AES-256 FTW!

A project log for Orthrus

SD card secure RAID USB storage

Nick Sayer 10/19/2017 at 01:280 Comments

One of the nice things we got for free with the SAMS70 upgrade was the ability to shift to AES-256. But I haven't done it before now because getting it to just work was a first priority, but also because I wasn't sure whether there would be any speed penalty.

Well, I sat down and did it, and there is no discernible penalty, so the code has been upgraded to use it.

The key generation steps had to change quite a bit because it's now no longer the case that the cipher block size and key length are the same. To make that work, the new volume key generation looks like this:

The volume ID is now 64 bytes. The two key blocks remain 32 bytes and the nonce blocks remain 16 bytes.

You take the two key blocks and shuffle them together into a new buffer alternating bytes (A first). Run AES CMAC over each half of the shuffled buffer one after the other, concatenating the results. That is the 256 bit intermediate key.

Using that intermediate key, run CMAC over the two halves of the volume ID, again concatenating the results. That becomes the volume key.

I've validated that the code interoperates with the java decrypt program, and to avoid mishaps I've changed the volume magic value.

The system is NOT backwards-compatible, so you must insure that you preserve the content of any volumes before upgrading the firmware. Alternatively, you can dump any version 1 volumes and use the old java decrypter to obtain the plaintext image.