### Changed
- Improved backdoor detection missbehaving magic s50/1k tag (Fl0-0)
+- Deleted wipe functionality from `hf mf csetuid` (Merlok)
+- Changed `hf mf nested` logic (Merlok)
+- Added `hf mf nested` mode: autosearch keys for attack (from well known keys) (Merlok)
+- `hf mf nested` Check keys after they have found (Merlok)
+- `hf mf chk` Move main cycle to arm (Merlok)
+- Changed proxmark command line parameter `flush` to `-f` or `-flush` (Merlok)
### Fixed
+- Changed start sequence in Qt mode (fix: short commands hangs main Qt thread) (Merlok)
### Added
- Added PAC/Stanley detection to lf search (marshmellow)
- Added backdoor detection for gen1b magic s70/4k tag (Fl0-0)
- Added data fsktonrz, a fsk cleaning/demodulating routine for weak fsk signal. Note: follow this up with a `data rawdemod nr` to finish demoding your signal. (marshmellow)
- Added lf em 410xbrute, LF EM410x reader bruteforce attack by simulating UIDs from a file (Fl0-0)
+- Added `hf mf cwipe` command. It wipes "magic Chinese" card. For 1a generation it uses card's "wipe" command. For gen1a and gen1b it uses a write command. (Merlok)
+- Added to `hf mf nested` source key check before attack (Merlok)
+- Added to `hf mf nested` after attack it checks all found keys on non-open sectors (Merlok)
+- `hf mf chk` Added setings to set iso14443a operations timeout. default timeout set to 500us (Merlok)
+- Added to `hf mf nested` parameters `s` and `ss` for checking slow cards (Merlok)
+- Added to proxmark command line parameters `w` - wait 20s for serial port (Merlok)
+- Added to proxmark command line parameters `c` and `l` - execute command and lua script from command line (Merlok)
+- Added to proxmark ability to execute commands from stdin (pipe) (Merlok)
## [3.0.1][2017-06-08]
--- /dev/null
+version: 3.0.1.{build}
+image: Visual Studio 2017
+clone_folder: C:\ProxSpace\pm3
+init:
+- ps: "$psversiontable\n#Get-ChildItem Env:\n\n$releasename=\"\"\n$env:APPVEYOR_REPO_COMMIT_SHORT = $env:APPVEYOR_REPO_COMMIT.Substring(0, 8)\nif ($env:appveyor_repo_tag -match \"true\"){\n $releasename=$env:APPVEYOR_REPO_TAG_NAME + \"/\"\n}\n$releasename+=$env:APPVEYOR_BUILD_VERSION + \" [\" + $env:APPVEYOR_REPO_COMMIT_SHORT + \"]\" \n\nWrite-Host \"repository: $env:appveyor_repo_name branch:$env:APPVEYOR_REPO_BRANCH release: $releasename\" -ForegroundColor Yellow\nAdd-AppveyorMessage -Message \"[$env:APPVEYOR_REPO_COMMIT_SHORT]$env:appveyor_repo_name($env:APPVEYOR_REPO_BRANCH)\" -Category Information -Details \"repository: $env:appveyor_repo_name branch: $env:APPVEYOR_REPO_BRANCH release: $releasename\"\n\niex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))"
+clone_script:
+- ps: >-
+ Write-Host "Removing ProxSpace..." -NoNewLine
+
+ cd \
+
+ Remove-Item -Recurse -Force -Path c:\ProxSpace\*
+
+ Write-Host "[ OK ]" -ForegroundColor Green
+
+
+ Write-Host "Git clone ProxSpace..." -NoNewLine
+
+ git clone -q https://github.com/Gator96100/ProxSpace c:\ProxSpace
+
+ Write-Host "[ OK ]" -ForegroundColor Green
+
+
+ Write-Host "Removing pm3 dir..." -NoNewLine
+
+ Remove-Item -Recurse -Force -Path c:\ProxSpace\pm3\*
+
+ Write-Host "[ OK ]" -ForegroundColor Green
+
+
+ Write-Host "Cloning repository <$env:appveyor_repo_name> to $env:appveyor_build_folder ..." -NoNewLine
+
+ if(-not $env:appveyor_pull_request_number) {
+ git clone -q --branch=$env:appveyor_repo_branch https://github.com/$env:appveyor_repo_name.git $env:appveyor_build_folder
+ cd $env:appveyor_build_folder
+ git checkout -qf $env:appveyor_repo_commit
+ } else {
+ git clone -q https://github.com/$env:appveyor_repo_name.git $env:appveyor_build_folder
+ cd $env:appveyor_build_folder
+ git fetch -q origin +refs/pull/$env:appveyor_pull_request_number/merge:
+ git checkout -qf FETCH_HEAD
+ }
+
+ Write-Host "[ OK ]" -ForegroundColor Green
+
+
+ Write-Host "Fill msys\etc\fstab file..." -NoNewLine
+
+ New-Item c:\ProxSpace\msys\etc\fstab -type file -force -value "#Win32_Path Mount_Point`nc:\ProxSpace\devkitARM /devkitARM`nc:\ProxSpace\Qt\5.6 /qt `nc:\ProxSpace\pm3 /pm3`n"
+
+ Write-Host "[ OK ]" -ForegroundColor Green
+install:
+- ps: >-
+ function Exec-External {
+ param(
+ [Parameter(Position=0,Mandatory=1)][scriptblock] $command
+ )
+ & $command
+ if ($LASTEXITCODE -ne 0) {
+ throw ("Command returned non-zero error-code ${LASTEXITCODE}: $command")
+ }
+ }
+build_script:
+- ps: "$env:Path = \"C:\\ProxSpace\\msys\\bin;$env:Path\"\n\n#make\nbash -lc -i \"pwd;make all\"\n\n#some checks\nif(!(Test-Path C:\\ProxSpace\\pm3\\client\\proxmark3.exe)){\nthrow \"Main file proxmark3.exe not exists.\"\n}\nif(!(Test-Path C:\\ProxSpace\\pm3\\armsrc\\obj\\fullimage.elf)){\nthrow \"ARM file fullimage.elf not exists.\"\n}\nif(!(Test-Path C:\\ProxSpace\\pm3\\client\\hardnested\\tables\\*.bin.z)){\nthrow \"Files in hardnested\\tables not exists.\"\n}\n\n#copy\nWrite-Host \"Copy release files...\" -NoNewLine -ForegroundColor Yellow\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\nCopy-Item C:\\ProxSpace\\pm3\\client\\*.exe C:\\ProxSpace\\Release\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\\arm\nCopy-Item C:\\ProxSpace\\pm3\\armsrc\\obj\\*.elf C:\\ProxSpace\\Release\\arm\nCopy-Item C:\\ProxSpace\\pm3\\bootrom\\obj\\*.elf C:\\ProxSpace\\Release\\arm\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\\scripts\nCopy-Item C:\\ProxSpace\\pm3\\client\\scripts\\*.lua C:\\ProxSpace\\Release\\scripts\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\\hardnested\\tables\nCopy-Item C:\\ProxSpace\\pm3\\client\\hardnested\\*.bin C:\\ProxSpace\\Release\\hardnested\nCopy-Item C:\\ProxSpace\\pm3\\client\\hardnested\\tables\\*.bin.z C:\\ProxSpace\\Release\\hardnested\\tables\nWrite-Host \"[ OK ]\" -ForegroundColor Green\n\n#archive and push\n$releasename=\"\"\nif ($env:appveyor_repo_tag -match \"true\"){\n$releasename=$env:APPVEYOR_REPO_TAG_NAME + \"/\"\n}\n$releasename+=$env:APPVEYOR_BUILD_VERSION + \" [\" + $env:APPVEYOR_REPO_COMMIT.Substring(0, 7) + \"]\" \n\nWrite-Host \"Archive and publish release files ($releasename)...\" -NoNewLine -ForegroundColor Yellow\ncd C:\\ProxSpace\n7z a release.zip C:\\ProxSpace\\Release\nPush-AppveyorArtifact release.zip -DeploymentName \"$releasename\"\nWrite-Host \"[ OK ]\" -ForegroundColor Green\n\nWrite-Host \"Builded...\" -ForegroundColor Yellow"
+test_script:
+- ps: >-
+ $env:Path = "C:\ProxSpace\msys\bin;$env:Path"
+
+ cd c:\ProxSpace\pm3
+
+
+ $global:TestsPassed=$true
+
+ $global:TestTime=[System.Environment]::TickCount
+
+
+ Function ExecTest($Name, $File, $Cond) {
+ [bool]$res=$false;
+ if ($Cond -eq $null){
+ } Else {
+ If (!($Cond -is [bool] -or $Cond -is [byte] -or $Cond -is [int16] -or $Cond -is [int32] -or $Cond -is [int64] -or $Cond -is [float])){
+ if ($Cond -is "String" -and $Cond -like "*passed*"){
+ $res= $true
+ }
+ if ($Cond -is "String" -and $Cond -like "*true*"){
+ $res= $true
+ }
+ } Else {
+ $res=$Cond;
+ }
+ }
+
+ If ($res) {
+ Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Passed -Duration "$([System.Environment]::TickCount-$global:TestTime)"
+ }Else {
+ Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Failed -Duration "$([System.Environment]::TickCount-$global:TestTime)"
+ $global:TestsPassed=$false
+ }
+ $global:TestTime=[System.Environment]::TickCount
+ }
+
+
+ Write-Host "Running tests..." -ForegroundColor Yellow
+
+
+ #file test
+
+ ExecTest "proxmark3 exists" "proxmark3.exe" $(Test-Path C:\ProxSpace\Release\proxmark3.exe)
+
+ ExecTest "arm image exists" "\arm\fullimage1.elf" $(Test-Path C:\ProxSpace\Release\arm\fullimage.elf)
+
+ ExecTest "bootrom exists" "bootrom.elf" $(Test-Path C:\ProxSpace\Release\arm\bootrom.elf)
+
+ ExecTest "hardnested tables exists" "hardnested" $(Test-Path C:\ProxSpace\Release\hardnested\tables\*.z)
+
+ ExecTest "release exists" "release.zip" $(Test-Path C:\ProxSpace\release.zip)
+
+
+ #proxmark logic tests
+
+ ExecTest "proxmark help" "proxmark3 -h" $(bash -lc 'cd ~/client;proxmark3 -h | grep -q Execute && echo Passed || echo Failed')
+
+ ExecTest "proxmark help hardnested" "proxmark3 -h" $(bash -lc 'cd ~/client;proxmark3 -h | grep -q hardnested && echo Passed || echo Failed')
+
+
+ ExecTest "hf mf offline text" "hf mf" $(bash -lc "cd ~/client;proxmark3 comx -c 'hf mf' | grep -q at_enc && echo Passed || echo Failed")
+
+ ExecTest "hf mf hardnested" "hf mf hardnested" $(bash -lc "cd ~/client;proxmark3 comx -c 'hf mf hardnested t 1 000000000000' | grep -q 'found:' && echo Passed || echo Failed")
+
+
+ if ($global:TestsPassed) {
+ Write-Host "Tests [ OK ]" -ForegroundColor Green
+ } else {
+ Write-Host "Tests [ ERROR ]" -ForegroundColor Red
+ throw "Tests error."
+ }
+on_success:
+- ps: Write-Host "Build success..." -ForegroundColor Green
+on_failure:
+- ps: Write-Host "Build error." -ForegroundColor Red
+on_finish:
+- ps: $blockRdp = $false; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
\ No newline at end of file
tracing = enable;
}
+bool get_tracing(void) {
+ return tracing;
+}
+
/**
* Get the number of bytes traced
* @return
extern uint16_t BigBuf_get_traceLen(void);
extern void clear_trace(void);
extern void set_tracing(bool enable);
+extern bool get_tracing(void);
extern bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
extern int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int bReader);
extern uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length);
#SRC_LCD = fonts.c LCD.c
SRC_LF = lfops.c hitag2.c hitagS.c lfsampling.c pcf7931.c lfdemod.c protocols.c
SRC_ISO15693 = iso15693.c iso15693tools.c
-SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
+SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c mifaresim.c
SRC_ISO14443b = iso14443b.c
-SRC_CRAPTO1 = crypto1.c des.c aes.c
+SRC_CRAPTO1 = crypto1.c des.c
SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c parity.c
#the FPGA bitstream files. Note: order matters!
+++ /dev/null
-#include "aes.h"
-
-static const unsigned int Te0[256] = {
- 0xc66363a5UL, 0xf87c7c84UL, 0xee777799UL, 0xf67b7b8dUL,
- 0xfff2f20dUL, 0xd66b6bbdUL, 0xde6f6fb1UL, 0x91c5c554UL,
