dash/proxmark3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reorder client src directories

Browse Source
This commit is contained in:
Bjoern Kerler
2020-04-16 10:25:29 +02:00
parent 94192d0976
commit 81bc0bc2b9
387 changed files with 73 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

356
client/src/crypto/asn1dump.c Normal file
View File

@@ -0,0 +1,356 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// asn.1 dumping
//-----------------------------------------------------------------------------
#define _POSIX_C_SOURCE 200809L // need for strnlen()
#include "asn1dump.h"
#include "commonutil.h" // ARRAYLEN
#include <ctype.h>
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <jansson.h>
#include <mbedtls/asn1.h>
#include <mbedtls/oid.h>
#include "emv/emv_tags.h"
#include "emv/dump.h"
#include "emv/emvjson.h"
#include "util.h"
#include "proxmark3.h"
#include "fileutils.h"
#include "pm3_cmd.h"
#ifndef PRINT_INDENT
# define PRINT_INDENT(level) {for (int myi = 0; myi < (level); myi++) fprintf(f, " ");}
#endif
enum asn1_tag_t {
ASN1_TAG_GENERIC,
ASN1_TAG_BOOLEAN,
ASN1_TAG_INTEGER,
ASN1_TAG_STRING,
ASN1_TAG_OCTET_STRING,
ASN1_TAG_UTC_TIME,
ASN1_TAG_STR_TIME,
ASN1_TAG_OBJECT_ID,
};
struct asn1_tag {
tlv_tag_t tag;
const char *name;
enum asn1_tag_t type;
// const void *data;
};
static const struct asn1_tag asn1_tags[] = {
// internal
{ 0x00, "Unknown ???", ASN1_TAG_GENERIC },
// ASN.1
{ 0x01, "BOOLEAN", ASN1_TAG_BOOLEAN },
{ 0x02, "INTEGER", ASN1_TAG_INTEGER },
{ 0x03, "BIT STRING", ASN1_TAG_GENERIC },
{ 0x04, "OCTET STRING", ASN1_TAG_OCTET_STRING },
{ 0x05, "NULL", ASN1_TAG_GENERIC },
{ 0x06, "OBJECT IDENTIFIER", ASN1_TAG_OBJECT_ID },
{ 0x07, "OBJECT DESCRIPTOR", ASN1_TAG_GENERIC },
{ 0x08, "EXTERNAL", ASN1_TAG_GENERIC },
{ 0x09, "REAL", ASN1_TAG_GENERIC },
{ 0x0A, "ENUMERATED", ASN1_TAG_GENERIC },
{ 0x0B, "EMBEDDED_PDV", ASN1_TAG_GENERIC },
{ 0x0C, "UTF8String", ASN1_TAG_STRING },
{ 0x10, "SEQUENCE", ASN1_TAG_GENERIC },
{ 0x11, "SET", ASN1_TAG_GENERIC },
{ 0x12, "NumericString", ASN1_TAG_STRING },
{ 0x13, "PrintableString", ASN1_TAG_STRING },
{ 0x14, "T61String", ASN1_TAG_GENERIC },
{ 0x15, "VideotexString", ASN1_TAG_GENERIC },
{ 0x16, "IA5String", ASN1_TAG_GENERIC },
{ 0x17, "UTCTime", ASN1_TAG_UTC_TIME },
{ 0x18, "GeneralizedTime", ASN1_TAG_STR_TIME },
{ 0x19, "GraphicString", ASN1_TAG_GENERIC },
{ 0x1A, "VisibleString", ASN1_TAG_STRING },
{ 0x1B, "GeneralString", ASN1_TAG_STRING },
{ 0x1C, "UniversalString", ASN1_TAG_STRING },
{ 0x1E, "BMPString", ASN1_TAG_GENERIC },
{ 0x30, "SEQUENCE", ASN1_TAG_GENERIC },
{ 0x31, "SET", ASN1_TAG_GENERIC },
{ 0xa0, "[0]", ASN1_TAG_GENERIC },
{ 0xa1, "[1]", ASN1_TAG_GENERIC },
{ 0xa2, "[2]", ASN1_TAG_GENERIC },
{ 0xa3, "[3]", ASN1_TAG_GENERIC },
{ 0xa4, "[4]", ASN1_TAG_GENERIC },
{ 0xa5, "[5]", ASN1_TAG_GENERIC },
};
static int asn1_sort_tag(tlv_tag_t tag) {
return (int)(tag >= 0x100 ? tag : tag << 8);
}
static int asn1_tlv_compare(const void *a, const void *b) {
const struct tlv *tlv = a;
const struct asn1_tag *tag = b;
