There are eight key files in the common folder. The files are converted
to header files on compile time and the array of the keys is filled with
them. After determining the device id via the pin programming the
corresponding key is chosen.

Each of the keys is
mapped to one station id.

.gitignore

@@ -30,4 +30,4 @@ common/rust-protocol/target
 
 # Keys should never be in the repository
 common/display_key.txt
-common/weather_station_0_key.txt
+common/weather_station_*_key.txt

base-station/software/src/radio.rs

@@ -25,6 +25,8 @@ const DISPLAY_ID: u8 = 0x20;
 const DISPLAY_KEY: [u8; 16] = include!("../../../common/display_key.txt");
 const WEATHER_STATION_0_ID: u8 = 0x30;
 const WEATHER_STATION_0_KEY: [u8; 16] = include!("../../../common/weather_station_0_key.txt");
+const WEATHER_STATION_1_ID: u8 = 0x31;
+const WEATHER_STATION_1_KEY: [u8; 16] = include!("../../../common/weather_station_1_key.txt");
 
 /// Hardware configuration.
 pub struct RadioConfig {
@@ -331,6 +333,7 @@ pub fn get_device_location(device_id: u8) -> Location {
     match device_id {
         DISPLAY_ID => Location::Bedroom,
         WEATHER_STATION_0_ID => Location::Livingroom,
+        WEATHER_STATION_1_ID => Location::Bathroom,
         _ => Location::Livingroom,
     }
 }
@@ -339,6 +342,7 @@ fn get_key(device_id: u8) -> Option<&'static [u8]> {
     match device_id {
         DISPLAY_ID => Some(&DISPLAY_KEY),
         WEATHER_STATION_0_ID => Some(&WEATHER_STATION_0_KEY),
+        WEATHER_STATION_1_ID => Some(&WEATHER_STATION_1_KEY),
         _ => None,
     }
 }

weather-sensor/firmware/.gitignore

@@ -4,3 +4,6 @@ main
 
 
 *.swp
+
+# The generated header files for the keys stored in ../../common should never be in the repository
+#key_*.h

weather-sensor/firmware/encryption.c

@@ -2,11 +2,49 @@
 
 #define LENGTH_OF_BLOCK 8
 
-void xxtea_Encrypt(uint32_t * data, uint8_t dataLength, const uint32_t key[4]);
-void xxtea_Decrypt(uint32_t * data, uint8_t dataLength, const uint32_t key[4]);
+
+#define NUMBER_OF_KEYS 8
+#define KEY_LENGTH 16
+
+const uint8_t encryptionKeys[NUMBER_OF_KEYS][KEY_LENGTH] = {
+	{
+		#include "key_0.h"
+	},
+	{
+		#include "key_1.h"
+	},
+	{
+		#include "key_2.h"
+	},
+	{
+		#include "key_3.h"
+	},
+	{
+		#include "key_4.h"
+	},
+	{
+		#include "key_5.h"
+	},
+	{
+		#include "key_6.h"
+	},
+	{
+		#include "key_7.h"
+	}
+};
+
+const uint8_t * key;
+
+void xxtea_Encrypt(uint32_t * data, uint8_t dataLength);
+void xxtea_Decrypt(uint32_t * data, uint8_t dataLength);
+
+void Set_Encryption_Key(uint8_t sensorId)
+{
+	key = encryptionKeys[sensorId & 0xF];
+}
 
 /* The data packets are encrypted using the xxtea algorithm. */
-void Encrypt(uint32_t * data, uint8_t dataLength, uint64_t salt, const uint32_t key[4])
+void Encrypt(uint32_t * data, uint8_t dataLength, uint64_t salt)
 {
 	/* This function assumes that the dataLength is a multiple of the length of the
 	 * salt (8)
@@ -29,7 +67,7 @@ void Encrypt(uint32_t * data, uint8_t dataLength, uint64_t salt, const uint32_t
 		*((uint64_t*) currentPlaintextBlock) ^= *((uint64_t*) previousCipherBlock);
 
 		/* Encrypt the block */
-		xxtea_Encrypt((uint32_t*) currentPlaintextBlock, LENGTH_OF_BLOCK, key);
+		xxtea_Encrypt((uint32_t*) currentPlaintextBlock, LENGTH_OF_BLOCK);
 
 		/* Setup for next block */
 		previousCipherBlock = currentPlaintextBlock;
@@ -39,7 +77,7 @@ void Encrypt(uint32_t * data, uint8_t dataLength, uint64_t salt, const uint32_t
 }
 
 
-void Decrypt(uint32_t * data, uint8_t dataLength, uint64_t salt, const uint32_t key[4])
+void Decrypt(uint32_t * data, uint8_t dataLength, uint64_t salt)
 {
 	/* This function assumes that the dataLength is a multiple of the length of the
 	 * salt (8)
@@ -58,7 +96,7 @@ void Decrypt(uint32_t * data, uint8_t dataLength, uint64_t salt, const uint32_t
 	for (i = dataLength/LENGTH_OF_BLOCK; i > 0; i--)
 	{
 		/* Decrypt the block */
-		xxtea_Decrypt((uint32_t*) currentCipherBlock, LENGTH_OF_BLOCK, key);
+		xxtea_Decrypt((uint32_t*) currentCipherBlock, LENGTH_OF_BLOCK);
 
 		/* XOR of the decrypted block with cipher block in front of it */
 		*((uint64_t*) currentCipherBlock) ^= *((uint64_t*) previousCipherBlock);
@@ -76,7 +114,7 @@ void Decrypt(uint32_t * data, uint8_t dataLength, uint64_t salt, const uint32_t
 	}
 }
 
