Get rid of polarssl (#717)

common/Makefile.common

@@ -63,7 +63,7 @@ endif
 
 
 # Also search prerequisites in the common directory (for usb.c), the fpga directory (for fpga.bit), and the zlib directory
-VPATH = . ../common ../common/crapto1 ../common/polarssl ../fpga ../zlib
+VPATH = . ../common ../common/crapto1 ../common/mbedtls ../fpga ../zlib
 
 INCLUDES = ../include/proxmark3.h ../include/at91sam7s512.h ../include/config_gpio.h ../include/usb_cmd.h $(APP_INCLUDES)
 

common/mbedtls/platform_util_arm.c

@@ -0,0 +1,68 @@
+/*
+ * Common and shared functions used by multiple modules in the Mbed TLS
+ * library.
+ *
+ *  Copyright (C) 2018, Arm Limited, All Rights Reserved
+ *  SPDX-License-Identifier: GPL-2.0
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "mbedtls/platform_util.h"
+
+#include <stddef.h>
+#include <string.h>
+
+#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
+/*
+ * This implementation should never be optimized out by the compiler
+ *
+ * This implementation for mbedtls_platform_zeroize() was inspired from Colin
+ * Percival's blog article at:
+ *
+ * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
+ *
+ * It uses a volatile function pointer to the standard memset(). Because the
+ * pointer is volatile the compiler expects it to change at
+ * any time and will not optimize out the call that could potentially perform
+ * other operations on the input buffer instead of just setting it to 0.
+ * Nevertheless, as pointed out by davidtgoldblatt on Hacker News
+ * (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for
+ * details), optimizations of the following form are still possible:
+ *
+ * if( memset_func != memset )
+ *     memset_func( buf, 0, len );
+ *
+ * Note that it is extremely difficult to guarantee that
+ * mbedtls_platform_zeroize() will not be optimized out by aggressive compilers
+ * in a portable way. For this reason, Mbed TLS also provides the configuration
+ * option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
+ * mbedtls_platform_zeroize() to use a suitable implementation for their
+ * platform and needs.
+ */
+
+void mbedtls_platform_zeroize( void *buf, size_t len )
+{
+    memset( buf, 0, len );
+}
+#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */

common/mbedtls/platform_util_arm.h

@@ -0,0 +1,64 @@
+/**
+ * \file platform_util.h
+ *
+ * \brief Common and shared functions used by multiple modules in the Mbed TLS
+ *        library.
+ */
+/*
+ *  Copyright (C) 2018, Arm Limited, All Rights Reserved
+ *  SPDX-License-Identifier: GPL-2.0
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PLATFORM_UTIL_H
+#define MBEDTLS_PLATFORM_UTIL_H
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief       Securely zeroize a buffer
+ *
+ *              The function is meant to wipe the data contained in a buffer so
+ *              that it can no longer be recovered even if the program memory
+ *              is later compromised. Call this function on sensitive data
+ *              stored on the stack before returning from a function, and on
+ *              sensitive data stored on the heap before freeing the heap
+ *              object.
+ *
+ *              It is extremely difficult to guarantee that calls to
+ *              mbedtls_platform_zeroize() are not removed by aggressive
+ *              compiler optimizations in a portable way. For this reason, Mbed
+ *              TLS provides the configuration option
+ *              MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
+ *              mbedtls_platform_zeroize() to use a suitable implementation for
+ *              their platform and needs
+ *
+ * \param buf   Buffer to be zeroized
+ * \param len   Length of the buffer in bytes
+ *
+ */
+void mbedtls_platform_zeroize( void *buf, size_t len );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_PLATFORM_UTIL_H */