- 0x60303050UL, 0x02010103UL, 0xce6767a9UL, 0x562b2b7dUL,
- 0xe7fefe19UL, 0xb5d7d762UL, 0x4dababe6UL, 0xec76769aUL,
- 0x8fcaca45UL, 0x1f82829dUL, 0x89c9c940UL, 0xfa7d7d87UL,
- 0xeffafa15UL, 0xb25959ebUL, 0x8e4747c9UL, 0xfbf0f00bUL,
- 0x41adadecUL, 0xb3d4d467UL, 0x5fa2a2fdUL, 0x45afafeaUL,
- 0x239c9cbfUL, 0x53a4a4f7UL, 0xe4727296UL, 0x9bc0c05bUL,
- 0x75b7b7c2UL, 0xe1fdfd1cUL, 0x3d9393aeUL, 0x4c26266aUL,
- 0x6c36365aUL, 0x7e3f3f41UL, 0xf5f7f702UL, 0x83cccc4fUL,
- 0x6834345cUL, 0x51a5a5f4UL, 0xd1e5e534UL, 0xf9f1f108UL,
- 0xe2717193UL, 0xabd8d873UL, 0x62313153UL, 0x2a15153fUL,
- 0x0804040cUL, 0x95c7c752UL, 0x46232365UL, 0x9dc3c35eUL,
- 0x30181828UL, 0x379696a1UL, 0x0a05050fUL, 0x2f9a9ab5UL,
- 0x0e070709UL, 0x24121236UL, 0x1b80809bUL, 0xdfe2e23dUL,
- 0xcdebeb26UL, 0x4e272769UL, 0x7fb2b2cdUL, 0xea75759fUL,
- 0x1209091bUL, 0x1d83839eUL, 0x582c2c74UL, 0x341a1a2eUL,
- 0x361b1b2dUL, 0xdc6e6eb2UL, 0xb45a5aeeUL, 0x5ba0a0fbUL,
- 0xa45252f6UL, 0x763b3b4dUL, 0xb7d6d661UL, 0x7db3b3ceUL,
- 0x5229297bUL, 0xdde3e33eUL, 0x5e2f2f71UL, 0x13848497UL,
- 0xa65353f5UL, 0xb9d1d168UL, 0x00000000UL, 0xc1eded2cUL,
- 0x40202060UL, 0xe3fcfc1fUL, 0x79b1b1c8UL, 0xb65b5bedUL,
- 0xd46a6abeUL, 0x8dcbcb46UL, 0x67bebed9UL, 0x7239394bUL,
- 0x944a4adeUL, 0x984c4cd4UL, 0xb05858e8UL, 0x85cfcf4aUL,
- 0xbbd0d06bUL, 0xc5efef2aUL, 0x4faaaae5UL, 0xedfbfb16UL,
- 0x864343c5UL, 0x9a4d4dd7UL, 0x66333355UL, 0x11858594UL,
- 0x8a4545cfUL, 0xe9f9f910UL, 0x04020206UL, 0xfe7f7f81UL,
- 0xa05050f0UL, 0x783c3c44UL, 0x259f9fbaUL, 0x4ba8a8e3UL,
- 0xa25151f3UL, 0x5da3a3feUL, 0x804040c0UL, 0x058f8f8aUL,
- 0x3f9292adUL, 0x219d9dbcUL, 0x70383848UL, 0xf1f5f504UL,
- 0x63bcbcdfUL, 0x77b6b6c1UL, 0xafdada75UL, 0x42212163UL,
- 0x20101030UL, 0xe5ffff1aUL, 0xfdf3f30eUL, 0xbfd2d26dUL,
- 0x81cdcd4cUL, 0x180c0c14UL, 0x26131335UL, 0xc3ecec2fUL,
- 0xbe5f5fe1UL, 0x359797a2UL, 0x884444ccUL, 0x2e171739UL,
- 0x93c4c457UL, 0x55a7a7f2UL, 0xfc7e7e82UL, 0x7a3d3d47UL,
- 0xc86464acUL, 0xba5d5de7UL, 0x3219192bUL, 0xe6737395UL,
- 0xc06060a0UL, 0x19818198UL, 0x9e4f4fd1UL, 0xa3dcdc7fUL,
- 0x44222266UL, 0x542a2a7eUL, 0x3b9090abUL, 0x0b888883UL,
- 0x8c4646caUL, 0xc7eeee29UL, 0x6bb8b8d3UL, 0x2814143cUL,
- 0xa7dede79UL, 0xbc5e5ee2UL, 0x160b0b1dUL, 0xaddbdb76UL,
- 0xdbe0e03bUL, 0x64323256UL, 0x743a3a4eUL, 0x140a0a1eUL,
- 0x924949dbUL, 0x0c06060aUL, 0x4824246cUL, 0xb85c5ce4UL,
- 0x9fc2c25dUL, 0xbdd3d36eUL, 0x43acacefUL, 0xc46262a6UL,
- 0x399191a8UL, 0x319595a4UL, 0xd3e4e437UL, 0xf279798bUL,
- 0xd5e7e732UL, 0x8bc8c843UL, 0x6e373759UL, 0xda6d6db7UL,
- 0x018d8d8cUL, 0xb1d5d564UL, 0x9c4e4ed2UL, 0x49a9a9e0UL,
- 0xd86c6cb4UL, 0xac5656faUL, 0xf3f4f407UL, 0xcfeaea25UL,
- 0xca6565afUL, 0xf47a7a8eUL, 0x47aeaee9UL, 0x10080818UL,
- 0x6fbabad5UL, 0xf0787888UL, 0x4a25256fUL, 0x5c2e2e72UL,
- 0x381c1c24UL, 0x57a6a6f1UL, 0x73b4b4c7UL, 0x97c6c651UL,
- 0xcbe8e823UL, 0xa1dddd7cUL, 0xe874749cUL, 0x3e1f1f21UL,
- 0x964b4bddUL, 0x61bdbddcUL, 0x0d8b8b86UL, 0x0f8a8a85UL,
- 0xe0707090UL, 0x7c3e3e42UL, 0x71b5b5c4UL, 0xcc6666aaUL,
- 0x904848d8UL, 0x06030305UL, 0xf7f6f601UL, 0x1c0e0e12UL,
- 0xc26161a3UL, 0x6a35355fUL, 0xae5757f9UL, 0x69b9b9d0UL,
- 0x17868691UL, 0x99c1c158UL, 0x3a1d1d27UL, 0x279e9eb9UL,
- 0xd9e1e138UL, 0xebf8f813UL, 0x2b9898b3UL, 0x22111133UL,
- 0xd26969bbUL, 0xa9d9d970UL, 0x078e8e89UL, 0x339494a7UL,
- 0x2d9b9bb6UL, 0x3c1e1e22UL, 0x15878792UL, 0xc9e9e920UL,
- 0x87cece49UL, 0xaa5555ffUL, 0x50282878UL, 0xa5dfdf7aUL,
- 0x038c8c8fUL, 0x59a1a1f8UL, 0x09898980UL, 0x1a0d0d17UL,
- 0x65bfbfdaUL, 0xd7e6e631UL, 0x844242c6UL, 0xd06868b8UL,
- 0x824141c3UL, 0x299999b0UL, 0x5a2d2d77UL, 0x1e0f0f11UL,
- 0x7bb0b0cbUL, 0xa85454fcUL, 0x6dbbbbd6UL, 0x2c16163aUL,
-};
-static const unsigned int Te1[256] = {
- 0xa5c66363UL, 0x84f87c7cUL, 0x99ee7777UL, 0x8df67b7bUL,
- 0x0dfff2f2UL, 0xbdd66b6bUL, 0xb1de6f6fUL, 0x5491c5c5UL,
- 0x50603030UL, 0x03020101UL, 0xa9ce6767UL, 0x7d562b2bUL,
- 0x19e7fefeUL, 0x62b5d7d7UL, 0xe64dababUL, 0x9aec7676UL,
- 0x458fcacaUL, 0x9d1f8282UL, 0x4089c9c9UL, 0x87fa7d7dUL,
- 0x15effafaUL, 0xebb25959UL, 0xc98e4747UL, 0x0bfbf0f0UL,
- 0xec41adadUL, 0x67b3d4d4UL, 0xfd5fa2a2UL, 0xea45afafUL,
- 0xbf239c9cUL, 0xf753a4a4UL, 0x96e47272UL, 0x5b9bc0c0UL,
- 0xc275b7b7UL, 0x1ce1fdfdUL, 0xae3d9393UL, 0x6a4c2626UL,
- 0x5a6c3636UL, 0x417e3f3fUL, 0x02f5f7f7UL, 0x4f83ccccUL,
- 0x5c683434UL, 0xf451a5a5UL, 0x34d1e5e5UL, 0x08f9f1f1UL,
- 0x93e27171UL, 0x73abd8d8UL, 0x53623131UL, 0x3f2a1515UL,
- 0x0c080404UL, 0x5295c7c7UL, 0x65462323UL, 0x5e9dc3c3UL,
- 0x28301818UL, 0xa1379696UL, 0x0f0a0505UL, 0xb52f9a9aUL,
- 0x090e0707UL, 0x36241212UL, 0x9b1b8080UL, 0x3ddfe2e2UL,
- 0x26cdebebUL, 0x694e2727UL, 0xcd7fb2b2UL, 0x9fea7575UL,
- 0x1b120909UL, 0x9e1d8383UL, 0x74582c2cUL, 0x2e341a1aUL,
- 0x2d361b1bUL, 0xb2dc6e6eUL, 0xeeb45a5aUL, 0xfb5ba0a0UL,
- 0xf6a45252UL, 0x4d763b3bUL, 0x61b7d6d6UL, 0xce7db3b3UL,
- 0x7b522929UL, 0x3edde3e3UL, 0x715e2f2fUL, 0x97138484UL,
- 0xf5a65353UL, 0x68b9d1d1UL, 0x00000000UL, 0x2cc1ededUL,
- 0x60402020UL, 0x1fe3fcfcUL, 0xc879b1b1UL, 0xedb65b5bUL,
- 0xbed46a6aUL, 0x468dcbcbUL, 0xd967bebeUL, 0x4b723939UL,
- 0xde944a4aUL, 0xd4984c4cUL, 0xe8b05858UL, 0x4a85cfcfUL,
- 0x6bbbd0d0UL, 0x2ac5efefUL, 0xe54faaaaUL, 0x16edfbfbUL,
- 0xc5864343UL, 0xd79a4d4dUL, 0x55663333UL, 0x94118585UL,
- 0xcf8a4545UL, 0x10e9f9f9UL, 0x06040202UL, 0x81fe7f7fUL,
- 0xf0a05050UL, 0x44783c3cUL, 0xba259f9fUL, 0xe34ba8a8UL,
- 0xf3a25151UL, 0xfe5da3a3UL, 0xc0804040UL, 0x8a058f8fUL,
- 0xad3f9292UL, 0xbc219d9dUL, 0x48703838UL, 0x04f1f5f5UL,
- 0xdf63bcbcUL, 0xc177b6b6UL, 0x75afdadaUL, 0x63422121UL,
- 0x30201010UL, 0x1ae5ffffUL, 0x0efdf3f3UL, 0x6dbfd2d2UL,
- 0x4c81cdcdUL, 0x14180c0cUL, 0x35261313UL, 0x2fc3ececUL,
- 0xe1be5f5fUL, 0xa2359797UL, 0xcc884444UL, 0x392e1717UL,
- 0x5793c4c4UL, 0xf255a7a7UL, 0x82fc7e7eUL, 0x477a3d3dUL,
- 0xacc86464UL, 0xe7ba5d5dUL, 0x2b321919UL, 0x95e67373UL,
- 0xa0c06060UL, 0x98198181UL, 0xd19e4f4fUL, 0x7fa3dcdcUL,
- 0x66442222UL, 0x7e542a2aUL, 0xab3b9090UL, 0x830b8888UL,
- 0xca8c4646UL, 0x29c7eeeeUL, 0xd36bb8b8UL, 0x3c281414UL,
- 0x79a7dedeUL, 0xe2bc5e5eUL, 0x1d160b0bUL, 0x76addbdbUL,
- 0x3bdbe0e0UL, 0x56643232UL, 0x4e743a3aUL, 0x1e140a0aUL,
- 0xdb924949UL, 0x0a0c0606UL, 0x6c482424UL, 0xe4b85c5cUL,
- 0x5d9fc2c2UL, 0x6ebdd3d3UL, 0xef43acacUL, 0xa6c46262UL,
- 0xa8399191UL, 0xa4319595UL, 0x37d3e4e4UL, 0x8bf27979UL,
- 0x32d5e7e7UL, 0x438bc8c8UL, 0x596e3737UL, 0xb7da6d6dUL,
- 0x8c018d8dUL, 0x64b1d5d5UL, 0xd29c4e4eUL, 0xe049a9a9UL,
- 0xb4d86c6cUL, 0xfaac5656UL, 0x07f3f4f4UL, 0x25cfeaeaUL,
- 0xafca6565UL, 0x8ef47a7aUL, 0xe947aeaeUL, 0x18100808UL,
- 0xd56fbabaUL, 0x88f07878UL, 0x6f4a2525UL, 0x725c2e2eUL,
- 0x24381c1cUL, 0xf157a6a6UL, 0xc773b4b4UL, 0x5197c6c6UL,
- 0x23cbe8e8UL, 0x7ca1ddddUL, 0x9ce87474UL, 0x213e1f1fUL,
- 0xdd964b4bUL, 0xdc61bdbdUL, 0x860d8b8bUL, 0x850f8a8aUL,
- 0x90e07070UL, 0x427c3e3eUL, 0xc471b5b5UL, 0xaacc6666UL,
- 0xd8904848UL, 0x05060303UL, 0x01f7f6f6UL, 0x121c0e0eUL,
- 0xa3c26161UL, 0x5f6a3535UL, 0xf9ae5757UL, 0xd069b9b9UL,
- 0x91178686UL, 0x5899c1c1UL, 0x273a1d1dUL, 0xb9279e9eUL,
- 0x38d9e1e1UL, 0x13ebf8f8UL, 0xb32b9898UL, 0x33221111UL,
- 0xbbd26969UL, 0x70a9d9d9UL, 0x89078e8eUL, 0xa7339494UL,
- 0xb62d9b9bUL, 0x223c1e1eUL, 0x92158787UL, 0x20c9e9e9UL,
- 0x4987ceceUL, 0xffaa5555UL, 0x78502828UL, 0x7aa5dfdfUL,
- 0x8f038c8cUL, 0xf859a1a1UL, 0x80098989UL, 0x171a0d0dUL,
- 0xda65bfbfUL, 0x31d7e6e6UL, 0xc6844242UL, 0xb8d06868UL,
- 0xc3824141UL, 0xb0299999UL, 0x775a2d2dUL, 0x111e0f0fUL,
- 0xcb7bb0b0UL, 0xfca85454UL, 0xd66dbbbbUL, 0x3a2c1616UL,
-};
-static const unsigned int Te2[256] = {
- 0x63a5c663UL, 0x7c84f87cUL, 0x7799ee77UL, 0x7b8df67bUL,
- 0xf20dfff2UL, 0x6bbdd66bUL, 0x6fb1de6fUL, 0xc55491c5UL,
- 0x30506030UL, 0x01030201UL, 0x67a9ce67UL, 0x2b7d562bUL,
- 0xfe19e7feUL, 0xd762b5d7UL, 0xabe64dabUL, 0x769aec76UL,
- 0xca458fcaUL, 0x829d1f82UL, 0xc94089c9UL, 0x7d87fa7dUL,
- 0xfa15effaUL, 0x59ebb259UL, 0x47c98e47UL, 0xf00bfbf0UL,
- 0xadec41adUL, 0xd467b3d4UL, 0xa2fd5fa2UL, 0xafea45afUL,
- 0x9cbf239cUL, 0xa4f753a4UL, 0x7296e472UL, 0xc05b9bc0UL,
- 0xb7c275b7UL, 0xfd1ce1fdUL, 0x93ae3d93UL, 0x266a4c26UL,
- 0x365a6c36UL, 0x3f417e3fUL, 0xf702f5f7UL, 0xcc4f83ccUL,
- 0x345c6834UL, 0xa5f451a5UL, 0xe534d1e5UL, 0xf108f9f1UL,
- 0x7193e271UL, 0xd873abd8UL, 0x31536231UL, 0x153f2a15UL,
- 0x040c0804UL, 0xc75295c7UL, 0x23654623UL, 0xc35e9dc3UL,
- 0x18283018UL, 0x96a13796UL, 0x050f0a05UL, 0x9ab52f9aUL,
- 0x07090e07UL, 0x12362412UL, 0x809b1b80UL, 0xe23ddfe2UL,
- 0xeb26cdebUL, 0x27694e27UL, 0xb2cd7fb2UL, 0x759fea75UL,
- 0x091b1209UL, 0x839e1d83UL, 0x2c74582cUL, 0x1a2e341aUL,
- 0x1b2d361bUL, 0x6eb2dc6eUL, 0x5aeeb45aUL, 0xa0fb5ba0UL,
- 0x52f6a452UL, 0x3b4d763bUL, 0xd661b7d6UL, 0xb3ce7db3UL,
- 0x297b5229UL, 0xe33edde3UL, 0x2f715e2fUL, 0x84971384UL,
- 0x53f5a653UL, 0xd168b9d1UL, 0x00000000UL, 0xed2cc1edUL,
- 0x20604020UL, 0xfc1fe3fcUL, 0xb1c879b1UL, 0x5bedb65bUL,
- 0x6abed46aUL, 0xcb468dcbUL, 0xbed967beUL, 0x394b7239UL,
- 0x4ade944aUL, 0x4cd4984cUL, 0x58e8b058UL, 0xcf4a85cfUL,
- 0xd06bbbd0UL, 0xef2ac5efUL, 0xaae54faaUL, 0xfb16edfbUL,
- 0x43c58643UL, 0x4dd79a4dUL, 0x33556633UL, 0x85941185UL,
- 0x45cf8a45UL, 0xf910e9f9UL, 0x02060402UL, 0x7f81fe7fUL,
- 0x50f0a050UL, 0x3c44783cUL, 0x9fba259fUL, 0xa8e34ba8UL,
- 0x51f3a251UL, 0xa3fe5da3UL, 0x40c08040UL, 0x8f8a058fUL,
- 0x92ad3f92UL, 0x9dbc219dUL, 0x38487038UL, 0xf504f1f5UL,
- 0xbcdf63bcUL, 0xb6c177b6UL, 0xda75afdaUL, 0x21634221UL,
- 0x10302010UL, 0xff1ae5ffUL, 0xf30efdf3UL, 0xd26dbfd2UL,
- 0xcd4c81cdUL, 0x0c14180cUL, 0x13352613UL, 0xec2fc3ecUL,
- 0x5fe1be5fUL, 0x97a23597UL, 0x44cc8844UL, 0x17392e17UL,
- 0xc45793c4UL, 0xa7f255a7UL, 0x7e82fc7eUL, 0x3d477a3dUL,
- 0x64acc864UL, 0x5de7ba5dUL, 0x192b3219UL, 0x7395e673UL,
- 0x60a0c060UL, 0x81981981UL, 0x4fd19e4fUL, 0xdc7fa3dcUL,
- 0x22664422UL, 0x2a7e542aUL, 0x90ab3b90UL, 0x88830b88UL,
- 0x46ca8c46UL, 0xee29c7eeUL, 0xb8d36bb8UL, 0x143c2814UL,
- 0xde79a7deUL, 0x5ee2bc5eUL, 0x0b1d160bUL, 0xdb76addbUL,
- 0xe03bdbe0UL, 0x32566432UL, 0x3a4e743aUL, 0x0a1e140aUL,
- 0x49db9249UL, 0x060a0c06UL, 0x246c4824UL, 0x5ce4b85cUL,
- 0xc25d9fc2UL, 0xd36ebdd3UL, 0xacef43acUL, 0x62a6c462UL,
- 0x91a83991UL, 0x95a43195UL, 0xe437d3e4UL, 0x798bf279UL,
- 0xe732d5e7UL, 0xc8438bc8UL, 0x37596e37UL, 0x6db7da6dUL,
