mbedtls added

client/Makefile

@@ -25,6 +25,8 @@ OBJDIR = obj
 
 LDLIBS = -L/opt/local/lib -L/usr/local/lib -lreadline -lpthread -lm
 LUALIB = ../liblua/liblua.a
+MBEDTLSLIBPATH = ../common/mbedtls
+MBEDTLSLIB = $(MBEDTLSLIBPATH)/libmbedtls.a
 LDFLAGS = $(ENV_LDFLAGS)
 INCLUDES_CLIENT = -I. -I../include -I../common -I../common/polarssl -I../zlib -I../uart -I/opt/local/include -I../liblua
 CFLAGS = $(ENV_CFLAGS) -std=c99 -D_ISOC99_SOURCE -DPRESETS $(INCLUDES_CLIENT) -Wall -g -O3
@@ -104,14 +106,8 @@ CMDSRCS =	crapto1/crapto1.c \
 			mfkey.c \
 			tea.c \
 			polarssl/des.c \
-			polarssl/aes.c \
-			polarssl/aes_cmac128.c \
-			polarssl/bignum.c \
-			polarssl/rsa.c \
-			polarssl/sha1.c \
-			polarssl/sha256.c \
-			polarssl/base64.c \
-			polarssl/libpcrypto.c \
+			crypto/libpcrypto.c\
+			crypto/asn1utils.c\
 			cliparser/argtable3.c\
 			cliparser/cliparser.c\
 			loclass/cipher.c \
@@ -260,7 +256,7 @@ WINBINS = $(patsubst %, %.exe, $(BINS))
 CLEAN = $(BINS) $(WINBINS) $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(ZLIBOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(OBJDIR)/*.o *.moc.cpp ui/ui_overlays.h lualibs/usb_cmd.lua lualibs/mf_default_keys.lua
 
 # need to assign dependancies to build these first...
-all: lua_build $(BINS) 
+all: lua_build mbedtls_build $(BINS) 
 
 all-static: LDLIBS:=-static $(LDLIBS)
 all-static: proxmark3 flasher fpga_compress
@@ -292,6 +288,7 @@ lualibs/mf_default_keys.lua : default_keys.dic
 clean:
 	$(RM) $(CLEAN)
 	cd ../liblua && make clean
+	cd $(MBEDTLSLIBPATH) && make clean
 
 tarbin: $(BINS)
 	$(TAR) $(TARFLAGS) ../proxmark3-$(platform)-bin.tar $(BINS:%=client/%) $(WINBINS:%=client/%)
@@ -299,7 +296,11 @@ tarbin: $(BINS)
 lua_build:
 	@echo Compiling liblua, using platform $(LUAPLATFORM)
 	cd ../liblua && make $(LUAPLATFORM)
-
+	
+mbedtls_build:
+	@echo Compiling mbedtls
+	cd $(MBEDTLSLIBPATH) && make all
+	
 .PHONY: all clean
 
 # easy printing of MAKE VARIABLES

client/cmdhf14b.h

@@ -25,7 +25,7 @@
 #include "cmdhf14a.h"
 #include "cmdhf.h"
 #include "prng.h"
-#include "sha1.h"
+#include "mbedtls/sha1.h"
 #include "mifare.h"		// structs/enum for ISO14B
 #include "protocols.h"	// definitions of ISO14B protocol
 

client/cmdhfmf.h

@@ -16,7 +16,7 @@
 #include <string.h>
 #include <ctype.h>
 #include <time.h>
-#include <aes.h>
+#include <mbedtls/aes.h>
 #include "proxmark3.h"
 #include "iso14443crc.h"
 #include "ui.h"

client/cmdhfmfp.c

@@ -24,7 +24,7 @@
 #include "mifare.h"
 #include "mifare4.h"
 #include "cliparser/cliparser.h"
-#include "polarssl/libpcrypto.h"
+#include "crypto/libpcrypto.h"
 
 static const uint8_t DefaultKey[16] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
 