return asn1_sort_tag(tlv->tag) - (asn1_sort_tag(tag->tag));
}
static const struct asn1_tag *asn1_get_tag(const struct tlv *tlv) {
struct asn1_tag *tag = bsearch(tlv, asn1_tags, ARRAYLEN(asn1_tags),
sizeof(asn1_tags[0]), asn1_tlv_compare);
return tag ? tag : &asn1_tags[0];
}
static void asn1_tag_dump_str_time(const struct tlv *tlv, const struct asn1_tag *tag, FILE *f, int level, bool longyear, bool *needdump) {
int len = tlv->len;
*needdump = false;
int startindx = longyear ? 4 : 2;
if (len > 4) {
fprintf(f, "\tvalue: '");
while (true) {
// year
if (!longyear)
fprintf(f, "20");
fwrite(tlv->value, 1, longyear ? 4 : 2, f);
fprintf(f, "-");
if (len < startindx + 2)
break;
// month
fwrite(&tlv->value[startindx], 1, 2, f);
fprintf(f, "-");
if (len < startindx + 4)
break;
// day
fwrite(&tlv->value[startindx + 2], 1, 2, f);
fprintf(f, " ");
if (len < startindx + 6)
break;
// hour
fwrite(&tlv->value[startindx + 4], 1, 2, f);
fprintf(f, ":");
if (len < startindx + 8)
break;
// min
fwrite(&tlv->value[startindx + 6], 1, 2, f);
fprintf(f, ":");
if (len < startindx + 10)
break;
// sec
fwrite(&tlv->value[startindx + 8], 1, 2, f);
if (len < startindx + 11)
break;
// time zone
fprintf(f, " zone: %.*s", len - 10 - (longyear ? 4 : 2), &tlv->value[startindx + 10]);
break;
}
fprintf(f, "'\n");
} else {
fprintf(f, "\n");
*needdump = true;
}
}
static void asn1_tag_dump_string(const struct tlv *tlv, const struct asn1_tag *tag, FILE *f, int level) {
fprintf(f, "\tvalue: '");
fwrite(tlv->value, 1, tlv->len, f);
fprintf(f, "'\n");
}
static void asn1_tag_dump_octet_string(const struct tlv *tlv, const struct asn1_tag *tag, FILE *f, int level, bool *needdump) {
*needdump = false;
for (size_t i = 0; i < tlv->len; i++)
if (!isspace(tlv->value[i]) && !isprint(tlv->value[i])) {
*needdump = true;
break;
}
if (*needdump) {
fprintf(f, "'\n");
} else {
fprintf(f, "\t\t");
asn1_tag_dump_string(tlv, tag, f, level);
}
}
static unsigned long asn1_value_integer(const struct tlv *tlv, unsigned start, unsigned end) {
unsigned long ret = 0;
unsigned i;
if (end > tlv->len * 2)
return ret;
if (start >= end)
return ret;
if (start & 1) {
ret += tlv->value[start / 2] & 0xf;
i = start + 1;
} else
i = start;
for (; i < end - 1; i += 2) {
ret *= 10;
ret += tlv->value[i / 2] >> 4;
ret *= 10;
ret += tlv->value[i / 2] & 0xf;
}
if (end & 1) {
ret *= 10;
ret += tlv->value[end / 2] >> 4;
}
return ret;
}
static void asn1_tag_dump_boolean(const struct tlv *tlv, const struct asn1_tag *tag, FILE *f, int level) {
PRINT_INDENT(level);
if (tlv->len > 0) {
fprintf(f, "\tvalue: %s\n", tlv->value[0] ? "true" : "false");
} else {
fprintf(f, "n/a\n");
}
}
static void asn1_tag_dump_integer(const struct tlv *tlv, const struct asn1_tag *tag, FILE *f, int level) {
PRINT_INDENT(level);
if (tlv->len == 4) {
int32_t val = 0;
for (size_t i = 0; i < tlv->len; i++)
val = (val << 8) + tlv->value[i];
fprintf(f, "\tvalue4b: %d\n", val);
return;
}
fprintf(f, "\tvalue: %lu\n", asn1_value_integer(tlv, 0, tlv->len * 2));
}
static char *asn1_oid_description(const char *oid, bool with_group_desc) {