- 0x8d8c018dUL, 0xd564b1d5UL, 0x4ed29c4eUL, 0xa9e049a9UL,
- 0x6cb4d86cUL, 0x56faac56UL, 0xf407f3f4UL, 0xea25cfeaUL,
- 0x65afca65UL, 0x7a8ef47aUL, 0xaee947aeUL, 0x08181008UL,
- 0xbad56fbaUL, 0x7888f078UL, 0x256f4a25UL, 0x2e725c2eUL,
- 0x1c24381cUL, 0xa6f157a6UL, 0xb4c773b4UL, 0xc65197c6UL,
- 0xe823cbe8UL, 0xdd7ca1ddUL, 0x749ce874UL, 0x1f213e1fUL,
- 0x4bdd964bUL, 0xbddc61bdUL, 0x8b860d8bUL, 0x8a850f8aUL,
- 0x7090e070UL, 0x3e427c3eUL, 0xb5c471b5UL, 0x66aacc66UL,
- 0x48d89048UL, 0x03050603UL, 0xf601f7f6UL, 0x0e121c0eUL,
- 0x61a3c261UL, 0x355f6a35UL, 0x57f9ae57UL, 0xb9d069b9UL,
- 0x86911786UL, 0xc15899c1UL, 0x1d273a1dUL, 0x9eb9279eUL,
- 0xe138d9e1UL, 0xf813ebf8UL, 0x98b32b98UL, 0x11332211UL,
- 0x69bbd269UL, 0xd970a9d9UL, 0x8e89078eUL, 0x94a73394UL,
- 0x9bb62d9bUL, 0x1e223c1eUL, 0x87921587UL, 0xe920c9e9UL,
- 0xce4987ceUL, 0x55ffaa55UL, 0x28785028UL, 0xdf7aa5dfUL,
- 0x8c8f038cUL, 0xa1f859a1UL, 0x89800989UL, 0x0d171a0dUL,
- 0xbfda65bfUL, 0xe631d7e6UL, 0x42c68442UL, 0x68b8d068UL,
- 0x41c38241UL, 0x99b02999UL, 0x2d775a2dUL, 0x0f111e0fUL,
- 0xb0cb7bb0UL, 0x54fca854UL, 0xbbd66dbbUL, 0x163a2c16UL,
-};
-static const unsigned int Te3[256] = {
- 0x6363a5c6UL, 0x7c7c84f8UL, 0x777799eeUL, 0x7b7b8df6UL,
- 0xf2f20dffUL, 0x6b6bbdd6UL, 0x6f6fb1deUL, 0xc5c55491UL,
- 0x30305060UL, 0x01010302UL, 0x6767a9ceUL, 0x2b2b7d56UL,
- 0xfefe19e7UL, 0xd7d762b5UL, 0xababe64dUL, 0x76769aecUL,
- 0xcaca458fUL, 0x82829d1fUL, 0xc9c94089UL, 0x7d7d87faUL,
- 0xfafa15efUL, 0x5959ebb2UL, 0x4747c98eUL, 0xf0f00bfbUL,
- 0xadadec41UL, 0xd4d467b3UL, 0xa2a2fd5fUL, 0xafafea45UL,
- 0x9c9cbf23UL, 0xa4a4f753UL, 0x727296e4UL, 0xc0c05b9bUL,
- 0xb7b7c275UL, 0xfdfd1ce1UL, 0x9393ae3dUL, 0x26266a4cUL,
- 0x36365a6cUL, 0x3f3f417eUL, 0xf7f702f5UL, 0xcccc4f83UL,
- 0x34345c68UL, 0xa5a5f451UL, 0xe5e534d1UL, 0xf1f108f9UL,
- 0x717193e2UL, 0xd8d873abUL, 0x31315362UL, 0x15153f2aUL,
- 0x04040c08UL, 0xc7c75295UL, 0x23236546UL, 0xc3c35e9dUL,
- 0x18182830UL, 0x9696a137UL, 0x05050f0aUL, 0x9a9ab52fUL,
- 0x0707090eUL, 0x12123624UL, 0x80809b1bUL, 0xe2e23ddfUL,
- 0xebeb26cdUL, 0x2727694eUL, 0xb2b2cd7fUL, 0x75759feaUL,
- 0x09091b12UL, 0x83839e1dUL, 0x2c2c7458UL, 0x1a1a2e34UL,
- 0x1b1b2d36UL, 0x6e6eb2dcUL, 0x5a5aeeb4UL, 0xa0a0fb5bUL,
- 0x5252f6a4UL, 0x3b3b4d76UL, 0xd6d661b7UL, 0xb3b3ce7dUL,
- 0x29297b52UL, 0xe3e33eddUL, 0x2f2f715eUL, 0x84849713UL,
- 0x5353f5a6UL, 0xd1d168b9UL, 0x00000000UL, 0xeded2cc1UL,
- 0x20206040UL, 0xfcfc1fe3UL, 0xb1b1c879UL, 0x5b5bedb6UL,
- 0x6a6abed4UL, 0xcbcb468dUL, 0xbebed967UL, 0x39394b72UL,
- 0x4a4ade94UL, 0x4c4cd498UL, 0x5858e8b0UL, 0xcfcf4a85UL,
- 0xd0d06bbbUL, 0xefef2ac5UL, 0xaaaae54fUL, 0xfbfb16edUL,
- 0x4343c586UL, 0x4d4dd79aUL, 0x33335566UL, 0x85859411UL,
- 0x4545cf8aUL, 0xf9f910e9UL, 0x02020604UL, 0x7f7f81feUL,
- 0x5050f0a0UL, 0x3c3c4478UL, 0x9f9fba25UL, 0xa8a8e34bUL,
- 0x5151f3a2UL, 0xa3a3fe5dUL, 0x4040c080UL, 0x8f8f8a05UL,
- 0x9292ad3fUL, 0x9d9dbc21UL, 0x38384870UL, 0xf5f504f1UL,
- 0xbcbcdf63UL, 0xb6b6c177UL, 0xdada75afUL, 0x21216342UL,
- 0x10103020UL, 0xffff1ae5UL, 0xf3f30efdUL, 0xd2d26dbfUL,
- 0xcdcd4c81UL, 0x0c0c1418UL, 0x13133526UL, 0xecec2fc3UL,
- 0x5f5fe1beUL, 0x9797a235UL, 0x4444cc88UL, 0x1717392eUL,
- 0xc4c45793UL, 0xa7a7f255UL, 0x7e7e82fcUL, 0x3d3d477aUL,
- 0x6464acc8UL, 0x5d5de7baUL, 0x19192b32UL, 0x737395e6UL,
- 0x6060a0c0UL, 0x81819819UL, 0x4f4fd19eUL, 0xdcdc7fa3UL,
- 0x22226644UL, 0x2a2a7e54UL, 0x9090ab3bUL, 0x8888830bUL,
- 0x4646ca8cUL, 0xeeee29c7UL, 0xb8b8d36bUL, 0x14143c28UL,
- 0xdede79a7UL, 0x5e5ee2bcUL, 0x0b0b1d16UL, 0xdbdb76adUL,
- 0xe0e03bdbUL, 0x32325664UL, 0x3a3a4e74UL, 0x0a0a1e14UL,
- 0x4949db92UL, 0x06060a0cUL, 0x24246c48UL, 0x5c5ce4b8UL,
- 0xc2c25d9fUL, 0xd3d36ebdUL, 0xacacef43UL, 0x6262a6c4UL,
- 0x9191a839UL, 0x9595a431UL, 0xe4e437d3UL, 0x79798bf2UL,
- 0xe7e732d5UL, 0xc8c8438bUL, 0x3737596eUL, 0x6d6db7daUL,
- 0x8d8d8c01UL, 0xd5d564b1UL, 0x4e4ed29cUL, 0xa9a9e049UL,
- 0x6c6cb4d8UL, 0x5656faacUL, 0xf4f407f3UL, 0xeaea25cfUL,
- 0x6565afcaUL, 0x7a7a8ef4UL, 0xaeaee947UL, 0x08081810UL,
- 0xbabad56fUL, 0x787888f0UL, 0x25256f4aUL, 0x2e2e725cUL,
- 0x1c1c2438UL, 0xa6a6f157UL, 0xb4b4c773UL, 0xc6c65197UL,
- 0xe8e823cbUL, 0xdddd7ca1UL, 0x74749ce8UL, 0x1f1f213eUL,
- 0x4b4bdd96UL, 0xbdbddc61UL, 0x8b8b860dUL, 0x8a8a850fUL,
- 0x707090e0UL, 0x3e3e427cUL, 0xb5b5c471UL, 0x6666aaccUL,
- 0x4848d890UL, 0x03030506UL, 0xf6f601f7UL, 0x0e0e121cUL,
- 0x6161a3c2UL, 0x35355f6aUL, 0x5757f9aeUL, 0xb9b9d069UL,
- 0x86869117UL, 0xc1c15899UL, 0x1d1d273aUL, 0x9e9eb927UL,
- 0xe1e138d9UL, 0xf8f813ebUL, 0x9898b32bUL, 0x11113322UL,
- 0x6969bbd2UL, 0xd9d970a9UL, 0x8e8e8907UL, 0x9494a733UL,
- 0x9b9bb62dUL, 0x1e1e223cUL, 0x87879215UL, 0xe9e920c9UL,
- 0xcece4987UL, 0x5555ffaaUL, 0x28287850UL, 0xdfdf7aa5UL,
- 0x8c8c8f03UL, 0xa1a1f859UL, 0x89898009UL, 0x0d0d171aUL,
- 0xbfbfda65UL, 0xe6e631d7UL, 0x4242c684UL, 0x6868b8d0UL,
- 0x4141c382UL, 0x9999b029UL, 0x2d2d775aUL, 0x0f0f111eUL,
- 0xb0b0cb7bUL, 0x5454fca8UL, 0xbbbbd66dUL, 0x16163a2cUL,
-};
-static const unsigned int Te4[256] = {
- 0x63636363UL, 0x7c7c7c7cUL, 0x77777777UL, 0x7b7b7b7bUL,
- 0xf2f2f2f2UL, 0x6b6b6b6bUL, 0x6f6f6f6fUL, 0xc5c5c5c5UL,
- 0x30303030UL, 0x01010101UL, 0x67676767UL, 0x2b2b2b2bUL,
- 0xfefefefeUL, 0xd7d7d7d7UL, 0xababababUL, 0x76767676UL,
- 0xcacacacaUL, 0x82828282UL, 0xc9c9c9c9UL, 0x7d7d7d7dUL,
- 0xfafafafaUL, 0x59595959UL, 0x47474747UL, 0xf0f0f0f0UL,
- 0xadadadadUL, 0xd4d4d4d4UL, 0xa2a2a2a2UL, 0xafafafafUL,
- 0x9c9c9c9cUL, 0xa4a4a4a4UL, 0x72727272UL, 0xc0c0c0c0UL,
- 0xb7b7b7b7UL, 0xfdfdfdfdUL, 0x93939393UL, 0x26262626UL,
- 0x36363636UL, 0x3f3f3f3fUL, 0xf7f7f7f7UL, 0xccccccccUL,
- 0x34343434UL, 0xa5a5a5a5UL, 0xe5e5e5e5UL, 0xf1f1f1f1UL,
- 0x71717171UL, 0xd8d8d8d8UL, 0x31313131UL, 0x15151515UL,
- 0x04040404UL, 0xc7c7c7c7UL, 0x23232323UL, 0xc3c3c3c3UL,
- 0x18181818UL, 0x96969696UL, 0x05050505UL, 0x9a9a9a9aUL,
- 0x07070707UL, 0x12121212UL, 0x80808080UL, 0xe2e2e2e2UL,
- 0xebebebebUL, 0x27272727UL, 0xb2b2b2b2UL, 0x75757575UL,
- 0x09090909UL, 0x83838383UL, 0x2c2c2c2cUL, 0x1a1a1a1aUL,
- 0x1b1b1b1bUL, 0x6e6e6e6eUL, 0x5a5a5a5aUL, 0xa0a0a0a0UL,
- 0x52525252UL, 0x3b3b3b3bUL, 0xd6d6d6d6UL, 0xb3b3b3b3UL,
- 0x29292929UL, 0xe3e3e3e3UL, 0x2f2f2f2fUL, 0x84848484UL,
- 0x53535353UL, 0xd1d1d1d1UL, 0x00000000UL, 0xededededUL,
- 0x20202020UL, 0xfcfcfcfcUL, 0xb1b1b1b1UL, 0x5b5b5b5bUL,
- 0x6a6a6a6aUL, 0xcbcbcbcbUL, 0xbebebebeUL, 0x39393939UL,
- 0x4a4a4a4aUL, 0x4c4c4c4cUL, 0x58585858UL, 0xcfcfcfcfUL,
- 0xd0d0d0d0UL, 0xefefefefUL, 0xaaaaaaaaUL, 0xfbfbfbfbUL,
- 0x43434343UL, 0x4d4d4d4dUL, 0x33333333UL, 0x85858585UL,
- 0x45454545UL, 0xf9f9f9f9UL, 0x02020202UL, 0x7f7f7f7fUL,
- 0x50505050UL, 0x3c3c3c3cUL, 0x9f9f9f9fUL, 0xa8a8a8a8UL,
- 0x51515151UL, 0xa3a3a3a3UL, 0x40404040UL, 0x8f8f8f8fUL,
- 0x92929292UL, 0x9d9d9d9dUL, 0x38383838UL, 0xf5f5f5f5UL,
- 0xbcbcbcbcUL, 0xb6b6b6b6UL, 0xdadadadaUL, 0x21212121UL,
- 0x10101010UL, 0xffffffffUL, 0xf3f3f3f3UL, 0xd2d2d2d2UL,
- 0xcdcdcdcdUL, 0x0c0c0c0cUL, 0x13131313UL, 0xececececUL,
- 0x5f5f5f5fUL, 0x97979797UL, 0x44444444UL, 0x17171717UL,
- 0xc4c4c4c4UL, 0xa7a7a7a7UL, 0x7e7e7e7eUL, 0x3d3d3d3dUL,
- 0x64646464UL, 0x5d5d5d5dUL, 0x19191919UL, 0x73737373UL,
- 0x60606060UL, 0x81818181UL, 0x4f4f4f4fUL, 0xdcdcdcdcUL,
- 0x22222222UL, 0x2a2a2a2aUL, 0x90909090UL, 0x88888888UL,
- 0x46464646UL, 0xeeeeeeeeUL, 0xb8b8b8b8UL, 0x14141414UL,
- 0xdedededeUL, 0x5e5e5e5eUL, 0x0b0b0b0bUL, 0xdbdbdbdbUL,
- 0xe0e0e0e0UL, 0x32323232UL, 0x3a3a3a3aUL, 0x0a0a0a0aUL,
- 0x49494949UL, 0x06060606UL, 0x24242424UL, 0x5c5c5c5cUL,
- 0xc2c2c2c2UL, 0xd3d3d3d3UL, 0xacacacacUL, 0x62626262UL,
- 0x91919191UL, 0x95959595UL, 0xe4e4e4e4UL, 0x79797979UL,
- 0xe7e7e7e7UL, 0xc8c8c8c8UL, 0x37373737UL, 0x6d6d6d6dUL,
- 0x8d8d8d8dUL, 0xd5d5d5d5UL, 0x4e4e4e4eUL, 0xa9a9a9a9UL,
- 0x6c6c6c6cUL, 0x56565656UL, 0xf4f4f4f4UL, 0xeaeaeaeaUL,
- 0x65656565UL, 0x7a7a7a7aUL, 0xaeaeaeaeUL, 0x08080808UL,
- 0xbabababaUL, 0x78787878UL, 0x25252525UL, 0x2e2e2e2eUL,
- 0x1c1c1c1cUL, 0xa6a6a6a6UL, 0xb4b4b4b4UL, 0xc6c6c6c6UL,
- 0xe8e8e8e8UL, 0xddddddddUL, 0x74747474UL, 0x1f1f1f1fUL,
- 0x4b4b4b4bUL, 0xbdbdbdbdUL, 0x8b8b8b8bUL, 0x8a8a8a8aUL,
- 0x70707070UL, 0x3e3e3e3eUL, 0xb5b5b5b5UL, 0x66666666UL,
- 0x48484848UL, 0x03030303UL, 0xf6f6f6f6UL, 0x0e0e0e0eUL,
- 0x61616161UL, 0x35353535UL, 0x57575757UL, 0xb9b9b9b9UL,
- 0x86868686UL, 0xc1c1c1c1UL, 0x1d1d1d1dUL, 0x9e9e9e9eUL,
- 0xe1e1e1e1UL, 0xf8f8f8f8UL, 0x98989898UL, 0x11111111UL,
- 0x69696969UL, 0xd9d9d9d9UL, 0x8e8e8e8eUL, 0x94949494UL,
- 0x9b9b9b9bUL, 0x1e1e1e1eUL, 0x87878787UL, 0xe9e9e9e9UL,
- 0xcecececeUL, 0x55555555UL, 0x28282828UL, 0xdfdfdfdfUL,
- 0x8c8c8c8cUL, 0xa1a1a1a1UL, 0x89898989UL, 0x0d0d0d0dUL,
- 0xbfbfbfbfUL, 0xe6e6e6e6UL, 0x42424242UL, 0x68686868UL,
- 0x41414141UL, 0x99999999UL, 0x2d2d2d2dUL, 0x0f0f0f0fUL,
- 0xb0b0b0b0UL, 0x54545454UL, 0xbbbbbbbbUL, 0x16161616UL,
-};
-static const unsigned int Td0[256] = {
- 0x51f4a750UL, 0x7e416553UL, 0x1a17a4c3UL, 0x3a275e96UL,
- 0x3bab6bcbUL, 0x1f9d45f1UL, 0xacfa58abUL, 0x4be30393UL,
- 0x2030fa55UL, 0xad766df6UL, 0x88cc7691UL, 0xf5024c25UL,
- 0x4fe5d7fcUL, 0xc52acbd7UL, 0x26354480UL, 0xb562a38fUL,
- 0xdeb15a49UL, 0x25ba1b67UL, 0x45ea0e98UL, 0x5dfec0e1UL,
- 0xc32f7502UL, 0x814cf012UL, 0x8d4697a3UL, 0x6bd3f9c6UL,
- 0x038f5fe7UL, 0x15929c95UL, 0xbf6d7aebUL, 0x955259daUL,
- 0xd4be832dUL, 0x587421d3UL, 0x49e06929UL, 0x8ec9c844UL,
- 0x75c2896aUL, 0xf48e7978UL, 0x99583e6bUL, 0x27b971ddUL,
- 0xbee14fb6UL, 0xf088ad17UL, 0xc920ac66UL, 0x7dce3ab4UL,
- 0x63df4a18UL, 0xe51a3182UL, 0x97513360UL, 0x62537f45UL,
- 0xb16477e0UL, 0xbb6bae84UL, 0xfe81a01cUL, 0xf9082b94UL,
- 0x70486858UL, 0x8f45fd19UL, 0x94de6c87UL, 0x527bf8b7UL,
- 0xab73d323UL, 0x724b02e2UL, 0xe31f8f57UL, 0x6655ab2aUL,
- 0xb2eb2807UL, 0x2fb5c203UL, 0x86c57b9aUL, 0xd33708a5UL,
- 0x302887f2UL, 0x23bfa5b2UL, 0x02036abaUL, 0xed16825cUL,
- 0x8acf1c2bUL, 0xa779b492UL, 0xf307f2f0UL, 0x4e69e2a1UL,
- 0x65daf4cdUL, 0x0605bed5UL, 0xd134621fUL, 0xc4a6fe8aUL,
- 0x342e539dUL, 0xa2f355a0UL, 0x058ae132UL, 0xa4f6eb75UL,
- 0x0b83ec39UL, 0x4060efaaUL, 0x5e719f06UL, 0xbd6e1051UL,
- 0x3e218af9UL, 0x96dd063dUL, 0xdd3e05aeUL, 0x4de6bd46UL,
- 0x91548db5UL, 0x71c45d05UL, 0x0406d46fUL, 0x605015ffUL,
- 0x1998fb24UL, 0xd6bde997UL, 0x894043ccUL, 0x67d99e77UL,
- 0xb0e842bdUL, 0x07898b88UL, 0xe7195b38UL, 0x79c8eedbUL,