client/crypto/asn1utils.c

@@ -0,0 +1,63 @@
+//-----------------------------------------------------------------------------
+// Copyright (C) 2018 Merlok
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// asn.1 utils
+//-----------------------------------------------------------------------------
+
+#include "asn1utils.h"
+#include <mbedtls/asn1.h>
+
+int ecdsa_asn1_get_signature(uint8_t *signature, size_t signaturelen, uint8_t *rval, uint8_t *sval) {
+	if (!signature || !signaturelen || !rval || !sval)
+		return 1;
+
+	int res = 0;
+	unsigned char *p = signature;
+	const unsigned char *end = p + signaturelen;
+	size_t len;
+	mbedtls_mpi xmpi;
+
+	if ((res = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) == 0) {
+		mbedtls_mpi_init(&xmpi);
+		res = mbedtls_asn1_get_mpi(&p, end, &xmpi);
+		if (res) {
+			mbedtls_mpi_free(&xmpi);
+			goto exit;
+		}
+		
+		res = mbedtls_mpi_write_binary(&xmpi, rval, 32);
+		mbedtls_mpi_free(&xmpi);
+		if (res) 
+			goto exit;
+
+		mbedtls_mpi_init(&xmpi);
+		res = mbedtls_asn1_get_mpi(&p, end, &xmpi);
+		if (res) {
+			mbedtls_mpi_free(&xmpi);
+			goto exit;
+		}
+		
+		res = mbedtls_mpi_write_binary(&xmpi, sval, 32);
+		mbedtls_mpi_free(&xmpi);
+		if (res) 
+			goto exit;
+
+		// check size
+		if (end != p)
+			return 2;
+		}
+
+exit:
+	return res;
+}
+
+int asn1_print(uint8_t *asn1buf, int level) {
+	
+	return 0;
+}
+
+

client/crypto/asn1utils.h

@@ -0,0 +1,21 @@
+//-----------------------------------------------------------------------------
+// Copyright (C) 2018 Merlok
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// asn.1 utils
+//-----------------------------------------------------------------------------
+
+#ifndef ASN1UTILS_H
+#define ASN1UTILS_H
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <stddef.h>
+
+extern int asn1_print(uint8_t *asn1buf, int level);
+extern int ecdsa_asn1_get_signature(uint8_t *signature, size_t signaturelen, uint8_t *rval, uint8_t *sval);
+
+#endif /* asn1utils.h */

