github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge branch 'master' of https://github.com/RfidResearchGroup/proxmark3

Browse source
This commit is contained in:
iceman1001 2019-07-28 09:22:30 +02:00
commit c5b8df449d
9 changed files with 152 additions and 150 deletions
Download patch file Download diff file Expand all files Collapse all files

42
armsrc/lfops.c
View file

@ -170,42 +170,42 @@ void printT55xxConfig(void) {
Dbprintf(_YELLOW_("1 of 4 coding reference")); Dbprintf(_YELLOW_("1 of 4 coding reference"));
break; break;
} }
if ( T55xx_Timing.m[i].start_gap != 0xFFFF ) if (T55xx_Timing.m[i].start_gap != 0xFFFF)
Dbprintf(" [a] startgap............%d*8 (%d)", T55xx_Timing.m[i].start_gap / 8, T55xx_Timing.m[i].start_gap); Dbprintf(" [a] startgap............%d*8 (%d)", T55xx_Timing.m[i].start_gap / 8, T55xx_Timing.m[i].start_gap);
else else
Dbprintf(" [a] startgap............" _RED_("unconfigured") ); Dbprintf(" [a] startgap............" _RED_("unconfigured"));
if ( T55xx_Timing.m[i].write_gap != 0xFFFF ) if (T55xx_Timing.m[i].write_gap != 0xFFFF)
Dbprintf(" [b] writegap............%d*8 (%d)", T55xx_Timing.m[i].write_gap / 8, T55xx_Timing.m[i].write_gap); Dbprintf(" [b] writegap............%d*8 (%d)", T55xx_Timing.m[i].write_gap / 8, T55xx_Timing.m[i].write_gap);
else else
Dbprintf(" [b] writegap............" _RED_("unconfigured") ); Dbprintf(" [b] writegap............" _RED_("unconfigured"));
if ( T55xx_Timing.m[i].write_0 != 0xFFFF ) if (T55xx_Timing.m[i].write_0 != 0xFFFF)
Dbprintf(" [c] write_0.............%d*8 (%d)", T55xx_Timing.m[i].write_0 / 8, T55xx_Timing.m[i].write_0); Dbprintf(" [c] write_0.............%d*8 (%d)", T55xx_Timing.m[i].write_0 / 8, T55xx_Timing.m[i].write_0);
else else
Dbprintf(" [c] write_0............." _RED_("unconfigured") ); Dbprintf(" [c] write_0............." _RED_("unconfigured"));
if ( T55xx_Timing.m[i].write_1 != 0xFFFF ) if (T55xx_Timing.m[i].write_1 != 0xFFFF)
Dbprintf(" [d] write_1.............%d*8 (%d)", T55xx_Timing.m[i].write_1 / 8, T55xx_Timing.m[i].write_1); Dbprintf(" [d] write_1.............%d*8 (%d)", T55xx_Timing.m[i].write_1 / 8, T55xx_Timing.m[i].write_1);
else else
Dbprintf(" [d] write_1............." _RED_("unconfigured") ); Dbprintf(" [d] write_1............." _RED_("unconfigured"));
if ( T55xx_Timing.m[i].read_gap != 0xFFFF ) if (T55xx_Timing.m[i].read_gap != 0xFFFF)
Dbprintf(" [e] readgap.............%d*8 (%d)", T55xx_Timing.m[i].read_gap / 8, T55xx_Timing.m[i].read_gap); Dbprintf(" [e] readgap.............%d*8 (%d)", T55xx_Timing.m[i].read_gap / 8, T55xx_Timing.m[i].read_gap);
else else
Dbprintf(" [e] readgap............." _RED_("unconfigured") ); Dbprintf(" [e] readgap............." _RED_("unconfigured"));
if (i == T55XX_DLMODE_1OF4) { if (i == T55XX_DLMODE_1OF4) {
if ( T55xx_Timing.m[i].write_2 != 0xFFFF ) if (T55xx_Timing.m[i].write_2 != 0xFFFF)
Dbprintf(" [f] write_2.............%d*8 (%d)", T55xx_Timing.m[i].write_2 / 8, T55xx_Timing.m[i].write_2); Dbprintf(" [f] write_2.............%d*8 (%d)", T55xx_Timing.m[i].write_2 / 8, T55xx_Timing.m[i].write_2);
else else
Dbprintf(" [f] write_2............." _RED_("unconfigured") ); Dbprintf(" [f] write_2............." _RED_("unconfigured"));
if ( T55xx_Timing.m[i].write_3 != 0xFFFF ) if (T55xx_Timing.m[i].write_3 != 0xFFFF)
Dbprintf(" [g] write_3.............%d*8 (%d)", T55xx_Timing.m[i].write_3 / 8, T55xx_Timing.m[i].write_3); Dbprintf(" [g] write_3.............%d*8 (%d)", T55xx_Timing.m[i].write_3 / 8, T55xx_Timing.m[i].write_3);
else else
Dbprintf(" [f] write_3............." _RED_("unconfigured") ); Dbprintf(" [f] write_3............." _RED_("unconfigured"));
} }
} }
} }