- 0xa17c0a47UL, 0x7c420fe9UL, 0xf8841ec9UL, 0x00000000UL,
- 0x09808683UL, 0x322bed48UL, 0x1e1170acUL, 0x6c5a724eUL,
- 0xfd0efffbUL, 0x0f853856UL, 0x3daed51eUL, 0x362d3927UL,
- 0x0a0fd964UL, 0x685ca621UL, 0x9b5b54d1UL, 0x24362e3aUL,
- 0x0c0a67b1UL, 0x9357e70fUL, 0xb4ee96d2UL, 0x1b9b919eUL,
- 0x80c0c54fUL, 0x61dc20a2UL, 0x5a774b69UL, 0x1c121a16UL,
- 0xe293ba0aUL, 0xc0a02ae5UL, 0x3c22e043UL, 0x121b171dUL,
- 0x0e090d0bUL, 0xf28bc7adUL, 0x2db6a8b9UL, 0x141ea9c8UL,
- 0x57f11985UL, 0xaf75074cUL, 0xee99ddbbUL, 0xa37f60fdUL,
- 0xf701269fUL, 0x5c72f5bcUL, 0x44663bc5UL, 0x5bfb7e34UL,
- 0x8b432976UL, 0xcb23c6dcUL, 0xb6edfc68UL, 0xb8e4f163UL,
- 0xd731dccaUL, 0x42638510UL, 0x13972240UL, 0x84c61120UL,
- 0x854a247dUL, 0xd2bb3df8UL, 0xaef93211UL, 0xc729a16dUL,
- 0x1d9e2f4bUL, 0xdcb230f3UL, 0x0d8652ecUL, 0x77c1e3d0UL,
- 0x2bb3166cUL, 0xa970b999UL, 0x119448faUL, 0x47e96422UL,
- 0xa8fc8cc4UL, 0xa0f03f1aUL, 0x567d2cd8UL, 0x223390efUL,
- 0x87494ec7UL, 0xd938d1c1UL, 0x8ccaa2feUL, 0x98d40b36UL,
- 0xa6f581cfUL, 0xa57ade28UL, 0xdab78e26UL, 0x3fadbfa4UL,
- 0x2c3a9de4UL, 0x5078920dUL, 0x6a5fcc9bUL, 0x547e4662UL,
- 0xf68d13c2UL, 0x90d8b8e8UL, 0x2e39f75eUL, 0x82c3aff5UL,
- 0x9f5d80beUL, 0x69d0937cUL, 0x6fd52da9UL, 0xcf2512b3UL,
- 0xc8ac993bUL, 0x10187da7UL, 0xe89c636eUL, 0xdb3bbb7bUL,
- 0xcd267809UL, 0x6e5918f4UL, 0xec9ab701UL, 0x834f9aa8UL,
- 0xe6956e65UL, 0xaaffe67eUL, 0x21bccf08UL, 0xef15e8e6UL,
- 0xbae79bd9UL, 0x4a6f36ceUL, 0xea9f09d4UL, 0x29b07cd6UL,
- 0x31a4b2afUL, 0x2a3f2331UL, 0xc6a59430UL, 0x35a266c0UL,
- 0x744ebc37UL, 0xfc82caa6UL, 0xe090d0b0UL, 0x33a7d815UL,
- 0xf104984aUL, 0x41ecdaf7UL, 0x7fcd500eUL, 0x1791f62fUL,
- 0x764dd68dUL, 0x43efb04dUL, 0xccaa4d54UL, 0xe49604dfUL,
- 0x9ed1b5e3UL, 0x4c6a881bUL, 0xc12c1fb8UL, 0x4665517fUL,
- 0x9d5eea04UL, 0x018c355dUL, 0xfa877473UL, 0xfb0b412eUL,
- 0xb3671d5aUL, 0x92dbd252UL, 0xe9105633UL, 0x6dd64713UL,
- 0x9ad7618cUL, 0x37a10c7aUL, 0x59f8148eUL, 0xeb133c89UL,
- 0xcea927eeUL, 0xb761c935UL, 0xe11ce5edUL, 0x7a47b13cUL,
- 0x9cd2df59UL, 0x55f2733fUL, 0x1814ce79UL, 0x73c737bfUL,
- 0x53f7cdeaUL, 0x5ffdaa5bUL, 0xdf3d6f14UL, 0x7844db86UL,
- 0xcaaff381UL, 0xb968c43eUL, 0x3824342cUL, 0xc2a3405fUL,
- 0x161dc372UL, 0xbce2250cUL, 0x283c498bUL, 0xff0d9541UL,
- 0x39a80171UL, 0x080cb3deUL, 0xd8b4e49cUL, 0x6456c190UL,
- 0x7bcb8461UL, 0xd532b670UL, 0x486c5c74UL, 0xd0b85742UL,
-};
-static const unsigned int Td1[256] = {
- 0x5051f4a7UL, 0x537e4165UL, 0xc31a17a4UL, 0x963a275eUL,
- 0xcb3bab6bUL, 0xf11f9d45UL, 0xabacfa58UL, 0x934be303UL,
- 0x552030faUL, 0xf6ad766dUL, 0x9188cc76UL, 0x25f5024cUL,
- 0xfc4fe5d7UL, 0xd7c52acbUL, 0x80263544UL, 0x8fb562a3UL,
- 0x49deb15aUL, 0x6725ba1bUL, 0x9845ea0eUL, 0xe15dfec0UL,
- 0x02c32f75UL, 0x12814cf0UL, 0xa38d4697UL, 0xc66bd3f9UL,
- 0xe7038f5fUL, 0x9515929cUL, 0xebbf6d7aUL, 0xda955259UL,
- 0x2dd4be83UL, 0xd3587421UL, 0x2949e069UL, 0x448ec9c8UL,
- 0x6a75c289UL, 0x78f48e79UL, 0x6b99583eUL, 0xdd27b971UL,
- 0xb6bee14fUL, 0x17f088adUL, 0x66c920acUL, 0xb47dce3aUL,
- 0x1863df4aUL, 0x82e51a31UL, 0x60975133UL, 0x4562537fUL,
- 0xe0b16477UL, 0x84bb6baeUL, 0x1cfe81a0UL, 0x94f9082bUL,
- 0x58704868UL, 0x198f45fdUL, 0x8794de6cUL, 0xb7527bf8UL,
- 0x23ab73d3UL, 0xe2724b02UL, 0x57e31f8fUL, 0x2a6655abUL,
- 0x07b2eb28UL, 0x032fb5c2UL, 0x9a86c57bUL, 0xa5d33708UL,
- 0xf2302887UL, 0xb223bfa5UL, 0xba02036aUL, 0x5ced1682UL,
- 0x2b8acf1cUL, 0x92a779b4UL, 0xf0f307f2UL, 0xa14e69e2UL,
- 0xcd65daf4UL, 0xd50605beUL, 0x1fd13462UL, 0x8ac4a6feUL,
- 0x9d342e53UL, 0xa0a2f355UL, 0x32058ae1UL, 0x75a4f6ebUL,
- 0x390b83ecUL, 0xaa4060efUL, 0x065e719fUL, 0x51bd6e10UL,
- 0xf93e218aUL, 0x3d96dd06UL, 0xaedd3e05UL, 0x464de6bdUL,
- 0xb591548dUL, 0x0571c45dUL, 0x6f0406d4UL, 0xff605015UL,
- 0x241998fbUL, 0x97d6bde9UL, 0xcc894043UL, 0x7767d99eUL,
- 0xbdb0e842UL, 0x8807898bUL, 0x38e7195bUL, 0xdb79c8eeUL,
- 0x47a17c0aUL, 0xe97c420fUL, 0xc9f8841eUL, 0x00000000UL,
- 0x83098086UL, 0x48322bedUL, 0xac1e1170UL, 0x4e6c5a72UL,
- 0xfbfd0effUL, 0x560f8538UL, 0x1e3daed5UL, 0x27362d39UL,
- 0x640a0fd9UL, 0x21685ca6UL, 0xd19b5b54UL, 0x3a24362eUL,
- 0xb10c0a67UL, 0x0f9357e7UL, 0xd2b4ee96UL, 0x9e1b9b91UL,
- 0x4f80c0c5UL, 0xa261dc20UL, 0x695a774bUL, 0x161c121aUL,
- 0x0ae293baUL, 0xe5c0a02aUL, 0x433c22e0UL, 0x1d121b17UL,
- 0x0b0e090dUL, 0xadf28bc7UL, 0xb92db6a8UL, 0xc8141ea9UL,
- 0x8557f119UL, 0x4caf7507UL, 0xbbee99ddUL, 0xfda37f60UL,
- 0x9ff70126UL, 0xbc5c72f5UL, 0xc544663bUL, 0x345bfb7eUL,
- 0x768b4329UL, 0xdccb23c6UL, 0x68b6edfcUL, 0x63b8e4f1UL,
- 0xcad731dcUL, 0x10426385UL, 0x40139722UL, 0x2084c611UL,
- 0x7d854a24UL, 0xf8d2bb3dUL, 0x11aef932UL, 0x6dc729a1UL,
- 0x4b1d9e2fUL, 0xf3dcb230UL, 0xec0d8652UL, 0xd077c1e3UL,
- 0x6c2bb316UL, 0x99a970b9UL, 0xfa119448UL, 0x2247e964UL,
- 0xc4a8fc8cUL, 0x1aa0f03fUL, 0xd8567d2cUL, 0xef223390UL,
- 0xc787494eUL, 0xc1d938d1UL, 0xfe8ccaa2UL, 0x3698d40bUL,
- 0xcfa6f581UL, 0x28a57adeUL, 0x26dab78eUL, 0xa43fadbfUL,
- 0xe42c3a9dUL, 0x0d507892UL, 0x9b6a5fccUL, 0x62547e46UL,
- 0xc2f68d13UL, 0xe890d8b8UL, 0x5e2e39f7UL, 0xf582c3afUL,
- 0xbe9f5d80UL, 0x7c69d093UL, 0xa96fd52dUL, 0xb3cf2512UL,
- 0x3bc8ac99UL, 0xa710187dUL, 0x6ee89c63UL, 0x7bdb3bbbUL,
- 0x09cd2678UL, 0xf46e5918UL, 0x01ec9ab7UL, 0xa8834f9aUL,
- 0x65e6956eUL, 0x7eaaffe6UL, 0x0821bccfUL, 0xe6ef15e8UL,
- 0xd9bae79bUL, 0xce4a6f36UL, 0xd4ea9f09UL, 0xd629b07cUL,
- 0xaf31a4b2UL, 0x312a3f23UL, 0x30c6a594UL, 0xc035a266UL,
- 0x37744ebcUL, 0xa6fc82caUL, 0xb0e090d0UL, 0x1533a7d8UL,
- 0x4af10498UL, 0xf741ecdaUL, 0x0e7fcd50UL, 0x2f1791f6UL,
- 0x8d764dd6UL, 0x4d43efb0UL, 0x54ccaa4dUL, 0xdfe49604UL,
- 0xe39ed1b5UL, 0x1b4c6a88UL, 0xb8c12c1fUL, 0x7f466551UL,
- 0x049d5eeaUL, 0x5d018c35UL, 0x73fa8774UL, 0x2efb0b41UL,
- 0x5ab3671dUL, 0x5292dbd2UL, 0x33e91056UL, 0x136dd647UL,
- 0x8c9ad761UL, 0x7a37a10cUL, 0x8e59f814UL, 0x89eb133cUL,
- 0xeecea927UL, 0x35b761c9UL, 0xede11ce5UL, 0x3c7a47b1UL,
- 0x599cd2dfUL, 0x3f55f273UL, 0x791814ceUL, 0xbf73c737UL,
- 0xea53f7cdUL, 0x5b5ffdaaUL, 0x14df3d6fUL, 0x867844dbUL,
- 0x81caaff3UL, 0x3eb968c4UL, 0x2c382434UL, 0x5fc2a340UL,
- 0x72161dc3UL, 0x0cbce225UL, 0x8b283c49UL, 0x41ff0d95UL,
- 0x7139a801UL, 0xde080cb3UL, 0x9cd8b4e4UL, 0x906456c1UL,
- 0x617bcb84UL, 0x70d532b6UL, 0x74486c5cUL, 0x42d0b857UL,
-};
-static const unsigned int Td2[256] = {
- 0xa75051f4UL, 0x65537e41UL, 0xa4c31a17UL, 0x5e963a27UL,
- 0x6bcb3babUL, 0x45f11f9dUL, 0x58abacfaUL, 0x03934be3UL,
- 0xfa552030UL, 0x6df6ad76UL, 0x769188ccUL, 0x4c25f502UL,
- 0xd7fc4fe5UL, 0xcbd7c52aUL, 0x44802635UL, 0xa38fb562UL,
- 0x5a49deb1UL, 0x1b6725baUL, 0x0e9845eaUL, 0xc0e15dfeUL,
- 0x7502c32fUL, 0xf012814cUL, 0x97a38d46UL, 0xf9c66bd3UL,
- 0x5fe7038fUL, 0x9c951592UL, 0x7aebbf6dUL, 0x59da9552UL,
- 0x832dd4beUL, 0x21d35874UL, 0x692949e0UL, 0xc8448ec9UL,
- 0x896a75c2UL, 0x7978f48eUL, 0x3e6b9958UL, 0x71dd27b9UL,
- 0x4fb6bee1UL, 0xad17f088UL, 0xac66c920UL, 0x3ab47dceUL,
- 0x4a1863dfUL, 0x3182e51aUL, 0x33609751UL, 0x7f456253UL,
- 0x77e0b164UL, 0xae84bb6bUL, 0xa01cfe81UL, 0x2b94f908UL,
- 0x68587048UL, 0xfd198f45UL, 0x6c8794deUL, 0xf8b7527bUL,
- 0xd323ab73UL, 0x02e2724bUL, 0x8f57e31fUL, 0xab2a6655UL,
- 0x2807b2ebUL, 0xc2032fb5UL, 0x7b9a86c5UL, 0x08a5d337UL,
- 0x87f23028UL, 0xa5b223bfUL, 0x6aba0203UL, 0x825ced16UL,
- 0x1c2b8acfUL, 0xb492a779UL, 0xf2f0f307UL, 0xe2a14e69UL,
- 0xf4cd65daUL, 0xbed50605UL, 0x621fd134UL, 0xfe8ac4a6UL,
- 0x539d342eUL, 0x55a0a2f3UL, 0xe132058aUL, 0xeb75a4f6UL,
- 0xec390b83UL, 0xefaa4060UL, 0x9f065e71UL, 0x1051bd6eUL,
- 0x8af93e21UL, 0x063d96ddUL, 0x05aedd3eUL, 0xbd464de6UL,
- 0x8db59154UL, 0x5d0571c4UL, 0xd46f0406UL, 0x15ff6050UL,
- 0xfb241998UL, 0xe997d6bdUL, 0x43cc8940UL, 0x9e7767d9UL,
- 0x42bdb0e8UL, 0x8b880789UL, 0x5b38e719UL, 0xeedb79c8UL,
- 0x0a47a17cUL, 0x0fe97c42UL, 0x1ec9f884UL, 0x00000000UL,
- 0x86830980UL, 0xed48322bUL, 0x70ac1e11UL, 0x724e6c5aUL,
- 0xfffbfd0eUL, 0x38560f85UL, 0xd51e3daeUL, 0x3927362dUL,
- 0xd9640a0fUL, 0xa621685cUL, 0x54d19b5bUL, 0x2e3a2436UL,
- 0x67b10c0aUL, 0xe70f9357UL, 0x96d2b4eeUL, 0x919e1b9bUL,
- 0xc54f80c0UL, 0x20a261dcUL, 0x4b695a77UL, 0x1a161c12UL,
- 0xba0ae293UL, 0x2ae5c0a0UL, 0xe0433c22UL, 0x171d121bUL,
- 0x0d0b0e09UL, 0xc7adf28bUL, 0xa8b92db6UL, 0xa9c8141eUL,
- 0x198557f1UL, 0x074caf75UL, 0xddbbee99UL, 0x60fda37fUL,
- 0x269ff701UL, 0xf5bc5c72UL, 0x3bc54466UL, 0x7e345bfbUL,
- 0x29768b43UL, 0xc6dccb23UL, 0xfc68b6edUL, 0xf163b8e4UL,
- 0xdccad731UL, 0x85104263UL, 0x22401397UL, 0x112084c6UL,
- 0x247d854aUL, 0x3df8d2bbUL, 0x3211aef9UL, 0xa16dc729UL,
- 0x2f4b1d9eUL, 0x30f3dcb2UL, 0x52ec0d86UL, 0xe3d077c1UL,
- 0x166c2bb3UL, 0xb999a970UL, 0x48fa1194UL, 0x642247e9UL,
- 0x8cc4a8fcUL, 0x3f1aa0f0UL, 0x2cd8567dUL, 0x90ef2233UL,
- 0x4ec78749UL, 0xd1c1d938UL, 0xa2fe8ccaUL, 0x0b3698d4UL,
- 0x81cfa6f5UL, 0xde28a57aUL, 0x8e26dab7UL, 0xbfa43fadUL,
- 0x9de42c3aUL, 0x920d5078UL, 0xcc9b6a5fUL, 0x4662547eUL,
- 0x13c2f68dUL, 0xb8e890d8UL, 0xf75e2e39UL, 0xaff582c3UL,
- 0x80be9f5dUL, 0x937c69d0UL, 0x2da96fd5UL, 0x12b3cf25UL,
- 0x993bc8acUL, 0x7da71018UL, 0x636ee89cUL, 0xbb7bdb3bUL,
- 0x7809cd26UL, 0x18f46e59UL, 0xb701ec9aUL, 0x9aa8834fUL,
- 0x6e65e695UL, 0xe67eaaffUL, 0xcf0821bcUL, 0xe8e6ef15UL,
- 0x9bd9bae7UL, 0x36ce4a6fUL, 0x09d4ea9fUL, 0x7cd629b0UL,
- 0xb2af31a4UL, 0x23312a3fUL, 0x9430c6a5UL, 0x66c035a2UL,
- 0xbc37744eUL, 0xcaa6fc82UL, 0xd0b0e090UL, 0xd81533a7UL,
- 0x984af104UL, 0xdaf741ecUL, 0x500e7fcdUL, 0xf62f1791UL,
- 0xd68d764dUL, 0xb04d43efUL, 0x4d54ccaaUL, 0x04dfe496UL,
- 0xb5e39ed1UL, 0x881b4c6aUL, 0x1fb8c12cUL, 0x517f4665UL,
- 0xea049d5eUL, 0x355d018cUL, 0x7473fa87UL, 0x412efb0bUL,
- 0x1d5ab367UL, 0xd25292dbUL, 0x5633e910UL, 0x47136dd6UL,
- 0x618c9ad7UL, 0x0c7a37a1UL, 0x148e59f8UL, 0x3c89eb13UL,
- 0x27eecea9UL, 0xc935b761UL, 0xe5ede11cUL, 0xb13c7a47UL,
- 0xdf599cd2UL, 0x733f55f2UL, 0xce791814UL, 0x37bf73c7UL,
- 0xcdea53f7UL, 0xaa5b5ffdUL, 0x6f14df3dUL, 0xdb867844UL,
- 0xf381caafUL, 0xc43eb968UL, 0x342c3824UL, 0x405fc2a3UL,
- 0xc372161dUL, 0x250cbce2UL, 0x498b283cUL, 0x9541ff0dUL,
- 0x017139a8UL, 0xb3de080cUL, 0xe49cd8b4UL, 0xc1906456UL,
- 0x84617bcbUL, 0xb670d532UL, 0x5c74486cUL, 0x5742d0b8UL,
-};
-static const unsigned int Td3[256] = {
- 0xf4a75051UL, 0x4165537eUL, 0x17a4c31aUL, 0x275e963aUL,
- 0xab6bcb3bUL, 0x9d45f11fUL, 0xfa58abacUL, 0xe303934bUL,
