Category Archives: crypto

802.15.4 export controls

Export controls. Woo, yeah! The USA classed various encryption as a weapon for a while, and tried to prevent it from being “exported” This was relaxed 10-15 years ago, when they realised how absurd it all was. Now, you can buy microelectronics with encryption built in, for instance, and what i’m talking about here, 802.15.4 transceivers have AES encryption built in. It’s a required part of 802.15.4 support after all. However, the way the export controls were relaxed required lots of paperwork, and there’s still some restrictions in place. And the big electronics distributors like digikey and mouser have interesting approaches to following these rules.

Here’s a quick roundup of what I tried to buy today on digikey. Note that all of these parts include AES encryption, as they are all 802.15.4 devices. In some cases, these aren’t even made in the US, they’re made in europe, shipped to distributers in the US, then not allowed out again because of these awesome “export controls”

Note: I live in Iceland, which seems to have fallen into a paperwork crack at some time, most of europe can buy these devices, but not me :(

Microchip’s MRF24J40 modules

Digikey will not sell the MRF24J40MA module by itself, DK partno: MRF24J40MA-I/RM-ND
Digikey will sell the ZENA usb dongle, which is a MRF24J40 radio + USB interface, DK partno: AC182015-1-ND

Mouser will sell the modules.

Farnell said they would sell the modules, then asked me to fill out export restrictions forms (from the UK, not the US!) and has since not replied. (This was about 6 months ago)

ST’s STM32W parts

Digikey will not sell me the STM32W-RFCKIT, DK partno: 497-11406-ND
Digikey will sell me the STEVAL-IDZ401V1, an STM32W based USB dongle. DK partno: 497-12887-ND

Mouser wouldn’t sell me the STM32W-RFCKIT either

TI’s CC2531 parts

Digikey will sell me the TI CC2531 usb dongle, DK partno: 296-28921-ND
Digikey will also sell me CC2531 chips themselves

Freescale’s MC1322x parts

Digikey will not sell me the usb dongle, DK partno: 1322XUSB-ND
I didn’t try buying the parts themselves

Atmel’s range

Digikey will sell me the Raven RZ USB stick, DK partno: ATAVRRZUSBSTICK-ND
Digikey will not sell me the development kit, DK partno: ATAVR128RFA1-EK1-ND

So, awesome job there. I can still buy “restricted” encryption hardware, but only some of it, and only in certain shapes. Fucking ballsup. I’ve spoken to Digikey, (though not with such a list of contradictions) and they brushed me off with, “we just follow the export restrictions guidance from the DOJ” They might bend a bit more if I was ordering 10k units of course, and actually go and check the paperwork, but that’s no help for me today.

OpenSSL PEM_read_RSA_PUBKEY vs PEM_read_RSAPublicKey

File this in the “Everybody hates OpenSSL’s API” category. From the expansive documentation:

The RSAPublicKey functions process an RSA public key using an RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey structure.

The RSA_PUBKEY functions also process an RSA public key using an RSA structure. However the public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public key is not RSA.

Seeing as I’m in the “PEM” functions, so at least in theory, I’m using methods for processing files that look like this:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKMFS0eoDxn6YltlCM4P
uIHK1bp3+7Lt0aWZ9rimjd4uvx49ZYT1DKrUZi96rUkzdJuCqtYbFtUVAy0V5AtZ
EtQGRoZBN5JQ9u80I8NNS4jhtHZU2i6CY9Aeb6KHY790ceD+lMCbXCgrtl1yPUVE
s8pFwEwO2Vqjim2pO0iVsAzUJAyppjn/7FjxyqOHZHL+OPi7vNule1V9OdVrb9m3
mHVy3u9LWdA+3Ch/YJe8FgenRncQEVrDbA/0wHlRE5fH+nQ9OwPTDYP6A6pphAbk
ZUhc9VjIDKrTCQP2o4RDLz0OKyBs5xZc7vjGXpHG+kL3OVpHxpSrK9EVGIX65ofN
9QIDAQAB
-----END PUBLIC KEY-----

I’ve got no idea where the PKCS#1 vs SubjectPublicKeyInfo comes into it when I’m just trying to load that file. Regardless, the only one that works is PEM_read_RSA_PUBKEY()