dash/proxmark3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #48 from merlokk/mbedtls

Browse Source 
include Mbedtls
This commit is contained in:
RFID Research Group
2018-11-11 15:42:17 +01:00
committed by GitHub
parent c3581fd4b0 ec1e04342c
commit d2f3a9fd68
117 changed files with 53810 additions and 9604 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
client/Makefile
View File

@@ -25,8 +25,10 @@ OBJDIR = obj
LDLIBS = -L/opt/local/lib -L/usr/local/lib -lreadline -lpthread -lm
LUALIB = ../liblua/liblua.a
MBEDTLSLIBPATH = ../common/mbedtls
MBEDTLSLIB = $(MBEDTLSLIBPATH)/libmbedtls.a
LDFLAGS = $(ENV_LDFLAGS)
INCLUDES_CLIENT = -I. -I../include -I../common -I../common/polarssl -I../zlib -I../uart -I/opt/local/include -I../liblua
INCLUDES_CLIENT = -I. -I../include -I../common -I../common/polarssl -I../zlib -I../uart -I/opt/local/include -I../liblua -I$(MBEDTLSLIBPATH)
CFLAGS = $(ENV_CFLAGS) -std=c99 -D_ISOC99_SOURCE -DPRESETS $(INCLUDES_CLIENT) -Wall -g -O3
CXXFLAGS = -I../include -Wall -O3
@@ -104,14 +106,8 @@ CMDSRCS = crapto1/crapto1.c \
mfkey.c \
tea.c \
polarssl/des.c \
polarssl/aes.c \
polarssl/aes_cmac128.c \
polarssl/bignum.c \
polarssl/rsa.c \
polarssl/sha1.c \
polarssl/sha256.c \
polarssl/base64.c \
polarssl/libpcrypto.c \
crypto/libpcrypto.c\
crypto/asn1utils.c\
cliparser/argtable3.c\
cliparser/cliparser.c\
loclass/cipher.c \
@@ -260,12 +256,12 @@ WINBINS = $(patsubst %, %.exe, $(BINS))
CLEAN = $(BINS) $(WINBINS) $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(ZLIBOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(OBJDIR)/*.o *.moc.cpp ui/ui_overlays.h lualibs/usb_cmd.lua lualibs/mf_default_keys.lua
# need to assign dependancies to build these first...
all: lua_build $(BINS)
all: lua_build mbedtls_build $(BINS)
all-static: LDLIBS:=-static $(LDLIBS)
all-static: proxmark3 flasher fpga_compress
proxmark3: LDLIBS+=$(LUALIB) $(QTLDLIBS)
proxmark3: LDLIBS+=$(LUALIB) $(QTLDLIBS) $(MBEDTLSLIB)
proxmark3: $(OBJDIR)/proxmark3.o $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(ZLIBOBJS) lualibs/usb_cmd.lua lualibs/mf_default_keys.lua
$(LD) $(LDFLAGS) $(OBJDIR)/proxmark3.o $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(ZLIBOBJS) $(LDLIBS) -o $@
@@ -292,6 +288,7 @@ lualibs/mf_default_keys.lua : default_keys.dic
clean:
$(RM) $(CLEAN)
cd ../liblua && make clean
cd $(MBEDTLSLIBPATH) && make clean
tarbin: $(BINS)
$(TAR) $(TARFLAGS) ../proxmark3-$(platform)-bin.tar $(BINS:%=client/%) $(WINBINS:%=client/%)
@@ -299,7 +296,11 @@ tarbin: $(BINS)
lua_build:
@echo Compiling liblua, using platform $(LUAPLATFORM)
cd ../liblua && make $(LUAPLATFORM)
mbedtls_build:
@echo Compiling mbedtls
cd $(MBEDTLSLIBPATH) && make all
.PHONY: all clean
# easy printing of MAKE VARIABLES