6
client/cmdhffido.c
View file

@ -349,7 +349,7 @@ static int CmdHFFidoRegister(const char *cmd) {
res = ecdsa_signature_verify(MBEDTLS_ECP_DP_SECP256R1, public_key, xbuf, xbuflen, &buf[hashp], len - hashp, true); res = ecdsa_signature_verify(MBEDTLS_ECP_DP_SECP256R1, public_key, xbuf, xbuflen, &buf[hashp], len - hashp, true);
if (res) { if (res) {
if (res == MBEDTLS_ERR_ECP_VERIFY_FAILED) { if (res == MBEDTLS_ERR_ECP_VERIFY_FAILED) {
PrintAndLogEx(WARNING, "Signature is" _RED_("NOT VALID") ); PrintAndLogEx(WARNING, "Signature is" _RED_("NOT VALID"));
} else { } else {
PrintAndLogEx(WARNING, "Other signature check error: %x %s", (res < 0) ? -res : res, ecdsa_get_error(res)); PrintAndLogEx(WARNING, "Other signature check error: %x %s", (res < 0) ? -res : res, ecdsa_get_error(res));
} }
@ -575,12 +575,12 @@ static int CmdHFFidoAuthenticate(const char *cmd) {
res = ecdsa_signature_verify(MBEDTLS_ECP_DP_SECP256R1, public_key, xbuf, xbuflen, &buf[5], len - 5, true); res = ecdsa_signature_verify(MBEDTLS_ECP_DP_SECP256R1, public_key, xbuf, xbuflen, &buf[5], len - 5, true);
if (res) { if (res) {
if (res == MBEDTLS_ERR_ECP_VERIFY_FAILED) { if (res == MBEDTLS_ERR_ECP_VERIFY_FAILED) {
PrintAndLogEx(WARNING, "Signature is" _RED_("NOT VALID.") ); PrintAndLogEx(WARNING, "Signature is" _RED_("NOT VALID."));
} else { } else {
PrintAndLogEx(WARNING, "Other signature check error: %x %s", (res < 0) ? -res : res, ecdsa_get_error(res)); PrintAndLogEx(WARNING, "Other signature check error: %x %s", (res < 0) ? -res : res, ecdsa_get_error(res));
} }
} else { } else {
PrintAndLogEx(SUCCESS, "Signature is" _GREEN_("OK") ); PrintAndLogEx(SUCCESS, "Signature is" _GREEN_("OK"));
} }
} else { } else {
PrintAndLogEx(WARNING, "No public key provided. can't check signature."); PrintAndLogEx(WARNING, "No public key provided. can't check signature.");