- 0x30fa5520UL, 0x766df6adUL, 0xcc769188UL, 0x024c25f5UL,
- 0xe5d7fc4fUL, 0x2acbd7c5UL, 0x35448026UL, 0x62a38fb5UL,
- 0xb15a49deUL, 0xba1b6725UL, 0xea0e9845UL, 0xfec0e15dUL,
- 0x2f7502c3UL, 0x4cf01281UL, 0x4697a38dUL, 0xd3f9c66bUL,
- 0x8f5fe703UL, 0x929c9515UL, 0x6d7aebbfUL, 0x5259da95UL,
- 0xbe832dd4UL, 0x7421d358UL, 0xe0692949UL, 0xc9c8448eUL,
- 0xc2896a75UL, 0x8e7978f4UL, 0x583e6b99UL, 0xb971dd27UL,
- 0xe14fb6beUL, 0x88ad17f0UL, 0x20ac66c9UL, 0xce3ab47dUL,
- 0xdf4a1863UL, 0x1a3182e5UL, 0x51336097UL, 0x537f4562UL,
- 0x6477e0b1UL, 0x6bae84bbUL, 0x81a01cfeUL, 0x082b94f9UL,
- 0x48685870UL, 0x45fd198fUL, 0xde6c8794UL, 0x7bf8b752UL,
- 0x73d323abUL, 0x4b02e272UL, 0x1f8f57e3UL, 0x55ab2a66UL,
- 0xeb2807b2UL, 0xb5c2032fUL, 0xc57b9a86UL, 0x3708a5d3UL,
- 0x2887f230UL, 0xbfa5b223UL, 0x036aba02UL, 0x16825cedUL,
- 0xcf1c2b8aUL, 0x79b492a7UL, 0x07f2f0f3UL, 0x69e2a14eUL,
- 0xdaf4cd65UL, 0x05bed506UL, 0x34621fd1UL, 0xa6fe8ac4UL,
- 0x2e539d34UL, 0xf355a0a2UL, 0x8ae13205UL, 0xf6eb75a4UL,
- 0x83ec390bUL, 0x60efaa40UL, 0x719f065eUL, 0x6e1051bdUL,
- 0x218af93eUL, 0xdd063d96UL, 0x3e05aeddUL, 0xe6bd464dUL,
- 0x548db591UL, 0xc45d0571UL, 0x06d46f04UL, 0x5015ff60UL,
- 0x98fb2419UL, 0xbde997d6UL, 0x4043cc89UL, 0xd99e7767UL,
- 0xe842bdb0UL, 0x898b8807UL, 0x195b38e7UL, 0xc8eedb79UL,
- 0x7c0a47a1UL, 0x420fe97cUL, 0x841ec9f8UL, 0x00000000UL,
- 0x80868309UL, 0x2bed4832UL, 0x1170ac1eUL, 0x5a724e6cUL,
- 0x0efffbfdUL, 0x8538560fUL, 0xaed51e3dUL, 0x2d392736UL,
- 0x0fd9640aUL, 0x5ca62168UL, 0x5b54d19bUL, 0x362e3a24UL,
- 0x0a67b10cUL, 0x57e70f93UL, 0xee96d2b4UL, 0x9b919e1bUL,
- 0xc0c54f80UL, 0xdc20a261UL, 0x774b695aUL, 0x121a161cUL,
- 0x93ba0ae2UL, 0xa02ae5c0UL, 0x22e0433cUL, 0x1b171d12UL,
- 0x090d0b0eUL, 0x8bc7adf2UL, 0xb6a8b92dUL, 0x1ea9c814UL,
- 0xf1198557UL, 0x75074cafUL, 0x99ddbbeeUL, 0x7f60fda3UL,
- 0x01269ff7UL, 0x72f5bc5cUL, 0x663bc544UL, 0xfb7e345bUL,
- 0x4329768bUL, 0x23c6dccbUL, 0xedfc68b6UL, 0xe4f163b8UL,
- 0x31dccad7UL, 0x63851042UL, 0x97224013UL, 0xc6112084UL,
- 0x4a247d85UL, 0xbb3df8d2UL, 0xf93211aeUL, 0x29a16dc7UL,
- 0x9e2f4b1dUL, 0xb230f3dcUL, 0x8652ec0dUL, 0xc1e3d077UL,
- 0xb3166c2bUL, 0x70b999a9UL, 0x9448fa11UL, 0xe9642247UL,
- 0xfc8cc4a8UL, 0xf03f1aa0UL, 0x7d2cd856UL, 0x3390ef22UL,
- 0x494ec787UL, 0x38d1c1d9UL, 0xcaa2fe8cUL, 0xd40b3698UL,
- 0xf581cfa6UL, 0x7ade28a5UL, 0xb78e26daUL, 0xadbfa43fUL,
- 0x3a9de42cUL, 0x78920d50UL, 0x5fcc9b6aUL, 0x7e466254UL,
- 0x8d13c2f6UL, 0xd8b8e890UL, 0x39f75e2eUL, 0xc3aff582UL,
- 0x5d80be9fUL, 0xd0937c69UL, 0xd52da96fUL, 0x2512b3cfUL,
- 0xac993bc8UL, 0x187da710UL, 0x9c636ee8UL, 0x3bbb7bdbUL,
- 0x267809cdUL, 0x5918f46eUL, 0x9ab701ecUL, 0x4f9aa883UL,
- 0x956e65e6UL, 0xffe67eaaUL, 0xbccf0821UL, 0x15e8e6efUL,
- 0xe79bd9baUL, 0x6f36ce4aUL, 0x9f09d4eaUL, 0xb07cd629UL,
- 0xa4b2af31UL, 0x3f23312aUL, 0xa59430c6UL, 0xa266c035UL,
- 0x4ebc3774UL, 0x82caa6fcUL, 0x90d0b0e0UL, 0xa7d81533UL,
- 0x04984af1UL, 0xecdaf741UL, 0xcd500e7fUL, 0x91f62f17UL,
- 0x4dd68d76UL, 0xefb04d43UL, 0xaa4d54ccUL, 0x9604dfe4UL,
- 0xd1b5e39eUL, 0x6a881b4cUL, 0x2c1fb8c1UL, 0x65517f46UL,
- 0x5eea049dUL, 0x8c355d01UL, 0x877473faUL, 0x0b412efbUL,
- 0x671d5ab3UL, 0xdbd25292UL, 0x105633e9UL, 0xd647136dUL,
- 0xd7618c9aUL, 0xa10c7a37UL, 0xf8148e59UL, 0x133c89ebUL,
- 0xa927eeceUL, 0x61c935b7UL, 0x1ce5ede1UL, 0x47b13c7aUL,
- 0xd2df599cUL, 0xf2733f55UL, 0x14ce7918UL, 0xc737bf73UL,
- 0xf7cdea53UL, 0xfdaa5b5fUL, 0x3d6f14dfUL, 0x44db8678UL,
- 0xaff381caUL, 0x68c43eb9UL, 0x24342c38UL, 0xa3405fc2UL,
- 0x1dc37216UL, 0xe2250cbcUL, 0x3c498b28UL, 0x0d9541ffUL,
- 0xa8017139UL, 0x0cb3de08UL, 0xb4e49cd8UL, 0x56c19064UL,
- 0xcb84617bUL, 0x32b670d5UL, 0x6c5c7448UL, 0xb85742d0UL,
-};
-static const unsigned int Td4[256] = {
- 0x52525252UL, 0x09090909UL, 0x6a6a6a6aUL, 0xd5d5d5d5UL,
- 0x30303030UL, 0x36363636UL, 0xa5a5a5a5UL, 0x38383838UL,
- 0xbfbfbfbfUL, 0x40404040UL, 0xa3a3a3a3UL, 0x9e9e9e9eUL,
- 0x81818181UL, 0xf3f3f3f3UL, 0xd7d7d7d7UL, 0xfbfbfbfbUL,
- 0x7c7c7c7cUL, 0xe3e3e3e3UL, 0x39393939UL, 0x82828282UL,
- 0x9b9b9b9bUL, 0x2f2f2f2fUL, 0xffffffffUL, 0x87878787UL,
- 0x34343434UL, 0x8e8e8e8eUL, 0x43434343UL, 0x44444444UL,
- 0xc4c4c4c4UL, 0xdedededeUL, 0xe9e9e9e9UL, 0xcbcbcbcbUL,
- 0x54545454UL, 0x7b7b7b7bUL, 0x94949494UL, 0x32323232UL,
- 0xa6a6a6a6UL, 0xc2c2c2c2UL, 0x23232323UL, 0x3d3d3d3dUL,
- 0xeeeeeeeeUL, 0x4c4c4c4cUL, 0x95959595UL, 0x0b0b0b0bUL,
- 0x42424242UL, 0xfafafafaUL, 0xc3c3c3c3UL, 0x4e4e4e4eUL,
- 0x08080808UL, 0x2e2e2e2eUL, 0xa1a1a1a1UL, 0x66666666UL,
- 0x28282828UL, 0xd9d9d9d9UL, 0x24242424UL, 0xb2b2b2b2UL,
- 0x76767676UL, 0x5b5b5b5bUL, 0xa2a2a2a2UL, 0x49494949UL,
- 0x6d6d6d6dUL, 0x8b8b8b8bUL, 0xd1d1d1d1UL, 0x25252525UL,
- 0x72727272UL, 0xf8f8f8f8UL, 0xf6f6f6f6UL, 0x64646464UL,
- 0x86868686UL, 0x68686868UL, 0x98989898UL, 0x16161616UL,
- 0xd4d4d4d4UL, 0xa4a4a4a4UL, 0x5c5c5c5cUL, 0xccccccccUL,
- 0x5d5d5d5dUL, 0x65656565UL, 0xb6b6b6b6UL, 0x92929292UL,
- 0x6c6c6c6cUL, 0x70707070UL, 0x48484848UL, 0x50505050UL,
- 0xfdfdfdfdUL, 0xededededUL, 0xb9b9b9b9UL, 0xdadadadaUL,
- 0x5e5e5e5eUL, 0x15151515UL, 0x46464646UL, 0x57575757UL,
- 0xa7a7a7a7UL, 0x8d8d8d8dUL, 0x9d9d9d9dUL, 0x84848484UL,
- 0x90909090UL, 0xd8d8d8d8UL, 0xababababUL, 0x00000000UL,
- 0x8c8c8c8cUL, 0xbcbcbcbcUL, 0xd3d3d3d3UL, 0x0a0a0a0aUL,
- 0xf7f7f7f7UL, 0xe4e4e4e4UL, 0x58585858UL, 0x05050505UL,
- 0xb8b8b8b8UL, 0xb3b3b3b3UL, 0x45454545UL, 0x06060606UL,
- 0xd0d0d0d0UL, 0x2c2c2c2cUL, 0x1e1e1e1eUL, 0x8f8f8f8fUL,
- 0xcacacacaUL, 0x3f3f3f3fUL, 0x0f0f0f0fUL, 0x02020202UL,
- 0xc1c1c1c1UL, 0xafafafafUL, 0xbdbdbdbdUL, 0x03030303UL,
- 0x01010101UL, 0x13131313UL, 0x8a8a8a8aUL, 0x6b6b6b6bUL,
- 0x3a3a3a3aUL, 0x91919191UL, 0x11111111UL, 0x41414141UL,
- 0x4f4f4f4fUL, 0x67676767UL, 0xdcdcdcdcUL, 0xeaeaeaeaUL,
- 0x97979797UL, 0xf2f2f2f2UL, 0xcfcfcfcfUL, 0xcecececeUL,
- 0xf0f0f0f0UL, 0xb4b4b4b4UL, 0xe6e6e6e6UL, 0x73737373UL,
- 0x96969696UL, 0xacacacacUL, 0x74747474UL, 0x22222222UL,
- 0xe7e7e7e7UL, 0xadadadadUL, 0x35353535UL, 0x85858585UL,
- 0xe2e2e2e2UL, 0xf9f9f9f9UL, 0x37373737UL, 0xe8e8e8e8UL,
- 0x1c1c1c1cUL, 0x75757575UL, 0xdfdfdfdfUL, 0x6e6e6e6eUL,
- 0x47474747UL, 0xf1f1f1f1UL, 0x1a1a1a1aUL, 0x71717171UL,
- 0x1d1d1d1dUL, 0x29292929UL, 0xc5c5c5c5UL, 0x89898989UL,
- 0x6f6f6f6fUL, 0xb7b7b7b7UL, 0x62626262UL, 0x0e0e0e0eUL,
- 0xaaaaaaaaUL, 0x18181818UL, 0xbebebebeUL, 0x1b1b1b1bUL,
- 0xfcfcfcfcUL, 0x56565656UL, 0x3e3e3e3eUL, 0x4b4b4b4bUL,
- 0xc6c6c6c6UL, 0xd2d2d2d2UL, 0x79797979UL, 0x20202020UL,
- 0x9a9a9a9aUL, 0xdbdbdbdbUL, 0xc0c0c0c0UL, 0xfefefefeUL,
- 0x78787878UL, 0xcdcdcdcdUL, 0x5a5a5a5aUL, 0xf4f4f4f4UL,
- 0x1f1f1f1fUL, 0xddddddddUL, 0xa8a8a8a8UL, 0x33333333UL,
- 0x88888888UL, 0x07070707UL, 0xc7c7c7c7UL, 0x31313131UL,
- 0xb1b1b1b1UL, 0x12121212UL, 0x10101010UL, 0x59595959UL,
- 0x27272727UL, 0x80808080UL, 0xececececUL, 0x5f5f5f5fUL,
- 0x60606060UL, 0x51515151UL, 0x7f7f7f7fUL, 0xa9a9a9a9UL,
- 0x19191919UL, 0xb5b5b5b5UL, 0x4a4a4a4aUL, 0x0d0d0d0dUL,
- 0x2d2d2d2dUL, 0xe5e5e5e5UL, 0x7a7a7a7aUL, 0x9f9f9f9fUL,
- 0x93939393UL, 0xc9c9c9c9UL, 0x9c9c9c9cUL, 0xefefefefUL,
- 0xa0a0a0a0UL, 0xe0e0e0e0UL, 0x3b3b3b3bUL, 0x4d4d4d4dUL,
- 0xaeaeaeaeUL, 0x2a2a2a2aUL, 0xf5f5f5f5UL, 0xb0b0b0b0UL,
- 0xc8c8c8c8UL, 0xebebebebUL, 0xbbbbbbbbUL, 0x3c3c3c3cUL,
- 0x83838383UL, 0x53535353UL, 0x99999999UL, 0x61616161UL,
- 0x17171717UL, 0x2b2b2b2bUL, 0x04040404UL, 0x7e7e7e7eUL,
- 0xbabababaUL, 0x77777777UL, 0xd6d6d6d6UL, 0x26262626UL,
- 0xe1e1e1e1UL, 0x69696969UL, 0x14141414UL, 0x63636363UL,
- 0x55555555UL, 0x21212121UL, 0x0c0c0c0cUL, 0x7d7d7d7dUL,
-};
-static const unsigned int rcon[] = {
- 0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL,
- 0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL,
- 0x1B000000UL, 0x36000000UL,
-};
-
-#define GETU32(pt) (((unsigned int)(pt)[0] << 24) ^ \
- ((unsigned int)(pt)[1] << 16) ^ \
- ((unsigned int)(pt)[2] << 8) ^ \
- ((unsigned int)(pt)[3]))
-
-#define PUTU32(ct, st) { (ct)[0] = (unsigned char)((st) >> 24); \
- (ct)[1] = (unsigned char)((st) >> 16); \
- (ct)[2] = (unsigned char)((st) >> 8); \
- (ct)[3] = (unsigned char)(st); }
-
-/*
-* Expand the cipher key into the encryption key schedule and return the
-* number of rounds for the given cipher key size.
-*/
-int aes_setkey_enc(unsigned int rk[], const unsigned char cipherKey[], int keyBytes)
-{
- int i = 0;
- unsigned int temp;
-
- rk[0] = GETU32(cipherKey );
- rk[1] = GETU32(cipherKey + 4);
- rk[2] = GETU32(cipherKey + 8);
- rk[3] = GETU32(cipherKey + 12);
- if (keyBytes == 16) { // 128 bits
- for (;;) {
- temp = rk[3];
- rk[4] = rk[0] ^
- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
- (Te4[(temp ) & 0xff] & 0x0000ff00) ^
- (Te4[(temp >> 24) ] & 0x000000ff) ^
- rcon[i];
- rk[5] = rk[1] ^ rk[4];
- rk[6] = rk[2] ^ rk[5];
- rk[7] = rk[3] ^ rk[6];
- if (++i == 10) {
- return 10;
- }
- rk += 4;
- }
- }
- rk[4] = GETU32(cipherKey + 16);
- rk[5] = GETU32(cipherKey + 20);
- if (keyBytes == 24) { // 192 bits
- for (;;) {
- temp = rk[ 5];
- rk[ 6] = rk[ 0] ^
- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
- (Te4[(temp ) & 0xff] & 0x0000ff00) ^
- (Te4[(temp >> 24) ] & 0x000000ff) ^
- rcon[i];
- rk[ 7] = rk[ 1] ^ rk[ 6];
- rk[ 8] = rk[ 2] ^ rk[ 7];
- rk[ 9] = rk[ 3] ^ rk[ 8];
- if (++i == 8) {
- return 12;
- }
- rk[10] = rk[ 4] ^ rk[ 9];
- rk[11] = rk[ 5] ^ rk[10];
- rk += 6;
- }
- }
- rk[6] = GETU32(cipherKey + 24);
- rk[7] = GETU32(cipherKey + 28);
- if (keyBytes == 32) { // 256 bits
- for (;;) {
- temp = rk[ 7];
- rk[ 8] = rk[ 0] ^
- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
- (Te4[(temp ) & 0xff] & 0x0000ff00) ^
- (Te4[(temp >> 24) ] & 0x000000ff) ^
- rcon[i];
- rk[ 9] = rk[ 1] ^ rk[ 8];
- rk[10] = rk[ 2] ^ rk[ 9];
- rk[11] = rk[ 3] ^ rk[10];
- if (++i == 7) {
- return 14;
- }
- temp = rk[11];
- rk[12] = rk[ 4] ^
- (Te4[(temp >> 24) ] & 0xff000000) ^
- (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
- (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
- (Te4[(temp ) & 0xff] & 0x000000ff);
- rk[13] = rk[ 5] ^ rk[12];
- rk[14] = rk[ 6] ^ rk[13];
- rk[15] = rk[ 7] ^ rk[14];
-
- rk += 8;
- }
- }
- return 0;
-}
-
-/*
-* Expand the cipher key into encryption and decryption key schedule and
-* return the number of rounds for the given cipher key size.