34
client/cmdflashmem.c
View File

@@ -9,8 +9,8 @@
//-----------------------------------------------------------------------------
#include "cmdflashmem.h"
#include "rsa.h"
#include "sha1.h"
#include "mbedtls/rsa.h"
#include "mbedtls/sha1.h"
#define MCK 48000000
//#define FLASH_BAUD 24000000
@@ -358,7 +358,7 @@ int CmdFlashMemWipe(const char *Cmd){
int CmdFlashMemInfo(const char *Cmd){
uint8_t sha_hash[20] = {0};
rsa_context rsa;
mbedtls_rsa_context rsa;
uint8_t cmdp = 0;
bool errors = false, shall_write = false, shall_sign = false;
@@ -404,7 +404,7 @@ int CmdFlashMemInfo(const char *Cmd){
memcpy(&mem, (rdv40_validation_t *)resp.d.asBytes, sizeof(rdv40_validation_t));
// Flash ID hash (sha1)
sha1( mem.flashid, sizeof(mem.flashid), sha_hash );
mbedtls_sha1( mem.flashid, sizeof(mem.flashid), sha_hash );
// print header
PrintAndLogEx(INFO, "\n--- Flash memory Information ---------");
@@ -471,22 +471,22 @@ int CmdFlashMemInfo(const char *Cmd){
#define KEY_LEN 128
rsa_init(&rsa, RSA_PKCS_V15, 0);
mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0);
rsa.len = KEY_LEN;
mpi_read_string( &rsa.N , 16, RSA_N );
mpi_read_string( &rsa.E , 16, RSA_E );
mpi_read_string( &rsa.D , 16, RSA_D );
mpi_read_string( &rsa.P , 16, RSA_P );
mpi_read_string( &rsa.Q , 16, RSA_Q );
mpi_read_string( &rsa.DP, 16, RSA_DP );
mpi_read_string( &rsa.DQ, 16, RSA_DQ );
mpi_read_string( &rsa.QP, 16, RSA_QP );
mbedtls_mpi_read_string( &rsa.N , 16, RSA_N );
mbedtls_mpi_read_string( &rsa.E , 16, RSA_E );
mbedtls_mpi_read_string( &rsa.D , 16, RSA_D );
mbedtls_mpi_read_string( &rsa.P , 16, RSA_P );
mbedtls_mpi_read_string( &rsa.Q , 16, RSA_Q );
mbedtls_mpi_read_string( &rsa.DP, 16, RSA_DP );
mbedtls_mpi_read_string( &rsa.DQ, 16, RSA_DQ );
mbedtls_mpi_read_string( &rsa.QP, 16, RSA_QP );
PrintAndLogEx(INFO, "KEY length | %d", KEY_LEN);
bool is_keyok = ( rsa_check_pubkey( &rsa ) == 0 || rsa_check_privkey( &rsa ) == 0 );
bool is_keyok = ( mbedtls_rsa_check_pubkey( &rsa ) == 0 || mbedtls_rsa_check_privkey( &rsa ) == 0 );
if (is_keyok)
PrintAndLogEx(SUCCESS, "RSA key validation ok");
else
@@ -505,7 +505,7 @@ int CmdFlashMemInfo(const char *Cmd){
// Signing (private key)
if (shall_sign) {
int is_signed = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, SIG_RSA_SHA1, 20, sha_hash, sign );
int is_signed = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 20, sha_hash, sign );
if (is_signed == 0)
PrintAndLogEx(SUCCESS, "RSA Signing ok");
else
@@ -533,13 +533,13 @@ int CmdFlashMemInfo(const char *Cmd){
}
// Verify (public key)
int is_verified = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1, 20, sha_hash, from_device );
int is_verified = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 20, sha_hash, from_device );
if (is_verified == 0)
PrintAndLogEx(SUCCESS, "RSA Verification ok");
else
PrintAndLogEx(FAILED, "RSA Verification failed");
rsa_free(&rsa);
mbedtls_rsa_free(&rsa);
return 0;
}

2
client/cmdhf14b.h
View File

@@ -25,7 +25,7 @@
#include "cmdhf14a.h"
#include "cmdhf.h"
#include "prng.h"
#include "sha1.h"
#include "mbedtls/sha1.h"
#include "mifare.h" // structs/enum for ISO14B
#include "protocols.h" // definitions of ISO14B protocol

2
client/cmdhfmf.h
View File

@@ -16,7 +16,7 @@
#include <string.h>
#include <ctype.h>
#include <time.h>
#include <aes.h>
#include <mbedtls/aes.h>
#include "proxmark3.h"
#include "iso14443crc.h"
#include "ui.h"

2
client/cmdhfmfp.c
View File

@@ -24,7 +24,7 @@
#include "mifare.h"
#include "mifare4.h"
#include "cliparser/cliparser.h"
#include "polarssl/libpcrypto.h"
#include "crypto/libpcrypto.h"
static const uint8_t DefaultKey[16] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};

63
client/crypto/asn1utils.c Normal file
View File

@@ -0,0 +1,63 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// asn.1 utils
//-----------------------------------------------------------------------------
#include "asn1utils.h"
#include <mbedtls/asn1.h>
int ecdsa_asn1_get_signature(uint8_t *signature, size_t signaturelen, uint8_t *rval, uint8_t *sval) {
if (!signature || !signaturelen || !rval || !sval)
return 1;
int res = 0;
unsigned char *p = signature;
const unsigned char *end = p + signaturelen;
size_t len;
mbedtls_mpi xmpi;
if ((res = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) == 0) {
mbedtls_mpi_init(&xmpi);
res = mbedtls_asn1_get_mpi(&p, end, &xmpi);
if (res) {
mbedtls_mpi_free(&xmpi);
goto exit;
}
res = mbedtls_mpi_write_binary(&xmpi, rval, 32);
mbedtls_mpi_free(&xmpi);
if (res)
goto exit;
mbedtls_mpi_init(&xmpi);
res = mbedtls_asn1_get_mpi(&p, end, &xmpi);
if (res) {
mbedtls_mpi_free(&xmpi);
goto exit;
}
res = mbedtls_mpi_write_binary(&xmpi, sval, 32);
mbedtls_mpi_free(&xmpi);
if (res)
goto exit;
// check size
if (end != p)
return 2;
}
exit:
return res;
}
int asn1_print(uint8_t *asn1buf, int level) {
return 0;
}