client/crypto/libpcrypto.c

@@ -0,0 +1,381 @@
+//-----------------------------------------------------------------------------
+// Copyright (C) 2018 Merlok
+// Copyright (C) 2018 drHatson
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// crypto commands
+//-----------------------------------------------------------------------------
+
+#include "crypto/libpcrypto.h"
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <mbedtls/asn1.h>
+#include <mbedtls/aes.h>
+#include <mbedtls/cmac.h>
+#include <mbedtls/ecdsa.h>
+#include <mbedtls/sha256.h>
+#include <mbedtls/ctr_drbg.h>
+#include <mbedtls/entropy.h>
+#include <mbedtls/error.h>
+#include <crypto/asn1utils.h>
+#include <util.h>
+
+// NIST Special Publication 800-38A — Recommendation for block cipher modes of operation: methods and techniques, 2001.
+int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){
+	uint8_t iiv[16] = {0};
+	if (iv)
+		memcpy(iiv, iv, 16);
+	
+	mbedtls_aes_context aes;
+	mbedtls_aes_init(&aes);
+	if (mbedtls_aes_setkey_enc(&aes, key, 128))
+		return 1;
+	if (mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, length, iiv, input, output))
+		return 2;
+	mbedtls_aes_free(&aes);
+
+	return 0;
+}
+
+int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){
+	uint8_t iiv[16] = {0};
+	if (iv)
+		memcpy(iiv, iv, 16);
+	
+	mbedtls_aes_context aes;
+	mbedtls_aes_init(&aes);
+	if (mbedtls_aes_setkey_dec(&aes, key, 128))
+		return 1;
+	if (mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, length, iiv, input, output))
+		return 2;
+	mbedtls_aes_free(&aes);
+
+	return 0;
+}
+
+// NIST Special Publication 800-38B — Recommendation for block cipher modes of operation: The CMAC mode for authentication.
+// https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/AES_CMAC.pdf
+int aes_cmac(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int length) {
+	memset(mac, 0x00, 16);
+	
+	//  NIST 800-38B 
+	return mbedtls_aes_cmac_prf_128(key, MBEDTLS_AES_BLOCK_SIZE, input, length, mac);
+}
+
+int aes_cmac8(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int length) {
+	uint8_t cmac[16] = {0};
+	memset(mac, 0x00, 8);
+	
+	int res = aes_cmac(iv, key, input, cmac, length);
+	if (res)
+		return res;
+	
+	for(int i = 0; i < 8; i++) 
+		mac[i] = cmac[i * 2 + 1];
+
+	return 0;
+}
+
+static uint8_t fixed_rand_value[250] = {0};
+static int fixed_rand(void *rng_state, unsigned char *output, size_t len) {
+	if (len <= 250) {
+		memcpy(output, fixed_rand_value, len);
+	} else {
+		memset(output, 0x00, len);
+	}
+	
+	return 0;
+}
+
+int sha256hash(uint8_t *input, int length, uint8_t *hash) {
+	if (!hash || !input)
+		return 1;
+	
+	mbedtls_sha256_context sctx;
+	mbedtls_sha256_init(&sctx);
+	mbedtls_sha256_starts(&sctx, 0); // SHA-256, not 224 
+	mbedtls_sha256_update(&sctx, input, length);
+	mbedtls_sha256_finish(&sctx, hash);	
+	mbedtls_sha256_free(&sctx);
+	
+	return 0;
+}
+
+int ecdsa_init_str(mbedtls_ecdsa_context *ctx, char * key_d, char *key_x, char *key_y) {
+	if (!ctx)
+		return 1;
+	
+	int res;
+
+	mbedtls_ecdsa_init(ctx);
+	res = mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP256R1); // secp256r1
+	if (res) 
+		return res;
+	
+	if (key_d) {
+		res = mbedtls_mpi_read_string(&ctx->d, 16, key_d);
+		if (res) 
+			return res;
+	}
+	
+	if (key_x && key_y) {
+		res = mbedtls_ecp_point_read_string(&ctx->Q, 16, key_x, key_y);
+		if (res) 
+			return res;
+	}
+	
+	return 0;
+}
+
+int ecdsa_init(mbedtls_ecdsa_context *ctx, uint8_t * key_d, uint8_t *key_xy) {
+	if (!ctx)
+		return 1;
+	
+	int res;
+
+	mbedtls_ecdsa_init(ctx);
+	res = mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP256R1); // secp256r1
+	if (res) 
+		return res;
+	
+	if (key_d) {
+		res = mbedtls_mpi_read_binary(&ctx->d, key_d, 32);
+		if (res) 
+			return res;
+	}
+	
+	if (key_xy) {
+		res = mbedtls_ecp_point_read_binary(&ctx->grp, &ctx->Q, key_xy, 32 * 2 + 1);
+		if (res) 
+			return res;
+	}
+	
+	return 0;
+}
+
+int ecdsa_key_create(uint8_t * key_d, uint8_t *key_xy) {
+	int res;
+	mbedtls_ecdsa_context ctx;
+	ecdsa_init(&ctx, NULL, NULL);
+
+
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+	const char *pers = "ecdsaproxmark";
+
+    mbedtls_entropy_init(&entropy);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+
+    res = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *)pers, strlen(pers));
+	if (res)
+        goto exit;
+
+    res = mbedtls_ecdsa_genkey(&ctx, MBEDTLS_ECP_DP_SECP256R1, mbedtls_ctr_drbg_random, &ctr_drbg);
+	if (res)
+		goto exit;
+
+	res = mbedtls_mpi_write_binary(&ctx.d, key_d, 32);
+	if (res)
+		goto exit;
+
+	size_t keylen = 0;
+	uint8_t public_key[200] = {0};
+	res = mbedtls_ecp_point_write_binary(&ctx.grp, &ctx.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &keylen, public_key, sizeof(public_key));
+	if (res)
+		goto exit;
+	
+	if (keylen != 65) { // 0x04 <key x 32b><key y 32b>
+		res = 1;
+		goto exit;
+	}
+	memcpy(key_xy, public_key, 65);
+
+exit:
+    mbedtls_entropy_free(&entropy);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+	mbedtls_ecdsa_free(&ctx);
+	return res;
+}
+
+char *ecdsa_get_error(int ret) {
+	static char retstr[300];
+	memset(retstr, 0x00, sizeof(retstr));