-*/
-int AesGenKeySched(unsigned int rk[], unsigned int rrk[], const unsigned char cipherKey[], int keyBytes)
-{
- int Nr, i;
-
- // expand the cipher key
- Nr = aes_setkey_enc(rk, cipherKey, keyBytes);
- // invert the order of the first round keys
- rrk += Nr * 4;
- rrk[0] = rk[0];
- rrk[1] = rk[1];
- rrk[2] = rk[2];
- rrk[3] = rk[3];
-
- /*
- * apply the inverse MixColumn transform to all round keys but the first
- * and the last
- */
- for (i = 1; i < Nr; i++) {
- rrk -= 4;
- rk += 4;
- rrk[0] =
- Td0[Te4[(rk[0] >> 24) ] & 0xff] ^
- Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
- Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
- Td3[Te4[(rk[0] ) & 0xff] & 0xff];
- rrk[1] =
- Td0[Te4[(rk[1] >> 24) ] & 0xff] ^
- Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
- Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
- Td3[Te4[(rk[1] ) & 0xff] & 0xff];
- rrk[2] =
- Td0[Te4[(rk[2] >> 24) ] & 0xff] ^
- Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
- Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
- Td3[Te4[(rk[2] ) & 0xff] & 0xff];
- rrk[3] =
- Td0[Te4[(rk[3] >> 24) ] & 0xff] ^
- Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
- Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
- Td3[Te4[(rk[3] ) & 0xff] & 0xff];
- }
- // invert the order of the last round keys
- rrk -= 4;
- rk += 4;
- rrk[0] = rk[0];
- rrk[1] = rk[1];
- rrk[2] = rk[2];
- rrk[3] = rk[3];
-
- return Nr;
-}
-
-/*
-* Encrypt the plain text into cipher
-*/
-void AesEncBlk(AesCtx *pCtx, const unsigned char pt[], unsigned char ct[])
-{
- unsigned int s0, s1, s2, s3, t0, t1, t2, t3, *iv;
- const unsigned int *rk;
- int r;
-
- rk = pCtx->Ek;
- iv = pCtx->Iv;
- /*
- * map byte array block to cipher state
- * and add initial round key:
- */
- s0 = GETU32(pt ) ^ rk[0];
- s1 = GETU32(pt + 4) ^ rk[1];
- s2 = GETU32(pt + 8) ^ rk[2];
- s3 = GETU32(pt + 12) ^ rk[3];
- if (pCtx->Mode) {
- s0 = s0 ^ iv[0];
- s1 = s1 ^ iv[1];
- s2 = s2 ^ iv[2];
- s3 = s3 ^ iv[3];
- }
- /*
- * Nr - 1 full rounds:
- */
- r = pCtx->Nr >> 1;
- for (;;) {
- t0 =
- Te0[(s0 >> 24) ] ^
- Te1[(s1 >> 16) & 0xff] ^
- Te2[(s2 >> 8) & 0xff] ^
- Te3[(s3 ) & 0xff] ^
- rk[4];
- t1 =
- Te0[(s1 >> 24) ] ^
- Te1[(s2 >> 16) & 0xff] ^
- Te2[(s3 >> 8) & 0xff] ^
- Te3[(s0 ) & 0xff] ^
- rk[5];
- t2 =
- Te0[(s2 >> 24) ] ^
- Te1[(s3 >> 16) & 0xff] ^
- Te2[(s0 >> 8) & 0xff] ^
- Te3[(s1 ) & 0xff] ^
- rk[6];
- t3 =
- Te0[(s3 >> 24) ] ^
- Te1[(s0 >> 16) & 0xff] ^
- Te2[(s1 >> 8) & 0xff] ^
- Te3[(s2 ) & 0xff] ^
- rk[7];
-
- rk += 8;
- if (--r == 0) {
- break;
- }
-
- s0 =
- Te0[(t0 >> 24) ] ^
- Te1[(t1 >> 16) & 0xff] ^
- Te2[(t2 >> 8) & 0xff] ^
- Te3[(t3 ) & 0xff] ^
- rk[0];
- s1 =
- Te0[(t1 >> 24) ] ^
- Te1[(t2 >> 16) & 0xff] ^
- Te2[(t3 >> 8) & 0xff] ^
- Te3[(t0 ) & 0xff] ^
- rk[1];
- s2 =
- Te0[(t2 >> 24) ] ^
- Te1[(t3 >> 16) & 0xff] ^
- Te2[(t0 >> 8) & 0xff] ^
- Te3[(t1 ) & 0xff] ^
- rk[2];
- s3 =
- Te0[(t3 >> 24) ] ^
- Te1[(t0 >> 16) & 0xff] ^
- Te2[(t1 >> 8) & 0xff] ^
- Te3[(t2 ) & 0xff] ^
- rk[3];
- }
- /*
- * apply last round and
- * map cipher state to byte array block:
- */
- s0 =
- (Te4[(t0 >> 24) ] & 0xff000000) ^
- (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
- (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
- (Te4[(t3 ) & 0xff] & 0x000000ff) ^
- rk[0];
- PUTU32(ct , s0);
- s1 =
- (Te4[(t1 >> 24) ] & 0xff000000) ^
- (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
- (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
- (Te4[(t0 ) & 0xff] & 0x000000ff) ^
- rk[1];
- PUTU32(ct + 4, s1);
- s2 =
- (Te4[(t2 >> 24) ] & 0xff000000) ^
- (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
- (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
- (Te4[(t1 ) & 0xff] & 0x000000ff) ^
- rk[2];
- PUTU32(ct + 8, s2);
- s3 =
- (Te4[(t3 >> 24) ] & 0xff000000) ^
- (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
- (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
- (Te4[(t2 ) & 0xff] & 0x000000ff) ^
- rk[3];
- PUTU32(ct + 12, s3);
-
- if (pCtx->Mode) {
- iv[0] = s0;
- iv[1] = s1;
- iv[2] = s2;
- iv[3] = s3;
- }
-}
-
-/*
-* Decrypt the cipher into plain text
-*/
-void AesDecBlk(AesCtx *pCtx, const unsigned char ct[], unsigned char pt[])
-{
- unsigned int s0, s1, s2, s3, t0, t1, t2, t3, v0, v1, v2, v3, *iv;
- const unsigned int *rk;
- int r;
-
- rk = pCtx->Dk;
- iv = pCtx->Iv;
- /*
- * map byte array block to cipher state
- * and add initial round key:
- */
- v0 = GETU32(ct ); s0 = v0 ^ rk[0];
- v1 = GETU32(ct + 4); s1 = v1 ^ rk[1];
- v2 = GETU32(ct + 8); s2 = v2 ^ rk[2];
- v3 = GETU32(ct + 12); s3 = v3 ^ rk[3];
- /*
- * Nr - 1 full rounds:
- */
- r = pCtx->Nr >> 1;
- for (;;) {
- t0 =
- Td0[(s0 >> 24) ] ^
- Td1[(s3 >> 16) & 0xff] ^
- Td2[(s2 >> 8) & 0xff] ^
- Td3[(s1 ) & 0xff] ^
- rk[4];
- t1 =
- Td0[(s1 >> 24) ] ^
- Td1[(s0 >> 16) & 0xff] ^
- Td2[(s3 >> 8) & 0xff] ^
- Td3[(s2 ) & 0xff] ^
- rk[5];
- t2 =
- Td0[(s2 >> 24) ] ^
- Td1[(s1 >> 16) & 0xff] ^
- Td2[(s0 >> 8) & 0xff] ^
- Td3[(s3 ) & 0xff] ^
- rk[6];
- t3 =
- Td0[(s3 >> 24) ] ^
- Td1[(s2 >> 16) & 0xff] ^
- Td2[(s1 >> 8) & 0xff] ^
- Td3[(s0 ) & 0xff] ^
- rk[7];
-
- rk += 8;
- if (--r == 0) {
- break;
- }
-
- s0 =
- Td0[(t0 >> 24) ] ^
- Td1[(t3 >> 16) & 0xff] ^
- Td2[(t2 >> 8) & 0xff] ^
- Td3[(t1 ) & 0xff] ^
- rk[0];
- s1 =
- Td0[(t1 >> 24) ] ^
- Td1[(t0 >> 16) & 0xff] ^
- Td2[(t3 >> 8) & 0xff] ^
- Td3[(t2 ) & 0xff] ^
- rk[1];
- s2 =
- Td0[(t2 >> 24) ] ^
- Td1[(t1 >> 16) & 0xff] ^
- Td2[(t0 >> 8) & 0xff] ^
- Td3[(t3 ) & 0xff] ^
- rk[2];
- s3 =
- Td0[(t3 >> 24) ] ^
- Td1[(t2 >> 16) & 0xff] ^
- Td2[(t1 >> 8) & 0xff] ^
- Td3[(t0 ) & 0xff] ^
- rk[3];
- }
- /*
- * apply last round and
- * map cipher state to byte array block:
- */
- s0 =
- (Td4[(t0 >> 24) ] & 0xff000000) ^
- (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
- (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
- (Td4[(t1 ) & 0xff] & 0x000000ff) ^
- rk[0];
- s1 =
- (Td4[(t1 >> 24) ] & 0xff000000) ^
- (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
- (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
- (Td4[(t2 ) & 0xff] & 0x000000ff) ^
- rk[1];
- s2 =
- (Td4[(t2 >> 24) ] & 0xff000000) ^
- (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
- (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
- (Td4[(t3 ) & 0xff] & 0x000000ff) ^
- rk[2];
- s3 =
- (Td4[(t3 >> 24) ] & 0xff000000) ^
- (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
- (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
- (Td4[(t0 ) & 0xff] & 0x000000ff) ^
- rk[3];
-
- if (pCtx->Mode) {
- s0 = s0 ^ iv[0]; iv[0] = v0;
- s1 = s1 ^ iv[1]; iv[1] = v1;
- s2 = s2 ^ iv[2]; iv[2] = v2;
- s3 = s3 ^ iv[3]; iv[3] = v3;
- }
-
- PUTU32(pt , s0);
- PUTU32(pt + 4, s1);
- PUTU32(pt + 8, s2);
- PUTU32(pt + 12, s3);
-}
-
-//////////////////////////////////////////////////////////////////////////////
-// API functions //
-//////////////////////////////////////////////////////////////////////////////
-
-/*
-* initialize AES context
-*/
-int AesCtxIni(AesCtx *pCtx, unsigned char *pIV, unsigned char *pKey, unsigned int KeyLen, unsigned char Mode)
-{
- if (pKey == 0 || pCtx == 0 || (KeyLen != KEY128 && KeyLen != KEY192 && KeyLen != KEY256))
- return -1;
-
- // generate key schedule
- pCtx->Nr = AesGenKeySched(pCtx->Ek, pCtx->Dk, pKey, KeyLen);
-
- // initialize IV
- if (pIV != 0) {
- pCtx->Iv[0] = GETU32(pIV );
- pCtx->Iv[1] = GETU32(pIV + 4 );
- pCtx->Iv[2] = GETU32(pIV + 8 );
- pCtx->Iv[3] = GETU32(pIV + 12);
- }
-
- // mode
- pCtx->Mode = Mode;
-
- return 0;
-}
-
-/*
-* Encrypt plain text
-*/
-int AesEncrypt(AesCtx *pCtx, unsigned char *pData, unsigned char *pCipher, unsigned int DataLen)
-{
- int i;
-
- if (pData == 0 || pCipher == 0 || pCtx == 0 || (DataLen & 0xf) != 0)
- return -1;
-
- for (i = 0; i < DataLen; i += BLOCKSZ) {
- // encrypt block by block
- AesEncBlk(pCtx, pData, pCipher);
- pCipher += BLOCKSZ;
- pData += BLOCKSZ;
- }
- return DataLen;
-}
-
-/*
-* Decrypt cipher
-*/
-int AesDecrypt(AesCtx *pCtx, unsigned char *pCipher, unsigned char *pData, unsigned int CipherLen)
-{
- int i;
-
- if (pData == 0 || pCipher == 0 || pCtx == 0 || (CipherLen & 0xf) != 0)
- return -1;
-
- for (i = 0; i < CipherLen; i += BLOCKSZ) {
- // decrypt block by block
- AesDecBlk(pCtx, pCipher, pData);
- pCipher += BLOCKSZ;
- pData += BLOCKSZ;
- }
- return CipherLen;
-}
-
-//////////////////////////////////////////////////////////////////////////////
-// Sample main program //
-//////////////////////////////////////////////////////////////////////////////
-
-#ifndef EMBEDDED
-
-#include <stdio.h>
-
-int main()
-{
- AesCtx ctx;
- unsigned char iv[] = "INI VECTINI VECT";
- unsigned char key[] = "This is a sample AESKey";
- unsigned char databuf[] = "Data : AES Test"; // must be in multiple of 16
-
- // initialize context and encrypt data at one end
-
- if( AesCtxIni(&ctx, iv, key, KEY128, CBC) < 0)
- printf("init error\n");
-
- if (AesEncrypt(&ctx, databuf, databuf, sizeof(databuf) ) < 0)
- printf("error in encryption\n");
-
- // initialize context and decrypt cipher at other end
-
- if( AesCtxIni(&ctx, iv, key, KEY128, CBC) < 0)
- printf("init error\n");
-
- if (AesDecrypt(&ctx, databuf, databuf, sizeof(databuf) ) < 0)
- printf("error in decryption\n");
-
- printf("%s\n", databuf);
-
- return 0;
-}
-#endif
+++ /dev/null
-/*
-* AES Cryptographic Algorithm Header File. Include this header file in
-* your source which uses these given APIs. (This source is kept under
-* public domain)
-*/
-
-// AES context structure
-typedef struct {
- unsigned int Ek[60];
- unsigned int Dk[60];
- unsigned int Iv[4];
- unsigned char Nr;
- unsigned char Mode;
-} AesCtx;
-
-// key length in bytes
-#define KEY128 16
-#define KEY192 24
-#define KEY256 32
-// block size in bytes
-#define BLOCKSZ 16
-// mode
-#define EBC 0
-#define CBC 1
-
-// AES API function prototype
-
-int AesCtxIni(AesCtx *pCtx, unsigned char *pIV, unsigned char *pKey, unsigned int KeyLen, unsigned char Mode);
-int AesEncrypt(AesCtx *pCtx, unsigned char *pData, unsigned char *pCipher, unsigned int DataLen);
-int AesDecrypt(AesCtx *pCtx, unsigned char *pCipher, unsigned char *pData, unsigned int CipherLen);
\ No newline at end of file
SpinDelay(300);
}
}
- if (!iso14443a_select_card(uid, &hi14a_card[selected], &cuid, true, 0))
+ if (!iso14443a_select_card(uid, &hi14a_card[selected], &cuid, true, 0, true))
continue;
else
{
break;
// Work with "magic Chinese" card
+ case CMD_MIFARE_CWIPE:
+ MifareCWipe(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
+ break;
case CMD_MIFARE_CSETBLOCK:
MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
break;
case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
+ // iceman; since changing fpga_bitstreams clears bigbuff, Its better to call it before.
+ // to be able to use this one for uploading data to device
+ // arg1 = 0 upload for LF usage
+ // 1 upload for HF usage
+ if (c->arg[1] == 0)
+ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+ else
+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+
uint8_t *b = BigBuf_get_addr();
memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
cmd_send(CMD_ACK,0,0,0,0,0);
break;
case CMD_SET_LF_DIVISOR:
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
break;
void RAMFUNC SnoopIso14443b(void);
void SendRawCommand14443B(uint32_t, uint32_t, uint8_t, uint8_t[]);
-/// iso14443a.h
-void RAMFUNC SnoopIso14443a(uint8_t param);
-void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data);
-void ReaderIso14443a(UsbCommand * c);
// Also used in iclass.c
bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t len, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *parity);
-void iso14a_set_trigger(bool enable);
void RAMFUNC SniffMifare(uint8_t param);
void EPA_PACE_Replay(UsbCommand *c);
// mifarecmd.h
-void ReaderMifare(bool first_try);
-int32_t dist_nt(uint32_t nt1, uint32_t nt2);
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain);
void MifareUC_Auth(uint8_t arg0, uint8_t *datain);
void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain);
void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *datain);
-void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
+void MifareChkKeys(uint16_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain);
void Mifare1ksim(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void MifareSetDbgLvl(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
-void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); // Work with "magic Chinese" card
+void MifareCWipe(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); // Work with "magic Chinese" card
+void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareCIdent(); // is "magic chinese" card?
void MifareUSetPwd(uint8_t arg0, uint8_t *datain);
+++ /dev/null
-/* des.c */
-/*
- This file is part of the ARM-Crypto-Lib.
- Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file des.c
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2007-06-16
- * \brief DES and EDE-DES implementation
- * \license GPLv3 or later
- *
- */
-#include <stdint.h>
-#include "string.h"
-
-const uint8_t sbox[256] = {
- /* S-box 1 */
- 0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07,
- 0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38,
- 0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50,
- 0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D,
- /* S-box 2 */
- 0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A,
- 0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5,
- 0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F,
- 0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9,
- /* S-box 3 */
- 0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28,
- 0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1,
- 0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7,
- 0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C,
- /* S-box 4 */
- 0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F,
- 0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9,
- 0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84,
- 0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E,
- /* S-box 5 */
- 0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9,
- 0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86,
- 0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E,
- 0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53,
- /* S-box 6 */
- 0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B,
- 0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38,
- 0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6,
- 0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D,
- /* S-box 7 */
- 0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61,
- 0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86,
- 0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92,
- 0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C,
- /* S-box 8 */
- 0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7,
- 0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92,
- 0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58,
- 0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B
-};
-
-const uint8_t e_permtab[] ={
- 4, 6, /* 4 bytes in 6 bytes out*/
- 32, 1, 2, 3, 4, 5,
- 4, 5, 6, 7, 8, 9,
- 8, 9, 10, 11, 12, 13,
- 12, 13, 14, 15, 16, 17,
- 16, 17, 18, 19, 20, 21,
- 20, 21, 22, 23, 24, 25,
- 24, 25, 26, 27, 28, 29,
- 28, 29, 30, 31, 32, 1
-};
-
-const uint8_t p_permtab[] ={
- 4, 4, /* 32 bit -> 32 bit */
- 16, 7, 20, 21,
- 29, 12, 28, 17,
- 1, 15, 23, 26,
- 5, 18, 31, 10,
- 2, 8, 24, 14,
- 32, 27, 3, 9,
- 19, 13, 30, 6,
- 22, 11, 4, 25
-};
-
-const uint8_t ip_permtab[] ={
- 8, 8, /* 64 bit -> 64 bit */
- 58, 50, 42, 34, 26, 18, 10, 2,
- 60, 52, 44, 36, 28, 20, 12, 4,
- 62, 54, 46, 38, 30, 22, 14, 6,
- 64, 56, 48, 40, 32, 24, 16, 8,
- 57, 49, 41, 33, 25, 17, 9, 1,
- 59, 51, 43, 35, 27, 19, 11, 3,
- 61, 53, 45, 37, 29, 21, 13, 5,
- 63, 55, 47, 39, 31, 23, 15, 7
-};
-
-const uint8_t inv_ip_permtab[] ={
- 8, 8, /* 64 bit -> 64 bit */
- 40, 8, 48, 16, 56, 24, 64, 32,
- 39, 7, 47, 15, 55, 23, 63, 31,
- 38, 6, 46, 14, 54, 22, 62, 30,
- 37, 5, 45, 13, 53, 21, 61, 29,
- 36, 4, 44, 12, 52, 20, 60, 28,
- 35, 3, 43, 11, 51, 19, 59, 27,
- 34, 2, 42, 10, 50, 18, 58, 26,
- 33, 1, 41, 9, 49, 17, 57, 25
-};
-
-const uint8_t pc1_permtab[] ={
- 8, 7, /* 64 bit -> 56 bit*/
- 57, 49, 41, 33, 25, 17, 9,
- 1, 58, 50, 42, 34, 26, 18,
- 10, 2, 59, 51, 43, 35, 27,
- 19, 11, 3, 60, 52, 44, 36,
- 63, 55, 47, 39, 31, 23, 15,
- 7, 62, 54, 46, 38, 30, 22,
- 14, 6, 61, 53, 45, 37, 29,
- 21, 13, 5, 28, 20, 12, 4
-};
-
-const uint8_t pc2_permtab[] ={
- 7, 6, /* 56 bit -> 48 bit */
- 14, 17, 11, 24, 1, 5,
- 3, 28, 15, 6, 21, 10,
- 23, 19, 12, 4, 26, 8,
- 16, 7, 27, 20, 13, 2,
- 41, 52, 31, 37, 47, 55,
- 30, 40, 51, 45, 33, 48,
- 44, 49, 39, 56, 34, 53,
- 46, 42, 50, 36, 29, 32
-};
-
-const uint8_t splitin6bitword_permtab[] = {
- 8, 8, /* 64 bit -> 64 bit */
- 64, 64, 1, 6, 2, 3, 4, 5,
- 64, 64, 7, 12, 8, 9, 10, 11,
- 64, 64, 13, 18, 14, 15, 16, 17,
- 64, 64, 19, 24, 20, 21, 22, 23,
- 64, 64, 25, 30, 26, 27, 28, 29,
- 64, 64, 31, 36, 32, 33, 34, 35,
- 64, 64, 37, 42, 38, 39, 40, 41,
- 64, 64, 43, 48, 44, 45, 46, 47
-};
-
-const uint8_t shiftkey_permtab[] = {
- 7, 7, /* 56 bit -> 56 bit */