json_error_t error;
json_t *root = NULL;
static char res[300];
memset(res, 0x00, sizeof(res));
char *path;
if (searchFile(&path, RESOURCES_SUBDIR, "oids", ".json", false) != PM3_SUCCESS) {
return NULL;
}
// load `oids.json`
root = json_load_file(path, 0, &error);
free(path);
if (!root || !json_is_object(root)) {
goto error;
}
json_t *elm = json_object_get(root, oid);
if (!elm) {
goto error;
}
if (JsonLoadStr(elm, "$.d", res))
goto error;
char strext[300] = {0};
if (!JsonLoadStr(elm, "$.c", strext)) {
strcat(res, " (");
strcat(res, strext);
strcat(res, ")");
}
json_decref(root);
return res;
error:
if (root)
json_decref(root);
return NULL;
}
static void asn1_tag_dump_object_id(const struct tlv *tlv, const struct asn1_tag *tag, FILE *f, int level) {
PRINT_INDENT(level);
mbedtls_asn1_buf asn1_buf;
asn1_buf.len = tlv->len;
asn1_buf.p = (uint8_t *)tlv->value;
char pstr[300];
mbedtls_oid_get_numeric_string(pstr, sizeof(pstr), &asn1_buf);
fprintf(f, " %s", pstr);
char *jsondesc = asn1_oid_description(pstr, true);
if (jsondesc) {
fprintf(f, " - %s", jsondesc);
} else {
const char *ppstr;
mbedtls_oid_get_attr_short_name(&asn1_buf, &ppstr);
if (ppstr && strnlen(ppstr, 1)) {
fprintf(f, " (%s)\n", ppstr);
return;
}
mbedtls_oid_get_sig_alg_desc(&asn1_buf, &ppstr);
if (ppstr && strnlen(ppstr, 1)) {
fprintf(f, " (%s)\n", ppstr);
return;
}
mbedtls_oid_get_extended_key_usage(&asn1_buf, &ppstr);
if (ppstr && strnlen(ppstr, 1)) {
fprintf(f, " (%s)\n", ppstr);
return;
}
}
fprintf(f, "\n");
}
bool asn1_tag_dump(const struct tlv *tlv, FILE *f, int level, bool *candump) {
if (!tlv) {
fprintf(f, "NULL\n");
return false;
}
const struct asn1_tag *tag = asn1_get_tag(tlv);
PRINT_INDENT(level);
fprintf(f, "--%2x[%02zx] '%s':", tlv->tag, tlv->len, tag->name);
switch (tag->type) {
case ASN1_TAG_GENERIC:
fprintf(f, "\n");
break;
case ASN1_TAG_STRING:
asn1_tag_dump_string(tlv, tag, f, level);
*candump = false;
break;
case ASN1_TAG_OCTET_STRING:
asn1_tag_dump_octet_string(tlv, tag, f, level, candump);
break;
case ASN1_TAG_BOOLEAN:
asn1_tag_dump_boolean(tlv, tag, f, level);
*candump = false;
break;
case ASN1_TAG_INTEGER:
asn1_tag_dump_integer(tlv, tag, f, level);
*candump = false;
break;
case ASN1_TAG_UTC_TIME:
asn1_tag_dump_str_time(tlv, tag, f, level, false, candump);
break;
case ASN1_TAG_STR_TIME:
asn1_tag_dump_str_time(tlv, tag, f, level, true, candump);
break;
case ASN1_TAG_OBJECT_ID:
asn1_tag_dump_object_id(tlv, tag, f, level);
*candump = false;
break;
};
return true;
}

21
client/src/crypto/asn1dump.h Normal file
View File

@@ -0,0 +1,21 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// asn.1 dumping
//-----------------------------------------------------------------------------
#ifndef ASN1DUMP_H
#define ASN1DUMP_H
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdio.h>
#include "emv/tlv.h"
bool asn1_tag_dump(const struct tlv *tlv, FILE *f, int level, bool *candump);
#endif /* asn1utils.h */

91
client/src/crypto/asn1utils.c Normal file
View File