66
client/cmdhfmfu.c
View file

@ -226,24 +226,26 @@ uint8_t default_pwd_pack[KEYS_PWD_COUNT][4] = {
}; };
#define PUBLIC_ECDA_KEYLEN 33 #define PUBLIC_ECDA_KEYLEN 33
// known public keys for the originality check (source: https://github.com/alexbatalov/node-nxp-originality-verifier) // known public keys for the originality check (source: https://github.com/alexbatalov/node-nxp-originality-verifier)
// ref: AN11350 NTAG 21x Originality Signature Validation // ref: AN11350 NTAG 21x Originality Signature Validation
// ref: AN11341 MIFARE Ultralight EV1 Originality Signature Validation // ref: AN11341 MIFARE Ultralight EV1 Originality Signature Validation
uint8_t public_keys[2][PUBLIC_ECDA_KEYLEN] = { uint8_t public_keys[2][PUBLIC_ECDA_KEYLEN] = {
// UL, NTAG21x and NDEF // UL, NTAG21x and NDEF
{ 0x04,0x49,0x4e,0x1a,0x38,0x6d,0x3d,0x3c, {
0xfe,0x3d,0xc1,0x0e,0x5d,0xe6,0x8a,0x49, 0x04, 0x49, 0x4e, 0x1a, 0x38, 0x6d, 0x3d, 0x3c,
0x9b,0x1c,0x20,0x2d,0xb5,0xb1,0x32,0x39, 0xfe, 0x3d, 0xc1, 0x0e, 0x5d, 0xe6, 0x8a, 0x49,
0x3e,0x89,0xed,0x19,0xfe,0x5b,0xe8,0xbc,0x61 0x9b, 0x1c, 0x20, 0x2d, 0xb5, 0xb1, 0x32, 0x39,
}, 0x3e, 0x89, 0xed, 0x19, 0xfe, 0x5b, 0xe8, 0xbc, 0x61
// UL EV1 },
{ 0x04,0x90,0x93,0x3b,0xdc,0xd6,0xe9,0x9b, // UL EV1
0x4e,0x25,0x5e,0x3d,0xa5,0x53,0x89,0xa8, {
0x27,0x56,0x4e,0x11,0x71,0x8e,0x01,0x72, 0x04, 0x90, 0x93, 0x3b, 0xdc, 0xd6, 0xe9, 0x9b,
0x92,0xfa,0xf2,0x32,0x26,0xa9,0x66,0x14,0xb8 0x4e, 0x25, 0x5e, 0x3d, 0xa5, 0x53, 0x89, 0xa8,
} 0x27, 0x56, 0x4e, 0x11, 0x71, 0x8e, 0x01, 0x72,
}; 0x92, 0xfa, 0xf2, 0x32, 0x26, 0xa9, 0x66, 0x14, 0xb8
}
};
#define MAX_UL_TYPES 22 #define MAX_UL_TYPES 22
@ -672,7 +674,7 @@ static int ul_print_default(uint8_t *data) {
else else
PrintAndLogEx(NORMAL, " BCC0 : %02X, crc should be %02X", data[3], crc0); PrintAndLogEx(NORMAL, " BCC0 : %02X, crc should be %02X", data[3], crc0);
int crc1 = uid[3] ^ uid[4] ^ uid[5] ^ uid[6]; int crc1 = uid[3] ^ uid[4] ^ uid[5] ^ uid[6];
if (data[8] == crc1) if (data[8] == crc1)
PrintAndLogEx(NORMAL, " BCC1 : %02X, Ok", data[8]); PrintAndLogEx(NORMAL, " BCC1 : %02X, Ok", data[8]);
else else
@ -992,20 +994,20 @@ static int ulev1_print_counters() {
return len; return len;
} }
static int ulev1_print_signature(TagTypeUL_t tagtype, uint8_t *uid, uint8_t *signature, size_t signature_len){ static int ulev1_print_signature(TagTypeUL_t tagtype, uint8_t *uid, uint8_t *signature, size_t signature_len) {
uint8_t public_key = 0; uint8_t public_key = 0;
if (tagtype == UL_EV1_48 || tagtype == UL_EV1_128) { if (tagtype == UL_EV1_48 || tagtype == UL_EV1_128) {
public_key = 1; public_key = 1;
} }
int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, public_keys[public_key], uid, 7, signature, signature_len, false); int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, public_keys[public_key], uid, 7, signature, signature_len, false);
bool is_valid = (res == 0); bool is_valid = (res == 0);
PrintAndLogEx(NORMAL, "\n--- Tag Signature"); PrintAndLogEx(NORMAL, "\n--- Tag Signature");
PrintAndLogEx(NORMAL, "IC signature public key name : NXP NTAG21x (2013)"); PrintAndLogEx(NORMAL, "IC signature public key name : NXP NTAG21x (2013)");
PrintAndLogEx(NORMAL, "IC signature public key value : %s", sprint_hex(public_keys[public_key], PUBLIC_ECDA_KEYLEN)); PrintAndLogEx(NORMAL, "IC signature public key value : %s", sprint_hex(public_keys[public_key], PUBLIC_ECDA_KEYLEN));
PrintAndLogEx(NORMAL, " Elliptic curve parameters : NID_secp128r1"); PrintAndLogEx(NORMAL, " Elliptic curve parameters : NID_secp128r1");
PrintAndLogEx(NORMAL, " TAG IC Signature : %s", sprint_hex(signature, signature_len)); PrintAndLogEx(NORMAL, " TAG IC Signature : %s", sprint_hex(signature, signature_len));
PrintAndLogEx(NORMAL, "Signature verified %s", (is_valid) ? _GREEN_("successful") : _RED_("failed") ); PrintAndLogEx(NORMAL, "Signature verified %s", (is_valid) ? _GREEN_("successful") : _RED_("failed"));
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -1202,8 +1204,8 @@ static int CmdHF14AMfUInfo(const char *Cmd) {
uint8_t *key = pwd; uint8_t *key = pwd;
uint8_t pack[4] = {0, 0, 0, 0}; uint8_t pack[4] = {0, 0, 0, 0};
int len; int len;
uint8_t uid[7]; uint8_t uid[7];
char tempStr[50]; char tempStr[50];
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
@ -1254,8 +1256,8 @@ static int CmdHF14AMfUInfo(const char *Cmd) {
PrintAndLogEx(ERR, "Error: tag didn't answer to READ"); PrintAndLogEx(ERR, "Error: tag didn't answer to READ");
return PM3_ESOFT; return PM3_ESOFT;
} else if (status == 16) { } else if (status == 16) {
memcpy(uid, data, 3); memcpy(uid, data, 3);
memcpy(uid + 3, data + 4, 4); memcpy(uid + 3, data + 4, 4);
ul_print_default(data); ul_print_default(data);
ndef_print_CC(data + 12); ndef_print_CC(data + 12);
} else { } else {
@ -1332,8 +1334,8 @@ static int CmdHF14AMfUInfo(const char *Cmd) {
return PM3_ESOFT; return PM3_ESOFT;
} }
if (status == 32) { if (status == 32) {
ulev1_print_signature(tagtype, uid, ulev1_signature, sizeof(ulev1_signature)); ulev1_print_signature(tagtype, uid, ulev1_signature, sizeof(ulev1_signature));
} else { } else {
// re-select // re-select
if (ul_auth_select(&card, tagtype, hasAuthKey, authkeyptr, pack, sizeof(pack)) == PM3_ESOFT) return PM3_ESOFT; if (ul_auth_select(&card, tagtype, hasAuthKey, authkeyptr, pack, sizeof(pack)) == PM3_ESOFT) return PM3_ESOFT;
} }