+	mbedtls_strerror(ret, retstr, sizeof(retstr));
+	return retstr;
+}
+
+int ecdsa_signature_create(uint8_t *key_d, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t *signaturelen) {
+	int res;
+	*signaturelen = 0;
+	
+	uint8_t shahash[32] = {0}; 
+	res = sha256hash(input, length, shahash);
+	if (res)
+		return res;
+
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+	const char *pers = "ecdsaproxmark";
+
+    mbedtls_entropy_init(&entropy);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+
+    res = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *)pers, strlen(pers));
+	if (res)
+        goto exit;
+
+	mbedtls_ecdsa_context ctx;	
+	ecdsa_init(&ctx, key_d, key_xy);
+	res = mbedtls_ecdsa_write_signature(&ctx, MBEDTLS_MD_SHA256, shahash, sizeof(shahash), signature, signaturelen, mbedtls_ctr_drbg_random, &ctr_drbg);
+	
+exit:
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+	mbedtls_ecdsa_free(&ctx);
+	return res;
+}
+
+int ecdsa_signature_create_test(char * key_d, char *key_x, char *key_y, char *random, uint8_t *input, int length, uint8_t *signature, size_t *signaturelen) {
+	int res;
+	*signaturelen = 0;
+	
+	uint8_t shahash[32] = {0}; 
+	res = sha256hash(input, length, shahash);
+	if (res)
+		return res;
+
+	int rndlen = 0;
+	param_gethex_to_eol(random, 0, fixed_rand_value, sizeof(fixed_rand_value), &rndlen);
+	
+	mbedtls_ecdsa_context ctx;	
+	ecdsa_init_str(&ctx, key_d, key_x, key_y);
+	res = mbedtls_ecdsa_write_signature(&ctx, MBEDTLS_MD_SHA256, shahash, sizeof(shahash), signature, signaturelen, fixed_rand, NULL);
+	
+	mbedtls_ecdsa_free(&ctx);
+	return res;
+}
+
+int ecdsa_signature_verify_keystr(char *key_x, char *key_y, uint8_t *input, int length, uint8_t *signature, size_t signaturelen) {
+	int res;
+	uint8_t shahash[32] = {0}; 
+	res = sha256hash(input, length, shahash);
+	if (res)
+		return res;
+
+	mbedtls_ecdsa_context ctx;	
+	ecdsa_init_str(&ctx, NULL, key_x, key_y);
+	res = mbedtls_ecdsa_read_signature(&ctx, shahash, sizeof(shahash), signature, signaturelen);
+	
+	mbedtls_ecdsa_free(&ctx);
+	return res;
+}
+
+int ecdsa_signature_verify(uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t signaturelen) {
+	int res;
+	uint8_t shahash[32] = {0}; 
+	res = sha256hash(input, length, shahash);
+	if (res)
+		return res;
+
+	mbedtls_ecdsa_context ctx;	
+	ecdsa_init(&ctx, NULL, key_xy);
+	res = mbedtls_ecdsa_read_signature(&ctx, shahash, sizeof(shahash), signature, signaturelen);
+	
+	mbedtls_ecdsa_free(&ctx);
+	return res;
+}
+
+#define T_PRIVATE_KEY "C477F9F65C22CCE20657FAA5B2D1D8122336F851A508A1ED04E479C34985BF96"
+#define T_Q_X         "B7E08AFDFE94BAD3F1DC8C734798BA1C62B3A0AD1E9EA2A38201CD0889BC7A19"
+#define T_Q_Y         "3603F747959DBF7A4BB226E41928729063ADC7AE43529E61B563BBC606CC5E09"
+#define T_K           "7A1A7E52797FC8CAAA435D2A4DACE39158504BF204FBE19F14DBB427FAEE50AE"
+#define T_R           "2B42F576D07F4165FF65D1F3B1500F81E44C316F1F0B3EF57325B69ACA46104F"
+#define T_S           "DC42C2122D6392CD3E3A993A89502A8198C1886FE69D262C4B329BDB6B63FAF1"
+
+int ecdsa_nist_test(bool verbose) {
+	int res;
+	uint8_t input[] = "Example of ECDSA with P-256";
+	int length = strlen((char *)input);
+	uint8_t signature[300] = {0}; 
+	size_t siglen = 0; 
+
+	// NIST ecdsa test
+	if (verbose)
+		printf("  ECDSA NIST test: ");
+	// make signature
+	res = ecdsa_signature_create_test(T_PRIVATE_KEY, T_Q_X, T_Q_Y, T_K, input, length, signature, &siglen);
+//	printf("res: %x signature[%x]: %s\n", (res<0)?-res:res, siglen, sprint_hex(signature, siglen));
+	if (res) 
+		goto exit;
+
+	// check vectors
+	uint8_t rval[300] = {0}; 
+	uint8_t sval[300] = {0}; 
+	res = ecdsa_asn1_get_signature(signature, siglen, rval, sval);
+	if (res)
+		goto exit;
+	
+	int slen = 0;
+	uint8_t rval_s[33] = {0};
+	param_gethex_to_eol(T_R, 0, rval_s, sizeof(rval_s), &slen);
+	uint8_t sval_s[33] = {0}; 
+	param_gethex_to_eol(T_S, 0, sval_s, sizeof(sval_s), &slen);
+	if (strncmp((char *)rval, (char *)rval_s, 32) || strncmp((char *)sval, (char *)sval_s, 32)) {
+		printf("R or S check error\n");
+		res = 100;
+		goto exit;
+	}
+	
+	// verify signature
+	res = ecdsa_signature_verify_keystr(T_Q_X, T_Q_Y, input, length, signature, siglen);
+	if (res) 
+		goto exit;
+		
+	// verify wrong signature
+	input[0] ^= 0xFF;
+	res = ecdsa_signature_verify_keystr(T_Q_X, T_Q_Y, input, length, signature, siglen);
+	if (!res) {
+		res = 1;
+		goto exit;
+	}
+	if (verbose)
+		printf("passed\n");
+
+	// random ecdsa test
+	if (verbose)
+		printf("  ECDSA binary signature create/check test: ");
+
+	uint8_t key_d[32] = {0};
+	uint8_t key_xy[32 * 2 + 2] = {0};
+	memset(signature, 0x00, sizeof(signature));
+	siglen = 0;
+	
+	res = ecdsa_key_create(key_d, key_xy);
+	if (res) 
+		goto exit;
+
+	res = ecdsa_signature_create(key_d, key_xy, input, length, signature, &siglen);
+	if (res) 
+		goto exit;
+
+	res = ecdsa_signature_verify(key_xy, input, length, signature, siglen);
+	if (res) 
+		goto exit;
+
+	input[0] ^= 0xFF;
+	res = ecdsa_signature_verify(key_xy, input, length, signature, siglen);
+	if (!res) 
+		goto exit;
+	
+	if (verbose)
+		printf("passed\n\n");
+	
+	return 0;
+exit:
+	if (verbose)
+		printf("failed\n\n");
+	return res;
+}