21
client/crypto/asn1utils.h Normal file
View File

@@ -0,0 +1,21 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// asn.1 utils
//-----------------------------------------------------------------------------
#ifndef ASN1UTILS_H
#define ASN1UTILS_H
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
extern int asn1_print(uint8_t *asn1buf, int level);
extern int ecdsa_asn1_get_signature(uint8_t *signature, size_t signaturelen, uint8_t *rval, uint8_t *sval);
#endif /* asn1utils.h */

381
client/crypto/libpcrypto.c Normal file
View File

@@ -0,0 +1,381 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
// Copyright (C) 2018 drHatson
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// crypto commands
//-----------------------------------------------------------------------------
#include "crypto/libpcrypto.h"
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <mbedtls/asn1.h>
#include <mbedtls/aes.h>
#include <mbedtls/cmac.h>
#include <mbedtls/ecdsa.h>
#include <mbedtls/sha256.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/entropy.h>
#include <mbedtls/error.h>
#include <crypto/asn1utils.h>
#include <util.h>
// NIST Special Publication 800-38A — Recommendation for block cipher modes of operation: methods and techniques, 2001.
int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){
uint8_t iiv[16] = {0};
if (iv)
memcpy(iiv, iv, 16);
mbedtls_aes_context aes;
mbedtls_aes_init(&aes);
if (mbedtls_aes_setkey_enc(&aes, key, 128))
return 1;
if (mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, length, iiv, input, output))
return 2;
mbedtls_aes_free(&aes);
return 0;
}
int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){
uint8_t iiv[16] = {0};
if (iv)
memcpy(iiv, iv, 16);
mbedtls_aes_context aes;
mbedtls_aes_init(&aes);
if (mbedtls_aes_setkey_dec(&aes, key, 128))
return 1;
if (mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, length, iiv, input, output))
return 2;
mbedtls_aes_free(&aes);
return 0;
}
// NIST Special Publication 800-38B — Recommendation for block cipher modes of operation: The CMAC mode for authentication.
// https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/AES_CMAC.pdf
int aes_cmac(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int length) {
memset(mac, 0x00, 16);
// NIST 800-38B
return mbedtls_aes_cmac_prf_128(key, MBEDTLS_AES_BLOCK_SIZE, input, length, mac);
}
int aes_cmac8(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int length) {
uint8_t cmac[16] = {0};
memset(mac, 0x00, 8);
int res = aes_cmac(iv, key, input, cmac, length);
if (res)
return res;
for(int i = 0; i < 8; i++)
mac[i] = cmac[i * 2 + 1];
return 0;
}
static uint8_t fixed_rand_value[250] = {0};
static int fixed_rand(void *rng_state, unsigned char *output, size_t len) {
if (len <= 250) {
memcpy(output, fixed_rand_value, len);
} else {
memset(output, 0x00, len);
}
return 0;
}
int sha256hash(uint8_t *input, int length, uint8_t *hash) {
if (!hash || !input)
return 1;
mbedtls_sha256_context sctx;
mbedtls_sha256_init(&sctx);
mbedtls_sha256_starts(&sctx, 0); // SHA-256, not 224
mbedtls_sha256_update(&sctx, input, length);
mbedtls_sha256_finish(&sctx, hash);
mbedtls_sha256_free(&sctx);
return 0;
}
int ecdsa_init_str(mbedtls_ecdsa_context *ctx, char * key_d, char *key_x, char *key_y) {
if (!ctx)
return 1;
int res;
mbedtls_ecdsa_init(ctx);
res = mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP256R1); // secp256r1
if (res)
return res;
if (key_d) {
res = mbedtls_mpi_read_string(&ctx->d, 16, key_d);
if (res)
return res;
}
if (key_x && key_y) {
res = mbedtls_ecp_point_read_string(&ctx->Q, 16, key_x, key_y);
if (res)
return res;
}
return 0;
}
int ecdsa_init(mbedtls_ecdsa_context *ctx, uint8_t * key_d, uint8_t *key_xy) {
if (!ctx)
return 1;
int res;
mbedtls_ecdsa_init(ctx);
res = mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP256R1); // secp256r1
if (res)
return res;
if (key_d) {
res = mbedtls_mpi_read_binary(&ctx->d, key_d, 32);
if (res)
return res;
}
if (key_xy) {
res = mbedtls_ecp_point_read_binary(&ctx->grp, &ctx->Q, key_xy, 32 * 2 + 1);
if (res)
return res;
}
return 0;
}
int ecdsa_key_create(uint8_t * key_d, uint8_t *key_xy) {
int res;
mbedtls_ecdsa_context ctx;
ecdsa_init(&ctx, NULL, NULL);
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "ecdsaproxmark";
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
res = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *)pers, strlen(pers));
if (res)
goto exit;
res = mbedtls_ecdsa_genkey(&ctx, MBEDTLS_ECP_DP_SECP256R1, mbedtls_ctr_drbg_random, &ctr_drbg);
if (res)
goto exit;
res = mbedtls_mpi_write_binary(&ctx.d, key_d, 32);
if (res)
goto exit;
size_t keylen = 0;
uint8_t public_key[200] = {0};
res = mbedtls_ecp_point_write_binary(&ctx.grp, &ctx.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &keylen, public_key, sizeof(public_key));
if (res)
goto exit;
if (keylen != 65) { // 0x04 <key x 32b><key y 32b>
res = 1;
goto exit;
}