140
client/crypto/libpcrypto.c
View file

@ -128,7 +128,7 @@ static int ecdsa_init_str(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id curv
int res; int res;
mbedtls_ecdsa_init(ctx); mbedtls_ecdsa_init(ctx);
res = mbedtls_ecp_group_load(&ctx->grp, curveid); res = mbedtls_ecp_group_load(&ctx->grp, curveid);
if (res) if (res)
return res; return res;
@ -154,19 +154,19 @@ static int ecdsa_init(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id curveid,
int res; int res;
mbedtls_ecdsa_init(ctx); mbedtls_ecdsa_init(ctx);
res = mbedtls_ecp_group_load(&ctx->grp, curveid); res = mbedtls_ecp_group_load(&ctx->grp, curveid);
if (res) if (res)
return res; return res;
size_t keylen = (ctx->grp.nbits + 7 ) / 8; size_t keylen = (ctx->grp.nbits + 7) / 8;
if (key_d) { if (key_d) {
res = mbedtls_mpi_read_binary(&ctx->d, key_d, keylen); res = mbedtls_mpi_read_binary(&ctx->d, key_d, keylen);
if (res) if (res)
return res; return res;
} }
if (key_xy) { if (key_xy) {
res = mbedtls_ecp_point_read_binary(&ctx->grp, &ctx->Q, key_xy, keylen * 2 + 1); res = mbedtls_ecp_point_read_binary(&ctx->grp, &ctx->Q, key_xy, keylen * 2 + 1);
if (res) if (res)
return res; return res;
} }
@ -195,22 +195,22 @@ int ecdsa_key_create(mbedtls_ecp_group_id curveid, uint8_t *key_d, uint8_t *key_
if (res) if (res)
goto exit; goto exit;
size_t keylen = (ctx.grp.nbits + 7) / 8; size_t keylen = (ctx.grp.nbits + 7) / 8;
res = mbedtls_mpi_write_binary(&ctx.d, key_d, keylen); res = mbedtls_mpi_write_binary(&ctx.d, key_d, keylen);
if (res) if (res)
goto exit; goto exit;
size_t public_keylen = 0; size_t public_keylen = 0;
uint8_t public_key[200] = {0}; uint8_t public_key[200] = {0};
res = mbedtls_ecp_point_write_binary(&ctx.grp, &ctx.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &public_keylen, public_key, sizeof(public_key)); res = mbedtls_ecp_point_write_binary(&ctx.grp, &ctx.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &public_keylen, public_key, sizeof(public_key));
if (res) if (res)
goto exit; goto exit;
if (public_keylen != 1 + 2 * keylen) { // 0x04 <key x><key y> if (public_keylen != 1 + 2 * keylen) { // 0x04 <key x><key y>
res = 1; res = 1;
goto exit; goto exit;
} }
memcpy(key_xy, public_key, public_keylen); memcpy(key_xy, public_key, public_keylen);
exit: exit:
mbedtls_entropy_free(&entropy); mbedtls_entropy_free(&entropy);
@ -233,22 +233,22 @@ int ecdsa_public_key_from_pk(mbedtls_pk_context *pk, mbedtls_ecp_group_id curve
mbedtls_ecdsa_context ctx; mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx); mbedtls_ecdsa_init(&ctx);
res = mbedtls_ecp_group_load(&ctx.grp, curveid); res = mbedtls_ecp_group_load(&ctx.grp, curveid);
if (res) if (res)
goto exit; goto exit;
size_t private_keylen = (ctx.grp.nbits + 7) / 8; size_t private_keylen = (ctx.grp.nbits + 7) / 8;
if (keylen < 1 + 2 * private_keylen) { if (keylen < 1 + 2 * private_keylen) {
res = 1; res = 1;
goto exit; goto exit;
} }
res = mbedtls_ecdsa_from_keypair(&ctx, mbedtls_pk_ec(*pk)); res = mbedtls_ecdsa_from_keypair(&ctx, mbedtls_pk_ec(*pk));
if (res) if (res)
goto exit; goto exit;
res = mbedtls_ecp_point_write_binary(&ctx.grp, &ctx.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &realkeylen, key, keylen); res = mbedtls_ecp_point_write_binary(&ctx.grp, &ctx.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &realkeylen, key, keylen);
if (realkeylen != 1 + 2 * private_keylen) if (realkeylen != 1 + 2 * private_keylen)