client/crypto/libpcrypto.h

@@ -0,0 +1,32 @@
+//-----------------------------------------------------------------------------
+// Copyright (C) 2018 Merlok
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// crypto commands
+//-----------------------------------------------------------------------------
+
+#ifndef LIBPCRYPTO_H
+#define LIBPCRYPTO_H
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <stddef.h>
+
+extern int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length);
+extern int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length);
+extern int aes_cmac(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int length);
+extern int aes_cmac8(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int length);
+
+extern int sha256hash(uint8_t *input, int length, uint8_t *hash);
+
+extern int ecdsa_key_create(uint8_t * key_d, uint8_t *key_xy);
+extern int ecdsa_signature_create(uint8_t *key_d, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t *signaturelen);
+extern int ecdsa_signature_verify(uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t signaturelen);
+extern char *ecdsa_get_error(int ret);
+
+extern int ecdsa_nist_test(bool verbose);
+
+#endif /* libpcrypto.h */

client/emv/crypto_polarssl.c

@@ -24,13 +24,14 @@
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 
-#include "rsa.h"
-#include "sha1.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha1.h"
 
 struct crypto_hash_polarssl {
 	struct crypto_hash ch;
-	sha1_context ctx;
+	mbedtls_sha1_context ctx;
 };
 
 static void crypto_hash_polarssl_close(struct crypto_hash *_ch)
@@ -44,7 +45,7 @@ static void crypto_hash_polarssl_write(struct crypto_hash *_ch, const unsigned c
 {
 	struct crypto_hash_polarssl *ch = (struct crypto_hash_polarssl *)_ch;
 
