Security
uint8_t* knxip_ccm_encrypt( uint8_t* p_result, const uint8_t key[ KNX_KEY_LENGTH ], const uint8_t* p_bytes, int p_length,
const uint8_t mac[ KNX_KEY_LENGTH ], const uint8_t* nonce, uint8_t nonce_length );
// Decrypt for KNX IP Security
uint8_t* knxip_ccm_decrypt( uint8_t* p_result, const uint8_t key[ KNX_KEY_LENGTH ], const uint8_t* crypt, int crypt_length,
const uint8_t* nonce, uint8_t nonce_length );
// For importing keyring.XML file exported from ETS:
struct knx_keyring_mca_keys
{
struct knx_keyring_mca_keys* next;
uint8_t mca[ 4 ]; // IP multicast address
uint8_t key[ KNX_KEY_LENGTH ]; // encryption key
};
struct knx_keyring_ga_keys
{
struct knx_keyring_ga_keys* next;
uint16_t ga; // KNX GA
uint8_t key[ KNX_KEY_LENGTH ]; // encryption key
};
struct knx_keyring_ga_senders
{
struct knx_keyring_ga_senders* next;
uint16_t ga; // KNX GA
uint16_t ia; // sending KNX IA
};
struct knx_keyring_ia_keys
{
struct knx_keyring_ia_keys* next;
uint16_t ia; // KNX IA
uint8_t key[ KNX_KEY_LENGTH ]; // encryption key
};
struct knx_keyring_ia_seqs
{
struct knx_keyring_ia_seqs* next;
uint16_t ia; // KNX IA
uint64_t seq; // 6-byte sequence number
};
extern struct knx_keyring_mca_keys* knx_keyring_mca_keys;
extern struct knx_keyring_ga_keys* knx_keyring_ga_keys;
extern struct knx_keyring_ga_senders* knx_keyring_ga_senders;
extern struct knx_keyring_ia_keys* knx_keyring_ia_keys;
extern struct knx_keyring_ia_seqs* knx_keyring_ia_seqs;
// Read KNX security keys from keyring XML file (exported from ETS)
void read_knx_keyring_xml_file( const char* key_file, const char* password, const char* key_info_file );
#endif // KNXIP_CRYPT_H
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 2
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* vi: set shiftwidth=2 tabstop=8 expandtab:
* :indentSize=2:tabSize=8:noTabs=true:
*/
|
