github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

cryptorf: style

Browse source
This commit is contained in:
Philippe Teuwen 2020-08-19 22:19:46 +02:00
commit b134753a08
9 changed files with 1703 additions and 1498 deletions
Download patch file Download diff file Expand all files Collapse all files

63
common/cryptorf/cryptolib.c
View file

@ -33,14 +33,12 @@ typedef enum {
int counter = 0;
static uint8_t nibbles_to_byte(nibble b0, nibble b1)
{
static uint8_t nibbles_to_byte(nibble b0, nibble b1) {
// Combine both nibbles
return ((b0 << 4) | b1);
}
static uint8_t funny_mod(uint8_t a, uint8_t m)
{
static uint8_t funny_mod(uint8_t a, uint8_t m) {
// Just return the input when this is less or equal than the modular value
if (a < m) return a;
@ -51,8 +49,7 @@ static uint8_t funny_mod(uint8_t a, uint8_t m)
return (a == 0) ? m : a;
}
static uint8_t bit_rotate_left(uint8_t a, uint8_t n_bits)
{
static uint8_t bit_rotate_left(uint8_t a, uint8_t n_bits) {
// Rotate value a with the length of n_bits only 1 time
uint8_t mask = (1 << n_bits) - 1;
return ((a << 1) | (a >> (n_bits - 1))) & mask;
@ -92,8 +89,7 @@ static void reconstruct_nibbles(crypto_state s)
s->b1 |= s->b1r & s->b1s;
}
*/
static void next_left(uint8_t in, crypto_state s)
{
static void next_left(uint8_t in, crypto_state s) {
uint8_t b3, b6, bx;
// Update the left cipher state with the input byte
@ -113,8 +109,7 @@ static void next_left(uint8_t in, crypto_state s)
s->b1l = ((bx ^ b3) & 0x0f);
}
static void next_right(uint8_t in, crypto_state s)
{
static void next_right(uint8_t in, crypto_state s) {
uint8_t b16, b18, bx;
// Update the right cipher state with the input byte
@ -134,8 +129,7 @@ static void next_right(uint8_t in, crypto_state s)
s->b1r = ((bx ^ b16) & 0x0f);
}
static void next_middle(uint8_t in, crypto_state s)
{
static void next_middle(uint8_t in, crypto_state s) {
uint8_t b12, b13, bx;
// Update the middle cipher state with the input byte
@ -155,8 +149,7 @@ static void next_middle(uint8_t in, crypto_state s)
s->b1s = bx & 0x0f;
}
static void next(const bool feedback, uint8_t in, crypto_state s)
{
static void next(const bool feedback, uint8_t in, crypto_state s) {
// Initialize the (optional) input parameter
uint8_t a = in;
@ -183,14 +176,12 @@ static void next(const bool feedback, uint8_t in, crypto_state s)
s->b1 |= s->b1r & s->b1s;
}
static void next_n(const bool feedback, size_t n, uint8_t in, crypto_state s)
{
static void next_n(const bool feedback, size_t n, uint8_t in, crypto_state s) {
// While n-rounds left, shift the cipher
while (n--) next(feedback, in, s);
}
static void initialize(const bool feedback, const uint8_t *Gc, const uint8_t *Ci, const uint8_t *Q, const size_t n, crypto_state s)
{
static void initialize(const bool feedback, const uint8_t *Gc, const uint8_t *Ci, const uint8_t *Q, const size_t n, crypto_state s) {
size_t pos;
// Reset the cipher state
@ -211,14 +202,12 @@ static void initialize(const bool feedback, const uint8_t *Gc, const uint8_t *Ci
}
}
static uint8_t cm_byte(crypto_state s)
{
static uint8_t cm_byte(crypto_state s) {
// Construct keystream byte by combining both nibbles
return nibbles_to_byte(s->b0, s->b1);
}
static uint8_t sm_byte(crypto_state s)
{
static uint8_t sm_byte(crypto_state s) {
uint8_t ks;
// Construct keystream byte by combining 2 parts from 4 nibbles
@ -230,8 +219,7 @@ static uint8_t sm_byte(crypto_state s)
return ks;
}
void print_crypto_state(const char *text, crypto_state s)
{
void print_crypto_state(const char *text, crypto_state s) {
int pos;
printf("%s", text);
@ -250,8 +238,7 @@ void print_crypto_state(const char *text, crypto_state s)
printf("\n");
}
void sm_auth(const uint8_t *Gc, const uint8_t *Ci, const uint8_t *Q, uint8_t *Ch, uint8_t *Ci_1, crypto_state s)
{
void sm_auth(const uint8_t *Gc, const uint8_t *Ci, const uint8_t *Q, uint8_t *Ch, uint8_t *Ci_1, crypto_state s) {
size_t pos;
initialize(false, Gc, Ci, Q, 1, s);
@ -263,8 +250,7 @@ void sm_auth(const uint8_t *Gc, const uint8_t *Ci, const uint8_t *Q, uint8_t *Ch
}
}
void cm_auth(const uint8_t *Gc, const uint8_t *Ci, const uint8_t *Q, uint8_t *Ch, uint8_t *Ci_1, uint8_t *Ci_2, crypto_state s)
{
void cm_auth(const uint8_t *Gc, const uint8_t *Ci, const uint8_t *Q, uint8_t *Ch, uint8_t *Ci_1, uint8_t *Ci_2, crypto_state s) {
size_t pos;
initialize(true, Gc, Ci, Q, 3, s);
@ -294,8 +280,7 @@ void cm_auth(const uint8_t *Gc, const uint8_t *Ci, const uint8_t *Q, uint8_t *Ch
next_n(true, 3, 0, s);
}
static void cm_crypt(const CryptoAction ca, const uint8_t offset, const uint8_t len, const uint8_t *in, uint8_t *out, crypto_state s)
{
static void cm_crypt(const CryptoAction ca, const uint8_t offset, const uint8_t len, const uint8_t *in, uint8_t *out, crypto_state s) {
size_t pos;
uint8_t bt;
@ -322,32 +307,27 @@ static void cm_crypt(const CryptoAction ca, const uint8_t offset, const uint8_t
}
}
void cm_encrypt(const uint8_t offset, const uint8_t len, const uint8_t *ct, uint8_t *pt, crypto_state s)
{
void cm_encrypt(const uint8_t offset, const uint8_t len, const uint8_t *ct, uint8_t *pt, crypto_state s) {
next_n(true, 5, 0, s);
next(true, 0, s);
cm_crypt(CA_ENCRYPT, offset, len, ct, pt, s);
}
void cm_decrypt(const uint8_t offset, const uint8_t len, const uint8_t *ct, uint8_t *pt, crypto_state s)
{
void cm_decrypt(const uint8_t offset, const uint8_t len, const uint8_t *ct, uint8_t *pt, crypto_state s) {
next_n(true, 5, 0, s);
next(true, 0, s);
cm_crypt(CA_DECRYPT, offset, len, ct, pt, s);
}
void cm_grind_read_system_zone(const uint8_t offset, const uint8_t len, const uint8_t *pt, crypto_state s)
{
void cm_grind_read_system_zone(const uint8_t offset, const uint8_t len, const uint8_t *pt, crypto_state s) {
cm_crypt(CA_ENCRYPT, offset, len, pt, NULL, s);
}
void cm_grind_set_user_zone(const uint8_t zone, crypto_state s)
{
void cm_grind_set_user_zone(const uint8_t zone, crypto_state s) {
next(true, zone, s);
}
void cm_mac(uint8_t *mac, crypto_state s)
{
void cm_mac(uint8_t *mac, crypto_state s) {
next_n(true, 10, 0, s);
if (mac)
mac[0] = cm_byte(s);
@ -357,8 +337,7 @@ void cm_mac(uint8_t *mac, crypto_state s)
mac[1] = cm_byte(s);
}
void cm_password(const uint8_t *pt, uint8_t *ct, crypto_state s)
{
void cm_password(const uint8_t *pt, uint8_t *ct, crypto_state s) {
for (size_t pos = 0; pos < 3; pos++) {
next_n(true, 5, pt[pos], s);
ct[pos] = cm_byte(s);