res = 2; res = 2;
exit: exit:
mbedtls_ecdsa_free(&ctx); mbedtls_ecdsa_free(&ctx);
@ -277,16 +277,16 @@ int ecdsa_signature_create(mbedtls_ecp_group_id curveid, uint8_t *key_d, uint8_t
mbedtls_ecdsa_context ctx; mbedtls_ecdsa_context ctx;
ecdsa_init(&ctx, curveid, key_d, key_xy); ecdsa_init(&ctx, curveid, key_d, key_xy);
res = mbedtls_ecdsa_write_signature( res = mbedtls_ecdsa_write_signature(
&ctx, &ctx,
MBEDTLS_MD_SHA256, MBEDTLS_MD_SHA256,
hash ? shahash : input, hash ? shahash : input,
hash ? sizeof(shahash) : length, hash ? sizeof(shahash) : length,
signature, signature,
signaturelen, signaturelen,
mbedtls_ctr_drbg_random, mbedtls_ctr_drbg_random,
&ctr_drbg &ctr_drbg
); );
exit: exit:
@ -323,14 +323,14 @@ static int ecdsa_signature_verify_keystr(mbedtls_ecp_group_id curveid, const cha
return res; return res;
mbedtls_ecdsa_context ctx; mbedtls_ecdsa_context ctx;
ecdsa_init_str(&ctx, curveid, NULL, key_x, key_y); ecdsa_init_str(&ctx, curveid, NULL, key_x, key_y);
res = mbedtls_ecdsa_read_signature( res = mbedtls_ecdsa_read_signature(
&ctx, &ctx,
hash ? shahash : input, hash ? shahash : input,
hash ? sizeof(shahash) : length, hash ? sizeof(shahash) : length,
signature, signature,
signaturelen signaturelen
); );
mbedtls_ecdsa_free(&ctx); mbedtls_ecdsa_free(&ctx);
return res; return res;
@ -339,21 +339,21 @@ static int ecdsa_signature_verify_keystr(mbedtls_ecp_group_id curveid, const cha
int ecdsa_signature_verify(mbedtls_ecp_group_id curveid, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t signaturelen, bool hash) { int ecdsa_signature_verify(mbedtls_ecp_group_id curveid, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t signaturelen, bool hash) {
int res; int res;
uint8_t shahash[32] = {0}; uint8_t shahash[32] = {0};
if (hash) { if (hash) {
res = sha256hash(input, length, shahash); res = sha256hash(input, length, shahash);
if (res) if (res)
return res; return res;
} }
mbedtls_ecdsa_context ctx; mbedtls_ecdsa_context ctx;
res = ecdsa_init(&ctx, curveid, NULL, key_xy); res = ecdsa_init(&ctx, curveid, NULL, key_xy);
res = mbedtls_ecdsa_read_signature( res = mbedtls_ecdsa_read_signature(
&ctx, &ctx,
hash ? shahash : input, hash ? shahash : input,
hash ? sizeof(shahash) : length, hash ? sizeof(shahash) : length,
signature, signature,
signaturelen signaturelen
); );
mbedtls_ecdsa_free(&ctx); mbedtls_ecdsa_free(&ctx);
return res; return res;
@ -362,27 +362,27 @@ int ecdsa_signature_verify(mbedtls_ecp_group_id curveid, uint8_t *key_xy, uint8_
int ecdsa_signature_r_s_verify(mbedtls_ecp_group_id curveid, uint8_t *key_xy, uint8_t *input, int length, uint8_t *r_s, size_t r_s_len, bool hash) { int ecdsa_signature_r_s_verify(mbedtls_ecp_group_id curveid, uint8_t *key_xy, uint8_t *input, int length, uint8_t *r_s, size_t r_s_len, bool hash) {
int res; int res;
uint8_t signature[MBEDTLS_ECDSA_MAX_LEN]; uint8_t signature[MBEDTLS_ECDSA_MAX_LEN];
size_t signature_len; size_t signature_len;
// convert r & s to ASN.1 signature // convert r & s to ASN.1 signature
mbedtls_mpi r, s; mbedtls_mpi r, s;
mbedtls_mpi_init(&r); mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s); mbedtls_mpi_init(&s);
mbedtls_mpi_read_binary(&r, r_s, r_s_len/2); mbedtls_mpi_read_binary(&r, r_s, r_s_len / 2);
mbedtls_mpi_read_binary(&s, r_s + r_s_len/2, r_s_len/2); mbedtls_mpi_read_binary(&s, r_s + r_s_len / 2, r_s_len / 2);
