Page 6 of 11
Chapter 5
Page 105 RandomByte function
uint8_t randomByte()
{
uint32_t random = 0;
uint32_t bit = 0;
for (int k = 0; k < 8; k++)
{
while (true)
{
bit = rosc_hw->randombit;
sleep_us(10);
if (bit != rosc_hw->randombit)
break;
}
random = (random << 1) | bit;
}
return (uint8_t)random;
}
Page 111 Full listing not in book
Adding EC and GCM to mbedtls_config.h in Client and server mode
//Hardware config
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_ENTROPY_HARDWARE_ALT
#define MBEDTLS_HAVE_TIME
//error reporting
#define MBEDTLS_ERROR_C
//used by LwIP
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_CTR_DRBG_C
//EC KEY EXCHANGE
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#define MBEDTLS_ECDH_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
//RSA KEY EXCHANGE
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_RSA_C
//general key exchange
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
//encryption
#define MBEDTLS_AES_C
#define MBEDTLS_CCM_C
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_AES_FEWER_TABLES
#define MBEDTLS_GCM_C
//certs
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_OID_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
//hash methods
#define MBEDTLS_SHA1_C
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA512_C
//TLS
#define MBEDTLS_CIPHER_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_MD_C
//enable client and server modes and TLS
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SERVER_NAME_INDICATION
#define MBEDTLS_SSL_SRV_C
//enable TLS 1.2
#define MBEDTLS_SSL_PROTO_TLS1_2
#include "/home/pi/pico/pico-sdk/lib/mbedtls/include/mbedtls/check_config.h"
Page 115 AES ECB Mode Main Program
#include <stdio.h>
#include "pico/stdlib.h"
#include "mbedtls/cipher.h"
#include "pico/rand.h"
int main()
{
stdio_init_all();
int ret;
mbedtls_cipher_context_t cipher_ctx;
mbedtls_cipher_init(&cipher_ctx);
const mbedtls_cipher_info_t *cipher_info;
cipher_info = mbedtls_cipher_info_from_string("AES-128-ECB");
ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info);
unsigned char key[16];
get_rand_128((rng_128_t*)key );
ret = mbedtls_cipher_setkey(&cipher_ctx, key, cipher_info->key_bitlen, MBEDTLS_ENCRYPT);
ret = mbedtls_cipher_reset(&cipher_ctx);
char buffer[16] = "Hello World";
char output[16];
int olen;
ret = mbedtls_cipher_update(&cipher_ctx, buffer, 16, output, &olen);
printf("cipher text ");
for (int i = 0; i < olen; i++)
{
printf("%02X", output[i]);
}
printf("\n");
char plaintext[16];
ret = mbedtls_cipher_setkey(&cipher_ctx, key, cipher_info->key_bitlen, MBEDTLS_DECRYPT);
ret = mbedtls_cipher_reset(&cipher_ctx);
mbedtls_cipher_update(&cipher_ctx, output, 16, plaintext, &olen);
printf("plain text %.16s\n", plaintext);
return 0;
}
Page 116 AES ECB mbedtls_config.h
//Hardware config
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_ENTROPY_HARDWARE_ALT
#define MBEDTLS_HAVE_TIME
//error reporting
#define MBEDTLS_ERROR_C
//encryption
#define MBEDTLS_AES_C
#define MBEDTLS_CCM_C
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_AES_FEWER_TABLES
#define MBEDTLS_CIPHER_C
#include "/home/pi/pico/pico-sdk/lib/mbedtls/include/mbedtls/check_config.h"
Page 116 AES ECB Mode CMakeLists.txt
cmake_minimum_required(VERSION 3.13)
set(PICO_BOARD pico_w)
set(CMAKE_C_STANDARD 11)
set(CMAKE_CXX_STANDARD 17)
include(pico_sdk_import.cmake)
project(PicoW C CXX ASM)
pico_sdk_init()
add_executable(main
main.c
)
target_include_directories(main PRIVATE ${CMAKE_CURRENT_LIST_DIR})
target_link_libraries(main pico_stdlib pico_mbedtls)
pico_add_extra_outputs(main)
Page 118 Full listing not in book
AES CBC Mode Main Program including list of available encryptions.
#include <stdio.h>
#include "pico/stdlib.h"
#include "mbedtls/cipher.h"
#include "pico/rand.h"
int main()
{
stdio_init_all();
int ret;
const mbedtls_cipher_info_t *cipher_info1;
const int *list;
printf("Available ciphers:\n");
list = mbedtls_cipher_list();
while (*list)
{
cipher_info1 = mbedtls_cipher_info_from_type(*list);
printf(" %s\n", cipher_info1->name);
list++;
}
mbedtls_cipher_context_t cipher_ctx;
mbedtls_cipher_init(&cipher_ctx);
const mbedtls_cipher_info_t *cipher_info;
cipher_info = mbedtls_cipher_info_from_string("AES-128-CBC");
ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info);
unsigned char key[16];
get_rand_128((rng_128_t *)key);
ret = mbedtls_cipher_setkey(&cipher_ctx, key, cipher_info->key_bitlen, MBEDTLS_ENCRYPT);
unsigned char IV[16];
get_rand_128((rng_128_t *)IV);
ret = mbedtls_cipher_set_iv(&cipher_ctx, IV, 16);
ret = mbedtls_cipher_reset(&cipher_ctx);
char buffer[16] = "Hello World";
char output[16];
int olen;
ret = mbedtls_cipher_update(&cipher_ctx, buffer, 16, output, &olen);
printf("cipher text ");
for (int i = 0; i < olen; i++)
{
printf("%02X", output[i]);
}
printf("\n");
char plaintext[16];
ret = mbedtls_cipher_setkey(&cipher_ctx, key, cipher_info->key_bitlen, MBEDTLS_DECRYPT);
ret = mbedtls_cipher_set_iv(&cipher_ctx, IV, 16);
ret = mbedtls_cipher_reset(&cipher_ctx);
ret = mbedtls_cipher_update(&cipher_ctx, output, 16, plaintext, &olen);
printf("plain text %.16s\n", plaintext);
return 0;
}