-	sha1_update(&(ch->ctx), buf, len);
+	mbedtls_sha1_update(&(ch->ctx), buf, len);
 }
 
 static unsigned char *crypto_hash_polarssl_read(struct crypto_hash *_ch)
@@ -52,7 +53,7 @@ static unsigned char *crypto_hash_polarssl_read(struct crypto_hash *_ch)
 	struct crypto_hash_polarssl *ch = (struct crypto_hash_polarssl *)_ch;
 
 	static unsigned char sha1sum[20];
-	sha1_finish(&(ch->ctx), sha1sum);
+	mbedtls_sha1_finish(&(ch->ctx), sha1sum);
 	return sha1sum;
 }
 
@@ -71,7 +72,7 @@ static struct crypto_hash *crypto_hash_polarssl_open(enum crypto_algo_hash hash)
 
 	struct crypto_hash_polarssl *ch = malloc(sizeof(*ch));
 
-	sha1_starts(&(ch->ctx));
+	mbedtls_sha1_starts(&(ch->ctx));
 
 	ch->ch.write = crypto_hash_polarssl_write;
 	ch->ch.read = crypto_hash_polarssl_read;
@@ -83,7 +84,7 @@ static struct crypto_hash *crypto_hash_polarssl_open(enum crypto_algo_hash hash)
 
 struct crypto_pk_polarssl {
 	struct crypto_pk cp;
-	rsa_context ctx;
+	mbedtls_rsa_context ctx;
 };
 
 static struct crypto_pk *crypto_pk_polarssl_open_rsa(va_list vl)
@@ -96,13 +97,13 @@ static struct crypto_pk *crypto_pk_polarssl_open_rsa(va_list vl)
 	char *exp = va_arg(vl, char *);	 // E
 	int explen = va_arg(vl, size_t);
 
-	rsa_init(&cp->ctx, RSA_PKCS_V15, 0);
+	mbedtls_rsa_init(&cp->ctx, MBEDTLS_RSA_PKCS_V15, 0);
 	
 	cp->ctx.len = modlen; // size(N) in bytes
-	mpi_read_binary(&cp->ctx.N, (const unsigned char *)mod, modlen);
-	mpi_read_binary(&cp->ctx.E, (const unsigned char *)exp, explen);
+	mbedtls_mpi_read_binary(&cp->ctx.N, (const unsigned char *)mod, modlen);
+	mbedtls_mpi_read_binary(&cp->ctx.E, (const unsigned char *)exp, explen);
 	
-	int res = rsa_check_pubkey(&cp->ctx);
+	int res = mbedtls_rsa_check_pubkey(&cp->ctx);
 	if(res != 0) {
 		fprintf(stderr, "PolarSSL public key error res=%x exp=%d mod=%d.\n", res * -1, explen, modlen);
 		free(cp);
@@ -134,23 +135,23 @@ static struct crypto_pk *crypto_pk_polarssl_open_priv_rsa(va_list vl)
 //	char *inv = va_arg(vl, char *);
 //	int invlen = va_arg(vl, size_t);	
 	
-	rsa_init(&cp->ctx, RSA_PKCS_V15, 0);
+	mbedtls_rsa_init(&cp->ctx, MBEDTLS_RSA_PKCS_V15, 0);
 	
 	cp->ctx.len = modlen; // size(N) in bytes
-	mpi_read_binary(&cp->ctx.N,  (const unsigned char *)mod, modlen);
-	mpi_read_binary(&cp->ctx.E,  (const unsigned char *)exp, explen);
+	mbedtls_mpi_read_binary(&cp->ctx.N,  (const unsigned char *)mod, modlen);
+	mbedtls_mpi_read_binary(&cp->ctx.E,  (const unsigned char *)exp, explen);
 