res = ecdsa_signature_to_asn1(&r, &s, signature, &signature_len); res = ecdsa_signature_to_asn1(&r, &s, signature, &signature_len);
if (res < 0) { if (res < 0) {
return res; return res;
} }
res = ecdsa_signature_verify(curveid, key_xy, input, length, signature, signature_len, hash); res = ecdsa_signature_verify(curveid, key_xy, input, length, signature, signature_len, hash);
mbedtls_mpi_free(&r); mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s); mbedtls_mpi_free(&s);
return res; return res;
} }
@ -396,7 +396,7 @@ int ecdsa_signature_r_s_verify(mbedtls_ecp_group_id curveid, uint8_t *key_xy, ui
int ecdsa_nist_test(bool verbose) { int ecdsa_nist_test(bool verbose) {
int res; int res;
uint8_t input[] = "Example of ECDSA with P-256"; uint8_t input[] = "Example of ECDSA with P-256";
mbedtls_ecp_group_id curveid = MBEDTLS_ECP_DP_SECP256R1; mbedtls_ecp_group_id curveid = MBEDTLS_ECP_DP_SECP256R1;
int length = strlen((char *)input); int length = strlen((char *)input);
uint8_t signature[300] = {0}; uint8_t signature[300] = {0};
size_t siglen = 0; size_t siglen = 0;
@ -405,7 +405,7 @@ int ecdsa_nist_test(bool verbose) {
if (verbose) if (verbose)
printf(" ECDSA NIST test: "); printf(" ECDSA NIST test: ");
// make signature // make signature
res = ecdsa_signature_create_test(curveid, T_PRIVATE_KEY, T_Q_X, T_Q_Y, T_K, input, length, signature, &siglen); res = ecdsa_signature_create_test(curveid, T_PRIVATE_KEY, T_Q_X, T_Q_Y, T_K, input, length, signature, &siglen);
// printf("res: %x signature[%x]: %s\n", (res<0)?-res:res, siglen, sprint_hex(signature, siglen)); // printf("res: %x signature[%x]: %s\n", (res<0)?-res:res, siglen, sprint_hex(signature, siglen));
if (res) if (res)
goto exit; goto exit;
@ -429,13 +429,13 @@ int ecdsa_nist_test(bool verbose) {
} }
// verify signature // verify signature
res = ecdsa_signature_verify_keystr(curveid, T_Q_X, T_Q_Y, input, length, signature, siglen, true); res = ecdsa_signature_verify_keystr(curveid, T_Q_X, T_Q_Y, input, length, signature, siglen, true);
if (res) if (res)
goto exit; goto exit;
// verify wrong signature // verify wrong signature
input[0] ^= 0xFF; input[0] ^= 0xFF;
res = ecdsa_signature_verify_keystr(curveid, T_Q_X, T_Q_Y, input, length, signature, siglen, true); res = ecdsa_signature_verify_keystr(curveid, T_Q_X, T_Q_Y, input, length, signature, siglen, true);
if (!res) { if (!res) {
res = 1; res = 1;
goto exit; goto exit;
@ -452,20 +452,20 @@ int ecdsa_nist_test(bool verbose) {
memset(signature, 0x00, sizeof(signature)); memset(signature, 0x00, sizeof(signature));
siglen = 0; siglen = 0;
res = ecdsa_key_create(curveid, key_d, key_xy); res = ecdsa_key_create(curveid, key_d, key_xy);
if (res) if (res)
goto exit; goto exit;
res = ecdsa_signature_create(curveid, key_d, key_xy, input, length, signature, &siglen, true); res = ecdsa_signature_create(curveid, key_d, key_xy, input, length, signature, &siglen, true);
if (res) if (res)
goto exit; goto exit;
res = ecdsa_signature_verify(curveid, key_xy, input, length, signature, siglen, true); res = ecdsa_signature_verify(curveid, key_xy, input, length, signature, siglen, true);
if (res) if (res)
goto exit; goto exit;
input[0] ^= 0xFF; input[0] ^= 0xFF;
res = ecdsa_signature_verify(curveid, key_xy, input, length, signature, siglen, true); res = ecdsa_signature_verify(curveid, key_xy, input, length, signature, siglen, true);
if (!res) if (!res)
goto exit; goto exit;