@@ -0,0 +1,91 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// asn.1 utils
//-----------------------------------------------------------------------------
#include "asn1utils.h"
#include <ctype.h>
#include <stdlib.h>
#include <mbedtls/asn1.h>
#include "ui.h" // Print...
#include "emv/tlv.h"
#include "emv/dump.h"
#include "asn1dump.h"
#include "util.h"
int ecdsa_asn1_get_signature(uint8_t *signature, size_t signaturelen, uint8_t *rval, uint8_t *sval) {
if (!signature || !signaturelen || !rval || !sval)
return 1;
int res = 0;
unsigned char *p = signature;
const unsigned char *end = p + signaturelen;
size_t len;
mbedtls_mpi xmpi;
if ((res = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) == 0) {
mbedtls_mpi_init(&xmpi);
res = mbedtls_asn1_get_mpi(&p, end, &xmpi);
if (res) {
mbedtls_mpi_free(&xmpi);
goto exit;
}
res = mbedtls_mpi_write_binary(&xmpi, rval, 32);
mbedtls_mpi_free(&xmpi);
if (res)
goto exit;
mbedtls_mpi_init(&xmpi);
res = mbedtls_asn1_get_mpi(&p, end, &xmpi);
if (res) {
mbedtls_mpi_free(&xmpi);
goto exit;
}
res = mbedtls_mpi_write_binary(&xmpi, sval, 32);
mbedtls_mpi_free(&xmpi);
if (res)
goto exit;
// check size
if (end != p)
return 2;
}
exit:
return res;
}
static bool print_cb(void *data, const struct tlv *tlv, int level, bool is_leaf) {
bool candump = true;
asn1_tag_dump(tlv, stdout, level, &candump);
if (is_leaf && candump) {
dump_buffer(tlv->value, tlv->len, stdout, level);
}
return true;
}
int asn1_print(uint8_t *asn1buf, size_t asn1buflen, const char *indent) {
struct tlvdb *t = tlvdb_parse_multi(asn1buf, asn1buflen);
if (t) {
tlvdb_visit(t, print_cb, NULL, 0);
tlvdb_free(t);
} else {
PrintAndLogEx(ERR, "Can't parse data as TLV tree.");
return 1;
}
return 0;
}

21
client/src/crypto/asn1utils.h Normal file
View File

@@ -0,0 +1,21 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// asn.1 utils
//-----------------------------------------------------------------------------
#ifndef ASN1UTILS_H
#define ASN1UTILS_H
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
int asn1_print(uint8_t *asn1buf, size_t asn1buflen, const char *indent);
int ecdsa_asn1_get_signature(uint8_t *signature, size_t signaturelen, uint8_t *rval, uint8_t *sval);
#endif /* asn1utils.h */

480
client/src/crypto/libpcrypto.c Normal file
View File

@@ -0,0 +1,480 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
// Copyright (C) 2018 drHatson
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// crypto commands
//-----------------------------------------------------------------------------
#include "crypto/libpcrypto.h"
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <mbedtls/asn1.h>
#include <mbedtls/aes.h>
#include <mbedtls/cmac.h>
#include <mbedtls/pk.h>
#include <mbedtls/ecdsa.h>
#include <mbedtls/sha256.h>
#include <mbedtls/sha512.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/entropy.h>
#include <mbedtls/error.h>
#include <crypto/asn1utils.h>
#include <util.h>
// NIST Special Publication 800-38A — Recommendation for block cipher modes of operation: methods and techniques, 2001.