memcpy(key_xy, public_key, 65);
exit:
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ecdsa_free(&ctx);
return res;
}
char *ecdsa_get_error(int ret) {
static char retstr[300];
memset(retstr, 0x00, sizeof(retstr));
mbedtls_strerror(ret, retstr, sizeof(retstr));
return retstr;
}
int ecdsa_signature_create(uint8_t *key_d, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t *signaturelen) {
int res;
*signaturelen = 0;
uint8_t shahash[32] = {0};
res = sha256hash(input, length, shahash);
if (res)
return res;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "ecdsaproxmark";
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
res = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *)pers, strlen(pers));
if (res)
goto exit;
mbedtls_ecdsa_context ctx;
ecdsa_init(&ctx, key_d, key_xy);
res = mbedtls_ecdsa_write_signature(&ctx, MBEDTLS_MD_SHA256, shahash, sizeof(shahash), signature, signaturelen, mbedtls_ctr_drbg_random, &ctr_drbg);
exit:
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ecdsa_free(&ctx);
return res;
}
int ecdsa_signature_create_test(char * key_d, char *key_x, char *key_y, char *random, uint8_t *input, int length, uint8_t *signature, size_t *signaturelen) {
int res;
*signaturelen = 0;
uint8_t shahash[32] = {0};
res = sha256hash(input, length, shahash);
if (res)
return res;
int rndlen = 0;
param_gethex_to_eol(random, 0, fixed_rand_value, sizeof(fixed_rand_value), &rndlen);
mbedtls_ecdsa_context ctx;
ecdsa_init_str(&ctx, key_d, key_x, key_y);
res = mbedtls_ecdsa_write_signature(&ctx, MBEDTLS_MD_SHA256, shahash, sizeof(shahash), signature, signaturelen, fixed_rand, NULL);
mbedtls_ecdsa_free(&ctx);
return res;
}
int ecdsa_signature_verify_keystr(char *key_x, char *key_y, uint8_t *input, int length, uint8_t *signature, size_t signaturelen) {
int res;
uint8_t shahash[32] = {0};
res = sha256hash(input, length, shahash);
if (res)
return res;
mbedtls_ecdsa_context ctx;
ecdsa_init_str(&ctx, NULL, key_x, key_y);
res = mbedtls_ecdsa_read_signature(&ctx, shahash, sizeof(shahash), signature, signaturelen);
mbedtls_ecdsa_free(&ctx);
return res;
}
int ecdsa_signature_verify(uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t signaturelen) {
int res;
uint8_t shahash[32] = {0};
res = sha256hash(input, length, shahash);
if (res)
return res;
mbedtls_ecdsa_context ctx;
ecdsa_init(&ctx, NULL, key_xy);
res = mbedtls_ecdsa_read_signature(&ctx, shahash, sizeof(shahash), signature, signaturelen);
mbedtls_ecdsa_free(&ctx);
return res;
}
#define T_PRIVATE_KEY "C477F9F65C22CCE20657FAA5B2D1D8122336F851A508A1ED04E479C34985BF96"
#define T_Q_X "B7E08AFDFE94BAD3F1DC8C734798BA1C62B3A0AD1E9EA2A38201CD0889BC7A19"
#define T_Q_Y "3603F747959DBF7A4BB226E41928729063ADC7AE43529E61B563BBC606CC5E09"
#define T_K "7A1A7E52797FC8CAAA435D2A4DACE39158504BF204FBE19F14DBB427FAEE50AE"
#define T_R "2B42F576D07F4165FF65D1F3B1500F81E44C316F1F0B3EF57325B69ACA46104F"
#define T_S "DC42C2122D6392CD3E3A993A89502A8198C1886FE69D262C4B329BDB6B63FAF1"
int ecdsa_nist_test(bool verbose) {
int res;
uint8_t input[] = "Example of ECDSA with P-256";
int length = strlen((char *)input);
uint8_t signature[300] = {0};
size_t siglen = 0;
// NIST ecdsa test
if (verbose)
printf(" ECDSA NIST test: ");
// make signature
res = ecdsa_signature_create_test(T_PRIVATE_KEY, T_Q_X, T_Q_Y, T_K, input, length, signature, &siglen);
// printf("res: %x signature[%x]: %s\n", (res<0)?-res:res, siglen, sprint_hex(signature, siglen));
if (res)
goto exit;
// check vectors
uint8_t rval[300] = {0};
uint8_t sval[300] = {0};
res = ecdsa_asn1_get_signature(signature, siglen, rval, sval);
if (res)
goto exit;
int slen = 0;
uint8_t rval_s[33] = {0};
param_gethex_to_eol(T_R, 0, rval_s, sizeof(rval_s), &slen);
uint8_t sval_s[33] = {0};
param_gethex_to_eol(T_S, 0, sval_s, sizeof(sval_s), &slen);
if (strncmp((char *)rval, (char *)rval_s, 32) || strncmp((char *)sval, (char *)sval_s, 32)) {
printf("R or S check error\n");
res = 100;
goto exit;
}
// verify signature
res = ecdsa_signature_verify_keystr(T_Q_X, T_Q_Y, input, length, signature, siglen);
if (res)
goto exit;
// verify wrong signature
input[0] ^= 0xFF;
res = ecdsa_signature_verify_keystr(T_Q_X, T_Q_Y, input, length, signature, siglen);
if (!res) {
res = 1;
goto exit;
}
if (verbose)
printf("passed\n");
// random ecdsa test
if (verbose)
printf(" ECDSA binary signature create/check test: ");
uint8_t key_d[32] = {0};
uint8_t key_xy[32 * 2 + 2] = {0};
memset(signature, 0x00, sizeof(signature));
siglen = 0;
res = ecdsa_key_create(key_d, key_xy);
if (res)
goto exit;
res = ecdsa_signature_create(key_d, key_xy, input, length, signature, &siglen);
if (res)
goto exit;
res = ecdsa_signature_verify(key_xy, input, length, signature, siglen);
if (res)
goto exit;
input[0] ^= 0xFF;
res = ecdsa_signature_verify(key_xy, input, length, signature, siglen);
if (!res)
goto exit;
if (verbose)
printf("passed\n\n");
return 0;
exit:
if (verbose)
printf("failed\n\n");
return res;
}