2
client/crypto/libpcrypto.h
View file

@ -24,7 +24,7 @@ int aes_cmac8(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int lengt
int sha256hash(uint8_t *input, int length, uint8_t *hash); int sha256hash(uint8_t *input, int length, uint8_t *hash);
int sha512hash(uint8_t *input, int length, uint8_t *hash); int sha512hash(uint8_t *input, int length, uint8_t *hash);
int ecdsa_key_create(mbedtls_ecp_group_id curveid, uint8_t * key_d, uint8_t *key_xy); int ecdsa_key_create(mbedtls_ecp_group_id curveid, uint8_t *key_d, uint8_t *key_xy);
int ecdsa_public_key_from_pk(mbedtls_pk_context *pk, mbedtls_ecp_group_id curveid, uint8_t *key, size_t keylen); int ecdsa_public_key_from_pk(mbedtls_pk_context *pk, mbedtls_ecp_group_id curveid, uint8_t *key, size_t keylen);
int ecdsa_signature_create(mbedtls_ecp_group_id curveid, uint8_t *key_d, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t *signaturelen, bool hash); int ecdsa_signature_create(mbedtls_ecp_group_id curveid, uint8_t *key_d, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t *signaturelen, bool hash);
int ecdsa_signature_verify(mbedtls_ecp_group_id curveid, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t signaturelen, bool hash); int ecdsa_signature_verify(mbedtls_ecp_group_id curveid, uint8_t *key_xy, uint8_t *input, int length, uint8_t *signature, size_t signaturelen, bool hash);

4
client/fido/fidocore.c
View file

@ -262,7 +262,7 @@ int FIDOCheckDERAndGetKey(uint8_t *der, size_t derLen, bool verbose, uint8_t *pu
} }
// get public key // get public key
res = ecdsa_public_key_from_pk(&cert.pk, MBEDTLS_ECP_DP_SECP256R1, publicKey, publicKeyMaxLen); res = ecdsa_public_key_from_pk(&cert.pk, MBEDTLS_ECP_DP_SECP256R1, publicKey, publicKeyMaxLen);
if (res) { if (res) {
PrintAndLogEx(ERR, "ERROR: getting public key from certificate 0x%x - %s", (res < 0) ? -res : res, ecdsa_get_error(res)); PrintAndLogEx(ERR, "ERROR: getting public key from certificate 0x%x - %s", (res < 0) ? -res : res, ecdsa_get_error(res));
} else { } else {
@ -384,7 +384,7 @@ static int FIDO2CheckSignature(json_t *root, uint8_t *publickey, uint8_t *sign,
res = ecdsa_signature_verify(MBEDTLS_ECP_DP_SECP256R1, publickey, xbuf, xbuflen, sign, signLen, true); res = ecdsa_signature_verify(MBEDTLS_ECP_DP_SECP256R1, publickey, xbuf, xbuflen, sign, signLen, true);
if (res) { if (res) {
if (res == MBEDTLS_ERR_ECP_VERIFY_FAILED) { if (res == MBEDTLS_ERR_ECP_VERIFY_FAILED) {
PrintAndLogEx(WARNING, "Signature is " _RED_("NOT VALID") ); PrintAndLogEx(WARNING, "Signature is " _RED_("NOT VALID"));
} else { } else {
PrintAndLogEx(WARNING, "Other signature check error: %x %s", (res < 0) ? -res : res, ecdsa_get_error(res)); PrintAndLogEx(WARNING, "Other signature check error: %x %s", (res < 0) ? -res : res, ecdsa_get_error(res));
} }

2
common/mbedtls/ecdsa.c
View file

@ -287,7 +287,7 @@ cleanup:
* Convert a signature (given by context) to ASN.1 * Convert a signature (given by context) to ASN.1
*/ */
int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s, int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s,
unsigned char *sig, size_t *slen) { unsigned char *sig, size_t *slen) {
int ret; int ret;
unsigned char buf[MBEDTLS_ECDSA_MAX_LEN]; unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
unsigned char *p = buf + sizeof(buf); unsigned char *p = buf + sizeof(buf);

2
common/mbedtls/ecdsa.h
View file

@ -334,7 +334,7 @@ void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx);
*/ */
void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx); void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx);
int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s, unsigned char *sig, size_t *slen ); int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s, unsigned char *sig, size_t *slen);
#ifdef __cplusplus #ifdef __cplusplus
} }