int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length) {
uint8_t iiv[16] = {0};
if (iv)
memcpy(iiv, iv, 16);
mbedtls_aes_context aes;
mbedtls_aes_init(&aes);
if (mbedtls_aes_setkey_enc(&aes, key, 128))
return 1;
if (mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, length, iiv, input, output))
return 2;
mbedtls_aes_free(&aes);
return 0;
}
int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length) {
uint8_t iiv[16] = {0};
if (iv)
memcpy(iiv, iv, 16);
mbedtls_aes_context aes;
mbedtls_aes_init(&aes);
if (mbedtls_aes_setkey_dec(&aes, key, 128))
return 1;
if (mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, length, iiv, input, output))
return 2;
mbedtls_aes_free(&aes);
return 0;
}
// NIST Special Publication 800-38B — Recommendation for block cipher modes of operation: The CMAC mode for authentication.
// https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/AES_CMAC.pdf
int aes_cmac(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int length) {
memset(mac, 0x00, 16);
// NIST 800-38B
return mbedtls_aes_cmac_prf_128(key, MBEDTLS_AES_BLOCK_SIZE, input, length, mac);
}
int aes_cmac8(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int length) {
uint8_t cmac_tmp[16] = {0};
memset(mac, 0x00, 8);
int res = aes_cmac(iv, key, input, cmac_tmp, length);
if (res)
return res;
for (int i = 0; i < 8; i++)
mac[i] = cmac_tmp[i * 2 + 1];
return 0;
}
static uint8_t fixed_rand_value[250] = {0};
static int fixed_rand(void *rng_state, unsigned char *output, size_t len) {
if (len <= 250) {
memcpy(output, fixed_rand_value, len);
} else {
memset(output, 0x00, len);
}
return 0;
}
int sha256hash(uint8_t *input, int length, uint8_t *hash) {
if (!hash || !input)
return 1;
mbedtls_sha256_context sctx;
mbedtls_sha256_init(&sctx);
mbedtls_sha256_starts(&sctx, 0); // SHA-256, not 224
mbedtls_sha256_update(&sctx, input, length);
mbedtls_sha256_finish(&sctx, hash);
mbedtls_sha256_free(&sctx);
return 0;
}
int sha512hash(uint8_t *input, int length, uint8_t *hash) {
if (!hash || !input)
return 1;
mbedtls_sha512_context sctx;
mbedtls_sha512_init(&sctx);
mbedtls_sha512_starts(&sctx, 0); //SHA-512, not 384
mbedtls_sha512_update(&sctx, input, length);
mbedtls_sha512_finish(&sctx, hash);
mbedtls_sha512_free(&sctx);
return 0;
}
static int ecdsa_init_str(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id curveid, const char *key_d, const char *key_x, const char *key_y) {
if (!ctx)
return 1;
int res;
mbedtls_ecdsa_init(ctx);
res = mbedtls_ecp_group_load(&ctx->grp, curveid);
if (res)
return res;
if (key_d) {
res = mbedtls_mpi_read_string(&ctx->d, 16, key_d);
if (res)
return res;
}
if (key_x && key_y) {
res = mbedtls_ecp_point_read_string(&ctx->Q, 16, key_x, key_y);
if (res)
return res;
}
return 0;
}
static int ecdsa_init(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id curveid, uint8_t *key_d, uint8_t *key_xy) {
if (!ctx)
return 1;
int res;
mbedtls_ecdsa_init(ctx);
res = mbedtls_ecp_group_load(&ctx->grp, curveid);
if (res)
return res;
size_t keylen = (ctx->grp.nbits + 7) / 8;
if (key_d) {
res = mbedtls_mpi_read_binary(&ctx->d, key_d, keylen);
if (res)
return res;