222
common/cryptorf/cryptolib_baloncu.c Normal file
View file

@ -0,0 +1,222 @@
#include "cryptolib.h"
static byte_t rotate5_lut[] = {0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16, 0x18, 0x1a, 0x1c, 0x1e, 0x01, 0x03, 0x05, 0x07, 0x09, 0x0b, 0x0d, 0x0f, 0x11, 0x13, 0x15, 0x17, 0x19, 0x1b, 0x1d, 0x1f, 0x02, 0x02, 0x06, 0x06, 0x0a, 0x0a, 0x0e, 0x0e, 0x12, 0x12, 0x16, 0x16, 0x1a, 0x1a, 0x1e, 0x1e, 0x03, 0x03, 0x07, 0x07, 0x0b, 0x0b, 0x0f, 0x0f, 0x13, 0x13, 0x17, 0x17, 0x1b, 0x1b, 0x1f, 0x1f, 0x04, 0x06, 0x04, 0x06, 0x0c, 0x0e, 0x0c, 0x0e, 0x14, 0x16, 0x14, 0x16, 0x1c, 0x1e, 0x1c, 0x1e, 0x05, 0x07, 0x05, 0x07, 0x0d, 0x0f, 0x0d, 0x0f, 0x15, 0x17, 0x15, 0x17, 0x1d, 0x1f, 0x1d, 0x1f, 0x06, 0x06, 0x06, 0x06, 0x0e, 0x0e, 0x0e, 0x0e, 0x16, 0x16, 0x16, 0x16, 0x1e, 0x1e, 0x1e, 0x1e, 0x07, 0x07, 0x07, 0x07, 0x0f, 0x0f, 0x0f, 0x0f, 0x17, 0x17, 0x17, 0x17, 0x1f, 0x1f, 0x1f, 0x1f, 0x08, 0x0a, 0x0c, 0x0e, 0x08, 0x0a, 0x0c, 0x0e, 0x18, 0x1a, 0x1c, 0x1e, 0x18, 0x1a, 0x1c, 0x1e, 0x09, 0x0b, 0x0d, 0x0f, 0x09, 0x0b, 0x0d, 0x0f, 0x19, 0x1b, 0x1d, 0x1f, 0x19, 0x1b, 0x1d, 0x1f, 0x0a, 0x0a, 0x0e, 0x0e, 0x0a, 0x0a, 0x0e, 0x0e, 0x1a, 0x1a, 0x1e, 0x1e, 0x1a, 0x1a, 0x1e, 0x1e, 0x0b, 0x0b, 0x0f, 0x0f, 0x0b, 0x0b, 0x0f, 0x0f, 0x1b, 0x1b, 0x1f, 0x1f, 0x1b, 0x1b, 0x1f, 0x1f, 0x0c, 0x0e, 0x0c, 0x0e, 0x0c, 0x0e, 0x0c, 0x0e, 0x1c, 0x1e, 0x1c, 0x1e, 0x1c, 0x1e, 0x1c, 0x1e, 0x0d, 0x0f, 0x0d, 0x0f, 0x0d, 0x0f, 0x0d, 0x0f, 0x1d, 0x1f, 0x1d, 0x1f, 0x1d, 0x1f, 0x1d, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e, 0x0e, 0x0e, 0x0e, 0x0e, 0x1e, 0x1e, 0x1e, 0x1e, 0x1e, 0x1e, 0x1e, 0x1e, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f};
static byte_t rotate7_lut[] = {0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16, 0x18, 0x1a, 0x1c, 0x1e, 0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e, 0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e, 0x40, 0x42, 0x44, 0x46, 0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e, 0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76, 0x78, 0x7a, 0x7c, 0x7e, 0x01, 0x03, 0x05, 0x07, 0x09, 0x0b, 0x0d, 0x0f, 0x11, 0x13, 0x15, 0x17, 0x19, 0x1b, 0x1d, 0x1f, 0x21, 0x23, 0x25, 0x27, 0x29, 0x2b, 0x2d, 0x2f, 0x31, 0x33, 0x35, 0x37, 0x39, 0x3b, 0x3d, 0x3f, 0x41, 0x43, 0x45, 0x47, 0x49, 0x4b, 0x4d, 0x4f, 0x51, 0x53, 0x55, 0x57, 0x59, 0x5b, 0x5d, 0x5f, 0x61, 0x63, 0x65, 0x67, 0x69, 0x6b, 0x6d, 0x6f, 0x71, 0x73, 0x75, 0x77, 0x79, 0x7b, 0x7d, 0x7f, 0x02, 0x02, 0x06, 0x06, 0x0a, 0x0a, 0x0e, 0x0e, 0x12, 0x12, 0x16, 0x16, 0x1a, 0x1a, 0x1e, 0x1e, 0x22, 0x22, 0x26, 0x26, 0x2a, 0x2a, 0x2e, 0x2e, 0x32, 0x32, 0x36, 0x36, 0x3a, 0x3a, 0x3e, 0x3e, 0x42, 0x42, 0x46, 0x46, 0x4a, 0x4a, 0x4e, 0x4e, 0x52, 0x52, 0x56, 0x56, 0x5a, 0x5a, 0x5e, 0x5e, 0x62, 0x62, 0x66, 0x66, 0x6a, 0x6a, 0x6e, 0x6e, 0x72, 0x72, 0x76, 0x76, 0x7a, 0x7a, 0x7e, 0x7e, 0x03, 0x03, 0x07, 0x07, 0x0b, 0x0b, 0x0f, 0x0f, 0x13, 0x13, 0x17, 0x17, 0x1b, 0x1b, 0x1f, 0x1f, 0x23, 0x23, 0x27, 0x27, 0x2b, 0x2b, 0x2f, 0x2f, 0x33, 0x33, 0x37, 0x37, 0x3b, 0x3b, 0x3f, 0x3f, 0x43, 0x43, 0x47, 0x47, 0x4b, 0x4b, 0x4f, 0x4f, 0x53, 0x53, 0x57, 0x57, 0x5b, 0x5b, 0x5f, 0x5f, 0x63, 0x63, 0x67, 0x67, 0x6b, 0x6b, 0x6f, 0x6f, 0x73, 0x73, 0x77, 0x77, 0x7b, 0x7b, 0x7f, 0x7f};
static byte_t funny_mod1f_lut[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
static byte_t funny_mod7f_lut[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x01};
typedef enum {
CA_ENCRYPT = 0x01,
CA_DECRYPT = 0x02
} CryptoAction;
int counter = 0;
byte_t nibbles_to_byte(nibble b0, nibble b1) {
// Combine both nibbles
return ((b0 << 4) | b1);
}
byte_t funny_mod(byte_t a, byte_t m) {
// Just return the input when this is less or equal than the modular value
if (a < m) return a;
// Compute the modular value
a %= m;
// Return the funny value, when the output was now zero, return the modular value
return (a == 0) ? m : a;
}
byte_t bit_rotate_left(byte_t a, byte_t n_bits) {
// Rotate value a with the length of n_bits only 1 time
byte_t mask = (1 << n_bits) - 1;
return ((a << 1) | (a >> (n_bits - 1))) & mask;
}
//meltem changed this function to make it perform faster
//to get a better idea of the algorithm check out cryptorf inside the tools directory
void RAMFUNC next(size_t repeat, byte_t in, crypto_state s) {
size_t i = repeat;
byte_t a;