-	mpi_read_binary(&cp->ctx.D,  (const unsigned char *)d, dlen);
-	mpi_read_binary(&cp->ctx.P,  (const unsigned char *)p, plen);
-	mpi_read_binary(&cp->ctx.Q,  (const unsigned char *)q, qlen);
-	mpi_read_binary(&cp->ctx.DP, (const unsigned char *)dp, dplen);
-	mpi_read_binary(&cp->ctx.DQ, (const unsigned char *)dq, dqlen);
-	mpi_inv_mod(&cp->ctx.QP, &cp->ctx.Q, &cp->ctx.P);
+	mbedtls_mpi_read_binary(&cp->ctx.D,  (const unsigned char *)d, dlen);
+	mbedtls_mpi_read_binary(&cp->ctx.P,  (const unsigned char *)p, plen);
+	mbedtls_mpi_read_binary(&cp->ctx.Q,  (const unsigned char *)q, qlen);
+	mbedtls_mpi_read_binary(&cp->ctx.DP, (const unsigned char *)dp, dplen);
+	mbedtls_mpi_read_binary(&cp->ctx.DQ, (const unsigned char *)dq, dqlen);
+	mbedtls_mpi_inv_mod(&cp->ctx.QP, &cp->ctx.Q, &cp->ctx.P);
 	
-	int res = rsa_check_privkey(&cp->ctx);
+	int res = mbedtls_rsa_check_privkey(&cp->ctx);
 	if(res != 0) {
 		fprintf(stderr, "PolarSSL private key error res=%x exp=%d mod=%d.\n", res * -1, explen, modlen);
-		free(cp);		
+		free(cp);
 		return NULL;
 	}
 
@@ -182,10 +183,10 @@ static struct crypto_pk *crypto_pk_polarssl_genkey_rsa(va_list vl)
 	if (transient) {
 	}
 	
-	int res = rsa_gen_key(&cp->ctx, &myrand, NULL, nbits, exp);
+	int res = mbedtls_rsa_gen_key(&cp->ctx, &myrand, NULL, nbits, exp);
 	if (res) {
 		fprintf(stderr, "PolarSSL private key generation error res=%x exp=%d nbits=%d.\n", res * -1, exp, nbits);
-		free(cp);		
+		free(cp);
 		return NULL;
 	}
 	
@@ -196,7 +197,7 @@ static void crypto_pk_polarssl_close(struct crypto_pk *_cp)
 {
 	struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp;
 
-	rsa_free(&cp->ctx);
+	mbedtls_rsa_free(&cp->ctx);
 	free(cp);
 }
 
@@ -207,7 +208,7 @@ static unsigned char *crypto_pk_polarssl_encrypt(const struct crypto_pk *_cp, co
 	unsigned char *result;
 	
 	*clen = 0;
-	size_t keylen = mpi_size(&cp->ctx.N);
+	size_t keylen = mbedtls_mpi_size(&cp->ctx.N);
 
 	result = malloc(keylen);
 	if (!result) {
@@ -215,9 +216,9 @@ static unsigned char *crypto_pk_polarssl_encrypt(const struct crypto_pk *_cp, co
 		return NULL;
 	}
 
-	res = rsa_public(&cp->ctx, buf, result);
-	if (res) {
-		printf("RSA encrypt failed. Error: %x data len: %zu key len: %zu\n", res * -1, len, keylen);
+	res = mbedtls_rsa_public(&cp->ctx, buf, result);
+	if(res) {
+		printf("RSA encrypt failed. Error: %x data len: %zd key len: %zd\n", res * -1, len, keylen);
 		free(result);
 		return NULL;
 	}
@@ -234,7 +235,7 @@ static unsigned char *crypto_pk_polarssl_decrypt(const struct crypto_pk *_cp, co
 	unsigned char *result;
 	
 	*clen = 0;
-	size_t keylen = mpi_size(&cp->ctx.N);
+	size_t keylen = mbedtls_mpi_size(&cp->ctx.N);
 
 	result = malloc(keylen);
 	if (!result) {
@@ -242,9 +243,9 @@ static unsigned char *crypto_pk_polarssl_decrypt(const struct crypto_pk *_cp, co
 		return NULL;
 	}
 