32
client/crypto/libpcrypto.h Normal file
View File

@@ -0,0 +1,32 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// crypto commands
//-----------------------------------------------------------------------------
#ifndef LIBPCRYPTO_H
#define LIBPCRYPTO_H
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
extern int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length);
extern int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length);
extern int aes_cmac(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int length);
extern int aes_cmac8(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int length);
extern int sha256hash(uint8_t *input, int length, uint8_t *hash);
extern int ecdsa_key_create(uint8_t * key_d, uint8_t *key_xy);
extern int ecdsa_signature_create(uint8_t *key_d, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t *signaturelen);
extern int ecdsa_signature_verify(uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t signaturelen);
extern char *ecdsa_get_error(int ret);
extern int ecdsa_nist_test(bool verbose);
#endif /* libpcrypto.h */

73
client/emv/crypto_polarssl.c
View File

@@ -24,13 +24,14 @@
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "rsa.h"
#include "sha1.h"
#include "mbedtls/rsa.h"
#include "mbedtls/sha1.h"
struct crypto_hash_polarssl {
struct crypto_hash ch;
sha1_context ctx;
mbedtls_sha1_context ctx;
};
static void crypto_hash_polarssl_close(struct crypto_hash *_ch)
@@ -44,7 +45,7 @@ static void crypto_hash_polarssl_write(struct crypto_hash *_ch, const unsigned c
{
struct crypto_hash_polarssl *ch = (struct crypto_hash_polarssl *)_ch;
sha1_update(&(ch->ctx), buf, len);
mbedtls_sha1_update(&(ch->ctx), buf, len);
}
static unsigned char *crypto_hash_polarssl_read(struct crypto_hash *_ch)
@@ -52,7 +53,7 @@ static unsigned char *crypto_hash_polarssl_read(struct crypto_hash *_ch)
struct crypto_hash_polarssl *ch = (struct crypto_hash_polarssl *)_ch;
static unsigned char sha1sum[20];
sha1_finish(&(ch->ctx), sha1sum);
mbedtls_sha1_finish(&(ch->ctx), sha1sum);
return sha1sum;
}
@@ -71,7 +72,7 @@ static struct crypto_hash *crypto_hash_polarssl_open(enum crypto_algo_hash hash)
struct crypto_hash_polarssl *ch = malloc(sizeof(*ch));
sha1_starts(&(ch->ctx));
mbedtls_sha1_starts(&(ch->ctx));
ch->ch.write = crypto_hash_polarssl_write;
ch->ch.read = crypto_hash_polarssl_read;
@@ -83,7 +84,7 @@ static struct crypto_hash *crypto_hash_polarssl_open(enum crypto_algo_hash hash)
struct crypto_pk_polarssl {
struct crypto_pk cp;
rsa_context ctx;
mbedtls_rsa_context ctx;
};
static struct crypto_pk *crypto_pk_polarssl_open_rsa(va_list vl)
@@ -96,13 +97,13 @@ static struct crypto_pk *crypto_pk_polarssl_open_rsa(va_list vl)
char *exp = va_arg(vl, char *); // E
int explen = va_arg(vl, size_t);
rsa_init(&cp->ctx, RSA_PKCS_V15, 0);
mbedtls_rsa_init(&cp->ctx, MBEDTLS_RSA_PKCS_V15, 0);
cp->ctx.len = modlen; // size(N) in bytes
mpi_read_binary(&cp->ctx.N, (const unsigned char *)mod, modlen);
mpi_read_binary(&cp->ctx.E, (const unsigned char *)exp, explen);
mbedtls_mpi_read_binary(&cp->ctx.N, (const unsigned char *)mod, modlen);
mbedtls_mpi_read_binary(&cp->ctx.E, (const unsigned char *)exp, explen);
int res = rsa_check_pubkey(&cp->ctx);
int res = mbedtls_rsa_check_pubkey(&cp->ctx);
if(res != 0) {
fprintf(stderr, "PolarSSL public key error res=%x exp=%d mod=%d.\n", res * -1, explen, modlen);
free(cp);
@@ -134,23 +135,23 @@ static struct crypto_pk *crypto_pk_polarssl_open_priv_rsa(va_list vl)
// char *inv = va_arg(vl, char *);
// int invlen = va_arg(vl, size_t);
rsa_init(&cp->ctx, RSA_PKCS_V15, 0);
mbedtls_rsa_init(&cp->ctx, MBEDTLS_RSA_PKCS_V15, 0);
cp->ctx.len = modlen; // size(N) in bytes
mpi_read_binary(&cp->ctx.N, (const unsigned char *)mod, modlen);
mpi_read_binary(&cp->ctx.E, (const unsigned char *)exp, explen);