byte_t *cipher_p;
do {
// Construct the cipher update 'a' from (input ^ feedback)
a = in ^ ((s->b0 << 4) | s->b1);
// Shift the cipher state
//left
cipher_p = (byte_t *) &s->l;
cipher_p[5] = cipher_p[5] ^ (a & 0x1f);
s->l = (s->l >> 8);
cipher_p[7] = funny_mod1f_lut[cipher_p[3] + rotate5_lut[cipher_p[0]]];
s->b1l = cipher_p[7] ^ cipher_p[3];
//middle
cipher_p = (byte_t *) &s->m;
cipher_p[3] = cipher_p[3] ^ ((a << 3) | (a >> 5));
s->m = (s->m >> 8);
cipher_p[7] = funny_mod7f_lut[(cipher_p[1] & 0x7f) + rotate7_lut[(cipher_p[0] & 0x7f)]];
s->b1s = cipher_p[7] & 0x0f;
//right
cipher_p = (byte_t *) &s->r;
cipher_p[6] = cipher_p[6] ^ (a >> 3);
s->r = (s->r >> 8);
cipher_p[7] = funny_mod1f_lut[cipher_p[4] + cipher_p[2]];
s->b1r = cipher_p[7] ^ cipher_p[4];
// The nible from b1 shifts to b0
s->b0 = s->b1;
// Construct the new value of nible b1
s->b1 = (s->b1l & 0x0f) & ~(s->b1s);
s->b1 |= s->b1r & s->b1s;
} while (--i);
}
void next_n(size_t n, byte_t in, crypto_state s) {
// While n-rounds left, shift the cipher
while (n--) next(1, in, s);
}
void initialize(const byte_t *Gc, const byte_t *Ci, const byte_t *Q, const size_t n, crypto_state s) {
size_t pos;
// Reset the cipher state
memset(s, 0x00, sizeof(crypto_state_t));
// Load in the ci (tag-nonce), together with the first half of Q (reader-nonce)
for (pos = 0; pos < 4; pos++) {
next(n, Ci[2 * pos ], s);
next(n, Ci[2 * pos + 1], s);
next(1, Q[pos], s);
}
// Load in the diversified key (Gc), together with the second half of Q (reader-nonce)
for (pos = 0; pos < 4; pos++) {
next(n, Gc[2 * pos ], s);
next(n, Gc[2 * pos + 1], s);
next(1, Q[pos + 4], s);
}
}
byte_t cm_byte(crypto_state s) {
// Construct keystream byte by combining both nibbles
return nibbles_to_byte(s->b0, s->b1);
}
void print_crypto_state(const char *text, crypto_state s) {
int pos;
printf("%s", text);
for (pos = 6; pos >= 0; pos--)
printf(" %02x", (byte_t)(s->l >> (pos * 5)) & 0x1f);
printf(" |");
for (pos = 6; pos >= 0; pos--)
printf(" %02x", (byte_t)(s->m >> (pos * 7)) & 0x7f);
printf(" |");
for (pos = 4; pos >= 0; pos--)
printf(" %02x", (byte_t)(s->r >> (pos * 5)) & 0x1f);
printf(" | %02x", cm_byte(s));
printf("\n");
}
void cm_auth(const byte_t *Gc, const byte_t *Ci, const byte_t *Q, byte_t *Ch, byte_t *Ci_1, byte_t *Ci_2, crypto_state s) {
size_t pos;
initialize(Gc, Ci, Q, 3, s);
// Construct the reader-answer (challange)
next(6, 0, s);
Ch[0] = cm_byte(s);
for (pos = 1; pos < 8; pos++) {
next(7, 0, s);
Ch [pos] = cm_byte(s);
}
// Construct the tag-answer (Ci+1 = ff .. .. .. .. .. .. ..)
Ci_1[0] = 0xff;
for (pos = 1; pos < 8; pos++) {
next(2, 0, s);
Ci_1[pos] = cm_byte(s);
}
// Construct the session key (Ci+2)
for (pos = 0; pos < 8; pos++) {
next(2, 0, s);
Ci_2[pos] = cm_byte(s);
}
// Prepare the cipher for encryption by shifting 3 more times
next(3, 0, s);
}
void cm_crypt(const CryptoAction ca, const byte_t offset, const byte_t len, const byte_t *in, byte_t *out, crypto_state s) {
size_t pos;
byte_t bt;
next(5, 0, s);
next(1, offset, s);
next(5, 0, s);
next(1, len, s);
for (pos = 0; pos < len; pos++) {
// Perform the crypto operation
bt = in[pos] ^ cm_byte(s);
// Generate output
if (out) out[pos] = bt;
// Detect where to find the plaintext for loading into cipher state
if (ca == CA_DECRYPT) {
next(1, bt, s);
} else {
next(1, in[pos], s);
}
// Shift the cipher state 5 times
next(5, 0, s);
}
}
void cm_encrypt(const byte_t offset, const byte_t len, const byte_t *ct, byte_t *pt, crypto_state s) {
next(5, 0, s);
next(1, 0, s);
cm_crypt(CA_ENCRYPT, offset, len, ct, pt, s);
}
void cm_decrypt(const byte_t offset, const byte_t len, const byte_t *ct, byte_t *pt, crypto_state s) {
next(5, 0, s);
next(1, 0, s);
cm_crypt(CA_DECRYPT, offset, len, ct, pt, s);
}
void cm_grind_read_system_zone(const byte_t offset, const byte_t len, const byte_t *pt, crypto_state s) {
cm_crypt(CA_ENCRYPT, offset, len, pt, null, s);
}
void cm_grind_set_user_zone(const byte_t zone, crypto_state s) {
next(1, zone, s);
}
void cm_mac(byte_t *mac, crypto_state s) {
next(10, 0, s);
if (mac) mac[0] = cm_byte(s);
next(5, 0, s);
if (mac) mac[1] = cm_byte(s);
}
void cm_password(const byte_t *pt, byte_t *ct, crypto_state s) {
size_t pos;
for (pos = 0; pos < 3; pos++) {
next(5, pt[pos], s);
ct[pos] = cm_byte(s);
}
}