}
if (key_xy) {
res = mbedtls_ecp_point_read_binary(&ctx->grp, &ctx->Q, key_xy, keylen * 2 + 1);
if (res)
return res;
}
return 0;
}
int ecdsa_key_create(mbedtls_ecp_group_id curveid, uint8_t *key_d, uint8_t *key_xy) {
int res;
mbedtls_ecdsa_context ctx;
ecdsa_init(&ctx, curveid, NULL, NULL);
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "ecdsaproxmark";
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
res = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *)pers, strlen(pers));
if (res)
goto exit;
res = mbedtls_ecdsa_genkey(&ctx, curveid, mbedtls_ctr_drbg_random, &ctr_drbg);
if (res)
goto exit;
size_t keylen = (ctx.grp.nbits + 7) / 8;
res = mbedtls_mpi_write_binary(&ctx.d, key_d, keylen);
if (res)
goto exit;
size_t public_keylen = 0;
uint8_t public_key[200] = {0};
res = mbedtls_ecp_point_write_binary(&ctx.grp, &ctx.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &public_keylen, public_key, sizeof(public_key));
if (res)
goto exit;
if (public_keylen != 1 + 2 * keylen) { // 0x04 <key x><key y>
res = 1;
goto exit;
}
memcpy(key_xy, public_key, public_keylen);
exit:
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ecdsa_free(&ctx);
return res;
}
char *ecdsa_get_error(int ret) {
static char retstr[300];
memset(retstr, 0x00, sizeof(retstr));
mbedtls_strerror(ret, retstr, sizeof(retstr));
return retstr;
}
int ecdsa_public_key_from_pk(mbedtls_pk_context *pk, mbedtls_ecp_group_id curveid, uint8_t *key, size_t keylen) {
int res = 0;
size_t realkeylen = 0;
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
res = mbedtls_ecp_group_load(&ctx.grp, curveid);
if (res)
goto exit;
size_t private_keylen = (ctx.grp.nbits + 7) / 8;
if (keylen < 1 + 2 * private_keylen) {
res = 1;
goto exit;
}
res = mbedtls_ecdsa_from_keypair(&ctx, mbedtls_pk_ec(*pk));
if (res)
goto exit;
res = mbedtls_ecp_point_write_binary(&ctx.grp, &ctx.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &realkeylen, key, keylen);
if (realkeylen != 1 + 2 * private_keylen)
res = 2;
exit:
mbedtls_ecdsa_free(&ctx);
return res;
}
int ecdsa_signature_create(mbedtls_ecp_group_id curveid, uint8_t *key_d, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t *signaturelen, bool hash) {
int res;
*signaturelen = 0;
uint8_t shahash[32] = {0};
res = sha256hash(input, length, shahash);
if (res)
return res;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "ecdsaproxmark";
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
res = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *)pers, strlen(pers));
if (res)
goto exit;
mbedtls_ecdsa_context ctx;
ecdsa_init(&ctx, curveid, key_d, key_xy);
res = mbedtls_ecdsa_write_signature(
&ctx,
MBEDTLS_MD_SHA256,
hash ? shahash : input,
hash ? sizeof(shahash) : length,
signature,
signaturelen,
mbedtls_ctr_drbg_random,
&ctr_drbg
);
exit:
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ecdsa_free(&ctx);
return res;
}
static int ecdsa_signature_create_test(mbedtls_ecp_group_id curveid, const char *key_d, const char *key_x, const char *key_y, const char *random, uint8_t *input, int length, uint8_t *signature, size_t *signaturelen) {
int res;
*signaturelen = 0;