-	res = rsa_private(&cp->ctx, buf, result); // CHECK???
+	res = mbedtls_rsa_private(&cp->ctx, NULL, NULL, buf, result); // CHECK???
 	if(res) {
-		printf("RSA decrypt failed. Error: %x data len: %zu key len: %zu\n", res * -1, len, keylen);
+		printf("RSA decrypt failed. Error: %x data len: %zd key len: %zd\n", res * -1, len, keylen);
 		free(result);
 		return NULL;
 	}
@@ -269,17 +270,17 @@ static unsigned char *crypto_pk_polarssl_get_parameter(const struct crypto_pk *_
 	switch(param){
 		// mod
 		case 0:
-			*plen = mpi_size(&cp->ctx.N);
+			*plen = mbedtls_mpi_size(&cp->ctx.N);
 			result = malloc(*plen);
 			memset(result, 0x00, *plen);
-			mpi_write_binary(&cp->ctx.N, result, *plen);
+			mbedtls_mpi_write_binary(&cp->ctx.N, result, *plen);
 			break;
 		// exp
 		case 1:
-			*plen = mpi_size(&cp->ctx.E);
+			*plen = mbedtls_mpi_size(&cp->ctx.E);
 			result = malloc(*plen);
 			memset(result, 0x00, *plen);
-			mpi_write_binary(&cp->ctx.E, result, *plen);
+			mbedtls_mpi_write_binary(&cp->ctx.E, result, *plen);
 			break;
 		default:
 			printf("Error get parameter. Param=%d", param);

client/emv/test/cryptotest.c

@@ -12,38 +12,70 @@
 #include "util.h"
 #include "ui.h"
 
-#include "bignum.h"
-#include "aes.h"
-#include "aes_cmac128.h"
-#include "des.h"
-#include "rsa.h"
-#include "sha1.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/aes.h"
+#include "mbedtls/cmac.h"
+#include "mbedtls/des.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/md5.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/base64.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/timing.h"
 
 #include "crypto_test.h"
 #include "sda_test.h"
 #include "dda_test.h"
 #include "cda_test.h"
+#include "crypto/libpcrypto.h"
 
 int ExecuteCryptoTests(bool verbose) {
 	int res;
 	bool TestFail = false;
 	
-	res = mpi_self_test(verbose);
+	res = mbedtls_mpi_self_test(verbose);
 	if (res) TestFail = true;
 	
-	res = aes_self_test(verbose);
+	res = mbedtls_aes_self_test(verbose);
+	if (res) TestFail = true;
+
+	res = mbedtls_des_self_test(verbose);
 	if (res) TestFail = true;
 	
-	res = aes_cmac_self_test(verbose);
+	res = mbedtls_sha1_self_test(verbose);
+	if (res) TestFail = true;
+
+	res = mbedtls_md5_self_test(verbose);
 	if (res) TestFail = true;
 	
-	res = des_self_test(verbose);
+	res = mbedtls_rsa_self_test(verbose);
 	if (res) TestFail = true;
 	
-	res = sha1_self_test(verbose);
+	res = mbedtls_entropy_self_test(verbose);
+	if (res) TestFail = true;
+
+	res = mbedtls_timing_self_test(verbose);
+	if (res) TestFail = true;
+
+	res = mbedtls_ctr_drbg_self_test(verbose);
 	if (res) TestFail = true;
 	
-	res = rsa_self_test(verbose);
+	res = mbedtls_base64_self_test(verbose);
+	if (res) TestFail = true;
+
+	res = mbedtls_cmac_self_test(verbose);
+	if (res) TestFail = true;
+
+	res = ecdsa_nist_test(verbose);
+	if (res) TestFail = true;
+
+	res = mbedtls_ecp_self_test(verbose);
+	if (res) TestFail = true;
+
+	res = mbedtls_x509_self_test(verbose);
 	if (res) TestFail = true;
 	
 	res = exec_sda_test(verbose);
@@ -58,11 +90,11 @@ int ExecuteCryptoTests(bool verbose) {
 	res = exec_crypto_test(verbose);
 	if (res) TestFail = true;
 
-	PrintAndLogEx(NORMAL, "\n--------------------------");
+	PrintAndLog("\n--------------------------");
 	if (TestFail)
-		PrintAndLogEx(ERR, "Test(s) [ERROR].");
+		PrintAndLog("Test(s) [ERROR].");
 	else
-		PrintAndLogEx(SUCCESS, "Tests [OK].");
+		PrintAndLog("Tests [OK].");
 	
 	return TestFail;
 }

client/mifare4.c

@@ -15,7 +15,7 @@
 #include "cmdhf14a.h"
 #include "util.h"
 #include "ui.h"
-#include "polarssl/libpcrypto.h"
+#include "crypto/libpcrypto.h"
 
 int CalculateEncIVCommand(mf4Session *session, uint8_t *iv, bool verbose) {
 	memcpy(&iv[0], session->TI, 4);