mbedtls_mpi_read_binary(&cp->ctx.N, (const unsigned char *)mod, modlen);
mbedtls_mpi_read_binary(&cp->ctx.E, (const unsigned char *)exp, explen);
mpi_read_binary(&cp->ctx.D, (const unsigned char *)d, dlen);
mpi_read_binary(&cp->ctx.P, (const unsigned char *)p, plen);
mpi_read_binary(&cp->ctx.Q, (const unsigned char *)q, qlen);
mpi_read_binary(&cp->ctx.DP, (const unsigned char *)dp, dplen);
mpi_read_binary(&cp->ctx.DQ, (const unsigned char *)dq, dqlen);
mpi_inv_mod(&cp->ctx.QP, &cp->ctx.Q, &cp->ctx.P);
mbedtls_mpi_read_binary(&cp->ctx.D, (const unsigned char *)d, dlen);
mbedtls_mpi_read_binary(&cp->ctx.P, (const unsigned char *)p, plen);
mbedtls_mpi_read_binary(&cp->ctx.Q, (const unsigned char *)q, qlen);
mbedtls_mpi_read_binary(&cp->ctx.DP, (const unsigned char *)dp, dplen);
mbedtls_mpi_read_binary(&cp->ctx.DQ, (const unsigned char *)dq, dqlen);
mbedtls_mpi_inv_mod(&cp->ctx.QP, &cp->ctx.Q, &cp->ctx.P);
int res = rsa_check_privkey(&cp->ctx);
int res = mbedtls_rsa_check_privkey(&cp->ctx);
if(res != 0) {
fprintf(stderr, "PolarSSL private key error res=%x exp=%d mod=%d.\n", res * -1, explen, modlen);
free(cp);
free(cp);
return NULL;
}
@@ -182,10 +183,10 @@ static struct crypto_pk *crypto_pk_polarssl_genkey_rsa(va_list vl)
if (transient) {
}
int res = rsa_gen_key(&cp->ctx, &myrand, NULL, nbits, exp);
int res = mbedtls_rsa_gen_key(&cp->ctx, &myrand, NULL, nbits, exp);
if (res) {
fprintf(stderr, "PolarSSL private key generation error res=%x exp=%d nbits=%d.\n", res * -1, exp, nbits);
free(cp);
free(cp);
return NULL;
}
@@ -196,7 +197,7 @@ static void crypto_pk_polarssl_close(struct crypto_pk *_cp)
{
struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp;
rsa_free(&cp->ctx);
mbedtls_rsa_free(&cp->ctx);
free(cp);
}
@@ -207,7 +208,7 @@ static unsigned char *crypto_pk_polarssl_encrypt(const struct crypto_pk *_cp, co
unsigned char *result;
*clen = 0;
size_t keylen = mpi_size(&cp->ctx.N);
size_t keylen = mbedtls_mpi_size(&cp->ctx.N);
result = malloc(keylen);
if (!result) {
@@ -215,9 +216,9 @@ static unsigned char *crypto_pk_polarssl_encrypt(const struct crypto_pk *_cp, co
return NULL;
}
res = rsa_public(&cp->ctx, buf, result);
if (res) {
printf("RSA encrypt failed. Error: %x data len: %zu key len: %zu\n", res * -1, len, keylen);
res = mbedtls_rsa_public(&cp->ctx, buf, result);
if(res) {
printf("RSA encrypt failed. Error: %x data len: %zd key len: %zd\n", res * -1, len, keylen);
free(result);
return NULL;
}
@@ -234,7 +235,7 @@ static unsigned char *crypto_pk_polarssl_decrypt(const struct crypto_pk *_cp, co
unsigned char *result;
*clen = 0;
size_t keylen = mpi_size(&cp->ctx.N);
size_t keylen = mbedtls_mpi_size(&cp->ctx.N);
result = malloc(keylen);
if (!result) {
@@ -242,9 +243,9 @@ static unsigned char *crypto_pk_polarssl_decrypt(const struct crypto_pk *_cp, co
return NULL;
}
res = rsa_private(&cp->ctx, buf, result); // CHECK???
res = mbedtls_rsa_private(&cp->ctx, NULL, NULL, buf, result); // CHECK???
if(res) {
printf("RSA decrypt failed. Error: %x data len: %zu key len: %zu\n", res * -1, len, keylen);
printf("RSA decrypt failed. Error: %x data len: %zd key len: %zd\n", res * -1, len, keylen);
free(result);
return NULL;
}
@@ -269,17 +270,17 @@ static unsigned char *crypto_pk_polarssl_get_parameter(const struct crypto_pk *_
switch(param){
// mod
case 0:
*plen = mpi_size(&cp->ctx.N);
*plen = mbedtls_mpi_size(&cp->ctx.N);
result = malloc(*plen);
memset(result, 0x00, *plen);
mpi_write_binary(&cp->ctx.N, result, *plen);
mbedtls_mpi_write_binary(&cp->ctx.N, result, *plen);
break;
// exp
case 1:
*plen = mpi_size(&cp->ctx.E);
*plen = mbedtls_mpi_size(&cp->ctx.E);
result = malloc(*plen);
memset(result, 0x00, *plen);
mpi_write_binary(&cp->ctx.E, result, *plen);
mbedtls_mpi_write_binary(&cp->ctx.E, result, *plen);
break;
default:
printf("Error get parameter. Param=%d", param);