uint8_t shahash[32] = {0};
res = sha256hash(input, length, shahash);
if (res)
return res;
int rndlen = 0;
param_gethex_to_eol(random, 0, fixed_rand_value, sizeof(fixed_rand_value), &rndlen);
mbedtls_ecdsa_context ctx;
ecdsa_init_str(&ctx, curveid, key_d, key_x, key_y);
res = mbedtls_ecdsa_write_signature(&ctx, MBEDTLS_MD_SHA256, shahash, sizeof(shahash), signature, signaturelen, fixed_rand, NULL);
mbedtls_ecdsa_free(&ctx);
return res;
}
static int ecdsa_signature_verify_keystr(mbedtls_ecp_group_id curveid, const char *key_x, const char *key_y, uint8_t *input, int length, uint8_t *signature, size_t signaturelen, bool hash) {
int res;
uint8_t shahash[32] = {0};
res = sha256hash(input, length, shahash);
if (res)
return res;
mbedtls_ecdsa_context ctx;
ecdsa_init_str(&ctx, curveid, NULL, key_x, key_y);
res = mbedtls_ecdsa_read_signature(
&ctx,
hash ? shahash : input,
hash ? sizeof(shahash) : length,
signature,
signaturelen
);
mbedtls_ecdsa_free(&ctx);
return res;
}
int ecdsa_signature_verify(mbedtls_ecp_group_id curveid, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t signaturelen, bool hash) {
int res;
uint8_t shahash[32] = {0};
if (hash) {
res = sha256hash(input, length, shahash);
if (res)
return res;
}
mbedtls_ecdsa_context ctx;
res = ecdsa_init(&ctx, curveid, NULL, key_xy);
res = mbedtls_ecdsa_read_signature(
&ctx,
hash ? shahash : input,
hash ? sizeof(shahash) : length,
signature,
signaturelen
);
mbedtls_ecdsa_free(&ctx);
return res;
}
int ecdsa_signature_r_s_verify(mbedtls_ecp_group_id curveid, uint8_t *key_xy, uint8_t *input, int length, uint8_t *r_s, size_t r_s_len, bool hash) {
int res;
uint8_t signature[MBEDTLS_ECDSA_MAX_LEN];
size_t signature_len;
// convert r & s to ASN.1 signature
mbedtls_mpi r, s;
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
mbedtls_mpi_read_binary(&r, r_s, r_s_len / 2);
mbedtls_mpi_read_binary(&s, r_s + r_s_len / 2, r_s_len / 2);
res = ecdsa_signature_to_asn1(&r, &s, signature, &signature_len);
if (res < 0) {
return res;
}
res = ecdsa_signature_verify(curveid, key_xy, input, length, signature, signature_len, hash);
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
return res;
}
#define T_PRIVATE_KEY "C477F9F65C22CCE20657FAA5B2D1D8122336F851A508A1ED04E479C34985BF96"
#define T_Q_X "B7E08AFDFE94BAD3F1DC8C734798BA1C62B3A0AD1E9EA2A38201CD0889BC7A19"
#define T_Q_Y "3603F747959DBF7A4BB226E41928729063ADC7AE43529E61B563BBC606CC5E09"
#define T_K "7A1A7E52797FC8CAAA435D2A4DACE39158504BF204FBE19F14DBB427FAEE50AE"
#define T_R "2B42F576D07F4165FF65D1F3B1500F81E44C316F1F0B3EF57325B69ACA46104F"
#define T_S "DC42C2122D6392CD3E3A993A89502A8198C1886FE69D262C4B329BDB6B63FAF1"
int ecdsa_nist_test(bool verbose) {
int res;
uint8_t input[] = "Example of ECDSA with P-256";
mbedtls_ecp_group_id curveid = MBEDTLS_ECP_DP_SECP256R1;
int length = strlen((char *)input);
uint8_t signature[300] = {0};
size_t siglen = 0;
// NIST ecdsa test
if (verbose)
printf(" ECDSA NIST test: ");
// make signature
res = ecdsa_signature_create_test(curveid, T_PRIVATE_KEY, T_Q_X, T_Q_Y, T_K, input, length, signature, &siglen);