common/polarssl/des.h

@@ -1,281 +0,0 @@
-/**
- * \file des.h
- *
- * \brief DES block cipher
- *
- *  Copyright (C) 2006-2013, Brainspark B.V.
- *
- *  This file is part of PolarSSL (http://www.polarssl.org)
- *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- *  All rights reserved.
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License along
- *  with this program; if not, write to the Free Software Foundation, Inc.,
- *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#ifndef POLARSSL_DES_H
-#define POLARSSL_DES_H
-
-//#include "config.h"
-/**
- * \def POLARSSL_CIPHER_MODE_CBC
- *
- * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
- */
-#define POLARSSL_CIPHER_MODE_CBC
- 
-#include <string.h>
-
-#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
-#include <basetsd.h>
-typedef UINT32 uint32_t;
-#else
-#include <inttypes.h>
-#endif
-
-#define DES_ENCRYPT     1
-#define DES_DECRYPT     0
-
-#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH              -0x0032  /**< The data input has an invalid length. */
-
-#define DES_KEY_SIZE    8
-
-#if !defined(POLARSSL_DES_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          DES context structure
- */
-typedef struct
-{
-	int mode;                   /*!<  encrypt/decrypt   */
-	uint32_t sk[32];            /*!<  DES subkeys       */
-}
-des_context;
-
-/**
- * \brief          Triple-DES context structure
- */
-typedef struct
-{
-	int mode;                   /*!<  encrypt/decrypt   */
-	uint32_t sk[96];            /*!<  3DES subkeys      */
-}
-des3_context;
-/*
- * Triple-DES key schedule (112-bit, encryption)
- */
-int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
-
-/*
- * Triple-DES key schedule (112-bit, decryption)
- */
-int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
-
-/*
- * Triple-DES key schedule (168-bit, encryption)
- */
-int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
-
-/*
- * Triple-DES key schedule (168-bit, decryption)
- */
-int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
-
-/**
- * \brief          Set key parity on the given key to odd.
- *
- *                 DES keys are 56 bits long, but each byte is padded with
- *                 a parity bit to allow verification.
- *
- * \param key      8-byte secret key
- */
-void des_key_set_parity( unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief          Check that key parity on the given key is odd.
- *
- *                 DES keys are 56 bits long, but each byte is padded with
- *                 a parity bit to allow verification.
- *
- * \param key      8-byte secret key
- *
- * \return         0 is parity was ok, 1 if parity was not correct.
- */
-int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief          Check that key is not a weak or semi-weak DES key
- *
- * \param key      8-byte secret key
- *
- * \return         0 if no weak key was found, 1 if a weak key was identified.
- */
-int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief          DES key schedule (56-bit, encryption)
- *
- * \param ctx      DES context to be initialized
- * \param key      8-byte secret key
- *
- * \return         0
- */
-int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief          DES key schedule (56-bit, decryption)
- *
- * \param ctx      DES context to be initialized
- * \param key      8-byte secret key
- *
- * \return         0
- */
-int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief          Triple-DES key schedule (112-bit, encryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      16-byte secret key
- *
- * \return         0
- */
-int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
-
-/**
- * \brief          Triple-DES key schedule (112-bit, decryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      16-byte secret key
- *
- * \return         0
- */
-int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
-
-/**
- * \brief          Triple-DES key schedule (168-bit, encryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      24-byte secret key
- *
- * \return         0
- */
-int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
-
-/**
- * \brief          Triple-DES key schedule (168-bit, decryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      24-byte secret key
- *
- * \return         0
- */
-int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
-
-/**
- * \brief          DES-ECB block encryption/decryption
- *
- * \param ctx      DES context
- * \param input    64-bit input block
- * \param output   64-bit output block
- *
- * \return         0 if successful
- */
-int des_crypt_ecb( des_context *ctx,
-					const unsigned char input[8],
-					unsigned char output[8] );
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
-/**
- * \brief          DES-CBC buffer encryption/decryption
- *
- * \param ctx      DES context
- * \param mode     DES_ENCRYPT or DES_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- */
-int des_crypt_cbc( des_context *ctx,
-					int mode,
-					size_t length,
-					unsigned char iv[8],
-					const unsigned char *input,
-					unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
-/**
- * \brief          3DES-ECB block encryption/decryption
- *
- * \param ctx      3DES context
- * \param input    64-bit input block
- * \param output   64-bit output block
- *
- * \return         0 if successful
- */
-int des3_crypt_ecb( des3_context *ctx,
-					 const unsigned char input[8],
-					 unsigned char output[8] );
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
-/**
- * \brief          3DES-CBC buffer encryption/decryption
- *
- * \param ctx      3DES context
- * \param mode     DES_ENCRYPT or DES_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \return         0 if successful, or POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
- */
-int des3_crypt_cbc( des3_context *ctx,
-					 int mode,
-					 size_t length,
-					 unsigned char iv[8],
-					 const unsigned char *input,
-					 unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* POLARSSL_DES_ALT */
-#include "des_alt.h"
-#endif /* POLARSSL_DES_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int des_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* des.h */