2
client/emv/emv_tags.c
View File

@@ -391,7 +391,7 @@ static unsigned long emv_value_numeric(const struct tlv *tlv, unsigned start, un
static void emv_tag_dump_numeric(const struct tlv *tlv, const struct emv_tag *tag, FILE *f, int level) {
PRINT_INDENT(level);
fprintf(f, "\tNumeric value %" PRIu32 " \n", emv_value_numeric(tlv, 0, tlv->len * 2));
fprintf(f, "\tNumeric value %lu \n", emv_value_numeric(tlv, 0, tlv->len * 2));
}
static void emv_tag_dump_yymmdd(const struct tlv *tlv, const struct emv_tag *tag, FILE *f, int level) {

62
client/emv/test/cryptotest.c
View File

@@ -12,38 +12,70 @@
#include "util.h"
#include "ui.h"
#include "bignum.h"
#include "aes.h"
#include "aes_cmac128.h"
#include "des.h"
#include "rsa.h"
#include "sha1.h"
#include "mbedtls/bignum.h"
#include "mbedtls/aes.h"
#include "mbedtls/cmac.h"
#include "mbedtls/des.h"
#include "mbedtls/ecp.h"
#include "mbedtls/rsa.h"
#include "mbedtls/sha1.h"
#include "mbedtls/md5.h"
#include "mbedtls/x509.h"
#include "mbedtls/base64.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/entropy.h"
#include "mbedtls/timing.h"
#include "crypto_test.h"
#include "sda_test.h"
#include "dda_test.h"
#include "cda_test.h"
#include "crypto/libpcrypto.h"
int ExecuteCryptoTests(bool verbose) {
int res;
bool TestFail = false;
res = mpi_self_test(verbose);
res = mbedtls_mpi_self_test(verbose);
if (res) TestFail = true;
res = aes_self_test(verbose);
res = mbedtls_aes_self_test(verbose);
if (res) TestFail = true;
res = mbedtls_des_self_test(verbose);
if (res) TestFail = true;
res = aes_cmac_self_test(verbose);
res = mbedtls_sha1_self_test(verbose);
if (res) TestFail = true;
res = mbedtls_md5_self_test(verbose);
if (res) TestFail = true;
res = des_self_test(verbose);
res = mbedtls_rsa_self_test(verbose);
if (res) TestFail = true;
res = sha1_self_test(verbose);
res = mbedtls_entropy_self_test(verbose);
if (res) TestFail = true;
res = mbedtls_timing_self_test(verbose);
if (res) TestFail = true;
res = mbedtls_ctr_drbg_self_test(verbose);
if (res) TestFail = true;
res = rsa_self_test(verbose);
res = mbedtls_base64_self_test(verbose);
if (res) TestFail = true;
res = mbedtls_cmac_self_test(verbose);
if (res) TestFail = true;
res = ecdsa_nist_test(verbose);
if (res) TestFail = true;
res = mbedtls_ecp_self_test(verbose);
if (res) TestFail = true;
res = mbedtls_x509_self_test(verbose);
if (res) TestFail = true;
res = exec_sda_test(verbose);
@@ -58,11 +90,11 @@ int ExecuteCryptoTests(bool verbose) {
res = exec_crypto_test(verbose);
if (res) TestFail = true;
PrintAndLogEx(NORMAL, "\n--------------------------");
PrintAndLog("\n--------------------------");
if (TestFail)
PrintAndLogEx(ERR, "Test(s) [ERROR].");
PrintAndLog("Test(s) [ERROR].");
else
PrintAndLogEx(SUCCESS, "Tests [OK].");
PrintAndLog("Tests [OK].");
return TestFail;
}