41
common/cryptorf/cryptolib_baloncu.h Normal file
View file

@ -0,0 +1,41 @@
#ifndef _CRYPTOLIB_H_
#define _CRYPTOLIB_H_
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#define null 0
typedef unsigned char byte_t;
typedef long long unsigned int ui64;
// A nibble is actually only 4 bits, but there is no such type ;)
typedef byte_t nibble;
typedef struct {
uint64_t l;
uint64_t m;
uint64_t r;
nibble b0;
nibble b1;
nibble b1l;
nibble b1r;
nibble b1s;
} crypto_state_t;
typedef crypto_state_t *crypto_state;
void print_crypto_state(const char *text, crypto_state s);
void cm_auth(const byte_t *Gc, const byte_t *Ci, const byte_t *Q, byte_t *Ch, byte_t *Ci_1, byte_t *Ci_2, crypto_state s);
void cm_encrypt(const byte_t offset, const byte_t len, const byte_t *pt, byte_t *ct, crypto_state s);
void cm_decrypt(const byte_t offset, const byte_t len, const byte_t *ct, byte_t *pt, crypto_state s);
void cm_grind_read_system_zone(const byte_t offset, const byte_t len, const byte_t *pt, crypto_state s);
void cm_grind_set_user_zone(const byte_t zone, crypto_state s);
void cm_mac(byte_t *mac, crypto_state s);
void cm_password(const byte_t *pt, byte_t *ct, crypto_state s);
void RAMFUNC next(size_t repeat, byte_t in, crypto_state s);
#endif // _CRYPTOLIB_H_

54
tools/cryptorf/cm.c
View file

@ -31,8 +31,7 @@
#define _CRT_SECURE_NO_DEPRECATE
#endif
int main(int argc, const char* argv[])
{
int main(int argc, const char *argv[]) {
// Cryptomemory state
crypto_state_t s;
@ -58,38 +57,53 @@ int main(int argc, const char* argv[])
// Show header and help syntax
printf("CryptoMemory simulator - (c) Radboud University Nijmegen\n");
if (argc < 5)
{
if (argc < 5) {
printf("\nsyntax: cm <Gc> <Ci> <Q> <Q(s)>\n");
return 1;
}
// Parse arguments
sscanf(argv[1],"%016" SCNx64,&nGc); num_to_bytes(nGc,8,Gc);
sscanf(argv[2],"%016" SCNx64,&nCi); num_to_bytes(nCi,8,Ci);
sscanf(argv[3],"%016" SCNx64,&nQ); num_to_bytes(nQ,8,Q);
sscanf(argv[4],"%016" SCNx64,&nQs); num_to_bytes(nQs,8,Qs);
sscanf(argv[1], "%016" SCNx64, &nGc);
num_to_bytes(nGc, 8, Gc);
sscanf(argv[2], "%016" SCNx64, &nCi);
num_to_bytes(nCi, 8, Ci);
sscanf(argv[3], "%016" SCNx64, &nQ);
num_to_bytes(nQ, 8, Q);
sscanf(argv[4], "%016" SCNx64, &nQs);
num_to_bytes(nQs, 8, Qs);
// Calculate authentication
cm_auth(Gc, Ci, Q, Ch, Ci_1, Ci_2, &s);
printf("\nAuthenticate\n");
printf(" Gc: "); print_bytes(Gc,8);
printf(" Ci: "); print_bytes(Ci,8);
printf(" Q: "); print_bytes(Q,8);
printf(" Ch: "); print_bytes(Ch,8);
printf(" Ci+1: "); print_bytes(Ci_1,8);
printf(" Ci+2: "); print_bytes(Ci_2,8);
printf(" Gc: ");
print_bytes(Gc, 8);
printf(" Ci: ");
print_bytes(Ci, 8);
printf(" Q: ");
print_bytes(Q, 8);
printf(" Ch: ");
print_bytes(Ch, 8);
printf(" Ci+1: ");
print_bytes(Ci_1, 8);
printf(" Ci+2: ");
print_bytes(Ci_2, 8);
cm_auth(Ci_2, Ci_1, Qs, Chs, Ci_1s, Ci_2s, &s);
printf("\nVerify Crypto (Session Key)\n");
printf(" Gc(s): "); print_bytes(Ci_2,8);
printf(" Ci(s): "); print_bytes(Ci_1,8);
printf(" Q(s): "); print_bytes(Qs,8);
printf(" Ch(s): "); print_bytes(Chs,8);
printf("Ci+1(s): "); print_bytes(Ci_1s,8);
printf("Ci+2(s): "); print_bytes(Ci_2s,8);
printf(" Gc(s): ");
print_bytes(Ci_2, 8);
printf(" Ci(s): ");
print_bytes(Ci_1, 8);
printf(" Q(s): ");
print_bytes(Qs, 8);
printf(" Ch(s): ");
print_bytes(Chs, 8);
printf("Ci+1(s): ");
print_bytes(Ci_1s, 8);
printf("Ci+2(s): ");
print_bytes(Ci_2s, 8);
printf("\n");
return 0;

33
tools/cryptorf/sm.c
View file

@ -31,8 +31,7 @@
#define _CRT_SECURE_NO_DEPRECATE
#endif
int main(int argc, const char* argv[])
{
int main(int argc, const char *argv[]) {
// Cryptomemory state
crypto_state_t s;
size_t pos;
@ -50,30 +49,36 @@ int main(int argc, const char* argv[])
// Show header and help syntax
printf("SecureMemory simulator - (c) Radboud University Nijmegen\n");
if (argc < 4)
{
if (argc < 4) {
printf("\nsyntax: sm <Gc> <Ci> <Q>\n");
return 1;
}
// Parse arguments
sscanf(argv[1],"%016" SCNx64,&nGc); num_to_bytes(nGc,8,Gc);
sscanf(argv[2],"%016" SCNx64,&nCi); num_to_bytes(nCi,8,Ci);
sscanf(argv[3],"%016" SCNx64,&nQ); num_to_bytes(nQ,8,Q);
sscanf(argv[1], "%016" SCNx64, &nGc);
num_to_bytes(nGc, 8, Gc);
sscanf(argv[2], "%016" SCNx64, &nCi);
num_to_bytes(nCi, 8, Ci);
sscanf(argv[3], "%016" SCNx64, &nQ);
num_to_bytes(nQ, 8, Q);
// Calculate authentication
sm_auth(Gc, Ci, Q, Ch, Ci_1, &s);
printf("\nAuthentication info\n\n");
printf(" Gc: "); print_bytes(Gc,8);
printf(" Ci: "); print_bytes(Ci,8);
printf(" Q: "); print_bytes(Q,8);
printf(" Ch: "); print_bytes(Ch,8);
printf("Ci+1: "); print_bytes(Ci_1,8);
printf(" Gc: ");
print_bytes(Gc, 8);
printf(" Ci: ");
print_bytes(Ci, 8);
printf(" Q: ");
print_bytes(Q, 8);
printf(" Ch: ");
print_bytes(Ch, 8);
printf("Ci+1: ");
print_bytes(Ci_1, 8);
printf("\n");
printf(" Ks: ");
for (pos=0; pos<8; pos++)
{
for (pos = 0; pos < 8; pos++) {
printf("%02x ", Ci_1[pos]);
printf("%02x ", Ch[pos]);
}