38
common/mbedtls/ecp_curves.c
View file

@ -89,34 +89,34 @@
*/ */
#if defined(MBEDTLS_ECP_DP_SECP128R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP128R1_ENABLED)
static const mbedtls_mpi_uint secp128r1_p[] = { static const mbedtls_mpi_uint secp128r1_p[] = {
// 2^128 - 2^97 - 1 // TODO // 2^128 - 2^97 - 1 // TODO
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF ), BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF),
}; };
static const mbedtls_mpi_uint secp128r1_a[] = { static const mbedtls_mpi_uint secp128r1_a[] = {
// FFFFFFFDFFFFFFFF FFFFFFFFFFFFFFFC // FFFFFFFDFFFFFFFF FFFFFFFFFFFFFFFC
BYTES_TO_T_UINT_8( 0xFC, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), BYTES_TO_T_UINT_8(0xFC, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF ), BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF),
}; };
static const mbedtls_mpi_uint secp128r1_b[] = { static const mbedtls_mpi_uint secp128r1_b[] = {
// E87579C11079F43D D824993C2CEE5ED3 // E87579C11079F43D D824993C2CEE5ED3
BYTES_TO_T_UINT_8( 0xD3, 0x5E, 0xEE, 0x2C, 0x3C, 0x99, 0x24, 0xD8 ), BYTES_TO_T_UINT_8(0xD3, 0x5E, 0xEE, 0x2C, 0x3C, 0x99, 0x24, 0xD8),
BYTES_TO_T_UINT_8( 0x3D, 0xF4, 0x79, 0x10, 0xC1, 0x79, 0x75, 0xE8 ), BYTES_TO_T_UINT_8(0x3D, 0xF4, 0x79, 0x10, 0xC1, 0x79, 0x75, 0xE8),
}; };
static const mbedtls_mpi_uint secp128r1_gx[] = { static const mbedtls_mpi_uint secp128r1_gx[] = {
// 161FF7528B899B2D 0C28607CA52C5B86 // 161FF7528B899B2D 0C28607CA52C5B86
BYTES_TO_T_UINT_8( 0x86, 0x5B, 0x2C, 0xA5, 0x7C, 0x60, 0x28, 0x0C ), BYTES_TO_T_UINT_8(0x86, 0x5B, 0x2C, 0xA5, 0x7C, 0x60, 0x28, 0x0C),
BYTES_TO_T_UINT_8( 0x2D, 0x9B, 0x89, 0x8B, 0x52, 0xF7, 0x1F, 0x16 ), BYTES_TO_T_UINT_8(0x2D, 0x9B, 0x89, 0x8B, 0x52, 0xF7, 0x1F, 0x16),
}; };
static const mbedtls_mpi_uint secp128r1_gy[] = { static const mbedtls_mpi_uint secp128r1_gy[] = {
// CF5AC8395BAFEB13 C02DA292DDED7A83 // CF5AC8395BAFEB13 C02DA292DDED7A83
BYTES_TO_T_UINT_8( 0x83, 0x7A, 0xED, 0xDD, 0x92, 0xA2, 0x2D, 0xC0 ), BYTES_TO_T_UINT_8(0x83, 0x7A, 0xED, 0xDD, 0x92, 0xA2, 0x2D, 0xC0),
BYTES_TO_T_UINT_8( 0x13, 0xEB, 0xAF, 0x5B, 0x39, 0xC8, 0x5A, 0xCF ), BYTES_TO_T_UINT_8(0x13, 0xEB, 0xAF, 0x5B, 0x39, 0xC8, 0x5A, 0xCF),
}; };
static const mbedtls_mpi_uint secp128r1_n[] = { static const mbedtls_mpi_uint secp128r1_n[] = {
// FFFFFFFE00000000 75A30D1B9038A115 // FFFFFFFE00000000 75A30D1B9038A115
BYTES_TO_T_UINT_8( 0x15, 0xA1, 0x38, 0x90, 0x1B, 0x0D, 0xA3, 0x75 ), BYTES_TO_T_UINT_8(0x15, 0xA1, 0x38, 0x90, 0x1B, 0x0D, 0xA3, 0x75),
BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFE, 0xFF, 0xFF, 0xFF ), BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFE, 0xFF, 0xFF, 0xFF),
}; };
#endif /* MBEDTLS_ECP_DP_SECP128R1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP128R1_ENABLED */
@ -786,7 +786,7 @@ int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id) {
#if defined(MBEDTLS_ECP_DP_SECP128R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP128R1_ENABLED)
case MBEDTLS_ECP_DP_SECP128R1: case MBEDTLS_ECP_DP_SECP128R1:
grp->modp = NULL; grp->modp = NULL;
return( LOAD_GROUP_A( secp128r1 ) ); return (LOAD_GROUP_A(secp128r1));
#endif /* MBEDTLS_ECP_DP_SECP128R1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP128R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case MBEDTLS_ECP_DP_SECP192R1: case MBEDTLS_ECP_DP_SECP192R1: