Merge pull request #53 from merlokk/des

get rid of polarssl's Des

client/Makefile

@@ -108,7 +108,6 @@ CMDSRCS =	crapto1/crapto1.c \
 			mfkey.c \
 			tea.c \
 			fido/additional_ca.c \
-			polarssl/des.c \
 			crypto/libpcrypto.c\
 			crypto/asn1utils.c\
 			cliparser/argtable3.c\

client/cmdhficlass.c

@@ -766,8 +766,8 @@ int CmdHFiClassDecrypt(const char *Cmd) {
 			 hdr->csn[4],hdr->csn[5],hdr->csn[6],hdr->csn[7]);
 
 	// tripledes
-	des3_context ctx = { DES_DECRYPT ,{ 0 } };
+	mbedtls_des3_context ctx = { 0 };
-	des3_set2key_dec( &ctx, key);
+	mbedtls_des3_set2key_dec( &ctx, key);
 
 	uint8_t enc_dump[8] = {0};
 	uint8_t empty[8] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
@@ -778,7 +778,7 @@ int CmdHFiClassDecrypt(const char *Cmd) {
 		
 		// block 7 or higher,  and not empty 0xFF
 		if(blocknum > 6 &&  memcmp(enc_dump, empty, 8) != 0 ) {
-			des3_crypt_ecb(&ctx, enc_dump, decrypted + idx );
+			mbedtls_des3_crypt_ecb(&ctx, enc_dump, decrypted + idx );
 		}
 	}
 	
@@ -797,10 +797,10 @@ static int iClassEncryptBlkData(uint8_t *blkData) {
 	PrintAndLogEx(SUCCESS, "decryption file found");
 	uint8_t encryptedData[16];
 	uint8_t *encrypted = encryptedData;
-	des3_context ctx = { DES_DECRYPT ,{ 0 } };
+	mbedtls_des3_context ctx = { 0 };
-	des3_set2key_enc( &ctx, key);
+	mbedtls_des3_set2key_enc( &ctx, key);
 	
-	des3_crypt_ecb(&ctx, blkData,encrypted);
+	mbedtls_des3_crypt_ecb(&ctx, blkData,encrypted);
 	memcpy(blkData,encrypted,8);
 	return 1;
 }

client/cmdhficlass.h

@@ -22,7 +22,7 @@
 #include "common.h"
 #include "util.h"
 #include "comms.h"
-#include "des.h"
+#include "mbedtls/des.h"
 #include "loclass/cipherutils.h"
 #include "loclass/cipher.h"
 #include "loclass/ikeys.h"

client/cmdhfmfu.c

@@ -2441,11 +2441,11 @@ int CmdHF14AMfuGenDiverseKeys(const char *Cmd){
 	mix[6] = block ^ uid[2];
 	mix[7] = uid[3];
 	
-	des3_context ctx = { 0x00 };
+	mbedtls_des3_context ctx = { 0x00 };
-	des3_set2key_enc(&ctx, masterkey);
+	mbedtls_des3_set2key_enc(&ctx, masterkey);
 
-	des3_crypt_cbc(&ctx  // des3_context
+	mbedtls_des3_crypt_cbc(&ctx  // des3_context
-		, DES_ENCRYPT    // int mode
+		, MBEDTLS_DES_ENCRYPT    // int mode
 		, sizeof(mix)    // length
 		, iv             // iv[8]
 		, mix            // input
@@ -2478,10 +2478,10 @@ int CmdHF14AMfuGenDiverseKeys(const char *Cmd){
 	memcpy(dmkey+16, dkeyA, 8);
 	memset(iv, 0x00, 8);
 	
-	des3_set3key_enc(&ctx, dmkey);
+	mbedtls_des3_set3key_enc(&ctx, dmkey);
 
-	des3_crypt_cbc(&ctx  // des3_context
+	mbedtls_des3_crypt_cbc(&ctx  // des3_context
-		, DES_ENCRYPT    // int mode
+		, MBEDTLS_DES_ENCRYPT    // int mode
 		, sizeof(newpwd) // length
 		, iv             // iv[8]
 		, zeros         // input

client/cmdhfmfu.h

@@ -3,7 +3,7 @@
 
 #include <stdint.h>
 #include <stdio.h>
-#include "des.h"
+#include "mbedtls/des.h"
 #include "cmdhfmf.h"
 #include "cmdhf14a.h"
 #include "mifare.h"

client/loclass/elite_crack.c

@@ -45,7 +45,7 @@
 #include "ikeys.h"
 #include "elite_crack.h"
 #include "fileutils.h"
-#include "des.h"
+#include "mbedtls/des.h"
 #include "util_posix.h"
 
 /**
@@ -172,21 +172,21 @@ void rk(uint8_t *key, uint8_t n, uint8_t *outp_key) {
     return;
 }
 
-static des_context ctx_enc = {DES_ENCRYPT,{0}};
+static mbedtls_des_context ctx_enc = {0};
-static des_context ctx_dec = {DES_DECRYPT,{0}};
+static mbedtls_des_context ctx_dec = {0};
 
 void desdecrypt_iclass(uint8_t *iclass_key, uint8_t *input, uint8_t *output) {
     uint8_t key_std_format[8] = {0};
     permutekey_rev(iclass_key, key_std_format);
-    des_setkey_dec( &ctx_dec, key_std_format);
+    mbedtls_des_setkey_dec( &ctx_dec, key_std_format);
-    des_crypt_ecb(&ctx_dec,input,output);
+    mbedtls_des_crypt_ecb(&ctx_dec,input,output);
 }
 
 void desencrypt_iclass(uint8_t *iclass_key, uint8_t *input, uint8_t *output) {
     uint8_t key_std_format[8] = {0};
     permutekey_rev(iclass_key, key_std_format);
-    des_setkey_enc( &ctx_enc, key_std_format);
+    mbedtls_des_setkey_enc( &ctx_enc, key_std_format);
-    des_crypt_ecb(&ctx_enc,input,output);
+    mbedtls_des_crypt_ecb(&ctx_enc,input,output);
 }
 
 /**
@@ -431,7 +431,7 @@ int bruteforceItem(dumpdata item, uint16_t keytable[]) {
  * @return 0 for ok, 1 for failz
  */
 int calculateMasterKey(uint8_t first16bytes[], uint64_t master_key[] ){
-	des_context ctx_e = {DES_ENCRYPT,{0}};
+	mbedtls_des_context ctx_e = {0};
 
 	uint8_t z_0[8] = {0};
 	uint8_t y_0[8] = {0};
@@ -450,8 +450,8 @@ int calculateMasterKey(uint8_t first16bytes[], uint64_t master_key[] ){
 	permutekey_rev(z_0, z_0_rev);
 
 	// ~K_cus = DESenc(z[0], y[0])
-	des_setkey_enc( &ctx_e, z_0_rev );
+	mbedtls_des_setkey_enc( &ctx_e, z_0_rev );
-	des_crypt_ecb(&ctx_e, y_0, key64_negated);
+	mbedtls_des_crypt_ecb(&ctx_e, y_0, key64_negated);
 
 	int i;
 	for (i = 0; i < 8 ; i++)
@@ -462,8 +462,8 @@ int calculateMasterKey(uint8_t first16bytes[], uint64_t master_key[] ){
 	uint8_t key64_stdformat[8] = {0};
 	permutekey_rev(key64, key64_stdformat);
 
-	des_setkey_enc( &ctx_e, key64_stdformat );
+	mbedtls_des_setkey_enc( &ctx_e, key64_stdformat );
-	des_crypt_ecb(&ctx_e, key64_negated, result);
+	mbedtls_des_crypt_ecb(&ctx_e, key64_negated, result);
 	PrintAndLogDevice(NORMAL, "\n"); PrintAndLogDevice(SUCCESS, "-- High security custom key (Kcus) --");
 	printvar("[+] Standard format   ", key64_stdformat, 8);
 	printvar("[+] iClass format     ", key64, 8);

client/loclass/ikeys.c

@@ -65,12 +65,12 @@ From "Dismantling iclass":
 #include <inttypes.h>
 #include "fileutils.h"
 #include "cipherutils.h"
-#include "des.h"
+#include "mbedtls/des.h"
 
 uint8_t pi[35] = {0x0F,0x17,0x1B,0x1D,0x1E,0x27,0x2B,0x2D,0x2E,0x33,0x35,0x39,0x36,0x3A,0x3C,0x47,0x4B,0x4D,0x4E,0x53,0x55,0x56,0x59,0x5A,0x5C,0x63,0x65,0x66,0x69,0x6A,0x6C,0x71,0x72,0x74,0x78};
 
-static des_context ctx_enc = {DES_ENCRYPT,{0}};
+static mbedtls_des_context ctx_enc = {0};
-static des_context ctx_dec = {DES_DECRYPT,{0}};
+static mbedtls_des_context ctx_dec = {0};
 
 static int debug_print = 0;
 
@@ -370,12 +370,12 @@ void hash0(uint64_t c, uint8_t k[8])
 void diversifyKey(uint8_t csn[8], uint8_t key[8], uint8_t div_key[8])
 {
 	// Prepare the DES key
-	des_setkey_enc( &ctx_enc, key);
+	mbedtls_des_setkey_enc( &ctx_enc, key);
 
 	uint8_t crypted_csn[8] = {0};
 
 	// Calculate DES(CSN, KEY)
-	des_crypt_ecb(&ctx_enc,csn, crypted_csn);
+	mbedtls_des_crypt_ecb(&ctx_enc,csn, crypted_csn);
 
 	//Calculate HASH0(DES))
     uint64_t crypt_csn = x_bytes_to_num(crypted_csn, 8);
@@ -437,13 +437,13 @@ typedef struct
 	uint8_t div_key[8];
 } Testcase;
 
-int testDES(Testcase testcase, des_context ctx_enc, des_context ctx_dec)
+int testDES(Testcase testcase, mbedtls_des_context ctx_enc, mbedtls_des_context ctx_dec)
 {
 	uint8_t des_encrypted_csn[8] = {0};
 	uint8_t decrypted[8] = {0};
 	uint8_t div_key[8] = {0};
-	int retval = des_crypt_ecb(&ctx_enc,testcase.uid,des_encrypted_csn);
+	int retval = mbedtls_des_crypt_ecb(&ctx_enc,testcase.uid,des_encrypted_csn);
-	retval |= des_crypt_ecb(&ctx_dec,des_encrypted_csn,decrypted);
+	retval |= mbedtls_des_crypt_ecb(&ctx_dec,des_encrypted_csn,decrypted);
 
 	if(memcmp(testcase.uid,decrypted,8) != 0)
 	{
@@ -629,7 +629,7 @@ int testDES2(uint64_t csn, uint64_t expected) {
 	print64bits("   csn ", csn);
     x_num_to_bytes(csn, 8,input);
 
-	des_crypt_ecb(&ctx_enc,input, result);
+	mbedtls_des_crypt_ecb(&ctx_enc,input, result);
 
     uint64_t crypt_csn = x_bytes_to_num(result, 8);
 	print64bits("   {csn}    ", crypt_csn );
@@ -654,7 +654,7 @@ int doTestsWithKnownInputs() {
 	PrintAndLogDevice(SUCCESS, "Testing DES encryption");
 	uint8_t key[8] = {0x6c,0x8d,0x44,0xf9,0x2a,0x2d,0x01,0xbf};
 
-	des_setkey_enc( &ctx_enc, key);
+	mbedtls_des_setkey_enc( &ctx_enc, key);
 	testDES2(0xbbbbaaaabbbbeeee,0xd6ad3ca619659e6b);
 
 	PrintAndLogDevice(SUCCESS, "Testing hashing algorithm");
@@ -712,8 +712,8 @@ int doKeyTests(uint8_t debuglevel) {
 			PrintAndLogDevice(SUCCESS, "Key present");
 			PrintAndLogDevice(SUCCESS, "Checking key parity...");
 			des_checkParity(key);
-			des_setkey_enc( &ctx_enc, key);
+			mbedtls_des_setkey_enc( &ctx_enc, key);
-			des_setkey_dec( &ctx_dec, key);
+			mbedtls_des_setkey_dec( &ctx_dec, key);
 			// Test hashing functions
 			PrintAndLogDevice(SUCCESS, "The following tests require the correct 8-byte master key");
 			testKeyDiversificationWithMasterkeyTestcases();

common/polarssl/des.h

@@ -1,281 +0,0 @@
-/**
- * \file des.h
- *
- * \brief DES block cipher
- *
- *  Copyright (C) 2006-2013, Brainspark B.V.
- *
- *  This file is part of PolarSSL (http://www.polarssl.org)
- *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- *  All rights reserved.
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License along
- *  with this program; if not, write to the Free Software Foundation, Inc.,
- *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#ifndef POLARSSL_DES_H
-#define POLARSSL_DES_H
-
-//#include "config.h"
-/**
- * \def POLARSSL_CIPHER_MODE_CBC
- *
- * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
- */
-#define POLARSSL_CIPHER_MODE_CBC
- 
-#include <string.h>
-
-#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
-#include <basetsd.h>
-typedef UINT32 uint32_t;
-#else
-#include <inttypes.h>
-#endif
-
-#define DES_ENCRYPT     1
-#define DES_DECRYPT     0
-
-#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH              -0x0032  /**< The data input has an invalid length. */
-
-#define DES_KEY_SIZE    8
-
-#if !defined(POLARSSL_DES_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          DES context structure
- */
-typedef struct
-{
-	int mode;                   /*!<  encrypt/decrypt   */
-	uint32_t sk[32];            /*!<  DES subkeys       */
-}
-des_context;
-
-/**
- * \brief          Triple-DES context structure
- */
-typedef struct
-{
-	int mode;                   /*!<  encrypt/decrypt   */
-	uint32_t sk[96];            /*!<  3DES subkeys      */
-}
-des3_context;
-/*
- * Triple-DES key schedule (112-bit, encryption)
- */
-int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
-
-/*
- * Triple-DES key schedule (112-bit, decryption)
- */
-int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
-
-/*
- * Triple-DES key schedule (168-bit, encryption)
- */
-int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
-
-/*
- * Triple-DES key schedule (168-bit, decryption)
- */
-int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
-
-/**
- * \brief          Set key parity on the given key to odd.
- *
- *                 DES keys are 56 bits long, but each byte is padded with
- *                 a parity bit to allow verification.
- *
- * \param key      8-byte secret key
- */
-void des_key_set_parity( unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief          Check that key parity on the given key is odd.
- *
- *                 DES keys are 56 bits long, but each byte is padded with
- *                 a parity bit to allow verification.
- *
- * \param key      8-byte secret key
- *
- * \return         0 is parity was ok, 1 if parity was not correct.
- */
-int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief          Check that key is not a weak or semi-weak DES key
- *
- * \param key      8-byte secret key
- *
- * \return         0 if no weak key was found, 1 if a weak key was identified.
- */
-int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief          DES key schedule (56-bit, encryption)
- *
- * \param ctx      DES context to be initialized
- * \param key      8-byte secret key
- *
- * \return         0
- */
-int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief          DES key schedule (56-bit, decryption)
- *
- * \param ctx      DES context to be initialized
- * \param key      8-byte secret key
- *
- * \return         0
- */
-int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief          Triple-DES key schedule (112-bit, encryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      16-byte secret key
- *
- * \return         0
- */
-int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
-
-/**
- * \brief          Triple-DES key schedule (112-bit, decryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      16-byte secret key
- *
- * \return         0
- */
-int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
-
-/**
- * \brief          Triple-DES key schedule (168-bit, encryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      24-byte secret key
- *
- * \return         0
- */
-int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
-
-/**
- * \brief          Triple-DES key schedule (168-bit, decryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      24-byte secret key
- *
- * \return         0
- */
-int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
-
-/**
- * \brief          DES-ECB block encryption/decryption
- *
- * \param ctx      DES context
- * \param input    64-bit input block
- * \param output   64-bit output block
- *
- * \return         0 if successful
- */
-int des_crypt_ecb( des_context *ctx,
-					const unsigned char input[8],
-					unsigned char output[8] );
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
-/**
- * \brief          DES-CBC buffer encryption/decryption
- *
- * \param ctx      DES context
- * \param mode     DES_ENCRYPT or DES_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- */
-int des_crypt_cbc( des_context *ctx,
-					int mode,
-					size_t length,
-					unsigned char iv[8],
-					const unsigned char *input,
-					unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
-/**
- * \brief          3DES-ECB block encryption/decryption
- *
- * \param ctx      3DES context
- * \param input    64-bit input block
- * \param output   64-bit output block
- *
- * \return         0 if successful
- */
-int des3_crypt_ecb( des3_context *ctx,
-					 const unsigned char input[8],
-					 unsigned char output[8] );
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
-/**
- * \brief          3DES-CBC buffer encryption/decryption
- *
- * \param ctx      3DES context
- * \param mode     DES_ENCRYPT or DES_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \return         0 if successful, or POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
- */
-int des3_crypt_cbc( des3_context *ctx,
-					 int mode,
-					 size_t length,
-					 unsigned char iv[8],
-					 const unsigned char *input,
-					 unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* POLARSSL_DES_ALT */
-#include "des_alt.h"
-#endif /* POLARSSL_DES_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int des_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* des.h */