- 2, 3, 4, 5, 6, 7, 8, 9,
- 10, 11, 12, 13, 14, 15, 16, 17,
- 18, 19, 20, 21, 22, 23, 24, 25,
- 26, 27, 28, 1,
- 30, 31, 32, 33, 34, 35, 36, 37,
- 38, 39, 40, 41, 42, 43, 44, 45,
- 46, 47, 48, 49, 50, 51, 52, 53,
- 54, 55, 56, 29
-};
-
-const uint8_t shiftkeyinv_permtab[] = {
- 7, 7,
- 28, 1, 2, 3, 4, 5, 6, 7,
- 8, 9, 10, 11, 12, 13, 14, 15,
- 16, 17, 18, 19, 20, 21, 22, 23,
- 24, 25, 26, 27,
- 56, 29, 30, 31, 32, 33, 34, 35,
- 36, 37, 38, 39, 40, 41, 42, 43,
- 44, 45, 46, 47, 48, 49, 50, 51,
- 52, 53, 54, 55
-};
-
-/*
-1 0
-1 0
-2 1
-2 1
-2 1
-2 1
-2 1
-2 1
-----
-1 0
-2 1
-2 1
-2 1
-2 1
-2 1
-2 1
-1 0
-*/
-#define ROTTABLE 0x7EFC
-#define ROTTABLE_INV 0x3F7E
-/******************************************************************************/
-
-void permute(const uint8_t *ptable, const uint8_t *in, uint8_t *out){
- uint8_t ob; /* in-bytes and out-bytes */
- uint8_t byte, bit; /* counter for bit and byte */
- ob = ptable[1];
- ptable = &(ptable[2]);
- for(byte=0; byte<ob; ++byte){
- uint8_t x,t=0;
- for(bit=0; bit<8; ++bit){
- x=*ptable++ -1 ;
- t<<=1;
- if((in[x/8]) & (0x80>>(x%8)) ){
- t|=0x01;
- }
- }
- out[byte]=t;
- }
-}
-
-/******************************************************************************/
-
-void changeendian32(uint32_t * a){
- *a = (*a & 0x000000FF) << 24 |
- (*a & 0x0000FF00) << 8 |
- (*a & 0x00FF0000) >> 8 |
- (*a & 0xFF000000) >> 24;
-}
-
-/******************************************************************************/
-static inline
-void shiftkey(uint8_t *key){
- uint8_t k[7];
- memcpy(k, key, 7);
- permute((uint8_t*)shiftkey_permtab, k, key);
-}
-
-/******************************************************************************/
-static inline
-void shiftkey_inv(uint8_t *key){
- uint8_t k[7];
- memcpy(k, key, 7);
- permute((uint8_t*)shiftkeyinv_permtab, k, key);
-
-}
-
-/******************************************************************************/
-static inline
-uint64_t splitin6bitwords(uint64_t a){
- uint64_t ret=0;
- a &= 0x0000ffffffffffffLL;
- permute((uint8_t*)splitin6bitword_permtab, (uint8_t*)&a, (uint8_t*)&ret);
- return ret;
-}
-
-/******************************************************************************/
-
-static inline
-uint8_t substitute(uint8_t a, uint8_t * sbp){
- uint8_t x;
- x = sbp[a>>1];
- x = (a&1)?x&0x0F:x>>4;
- return x;
-
-}
-
-/******************************************************************************/
-
-uint32_t des_f(uint32_t r, uint8_t* kr){
- uint8_t i;
- uint32_t t=0,ret;
- uint64_t data;
- uint8_t *sbp; /* sboxpointer */
- permute((uint8_t*)e_permtab, (uint8_t*)&r, (uint8_t*)&data);
- for(i=0; i<6; ++i)
- ((uint8_t*)&data)[i] ^= kr[i];
-
- /* Sbox substitution */
- data = splitin6bitwords(data);
- sbp=(uint8_t*)sbox;
- for(i=0; i<8; ++i){
- uint8_t x;
- x = substitute(((uint8_t*)&data)[i], sbp);
- t<<=4;
- t |= x;
- sbp += 32;
- }
- changeendian32(&t);
-
- permute((uint8_t*)p_permtab,(uint8_t*)&t, (uint8_t*)&ret);
-
- return ret;
-}
-
-/******************************************************************************/
-
-void des_enc(void* out, const void* in, const void* key){
-#define R *((uint32_t*)&(data[4]))
-#define L *((uint32_t*)&(data[0]))
-
- uint8_t data[8],kr[6],k[7];
- uint8_t i;
-
- permute((uint8_t*)ip_permtab, (uint8_t*)in, data);
- permute((uint8_t*)pc1_permtab, (const uint8_t*)key, k);
- for(i=0; i<8; ++i){
- shiftkey(k);
- if(ROTTABLE&((1<<((i<<1)+0))) )
- shiftkey(k);
- permute((uint8_t*)pc2_permtab, k, kr);
- L ^= des_f(R, kr);
-
- shiftkey(k);
- if(ROTTABLE&((1<<((i<<1)+1))) )
- shiftkey(k);
- permute((uint8_t*)pc2_permtab, k, kr);
- R ^= des_f(L, kr);
-
- }
- /* L <-> R*/
- R ^= L;
- L ^= R;
- R ^= L;
-
- permute((uint8_t*)inv_ip_permtab, data, (uint8_t*)out);
-}
-
-/******************************************************************************/
-
-void des_dec(void* out, const void* in, const uint8_t* key){
-#define R *((uint32_t*)&(data[4]))
-#define L *((uint32_t*)&(data[0]))
-
- uint8_t data[8],kr[6],k[7];
- int8_t i;
- permute((uint8_t*)ip_permtab, (uint8_t*)in, data);
- permute((uint8_t*)pc1_permtab, (const uint8_t*)key, k);
- for(i=7; i>=0; --i){
-
- permute((uint8_t*)pc2_permtab, k, kr);
- L ^= des_f(R, kr);
- shiftkey_inv(k);
- if(ROTTABLE&((1<<((i<<1)+1))) ){
- shiftkey_inv(k);
- }
-
- permute((uint8_t*)pc2_permtab, k, kr);
- R ^= des_f(L, kr);
- shiftkey_inv(k);
- if(ROTTABLE&((1<<((i<<1)+0))) ){
- shiftkey_inv(k);
- }
-
- }
- /* L <-> R*/
- R ^= L;
- L ^= R;
- R ^= L;
-
- permute((uint8_t*)inv_ip_permtab, data, (uint8_t*)out);
-}
-
-/******************************************************************************/
-
-void tdes_enc(void* out, void* in, const void* key){
- des_enc(out, in, (uint8_t*)key + 0);
- des_dec(out, out, (uint8_t*)key + 8);
- des_enc(out, out, (uint8_t*)key +16);
-}
-
-/******************************************************************************/
-
-void tdes_dec(void* out, void* in, const uint8_t* key){
- des_dec(out, in, (uint8_t*)key +16);
- des_enc(out, out, (uint8_t*)key + 8);
- des_dec(out, out, (uint8_t*)key + 0);
-}
-
-void tdes_2key_enc(void* out, const void* in, size_t length, const void* key, unsigned char iv[8]){
-
- if( length % 8 ) return;
-
- uint8_t i;
- uint8_t* tin = (uint8_t*) in;
- uint8_t* tout = (uint8_t*) out;
-
- while( length > 0 )
- {
- for ( i = 0; i < 8; i++ )
- tout[i] = (unsigned char)(tin[i] ^ iv[i]);
-
- des_enc(tout, tin, (uint8_t*)key + 0);
- des_dec(tout, tout, (uint8_t*)key + 8);
- des_enc(tout, tout, (uint8_t*)key + 0);
-
- memcpy(iv, tout, 8);
-
- tin += 8;
- tout += 8;
- length -= 8;
- }
-}
-
-void tdes_2key_dec(void* out, const void* in, size_t length, const void* key, unsigned char iv[8]){
-
- if( length % 8 ) return;
-
- uint8_t i;
- unsigned char temp[8];
- uint8_t* tin = (uint8_t*) in;
- uint8_t* tout = (uint8_t*) out;
-
- while( length > 0 )
- {
- memcpy(temp, tin, 8);
-
- des_dec(tout, tin, (uint8_t*)key + 0);
- des_enc(tout, tout, (uint8_t*)key + 8);
- des_dec(tout, tout, (uint8_t*)key + 0);
-
- for (i = 0; i < 8; i++)
- tout[i] = (unsigned char)(tout[i] ^ iv[i]);
-
- memcpy(iv, temp, 8);
-
- tin += 8;
- tout += 8;
- length -= 8;
- }
-}
-
-
-/******************************************************************************/
-
-
+++ /dev/null
-/* des.h */
-/*
- This file is part of the ARM-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file des.h
- * \author Daniel Otte
- * \date 2007-06-16
- * \brief des and tdes declarations
- * \license GPLv3 or later
- *
- */
-#ifndef DES_H_
-#define DES_H_
-
-/* the FIPS 46-3 (1999-10-25) name for triple DES is triple data encryption algorithm so TDEA.
- * Also we only implement the three key mode */
-
-/** \def tdea_enc
- * \brief defining an alias for void tdes_enc(void* out, const void* in, const void* key)
- */
-
-/** \def tdea_dec
- * \brief defining an alias for void tdes_dec(void* out, const void* in, const void* key)
- */
-
-#define tdea_enc tdes_enc
-#define tdea_dec tdes_dec
-
-/** \fn void des_enc(void* out, const void* in, const void* key)
- * \brief encrypt a block with DES
- *
- * This function encrypts a block of 64 bits (8 bytes) with the DES algorithm.
- * Key expansion is done automatically. The key is 64 bits long, but note that
- * only 56 bits are used (the LSB of each byte is dropped). The input and output
- * blocks may overlap.
- *
- * \param out pointer to the block (64 bit = 8 byte) where the ciphertext is written to
- * \param in pointer to the block (64 bit = 8 byte) where the plaintext is read from
- * \param key pointer to the key (64 bit = 8 byte)
- */
-void des_enc(void* out, const void* in, const void* key);
-
-/** \fn void des_dec(void* out, const void* in, const void* key)
- * \brief decrypt a block with DES
- *
- * This function decrypts a block of 64 bits (8 bytes) with the DES algorithm.
- * Key expansion is done automatically. The key is 64 bits long, but note that
- * only 56 bits are used (the LSB of each byte is dropped). The input and output
- * blocks may overlap.
- *
- * \param out pointer to the block (64 bit = 8 byte) where the plaintext is written to
- * \param in pointer to the block (64 bit = 8 byte) where the ciphertext is read from
- * \param key pointer to the key (64 bit = 8 byte)
- */
-void des_dec(void* out, const void* in, const void* key);
-
-/** \fn void tdes_enc(void* out, const void* in, const void* key)
- * \brief encrypt a block with Tripple-DES
- *
- * This function encrypts a block of 64 bits (8 bytes) with the Tripple-DES (EDE)
- * algorithm. Key expansion is done automatically. The key is 192 bits long, but
- * note that only 178 bits are used (the LSB of each byte is dropped). The input
- * and output blocks may overlap.
- *
- * \param out pointer to the block (64 bit = 8 byte) where the ciphertext is written to
- * \param in pointer to the block (64 bit = 8 byte) where the plaintext is read from
- * \param key pointer to the key (192 bit = 24 byte)
- */
-void tdes_enc(void* out, const void* in, const void* key);
-
-/** \fn void tdes_dec(void* out, const void* in, const void* key)
- * \brief decrypt a block with Tripple-DES
- *
- * This function decrypts a block of 64 bits (8 bytes) with the Tripple-DES (EDE)
- * algorithm. Key expansion is done automatically. The key is 192 bits long, but
- * note that only 178 bits are used (the LSB of each byte is dropped). The input
- * and output blocks may overlap.
- *
- * \param out pointer to the block (64 bit = 8 byte) where the plaintext is written to
- * \param in pointer to the block (64 bit = 8 byte) where the ciphertext is read from
- * \param key pointer to the key (192 bit = 24 byte)
- */
- void tdes_dec(void* out, const void* in, const void* key);
-
- void tdes_2key_enc(void* out, const void* in, size_t length, const void* key, unsigned char iv[8]);
- void tdes_2key_dec(void* out, const void* in, size_t length, const void* key, unsigned char iv[8]);
-
-#endif /*DES_H_*/
-
-// Copied from des.h in desfire imp.
-typedef unsigned long DES_KS[16][2]; /* Single-key DES key schedule */
-typedef unsigned long DES3_KS[48][2]; /* Triple-DES key schedule */
-
-
-extern int Asmversion; /* 1 if we're linked with an asm version, 0 if C */
// power up the field
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
// select the card
- return_code = iso14443a_select_card(uid, &card_select_info, NULL, true, 0);
+ return_code = iso14443a_select_card(uid, &card_select_info, NULL, true, 0, false);
if (return_code == 1) {
// send the PPS request
ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
#include "string.h"
#include "common.h"
#include "cmd.h"
+#include "iso14443a.h"
// Needed for CRC in emulation mode;
// same construction as in ISO 14443;
// different initial value (CRC_ICLASS)
#define DELAY_FPGA_QUEUE (FpgaSendQueueDelay<<1)
// When the PM acts as tag and is sending, it takes
-// 4*16 ticks until we can write data to the sending hold register
+// 4*16 + 8 ticks until we can write data to the sending hold register
// 8*16 ticks until the SHR is transferred to the Sending Shift Register
-// 8 ticks until the first transfer starts
-// 8 ticks later the FPGA samples the data
-// + a varying number of ticks in the FPGA Delay Queue (mod_sig_buf)
+// 8 ticks later the FPGA samples the first data
+// + 16 ticks until assigned to mod_sig
// + 1 tick to assign mod_sig_coil
-#define DELAY_ARM2AIR_AS_TAG (4*16 + 8*16 + 8 + 8 + DELAY_FPGA_QUEUE + 1)
+// + a varying number of ticks in the FPGA Delay Queue (mod_sig_buf)
+#define DELAY_ARM2AIR_AS_TAG (4*16 + 8 + 8*16 + 8 + 16 + 1 + DELAY_FPGA_QUEUE)
// When the PM acts as sniffer and is receiving tag data, it takes
// 3 ticks A/D conversion
}
-void iso14a_set_ATS_timeout(uint8_t *ats) {
+static void iso14a_set_ATS_timeout(uint8_t *ats) {
uint8_t tb1;
uint8_t fwi;
ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1);
}
-void AppendCrc14443b(uint8_t* data, int len)
+static void AppendCrc14443b(uint8_t* data, int len)
{
ComputeCrc14443(CRC_14443_B,data,len,data+len,data+len+1);
}
#define IsMillerModulationNibble1(b) (Mod_Miller_LUT[(b & 0x000000F0) >> 4])
#define IsMillerModulationNibble2(b) (Mod_Miller_LUT[(b & 0x0000000F)])
-void UartReset()
+static void UartReset()
{
Uart.state = STATE_UNSYNCD;
Uart.bitCount = 0;
Uart.endTime = 0;
}
-void UartInit(uint8_t *data, uint8_t *parity)
+static void UartInit(uint8_t *data, uint8_t *parity)
{
Uart.output = data;
Uart.parity = parity;
#define IsManchesterModulationNibble2(b) (Mod_Manchester_LUT[(b & 0x000F)])
-void DemodReset()
+static void DemodReset()
{
Demod.state = DEMOD_UNSYNCD;
Demod.len = 0; // number of decoded data bytes
Demod.endTime = 0;
}
-void DemodInit(uint8_t *data, uint8_t *parity)
+static void DemodInit(uint8_t *data, uint8_t *parity)
{
Demod.output = data;
Demod.parity = parity;
ToSendMax++;
}
-static void CodeIso14443aAsTag(const uint8_t *cmd, uint16_t len)
-{
- uint8_t par[MAX_PARITY_SIZE];
-
- GetParity(cmd, len, par);
- CodeIso14443aAsTagPar(cmd, len, par);
-}
-
static void Code4bitAnswerAsTag(uint8_t cmd)
{
ToSendMax++;
}
+
+static uint8_t *LastReaderTraceTime = NULL;
+
+static void EmLogTraceReader(void) {
+ // remember last reader trace start to fix timing info later
+ LastReaderTraceTime = BigBuf_get_addr() + BigBuf_get_traceLen();
+ LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
+}
+
+
+static void FixLastReaderTraceTime(uint32_t tag_StartTime) {
+ uint32_t reader_EndTime = Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG;
+ uint32_t reader_StartTime = Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG;
+ uint16_t reader_modlen = reader_EndTime - reader_StartTime;
+ uint16_t approx_fdt = tag_StartTime - reader_EndTime;
+ uint16_t exact_fdt = (approx_fdt - 20 + 32)/64 * 64 + 20;
+ reader_StartTime = tag_StartTime - exact_fdt - reader_modlen;
+ LastReaderTraceTime[0] = (reader_StartTime >> 0) & 0xff;
+ LastReaderTraceTime[1] = (reader_StartTime >> 8) & 0xff;
+ LastReaderTraceTime[2] = (reader_StartTime >> 16) & 0xff;
+ LastReaderTraceTime[3] = (reader_StartTime >> 24) & 0xff;
+}
+
+
+static void EmLogTraceTag(uint8_t *tag_data, uint16_t tag_len, uint8_t *tag_Parity, uint32_t ProxToAirDuration) {
+ uint32_t tag_StartTime = LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_TAG;
+ uint32_t tag_EndTime = (LastTimeProxToAirStart + ProxToAirDuration)*16 + DELAY_ARM2AIR_AS_TAG;
+ LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, false);
+ FixLastReaderTraceTime(tag_StartTime);
+}
+
+
//-----------------------------------------------------------------------------
// Wait for commands from reader
// Stop when button is pressed
b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
if(MillerDecoding(b, 0)) {
*len = Uart.len;
+ EmLogTraceReader();
return true;
}
}
}
}
-static int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen, bool correctionNeeded);
-int EmSend4bitEx(uint8_t resp, bool correctionNeeded);
+
+static int EmSend4bitEx(uint8_t resp, bool correctionNeeded);
int EmSend4bit(uint8_t resp);
-int EmSendCmdExPar(uint8_t *resp, uint16_t respLen, bool correctionNeeded, uint8_t *par);
+static int EmSendCmdExPar(uint8_t *resp, uint16_t respLen, bool correctionNeeded, uint8_t *par);
int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool correctionNeeded);
-int EmSendCmd(uint8_t *resp, uint16_t respLen);
-int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par);
-bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
- uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity);
+int EmSendPrecompiledCmd(tag_response_info_t *response_info, bool correctionNeeded);
-static uint8_t* free_buffer_pointer;
-typedef struct {
- uint8_t* response;
- size_t response_n;
- uint8_t* modulation;
- size_t modulation_n;
- uint32_t ProxToAirDuration;
-} tag_response_info_t;
-
-bool prepare_tag_modulation(tag_response_info_t* response_info, size_t max_buffer_size) {
+static bool prepare_tag_modulation(tag_response_info_t* response_info, size_t max_buffer_size) {
// Example response, answer to MIFARE Classic read block will be 16 bytes + 2 CRC = 18 bytes
// This will need the following byte array for a modulation sequence
// 144 data bits (18 * 8)
// Prepare the tag modulation bits from the message
- CodeIso14443aAsTag(response_info->response,response_info->response_n);
+ GetParity(response_info->response, response_info->response_n, &(response_info->par));
+ CodeIso14443aAsTagPar(response_info->response,response_info->response_n, &(response_info->par));
// Make sure we do not exceed the free buffer space
if (ToSendMax > max_buffer_size) {
Dbprintf("Out of memory, when modulating bits for tag answer:");
- Dbhexdump(response_info->response_n,response_info->response,false);
+ Dbhexdump(response_info->response_n, response_info->response, false);
return false;
}
// Copy the byte array, used for this modulation to the buffer position
- memcpy(response_info->modulation,ToSend,ToSendMax);
+ memcpy(response_info->modulation, ToSend, ToSendMax);
// Store the number of bytes that were used for encoding/modulation and the time needed to transfer them
response_info->modulation_n = ToSendMax;
// "precompile" responses. There are 7 predefined responses with a total of 28 bytes data to transmit.