// printf("res: %x signature[%x]: %s\n", (res<0)?-res:res, siglen, sprint_hex(signature, siglen));
if (res)
goto exit;
// check vectors
uint8_t rval[300] = {0};
uint8_t sval[300] = {0};
res = ecdsa_asn1_get_signature(signature, siglen, rval, sval);
if (res)
goto exit;
int slen = 0;
uint8_t rval_s[33] = {0};
param_gethex_to_eol(T_R, 0, rval_s, sizeof(rval_s), &slen);
uint8_t sval_s[33] = {0};
param_gethex_to_eol(T_S, 0, sval_s, sizeof(sval_s), &slen);
if (strncmp((char *)rval, (char *)rval_s, 32) || strncmp((char *)sval, (char *)sval_s, 32)) {
printf("R or S check error\n");
res = 100;
goto exit;
}
// verify signature
res = ecdsa_signature_verify_keystr(curveid, T_Q_X, T_Q_Y, input, length, signature, siglen, true);
if (res)
goto exit;
// verify wrong signature
input[0] ^= 0xFF;
res = ecdsa_signature_verify_keystr(curveid, T_Q_X, T_Q_Y, input, length, signature, siglen, true);
if (!res) {
res = 1;
goto exit;
}
if (verbose) {
printf("passed\n");
printf(" ECDSA binary signature create/check test: ");
}
// random ecdsa test
uint8_t key_d[32] = {0};
uint8_t key_xy[32 * 2 + 2] = {0};
memset(signature, 0x00, sizeof(signature));
siglen = 0;
res = ecdsa_key_create(curveid, key_d, key_xy);
if (res)
goto exit;
res = ecdsa_signature_create(curveid, key_d, key_xy, input, length, signature, &siglen, true);
if (res)
goto exit;
res = ecdsa_signature_verify(curveid, key_xy, input, length, signature, siglen, true);
if (res)
goto exit;
input[0] ^= 0xFF;
res = ecdsa_signature_verify(curveid, key_xy, input, length, signature, siglen, true);
if (!res)
goto exit;
if (verbose)
printf("passed\n\n");
return 0;
exit:
if (verbose)
printf("failed\n\n");
return res;
}

37
client/src/crypto/libpcrypto.h Normal file
View File

@@ -0,0 +1,37 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// crypto commands
//-----------------------------------------------------------------------------
#ifndef LIBPCRYPTO_H
#define LIBPCRYPTO_H
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
#include <mbedtls/pk.h>
int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length);
int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length);
int aes_cmac(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int length);
int aes_cmac8(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int length);
int sha256hash(uint8_t *input, int length, uint8_t *hash);
int sha512hash(uint8_t *input, int length, uint8_t *hash);
int ecdsa_key_create(mbedtls_ecp_group_id curveid, uint8_t *key_d, uint8_t *key_xy);
int ecdsa_public_key_from_pk(mbedtls_pk_context *pk, mbedtls_ecp_group_id curveid, uint8_t *key, size_t keylen);
int ecdsa_signature_create(mbedtls_ecp_group_id curveid, uint8_t *key_d, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t *signaturelen, bool hash);
int ecdsa_signature_verify(mbedtls_ecp_group_id curveid, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t signaturelen, bool hash);
int ecdsa_signature_r_s_verify(mbedtls_ecp_group_id curveid, uint8_t *key_xy, uint8_t *input, int length, uint8_t *r_s, size_t r_s_len, bool hash);
char *ecdsa_get_error(int ret);
int ecdsa_nist_test(bool verbose);
#endif /* libpcrypto.h */