252
tools/cryptorf/sma.cpp
View file

@ -142,8 +142,7 @@ enum cipher_state_side {
CSS_RIGHT
};
void print_cs(const char* text,pcs s)
{
void print_cs(const char *text, pcs s) {
int pos;
printf("%s", text);
@ -159,8 +158,7 @@ void print_cs(const char* text,pcs s)
printf("\n");
}
static inline uint8_t mod(uint8_t a, uint8_t m)
{
static inline uint8_t mod(uint8_t a, uint8_t m) {
// Just return the input when this is less or equal than the modular value
if (a < m) return a;
@ -171,15 +169,13 @@ static inline uint8_t mod(uint8_t a, uint8_t m)
return (a == 0) ? m : a;
}
static inline uint8_t bit_rotate_l(uint8_t a, uint8_t n_bits)
{
static inline uint8_t bit_rotate_l(uint8_t a, uint8_t n_bits) {
// Rotate value a with the length of n_bits only 1 time
uint8_t mask = (1 << n_bits) - 1;
return ((a << 1) | (a >> (n_bits - 1))) & mask;
}
static inline uint8_t bit_rotate_r(uint8_t a, uint8_t n_bits)
{
static inline uint8_t bit_rotate_r(uint8_t a, uint8_t n_bits) {
return ((a >> 1) | ((a & 1) << (n_bits - 1)));
}
@ -189,13 +185,11 @@ static lookup_entry lookup_left[0x100000];
static lookup_entry lookup_right[0x8000];
static uint8_t left_addition[0x100000];
static inline void init_lookup_left()
{
static inline void init_lookup_left() {
uint8_t b3, b6, temp;
int i, index;
for(i = 0; i <0x400; i++)
{
for (i = 0; i < 0x400; i++) {
b6 = i & 0x1f;
b3 = (i >> 5) & 0x1f;
index = (b3 << 15) | b6;
@ -208,13 +202,11 @@ static inline void init_lookup_left()
}
}
static inline void init_lookup_right()
{
static inline void init_lookup_right() {
uint8_t b16, b18, temp;
int i, index;
for(i = 0; i <0x400; i++)
{
for (i = 0; i < 0x400; i++) {
b18 = i & 0x1f;
b16 = (i >> 5) & 0x1f;
index = (b16 << 10) | b18;
@ -225,32 +217,26 @@ static inline void init_lookup_right()
}
}
static void init_lookup_left_substraction()
{
for(int index = 0; index < 0x400 ; index++)
{
static void init_lookup_left_substraction() {
for (int index = 0; index < 0x400 ; index++) {
uint8_t b3 = (index >> 5 & 0x1f);
uint8_t bx = (index & 0x1f);
lookup_left_substraction[index] = bit_rotate_r(mod((bx + 0x1f) - b3, 0x1f), 5);
}
}
static void init_lookup_right_substraction()
{
for(int index = 0; index < 0x400 ; index++)
{
static void init_lookup_right_substraction() {
for (int index = 0; index < 0x400 ; index++) {
int b16 = (index >> 5);
uint8_t bx = (index & 0x1f);
lookup_right_subtraction[index] = mod((bx + 0x1f) - b16, 0x1f);
}
}
static inline void previous_left(uint8_t in, vector<cs_t> *candidate_states)
{
static inline void previous_left(uint8_t in, vector<cs_t> *candidate_states) {
pcs state;
size_t size = candidate_states->size();
for(size_t pos=0; pos<size; pos++)
{
for (size_t pos = 0; pos < size; pos++) {
state = &((*candidate_states)[pos]);
uint8_t bx = (uint8_t)((state->l >> 30) & 0x1f);
@ -258,11 +244,9 @@ static inline void previous_left(uint8_t in, vector<cs_t> *candidate_states)
state->l = (state->l << 5);
//Ignore impossible states
if (bx == 0)
{
if (bx == 0) {
// Are we dealing with an impossible state?
if (b3 != 0)
{
if (b3 != 0) {
state->invalid = true;
} else {
// We only need to consider b6=0
@ -275,8 +259,7 @@ static inline void previous_left(uint8_t in, vector<cs_t> *candidate_states)
state->l ^= (((uint64_t)in & 0x1f) << 20);
// Check if we have a second candidate
if (b6 == 0x1f)
{
if (b6 == 0x1f) {
cs_t nstate = *state;
nstate.l &= 0x7ffffffe0ull;
candidate_states->push_back(nstate);
@ -285,12 +268,10 @@ static inline void previous_left(uint8_t in, vector<cs_t> *candidate_states)
}
}
static inline void previous_right(uint8_t in, vector<cs_t> *candidate_states)
{
static inline void previous_right(uint8_t in, vector<cs_t> *candidate_states) {
pcs state;
size_t size = candidate_states->size();
for(size_t pos=0; pos<size; pos++)
{
for (size_t pos = 0; pos < size; pos++) {
state = &((*candidate_states)[pos]);
uint8_t bx = (uint8_t)((state->r >> 20) & 0x1f);
@ -299,10 +280,8 @@ static inline void previous_right(uint8_t in, vector<cs_t> *candidate_states)
state->r = (state->r << 5);
// Ignore impossible states
if (bx == 0)
{
if (b16 != 0)
{
if (bx == 0) {
if (b16 != 0) {
state->invalid = true;
} else {
// We only need to consider b18=0
@ -316,8 +295,7 @@ static inline void previous_right(uint8_t in, vector<cs_t> *candidate_states)
//state->b_right = ((b14^b17) & 0x0f);
// Check if we have a second candidate
if (b18 == 0x1f)
{
if (b18 == 0x1f) {
cs_t nstate = *state;
nstate.r &= 0x1ffffe0ull;
candidate_states->push_back(nstate);
@ -326,16 +304,14 @@ static inline void previous_right(uint8_t in, vector<cs_t> *candidate_states)
}
}
static inline uint8_t next_left_fast(uint8_t in, uint64_t* left)
{
static inline uint8_t next_left_fast(uint8_t in, uint64_t *left) {
if (in) *left ^= ((in & 0x1f) << 20);
lookup_entry *lookup = &(lookup_left[((*left) & 0xf801f)]);
*left = (((*left) >> 5) | ((uint64_t)lookup->addition << 30));
return lookup->out;
}
static inline uint8_t next_left_ksbyte(uint64_t* left)
{
static inline uint8_t next_left_ksbyte(uint64_t *left) {
lookup_entry *lookup;
uint8_t bt;
@ -350,21 +326,18 @@ static inline uint8_t next_left_ksbyte(uint64_t* left)
return bt;
}
static inline uint8_t next_right_fast(uint8_t in, uint64_t* right)
{
static inline uint8_t next_right_fast(uint8_t in, uint64_t *right) {
if (in) *right ^= ((in & 0xf8) << 12);
lookup_entry *lookup = &(lookup_right[((*right) & 0x7c1f)]);
*right = (((*right) >> 5) | (lookup->addition << 20));
return lookup->out;
}
static inline void sm_left_mask(const uint8_t* ks, uint8_t* mask, uint64_t rstate)
{
static inline void sm_left_mask(const uint8_t *ks, uint8_t *mask, uint64_t rstate) {
size_t pos;
uint8_t bt;
for (pos=0; pos<16; pos++)
{
for (pos = 0; pos < 16; pos++) {
next_right_fast(0, &rstate);
bt = next_right_fast(0, &rstate) << 4;
next_right_fast(0, &rstate);
@ -378,8 +351,7 @@ static inline void sm_left_mask(const uint8_t* ks, uint8_t* mask, uint64_t rstat
}
}
static inline uint32_t sm_right(const uint8_t* ks, uint8_t* mask, vector<uint64_t>* pcrstates)
{
static inline uint32_t sm_right(const uint8_t *ks, uint8_t *mask, vector<uint64_t> *pcrstates) {
uint8_t tmp_mask[16];
size_t pos, bits, bit, topbits;
uint64_t rstate, counter;
@ -388,16 +360,14 @@ static inline uint32_t sm_right(const uint8_t* ks, uint8_t* mask, vector<uint64_
uint8_t bt;
topbits = 0;
for (counter=0; counter<0x2000000; counter++)
{
for (counter = 0; counter < 0x2000000; counter++) {
// Reset the current bitcount of correct bits
bits = 0;
// Copy the state we are going to test
rstate = counter;
for (pos=0; pos<16; pos++)
{
for (pos = 0; pos < 16; pos++) {
next_right_fast(0, &rstate);
bt = next_right_fast(0, &rstate) << 4;
next_right_fast(0, &rstate);
@ -409,30 +379,26 @@ static inline uint32_t sm_right(const uint8_t* ks, uint8_t* mask, vector<uint64_
// Save the mask for the left produced bits
tmp_mask[pos] = bt;
for (bit=0; bit<8; bit++)
{
for (bit = 0; bit < 8; bit++) {
// When the bit is xored away (=zero), it was the same, so correct ;)
if ((bt & 0x01) == 0) bits++;
bt >>= 1;
}
}
if (bits > topbits)
{
if (bits > topbits) {
topbits = bits;
// Copy the winning mask
memcpy(mask, tmp_mask, 16);
}
// Ignore states under 90
if (bits >= 90)
{
if (bits >= 90) {
// Make sure the bits are used for ordering
bincstates[(((uint64_t)bits) << 56) | counter] = counter;
}
if ((counter&0xfffff) == 0)
{
if ((counter & 0xfffff) == 0) {
printf(".");
fflush(stdout);
}
@ -443,8 +409,7 @@ static inline uint32_t sm_right(const uint8_t* ks, uint8_t* mask, vector<uint64_
pcrstates->clear();
// Copy the order the states from lowest-bin to highest-bin
for(it=bincstates.begin();it!=bincstates.end();++it)
{
for (it = bincstates.begin(); it != bincstates.end(); ++it) {
pcrstates->push_back(it->second);
}
// Reverse the vector order (so the higest bin comes first)
@ -453,8 +418,7 @@ static inline uint32_t sm_right(const uint8_t* ks, uint8_t* mask, vector<uint64_
return topbits;
}
static inline void previous_all_input(vector<cs_t> *pcstates, uint32_t gc_byte_index, cipher_state_side css)
{
static inline void previous_all_input(vector<cs_t> *pcstates, uint32_t gc_byte_index, cipher_state_side css) {
uint8_t btGc, in;
vector<cs_t> ncstates;
vector<cs_t> prev_ncstates;
@ -462,14 +426,12 @@ static inline void previous_all_input(vector<cs_t> *pcstates, uint32_t gc_byte_i
// Loop through the complete entryphy of 5 bits for each candidate
// We ignore zero (xor 0x00) to avoid duplicates
for (btGc=0; btGc<0x20; btGc++)
{
for (btGc = 0; btGc < 0x20; btGc++) {
// Copy the original candidates that are supplied
ncstates = *pcstates;
// Rollback the (candidate) cipher states with this input
if (css == CSS_RIGHT)
{
if (css == CSS_RIGHT) {
in = btGc << 3;
previous_right(in, &ncstates);
} else {
@ -477,11 +439,9 @@ static inline void previous_all_input(vector<cs_t> *pcstates, uint32_t gc_byte_i
previous_left(in, &ncstates);
}
for(itnew=ncstates.begin();itnew!=ncstates.end();++itnew)
{
for (itnew = ncstates.begin(); itnew != ncstates.end(); ++itnew) {
// Wipe away the invalid states
if (itnew->invalid == false)
{
if (itnew->invalid == false) {
itnew->Gc[gc_byte_index] = in;
prev_ncstates.push_back(*itnew);
}
@ -492,8 +452,7 @@ static inline void previous_all_input(vector<cs_t> *pcstates, uint32_t gc_byte_i
*pcstates = prev_ncstates;
}
static inline void search_gc_candidates_right(const uint64_t rstate_before_gc, const uint64_t rstate_after_gc, const uint8_t* Q, vector<cs_t>* pcstates)
{
static inline void search_gc_candidates_right(const uint64_t rstate_before_gc, const uint64_t rstate_after_gc, const uint8_t *Q, vector<cs_t> *pcstates) {
vector<cs_t>::iterator it;
vector<cs_t> csl_cand;
map<uint64_t, uint64_t> matchbox;
@ -503,8 +462,7 @@ static inline void search_gc_candidates_right(const uint64_t rstate_before_gc, c
cs_t state;
// Generate 2^20 different (5 bits) values for the first 4 Gc bytes (0,1,2,3)
for (counter=0; counter<0x100000; counter++)
{
for (counter = 0; counter < 0x100000; counter++) {
rstate = rstate_before_gc;
next_right_fast((counter >> 12) & 0xf8, &rstate);
next_right_fast((counter >> 7) & 0xf8, &rstate);
@ -533,11 +491,9 @@ static inline void search_gc_candidates_right(const uint64_t rstate_before_gc, c
pcstates->clear();
// Take the intersection of the corresponding states ~2^15 values (40-25 = 15 bits)
for(it=csl_cand.begin();it!=csl_cand.end();++it)
{
for (it = csl_cand.begin(); it != csl_cand.end(); ++it) {
itmatch = matchbox.find(it->r);
if (itmatch != matchbox.end())
{
if (itmatch != matchbox.end()) {
it->Gc[0] = (itmatch->second >> 12) & 0xf8;
it->Gc[1] = (itmatch->second >> 7) & 0xf8;
it->Gc[2] = (itmatch->second >> 2) & 0xf8;
@ -559,8 +515,7 @@ static inline void search_gc_candidates_right(const uint64_t rstate_before_gc, c
}
}
static inline void sm_left(const uint8_t* ks, uint8_t* mask, vector<cs_t>* pcstates)
{
static inline void sm_left(const uint8_t *ks, uint8_t *mask, vector<cs_t> *pcstates) {
map<uint64_t, cs_t> bincstates;
map<uint64_t, cs_t>::iterator it;
uint64_t counter, lstate;
@ -574,12 +529,10 @@ static inline void sm_left(const uint8_t* ks, uint8_t* mask, vector<cs_t>* pcsta
memset(&state, 0x00, sizeof(cs_t));
state.invalid = false;
for (counter=0; counter<0x800000000ull; counter++)
{
for (counter = 0; counter < 0x800000000ull; counter++) {
lstate = counter;
for (pos=0; pos<16; pos++)
{
for (pos = 0; pos < 16; pos++) {
lstate = (((lstate) >> 5) | ((uint64_t)left_addition[((lstate) & 0xf801f)] << 30));
lookup = &(lookup_left[((lstate) & 0xf801f)]);
lstate = (((lstate) >> 5) | ((uint64_t)lookup->addition << 30));
@ -600,18 +553,15 @@ static inline void sm_left(const uint8_t* ks, uint8_t* mask, vector<cs_t>* pcsta
}
// If we have parsed all 16 bytes of keystream, we have a valid CANDIDATE!
if (pos == 16)
{
if (pos == 16) {
// Count the total correct bits
bits = 0;
for (pos=0; pos<16; pos++)
{
for (pos = 0; pos < 16; pos++) {
// Get the next byte-value with correct bits
bt = correct_bits[pos];
// Count all the (correct) bits
for (bit=0; bit<8; bit++)
{
for (bit = 0; bit < 8; bit++) {
// When the bit is xored away (=zero), it was the same, so correct ;)
if ((bt & 0x01) == 0) bits++;
bt >>= 1;
@ -628,8 +578,7 @@ static inline void sm_left(const uint8_t* ks, uint8_t* mask, vector<cs_t>* pcsta
bincstates[(((uint64_t)bits) << 56) | counter] = state;
}
if ((counter&0xffffffffull) == 0)
{
if ((counter & 0xffffffffull) == 0) {
printf("%02.1f%%.", ((float)100 / 8) * (counter >> 32));
fflush(stdout);
}
@ -640,16 +589,14 @@ static inline void sm_left(const uint8_t* ks, uint8_t* mask, vector<cs_t>* pcsta
pcstates->clear();
// Copy the order the states from lowest-bin to highest-bin
for(it=bincstates.begin();it!=bincstates.end();++it)
{
for (it = bincstates.begin(); it != bincstates.end(); ++it) {
pcstates->push_back(it->second);
}
// Reverse the vector order (so the higest bin comes first)
reverse(pcstates->begin(), pcstates->end());
}
static inline void search_gc_candidates_left(const uint64_t lstate_before_gc, const uint8_t* Q, vector<cs_t>* pcstates)
{
static inline void search_gc_candidates_left(const uint64_t lstate_before_gc, const uint8_t *Q, vector<cs_t> *pcstates) {
vector<cs_t> csl_cand, csl_search;
vector<cs_t>::iterator itsearch, itcand;
map<uint64_t, uint64_t> matchbox;