2
client/mifare4.c
View File

@@ -15,7 +15,7 @@
#include "cmdhf14a.h"
#include "util.h"
#include "ui.h"
#include "polarssl/libpcrypto.h"
#include "crypto/libpcrypto.h"
int CalculateEncIVCommand(mf4Session *session, uint8_t *iv, bool verbose) {
memcpy(&iv[0], session->TI, 4);

0
client/obj/crypto/.dummy Normal file
View File

34
client/scripting.c
View File

@@ -331,10 +331,10 @@ static int l_aes128decrypt_cbc(lua_State *L) {
aes_key[i / 2] = tmp & 0xFF;
}
aes_context ctx;
aes_init(&ctx);
aes_setkey_dec(&ctx, aes_key, 128);
aes_crypt_cbc(&ctx, AES_DECRYPT, sizeof(indata), iv, indata, outdata );
mbedtls_aes_context ctx;
mbedtls_aes_init(&ctx);
mbedtls_aes_setkey_dec(&ctx, aes_key, 128);
mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, sizeof(indata), iv, indata, outdata );
//Push decrypted array as a string
lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
return 1;// return 1 to signal one return value
@@ -360,10 +360,10 @@ static int l_aes128decrypt_ecb(lua_State *L) {
sscanf(&p_key[i], "%02x", &tmp);
aes_key[i / 2] = tmp & 0xFF;
}
aes_context ctx;
aes_init(&ctx);
aes_setkey_dec(&ctx, aes_key, 128);
aes_crypt_ecb(&ctx, AES_DECRYPT, indata, outdata );
mbedtls_aes_context ctx;
mbedtls_aes_init(&ctx);
mbedtls_aes_setkey_dec(&ctx, aes_key, 128);
mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_DECRYPT, indata, outdata );
//Push decrypted array as a string
lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
@@ -392,10 +392,10 @@ static int l_aes128encrypt_cbc(lua_State *L) {
aes_key[i / 2] = tmp & 0xFF;
}
aes_context ctx;
aes_init(&ctx);
aes_setkey_enc(&ctx, aes_key, 128);
aes_crypt_cbc(&ctx, AES_ENCRYPT, sizeof(indata), iv, indata, outdata );
mbedtls_aes_context ctx;
mbedtls_aes_init(&ctx);
mbedtls_aes_setkey_enc(&ctx, aes_key, 128);
mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, sizeof(indata), iv, indata, outdata );
//Push encrypted array as a string
lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
return 1;// return 1 to signal one return value
@@ -421,10 +421,10 @@ static int l_aes128encrypt_ecb(lua_State *L) {
sscanf(&p_key[i], "%02x", &tmp);
aes_key[i / 2] = tmp & 0xFF;
}
aes_context ctx;
aes_init(&ctx);
aes_setkey_enc(&ctx, aes_key, 128);
aes_crypt_ecb(&ctx, AES_ENCRYPT, indata, outdata );
mbedtls_aes_context ctx;
mbedtls_aes_init(&ctx);
mbedtls_aes_setkey_enc(&ctx, aes_key, 128);
mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT, indata, outdata );
//Push encrypted array as a string
lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
return 1;// return 1 to signal one return value
@@ -498,7 +498,7 @@ static int l_sha1(lua_State *L) {
size_t size;
const char *p_str = luaL_checklstring(L, 1, &size);
unsigned char outdata[20] = {0x00};
sha1( (uint8_t*) p_str, size, outdata);
mbedtls_sha1( (uint8_t*) p_str, size, outdata);
lua_pushlstring(L, (const char *)&outdata, sizeof(outdata));
return 1;
}

4
client/scripting.h
View File

@@ -23,8 +23,8 @@
#include "crc.h"
#include "crc16.h"
#include "crc64.h"
#include "sha1.h"
#include "aes.h"
#include "mbedtls/sha1.h"
#include "mbedtls/aes.h"
#include "cmdcrc.h"
#include "cmdhfmfhard.h"
#include "cmdhfmfu.h"