-void xxtea_Encrypt(uint32_t * data, uint8_t dataLength, const uint32_t key[4])
+void xxtea_Encrypt(uint32_t * data, uint8_t dataLength)
 {
     uint32_t sum = 0, z, y, e;
     uint8_t i = 6 + 52/(dataLength/4), r;
@@ -90,13 +128,13 @@ void xxtea_Encrypt(uint32_t * data, uint8_t dataLength, const uint32_t key[4])
         for (r = 0; r <= n; r++) {
             // round
             y = data[(r+1) % (n + 1)]; // right neighbour
-            data[r] += ((z>>5 ^ y<<2) + (y>>3 ^ z<<4)) ^ ((sum^y) + (key[(r^e) & 3] ^ z));
+            data[r] += ((z>>5 ^ y<<2) + (y>>3 ^ z<<4)) ^ ((sum^y) + (((uint32_t*) key)[(r^e) & 3] ^ z));
             z = data[r]; // left neighbour for the next round
         }
     } while (--i);
 }
 
-void xxtea_Decrypt(uint32_t * data, uint8_t dataLength, const uint32_t key[4])
+void xxtea_Decrypt(uint32_t * data, uint8_t dataLength)
 {
     uint32_t sum, z, y, e;
     int16_t i = 6 + 52/(dataLength/4), r;
@@ -110,7 +148,7 @@ void xxtea_Decrypt(uint32_t * data, uint8_t dataLength, const uint32_t key[4])
         for (r = n-1; r >= 0; --r) {
             // round
             z = data[(r+n-1) % n];
-            data[r] -= ((z>>5 ^ y<<2) + (y>>3 ^ z<<4)) ^ ((sum^y) + (key[(r^e) & 3] ^ z));
+            data[r] -= ((z>>5 ^ y<<2) + (y>>3 ^ z<<4)) ^ ((sum^y) + (((uint32_t*) key)[(r^e) & 3] ^ z));
             y = data[r];
         }
         sum -= 0x9e3779b9;

weather-sensor/firmware/encryption.h

@@ -2,7 +2,8 @@
 #define ENCRYPTION_H
 
 
-void Encrypt(uint32_t * data, uint8_t dataLength , uint64_t salt, const uint32_t key[4]);
-void Decrypt(uint32_t * data, uint8_t dataLength, uint64_t salt, const uint32_t key[4]);
+void Set_Encryption_Key(uint8_t sensorId);
+void Encrypt(uint32_t * data, uint8_t dataLength , uint64_t salt);
+void Decrypt(uint32_t * data, uint8_t dataLength, uint64_t salt);
 
 #endif

weather-sensor/firmware/main.c

@@ -69,6 +69,9 @@ int main (void)
 	Configure_Pin_Programming_Pins();
 	ownId = Get_Own_Identifier();
 
+	/* Set the encryption key */
+	Set_Encryption_Key(ownId);
+
 	/* Initialize the SPI */
 	Initialize_SPI();
 

weather-sensor/firmware/makefile

@@ -11,7 +11,7 @@ clean:
 flash: main.hex
 	sudo avrdude -c buspirate -b 115200 -P /dev/ttyUSB0 -p m88p -v -U flash:w:main.hex
 
-obj/%.o: %.c $(DEPS)
+obj/%.o: %.c $(DEPS) key_0.h key_1.h key_2.h key_3.h key_4.h key_5.h key_6.h key_7.h
 	avr-gcc -c $< -o $@ $(CFLAGS)
 
 obj/%.o: BME280_driver/%.c $(DEPS)
@@ -20,5 +20,8 @@ obj/%.o: BME280_driver/%.c $(DEPS)
 main: obj/main.o obj/spi.o obj/nrf24l01.o obj/bme280_interface.o obj/bme280.o obj/pin_programming.o obj/crc.o obj/encryption.o obj/radio.o
 	avr-gcc $^ -o $@ $(CFLAGS)
 
+key_%.h: ../../common/weather_station_%_key.txt
+	@cat $< | sed "s/^\[\(.*\)\]$$/\1/g" > $@
+
 main.hex: main
 	avr-objcopy -O ihex -R .eeprom main main.hex

weather-sensor/firmware/radio.c

@@ -3,8 +3,6 @@
 #include "encryption.h"
 #include "crc.h"
 
-const uint8_t encryptionKey[16] = {0x9e, 0x37, 0x79, 0xb9, 0x9b, 0x97, 0x73, 0xe9, 0xb9, 0x79, 0x37, 0x9e, 0x6b, 0x69, 0x51, 0x56}; /* TODO: use exernal file with the keys */
-
 bool Send_Message(PACKET * packet, uint64_t * salt);
 
 bool Send_Get_Salt_Message(PACKET * packet, uint64_t * salt) //TODO: put into own file
@@ -48,8 +46,7 @@ bool Send_Message(PACKET * packet, uint64_t * salt)
 
 	Encrypt((uint32_t*) packet->payload.buffer,
 	        PACKET_PAYLOAD_BUFFER_LENGTH + sizeof(crc),
-	        *salt,
-	        (uint32_t*) encryptionKey);
+	        *salt);
 
 	success = NRF24L01_Send_Message((uint8_t*)packet, PACKET_LENGTH);
 
@@ -70,8 +67,7 @@ bool Read_Salt_Message(PACKET * packet, uint64_t * salt)
 	baseStationSalt = packet->salt;
 	Decrypt((uint32_t*)packet->payload.buffer,
 	        PACKET_PAYLOAD_BUFFER_LENGTH + sizeof(packet->crc),
-	        baseStationSalt,
-	        (uint32_t*) encryptionKey);
+	        baseStationSalt);
 
 	crcRemainder = Calculate_Crc(packet->payload.buffer,
 	                             PACKET_PAYLOAD_BUFFER_LENGTH + sizeof(packet->crc));