@ -658,8 +605,7 @@ static inline void search_gc_candidates_left(const uint64_t lstate_before_gc, co
size_t counter;
// Generate 2^20 different (5 bits) values for the first 4 Gc bytes (0,1,2,3)
for (counter=0; counter<0x100000; counter++)
{
for (counter = 0; counter < 0x100000; counter++) {
lstate = lstate_before_gc;
next_left_fast((counter >> 15) & 0x1f, &lstate);
next_left_fast((counter >> 10) & 0x1f, &lstate);
@ -674,8 +620,7 @@ static inline void search_gc_candidates_left(const uint64_t lstate_before_gc, co
csl_cand = *pcstates;
pcstates->clear();
for(itcand=csl_cand.begin();itcand!=csl_cand.end();++itcand)
{
for (itcand = csl_cand.begin(); itcand != csl_cand.end(); ++itcand) {
csl_search.clear();
csl_search.push_back(*itcand);
@ -688,11 +633,9 @@ static inline void search_gc_candidates_left(const uint64_t lstate_before_gc, co
previous_all_input(&csl_search, 4, CSS_LEFT);
// Take the intersection of the corresponding states ~2^15 values (40-25 = 15 bits)
for(itsearch=csl_search.begin();itsearch!=csl_search.end();++itsearch)
{
for (itsearch = csl_search.begin(); itsearch != csl_search.end(); ++itsearch) {
itmatch = matchbox.find(itsearch->l);
if (itmatch != matchbox.end())
{
if (itmatch != matchbox.end()) {
itsearch->Gc[0] = (itmatch->second >> 15) & 0x1f;
itsearch->Gc[1] = (itmatch->second >> 10) & 0x1f;
itsearch->Gc[2] = (itmatch->second >> 5) & 0x1f;
@ -723,8 +666,7 @@ static inline void search_gc_candidates_left(const uint64_t lstate_before_gc, co
printf("\n");
}
void combine_valid_left_right_states(vector<cs_t>* plcstates, vector<cs_t>* prcstates, vector<uint64_t>* pgc_candidates)
{
void combine_valid_left_right_states(vector<cs_t> *plcstates, vector<cs_t> *prcstates, vector<uint64_t> *pgc_candidates) {
vector<cs_t>::iterator itl, itr;
size_t pos, count;
uint64_t gc;
@ -733,26 +675,20 @@ void combine_valid_left_right_states(vector<cs_t>* plcstates, vector<cs_t>* prcs
// Clean up the candidate list
pgc_candidates->clear();
count = 0;
for(itl=plcstates->begin();itl!=plcstates->end();++itl)
{
for(itr=prcstates->begin();itr!=prcstates->end();++itr)
{
for (itl = plcstates->begin(); itl != plcstates->end(); ++itl) {
for (itr = prcstates->begin(); itr != prcstates->end(); ++itr) {
valid = true;
// Check for left and right candidates that share the overlapping bits (8 x 2bits of Gc)
for (pos=0; pos<8; pos++)
{
if ((itl->Gc[pos] & 0x18) != (itr->Gc[pos] & 0x18))
{
for (pos = 0; pos < 8; pos++) {
if ((itl->Gc[pos] & 0x18) != (itr->Gc[pos] & 0x18)) {
valid = false;
break;
}
}
if (valid)
{
if (valid) {
gc = 0;
for (pos=0; pos<8; pos++)
{
for (pos = 0; pos < 8; pos++) {
gc <<= 8;
gc |= (itl->Gc[pos] | itr->Gc[pos]);
}
@ -768,8 +704,7 @@ void combine_valid_left_right_states(vector<cs_t>* plcstates, vector<cs_t>* prcs
printf("but only " _GREEN_("%lu")" were valid!\n", pgc_candidates->size());
}
int main(int argc, const char* argv[])
{
int main(int argc, const char *argv[]) {
size_t pos;
crypto_state_t ostate;
uint64_t rstate_before_gc, rstate_after_gc;
@ -807,8 +742,7 @@ int main(int argc, const char* argv[])
uint64_t nCh; // Reader challange
uint64_t nCi_1; // Card anwser
if ((argc != 2) && (argc != 5))
{
if ((argc != 2) && (argc != 5)) {
printf("SecureMemory recovery - (c) Radboud University Nijmegen\n\n");
printf("syntax: sma simulate\n");
printf(" sma <Ci> <Q> <Ch> <Ci+1>\n\n");
@ -818,38 +752,45 @@ int main(int argc, const char* argv[])
printf(_CYAN_("\nAuthentication info\n\n"));
// Check if this is a simulation
if (argc == 2)
{
if (argc == 2) {
// Generate random values for the key and randoms
srand((uint32_t)time(NULL));
for (pos = 0; pos<8; pos++)
{
for (pos = 0; pos < 8; pos++) {
Gc[pos] = rand();
Ci[pos] = rand();
Q[pos] = rand();
}
sm_auth(Gc, Ci, Q, Ch, Ci_1, &ostate);
printf(" Gc: "); print_bytes(Gc,8);
printf(" Gc: ");
print_bytes(Gc, 8);
} else {
sscanf(argv[1],"%016" SCNx64,&nCi); num_to_bytes(nCi,8,Ci);
sscanf(argv[2],"%016" SCNx64,&nQ); num_to_bytes(nQ,8,Q);
sscanf(argv[3],"%016" SCNx64,&nCh); num_to_bytes(nCh,8,Ch);
sscanf(argv[4],"%016" SCNx64,&nCi_1); num_to_bytes(nCi_1,8,Ci_1);
sscanf(argv[1], "%016" SCNx64, &nCi);
num_to_bytes(nCi, 8, Ci);
sscanf(argv[2], "%016" SCNx64, &nQ);
num_to_bytes(nQ, 8, Q);
sscanf(argv[3], "%016" SCNx64, &nCh);
num_to_bytes(nCh, 8, Ch);
sscanf(argv[4], "%016" SCNx64, &nCi_1);
num_to_bytes(nCi_1, 8, Ci_1);
printf(" Gc: unknown\n");
}
for (pos = 0; pos<8; pos++)
{
for (pos = 0; pos < 8; pos++) {
ks[2 * pos] = Ci_1[pos];
ks[(2 * pos) + 1] = Ch[pos];
}
printf(" Ci: "); print_bytes(Ci,8);
printf(" Q: "); print_bytes(Q,8);
printf(" Ch: "); print_bytes(Ch,8);
printf("Ci+1: "); print_bytes(Ci_1,8);
printf(" Ci: ");
print_bytes(Ci, 8);
printf(" Q: ");
print_bytes(Q, 8);
printf(" Ch: ");
print_bytes(Ch, 8);
printf("Ci+1: ");
print_bytes(Ci_1, 8);
printf("\n");
printf(" Ks: "); print_bytes(ks,16);
printf(" Ks: ");
print_bytes(ks, 16);
printf("\n");
printf("Initializing lookup tables for increasing cipher speed\n");
@ -861,8 +802,7 @@ int main(int argc, const char* argv[])
// Load in the ci (tag-nonce), together with the first half of Q (reader-nonce)
rstate_before_gc = 0;
lstate_before_gc = 0;
for (pos = 0; pos < 4; pos++)
{
for (pos = 0; pos < 4; pos++) {
next_right_fast(Ci[2 * pos ], &rstate_before_gc);
next_right_fast(Ci[2 * pos + 1], &rstate_before_gc);
next_right_fast(Q[pos], &rstate_before_gc);
@ -877,13 +817,11 @@ int main(int argc, const char* argv[])
printf("Top-bin for the right state contains " _GREEN_("%d")" correct bits\n", rbits);
printf("Total count of right bins: " _YELLOW_("%lu") "\n", (unsigned long)rstates.size());
if (rbits < 96)
{
if (rbits < 96) {
printf(_RED_("\n WARNING!!! Better find another trace, the right top-bin is < 96 bits\n\n"));
}
for(itrstates=rstates.begin();itrstates!=rstates.end();++itrstates)
{
for (itrstates = rstates.begin(); itrstates != rstates.end(); ++itrstates) {
rstate_after_gc = *itrstates;
sm_left_mask(ks, mask, rstate_after_gc);
printf("Using the state from the top-right bin: " _YELLOW_("0x%07" PRIx64)"\n", rstate_after_gc);
@ -905,12 +843,10 @@ int main(int argc, const char* argv[])
combine_valid_left_right_states(&clstates, &crstates, &pgc_candidates);
printf("Filtering the correct one using the middle part\n");
for(itgc=pgc_candidates.begin();itgc!=pgc_candidates.end();++itgc)
{
for (itgc = pgc_candidates.begin(); itgc != pgc_candidates.end(); ++itgc) {
num_to_bytes(*itgc, 8, Gc_chk);
sm_auth(Gc_chk, Ci, Q, Ch_chk, Ci_1_chk, &ostate);
if ((memcmp(Ch_chk,Ch,8) == 0) && (memcmp(Ci_1_chk,Ci_1,8) == 0))
{
if ((memcmp(Ch_chk, Ch, 8) == 0) && (memcmp(Ci_1_chk, Ci_1, 8) == 0)) {
printf("\nFound valid key: " _GREEN_("%016" PRIx64)"\n\n", *itgc);
return 0;
}

30
tools/cryptorf/sma_multi.cpp
View file

@ -1021,12 +1021,17 @@ int main(int argc, const char* argv[]) {
Q[pos] = rand();
}
sm_auth(Gc, Ci, Q, Ch, Ci_1, &ostate);
printf(" Gc: "); print_bytes(Gc,8);
printf(" Gc: ");
print_bytes(Gc, 8);
} else {
sscanf(argv[1],"%016" SCNx64,&nCi); num_to_bytes(nCi,8,Ci);
sscanf(argv[2],"%016" SCNx64,&nQ); num_to_bytes(nQ,8,Q);
sscanf(argv[3],"%016" SCNx64,&nCh); num_to_bytes(nCh,8,Ch);
sscanf(argv[4],"%016" SCNx64,&nCi_1); num_to_bytes(nCi_1,8,Ci_1);
sscanf(argv[1], "%016" SCNx64, &nCi);
num_to_bytes(nCi, 8, Ci);
sscanf(argv[2], "%016" SCNx64, &nQ);
num_to_bytes(nQ, 8, Q);
sscanf(argv[3], "%016" SCNx64, &nCh);
num_to_bytes(nCh, 8, Ch);
sscanf(argv[4], "%016" SCNx64, &nCi_1);
num_to_bytes(nCi_1, 8, Ci_1);
printf(" Gc: unknown\n");
}
@ -1035,12 +1040,17 @@ int main(int argc, const char* argv[]) {
ks[(2 * pos) + 1] = Ch[pos];
}
printf(" Ci: "); print_bytes(Ci,8);
printf(" Q: "); print_bytes(Q,8);
printf(" Ch: "); print_bytes(Ch,8);
printf("Ci+1: "); print_bytes(Ci_1,8);
printf(" Ci: ");
print_bytes(Ci, 8);
printf(" Q: ");
print_bytes(Q, 8);
printf(" Ch: ");
print_bytes(Ch, 8);
printf("Ci+1: ");
print_bytes(Ci_1, 8);
printf("\n");
printf(" Ks: "); print_bytes(ks,16);
printf(" Ks: ");
print_bytes(ks, 16);
printf("\n");
printf("\nMultithreaded, will use " _YELLOW_("%u") " threads\n", g_num_cpus);

6
tools/cryptorf/util.c
View file

@ -1,16 +1,14 @@
#include "util.h"
#include <stdio.h>
void num_to_bytes(uint64_t n, size_t len, uint8_t *dst)
{
void num_to_bytes(uint64_t n, size_t len, uint8_t *dst) {
while (len--) {
dst[len] = (uint8_t)n;
n >>= 8;
}
}
void print_bytes(const uint8_t *pbtData, const size_t szLen)
{
void print_bytes(const uint8_t *pbtData, const size_t szLen) {
size_t uiPos;
for (uiPos = 0; uiPos < szLen; uiPos++) {
printf("%02x ", pbtData[uiPos]);