// Coded responses need one byte per bit to transfer (data, parity, start, stop, correction)
-// 28 * 8 data bits, 28 * 1 parity bits, 7 start bits, 7 stop bits, 7 correction bits
+// 28 * 8 data bits, 28 * 1 parity bits, 7 start bits, 7 stop bits, 7 correction bits for the modulation
// -> need 273 bytes buffer
#define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 273
-bool prepare_allocated_tag_modulation(tag_response_info_t* response_info) {
+bool prepare_allocated_tag_modulation(tag_response_info_t* response_info, uint8_t **buffer, size_t *max_buffer_size) {
+
// Retrieve and store the current buffer index
- response_info->modulation = free_buffer_pointer;
-
- // Determine the maximum size we can use from our buffer
- size_t max_buffer_size = ALLOCATED_TAG_MODULATION_BUFFER_SIZE;
+ response_info->modulation = *buffer;
// Forward the prepare tag modulation function to the inner function
- if (prepare_tag_modulation(response_info, max_buffer_size)) {
- // Update the free buffer offset
- free_buffer_pointer += ToSendMax;
+ if (prepare_tag_modulation(response_info, *max_buffer_size)) {
+ // Update the free buffer offset and the remaining buffer size
+ *buffer += ToSendMax;
+ *max_buffer_size -= ToSendMax;
return true;
} else {
return false;
// allocate buffers:
uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
uint8_t *receivedCmdPar = BigBuf_malloc(MAX_PARITY_SIZE);
- free_buffer_pointer = BigBuf_malloc(ALLOCATED_TAG_MODULATION_BUFFER_SIZE);
-
+ uint8_t *free_buffer_pointer = BigBuf_malloc(ALLOCATED_TAG_MODULATION_BUFFER_SIZE);
+ size_t free_buffer_size = ALLOCATED_TAG_MODULATION_BUFFER_SIZE;
// clear trace
clear_trace();
set_tracing(true);
// Prepare the responses of the anticollision phase
// there will be not enough time to do this at the moment the reader sends it REQA
for (size_t i=0; i<TAG_RESPONSE_COUNT; i++) {
- prepare_allocated_tag_modulation(&responses[i]);
+ prepare_allocated_tag_modulation(&responses[i], &free_buffer_pointer, &free_buffer_size);
}
int len = 0;
// We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
p_response = NULL;
} else if(receivedCmd[0] == 0x50) { // Received a HALT
-
- if (tracing) {
- LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- }
p_response = NULL;
} else if(receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61) { // Received an authentication request
p_response = &responses[5]; order = 7;
p_response = &responses[6]; order = 70;
}
} else if (order == 7 && len == 8) { // Received {nr] and {ar} (part of authentication)
- if (tracing) {
- LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- }
uint32_t nr = bytes_to_num(receivedCmd,4);
uint32_t ar = bytes_to_num(receivedCmd+4,4);
Dbprintf("Auth attempt {nr}{ar}: %08x %08x",nr,ar);
default: {
// Never seen this command before
- if (tracing) {
- LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- }
Dbprintf("Received unknown command (len=%d):",len);
Dbhexdump(len,receivedCmd,false);
// Do not respond
if (prepare_tag_modulation(&dynamic_response_info,DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
Dbprintf("Error preparing tag response");
- if (tracing) {
- LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- }
break;
}
p_response = &dynamic_response_info;
cmdsRecvd++;
if (p_response != NULL) {
- EmSendCmd14443aRaw(p_response->modulation, p_response->modulation_n, receivedCmd[0] == 0x52);
- // do the tracing for the previous reader request and this tag answer:
- uint8_t par[MAX_PARITY_SIZE];
- GetParity(p_response->response, p_response->response_n, par);
-
- EmLogTrace(Uart.output,
- Uart.len,
- Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG,
- Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG,
- Uart.parity,
- p_response->response,
- p_response->response_n,
- LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_TAG,
- (LastTimeProxToAirStart + p_response->ProxToAirDuration)*16 + DELAY_ARM2AIR_AS_TAG,
- par);
+ EmSendPrecompiledCmd(p_response, receivedCmd[0] == 0x52);
}
if (!tracing) {
// prepare a delayed transfer. This simply shifts ToSend[] by a number
// of bits specified in the delay parameter.
-void PrepareDelayedTransfer(uint16_t delay)
+static void PrepareDelayedTransfer(uint16_t delay)
{
uint8_t bitmask = 0;
uint8_t bits_to_shift = 0;
//-----------------------------------------------------------------------------
// Prepare reader command (in bits, support short frames) to send to FPGA
//-----------------------------------------------------------------------------
-void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8_t *parity)
+static void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8_t *parity)
{
int i, j;
int last;
ToSendMax++;
}
-//-----------------------------------------------------------------------------
-// Prepare reader command to send to FPGA
-//-----------------------------------------------------------------------------
-void CodeIso14443aAsReaderPar(const uint8_t *cmd, uint16_t len, const uint8_t *parity)
-{
- CodeIso14443aBitsAsReaderPar(cmd, len*8, parity);
-}
-
//-----------------------------------------------------------------------------
// Wait for commands from reader
// Stop when button is pressed (return 1) or field was gone (return 2)
// Or return 0 when command is captured
//-----------------------------------------------------------------------------
-static int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity)
+int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity)
{
*len = 0;
b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
if(MillerDecoding(b, 0)) {
*len = Uart.len;
+ EmLogTraceReader();
return 0;
}
}
{
uint8_t b;
uint16_t i = 0;
- uint32_t ThisTransferTime;
// Modulate Manchester
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_MOD);
if (AT91C_BASE_SSC->SSC_RHR) break;
}
- while ((ThisTransferTime = GetCountSspClk()) & 0x00000007);
-
- // Clear TXRDY:
- AT91C_BASE_SSC->SSC_THR = SEC_F;
+ LastTimeProxToAirStart = (GetCountSspClk() & 0xfffffff8) + (correctionNeeded?8:0);
// send cycle
for(; i < respLen; ) {
// Ensure that the FPGA Delay Queue is empty before we switch to TAGSIM_LISTEN again:
uint8_t fpga_queued_bits = FpgaSendQueueDelay >> 3;
- for (i = 0; i <= fpga_queued_bits/8 + 1; ) {
+ for (i = 0; i < fpga_queued_bits/8; ) {
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = SEC_F;
FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}
}
- LastTimeProxToAirStart = ThisTransferTime + (correctionNeeded?8:0);
-
return 0;
}
-int EmSend4bitEx(uint8_t resp, bool correctionNeeded){
+
+static int EmSend4bitEx(uint8_t resp, bool correctionNeeded){
Code4bitAnswerAsTag(resp);
int res = EmSendCmd14443aRaw(ToSend, ToSendMax, correctionNeeded);
// do the tracing for the previous reader request and this tag answer:
- uint8_t par[1];
- GetParity(&resp, 1, par);
- EmLogTrace(Uart.output,
- Uart.len,
- Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG,
- Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG,
- Uart.parity,
- &resp,
- 1,
- LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_TAG,
- (LastTimeProxToAirStart + LastProxToAirDuration)*16 + DELAY_ARM2AIR_AS_TAG,
- par);
+ EmLogTraceTag(&resp, 1, NULL, LastProxToAirDuration);
return res;
}
+
int EmSend4bit(uint8_t resp){
return EmSend4bitEx(resp, false);
}
-int EmSendCmdExPar(uint8_t *resp, uint16_t respLen, bool correctionNeeded, uint8_t *par){
+
+static int EmSendCmdExPar(uint8_t *resp, uint16_t respLen, bool correctionNeeded, uint8_t *par){
CodeIso14443aAsTagPar(resp, respLen, par);
int res = EmSendCmd14443aRaw(ToSend, ToSendMax, correctionNeeded);
// do the tracing for the previous reader request and this tag answer:
- EmLogTrace(Uart.output,
- Uart.len,
- Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG,
- Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG,
- Uart.parity,
- resp,
- respLen,
- LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_TAG,
- (LastTimeProxToAirStart + LastProxToAirDuration)*16 + DELAY_ARM2AIR_AS_TAG,
- par);
+ EmLogTraceTag(resp, respLen, par, LastProxToAirDuration);
return res;
}
+
int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool correctionNeeded){
uint8_t par[MAX_PARITY_SIZE];
GetParity(resp, respLen, par);
return EmSendCmdExPar(resp, respLen, correctionNeeded, par);
}
+
int EmSendCmd(uint8_t *resp, uint16_t respLen){
uint8_t par[MAX_PARITY_SIZE];
GetParity(resp, respLen, par);
return EmSendCmdExPar(resp, respLen, false, par);
}
+
int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par){
return EmSendCmdExPar(resp, respLen, false, par);
}
-bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
- uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity)
-{
- if (tracing) {
- // we cannot exactly measure the end and start of a received command from reader. However we know that the delay from
- // end of the received command to start of the tag's (simulated by us) answer is n*128+20 or n*128+84 resp.
- // with n >= 9. The start of the tags answer can be measured and therefore the end of the received command be calculated:
- uint16_t reader_modlen = reader_EndTime - reader_StartTime;
- uint16_t approx_fdt = tag_StartTime - reader_EndTime;
- uint16_t exact_fdt = (approx_fdt - 20 + 32)/64 * 64 + 20;
- reader_EndTime = tag_StartTime - exact_fdt;
- reader_StartTime = reader_EndTime - reader_modlen;
- if (!LogTrace(reader_data, reader_len, reader_StartTime, reader_EndTime, reader_Parity, true)) {
- return false;
- } else return(!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, false));
- } else {
- return true;
- }
+
+int EmSendPrecompiledCmd(tag_response_info_t *response_info, bool correctionNeeded) {
+ int ret = EmSendCmd14443aRaw(response_info->modulation, response_info->modulation_n, correctionNeeded);
+ // do the tracing for the previous reader request and this tag answer:
+ EmLogTraceTag(response_info->response, response_info->response_n, &(response_info->par), response_info->ProxToAirDuration);
+ return ret;
}
+
//-----------------------------------------------------------------------------
// Wait a certain time for tag response
// If a response is captured return true
}
-void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing)
+static void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing)
{
// Generate parity and redirect
uint8_t par[MAX_PARITY_SIZE];
ReaderTransmitBitsPar(frame, len*8, par, timing);
}
-int ReaderReceiveOffset(uint8_t* receivedAnswer, uint16_t offset, uint8_t *parity)
+
+static int ReaderReceiveOffset(uint8_t* receivedAnswer, uint16_t offset, uint8_t *parity)
{
if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, offset)) return false;
if (tracing) {
return Demod.len;
}
+
int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity)
{
if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, 0)) return false;
// fills the card info record unless NULL
// if anticollision is false, then the UID must be provided in uid_ptr[]
// and num_cascades must be set (1: 4 Byte UID, 2: 7 Byte UID, 3: 10 Byte UID)
-int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades) {
+// requests ATS unless no_rats is true
+int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats) {
uint8_t wupa[] = { 0x52 }; // 0x26 - REQA 0x52 - WAKE-UP
uint8_t sel_all[] = { 0x93,0x20 };
uint8_t sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
// non iso14443a compliant tag
if( (sak & 0x20) == 0) return 2;
- // Request for answer to select
- AppendCrc14443a(rats, 2);
- ReaderTransmit(rats, sizeof(rats), NULL);
-
- if (!(len = ReaderReceive(resp, resp_par))) return 0;
+ if (!no_rats) {
+ // Request for answer to select
+ AppendCrc14443a(rats, 2);
+ ReaderTransmit(rats, sizeof(rats), NULL);
-
- if(p_hi14a_card) {
- memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats));
- p_hi14a_card->ats_len = len;
- }
+ if (!(len = ReaderReceive(resp, resp_par))) return 0;
- // reset the PCB block number
- iso14_pcb_blocknum = 0;
+ if(p_hi14a_card) {
+ memcpy(p_hi14a_card->ats, resp, len);
+ p_hi14a_card->ats_len = len;
+ }
- // set default timeout based on ATS
- iso14a_set_ATS_timeout(resp);
+ // reset the PCB block number
+ iso14_pcb_blocknum = 0;
+ // set default timeout based on ATS
+ iso14a_set_ATS_timeout(resp);
+ }
return 1;
}
+
void iso14443a_setup(uint8_t fpga_minor_mode) {
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
// Set up the synchronous serial port
DemodReset();
UartReset();
NextTransferTime = 2*DELAY_ARM2AIR_AS_READER;
- iso14a_set_timeout(1050); // 10ms default
+ iso14a_set_timeout(1060); // 10ms default
}
+
int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
uint8_t parity[MAX_PARITY_SIZE];
uint8_t real_cmd[cmd_len+4];
return len;
}
+
//-----------------------------------------------------------------------------
// Read an ISO 14443a tag. Send out commands and store answers.
//
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
if(!(param & ISO14A_NO_SELECT)) {
iso14a_card_select_t *card = (iso14a_card_select_t*)buf;
- arg0 = iso14443a_select_card(NULL, card, NULL, true, 0);
+ arg0 = iso14443a_select_card(NULL, card, NULL, true, 0, param & ISO14A_NO_RATS);
cmd_send(CMD_ACK,arg0,card->uidlen,0,buf,sizeof(iso14a_card_select_t));
}
}
// Determine the distance between two nonces.
// Assume that the difference is small, but we don't know which is first.
// Therefore try in alternating directions.
-int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
+static int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
uint16_t i;
uint32_t nttmp1, nttmp2;
SpinDelay(100);
}
- if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {
+ if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Mifare: Can't select card");
continue;
}
set_tracing(false);
}
-/**
- *MIFARE 1K simulate.
- *
- *@param flags :
- * FLAG_INTERACTIVE - In interactive mode, we are expected to finish the operation with an ACK
- * FLAG_4B_UID_IN_DATA - means that there is a 4-byte UID in the data-section, we're expected to use that
- * FLAG_7B_UID_IN_DATA - means that there is a 7-byte UID in the data-section, we're expected to use that
- * FLAG_10B_UID_IN_DATA - use 10-byte UID in the data-section not finished
- * FLAG_NR_AR_ATTACK - means we should collect NR_AR responses for bruteforcing later
- * FLAG_RANDOM_NONCE - means we should generate some pseudo-random nonce data (only allows moebius attack)
- *@param exitAfterNReads, exit simulation after n blocks have been read, 0 is infinite ...
- * (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted)
- */
-void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain)
-{
- int cardSTATE = MFEMUL_NOFIELD;
- int _UID_LEN = 0; // 4, 7, 10
- int vHf = 0; // in mV
- int res;
- uint32_t selTimer = 0;
- uint32_t authTimer = 0;
- uint16_t len = 0;
- uint8_t cardWRBL = 0;
- uint8_t cardAUTHSC = 0;
- uint8_t cardAUTHKEY = 0xff; // no authentication
- uint32_t cardRr = 0;
- uint32_t cuid = 0;
- //uint32_t rn_enc = 0;
- uint32_t ans = 0;
- uint32_t cardINTREG = 0;
- uint8_t cardINTBLOCK = 0;
- struct Crypto1State mpcs = {0, 0};
- struct Crypto1State *pcs;
- pcs = &mpcs;
- uint32_t numReads = 0;//Counts numer of times reader read a block
- uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE];
- uint8_t receivedCmd_par[MAX_MIFARE_PARITY_SIZE];
- uint8_t response[MAX_MIFARE_FRAME_SIZE];
- uint8_t response_par[MAX_MIFARE_PARITY_SIZE];
-
- uint8_t rATQA[] = {0x04, 0x00}; // Mifare classic 1k 4BUID
- uint8_t rUIDBCC1[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
- uint8_t rUIDBCC2[] = {0xde, 0xad, 0xbe, 0xaf, 0x62}; // !!!
- uint8_t rUIDBCC3[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
-
- uint8_t rSAKfinal[]= {0x08, 0xb6, 0xdd}; // mifare 1k indicated
- uint8_t rSAK1[] = {0x04, 0xda, 0x17}; // indicate UID not finished
-
- uint8_t rAUTH_NT[] = {0x01, 0x02, 0x03, 0x04};
- uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00};
-
- //Here, we collect UID,sector,keytype,NT,AR,NR,NT2,AR2,NR2
- // This will be used in the reader-only attack.
-
- //allow collecting up to 7 sets of nonces to allow recovery of up to 7 keys
- #define ATTACK_KEY_COUNT 7 // keep same as define in cmdhfmf.c -> readerAttack() (Cannot be more than 7)
- nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types (nml, moebius)
- memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
-
- uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; //*2 for 2nd attack type (moebius)
- memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
- uint8_t nonce1_count = 0;
- uint8_t nonce2_count = 0;
- uint8_t moebius_n_count = 0;
- bool gettingMoebius = false;
- uint8_t mM = 0; //moebius_modifier for collection storage
-
- // Authenticate response - nonce
- uint32_t nonce;
- if (flags & FLAG_RANDOM_NONCE) {
- nonce = prand();
- } else {
- nonce = bytes_to_num(rAUTH_NT, 4);
- }
-
- //-- Determine the UID
- // Can be set from emulator memory, incoming data
- // and can be 7 or 4 bytes long
- if (flags & FLAG_4B_UID_IN_DATA)
- {
- // 4B uid comes from data-portion of packet
- memcpy(rUIDBCC1,datain,4);
- rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
- _UID_LEN = 4;
- } else if (flags & FLAG_7B_UID_IN_DATA) {
- // 7B uid comes from data-portion of packet
- memcpy(&rUIDBCC1[1],datain,3);
- memcpy(rUIDBCC2, datain+3, 4);
- _UID_LEN = 7;
- } else if (flags & FLAG_10B_UID_IN_DATA) {
- memcpy(&rUIDBCC1[1], datain, 3);
- memcpy(&rUIDBCC2[1], datain+3, 3);
- memcpy( rUIDBCC3, datain+6, 4);
- _UID_LEN = 10;
- } else {
- // get UID from emul memory - guess at length
- emlGetMemBt(receivedCmd, 7, 1);
- if (receivedCmd[0] == 0x00) { // ---------- 4BUID
- emlGetMemBt(rUIDBCC1, 0, 4);
- _UID_LEN = 4;
- } else { // ---------- 7BUID
- emlGetMemBt(&rUIDBCC1[1], 0, 3);
- emlGetMemBt(rUIDBCC2, 3, 4);
- _UID_LEN = 7;
- }
- }
-
- switch (_UID_LEN) {
- case 4:
- // save CUID
- cuid = bytes_to_num(rUIDBCC1, 4);
- // BCC
- rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
- if (MF_DBGLEVEL >= 2) {
- Dbprintf("4B UID: %02x%02x%02x%02x",
- rUIDBCC1[0],
- rUIDBCC1[1],
- rUIDBCC1[2],
- rUIDBCC1[3]
- );
- }
- break;
- case 7:
- rATQA[0] |= 0x40;
- // save CUID
- cuid = bytes_to_num(rUIDBCC2, 4);
- // CascadeTag, CT
- rUIDBCC1[0] = 0x88;
- // BCC
- rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
- rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3];
- if (MF_DBGLEVEL >= 2) {
- Dbprintf("7B UID: %02x %02x %02x %02x %02x %02x %02x",
- rUIDBCC1[1],
- rUIDBCC1[2],
- rUIDBCC1[3],
- rUIDBCC2[0],
- rUIDBCC2[1],
- rUIDBCC2[2],
- rUIDBCC2[3]
- );
- }
- break;
- case 10:
- rATQA[0] |= 0x80;
- //sak_10[0] &= 0xFB;
- // save CUID
- cuid = bytes_to_num(rUIDBCC3, 4);
- // CascadeTag, CT
- rUIDBCC1[0] = 0x88;
- rUIDBCC2[0] = 0x88;
- // BCC
- rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
- rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3];
- rUIDBCC3[4] = rUIDBCC3[0] ^ rUIDBCC3[1] ^ rUIDBCC3[2] ^ rUIDBCC3[3];
-
- if (MF_DBGLEVEL >= 2) {
- Dbprintf("10B UID: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
- rUIDBCC1[1],
- rUIDBCC1[2],
- rUIDBCC1[3],
- rUIDBCC2[1],
- rUIDBCC2[2],
- rUIDBCC2[3],
- rUIDBCC3[0],
- rUIDBCC3[1],
- rUIDBCC3[2],
- rUIDBCC3[3]
- );
- }
- break;
- default:
- break;
- }
-
- // We need to listen to the high-frequency, peak-detected path.
- iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
-
- // free eventually allocated BigBuf memory but keep Emulator Memory
- BigBuf_free_keep_EM();
-
- // clear trace
- clear_trace();
- set_tracing(true);
-
- bool finished = false;
- bool button_pushed = BUTTON_PRESS();
- while (!button_pushed && !finished && !usb_poll_validate_length()) {
- WDT_HIT();
-
- // find reader field
- if (cardSTATE == MFEMUL_NOFIELD) {
- vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
- if (vHf > MF_MINFIELDV) {
- cardSTATE_TO_IDLE();
- LED_A_ON();
- }
- }
- if (cardSTATE == MFEMUL_NOFIELD) {
- button_pushed = BUTTON_PRESS();
- continue;
- }
-
- //Now, get data
- res = EmGetCmd(receivedCmd, &len, receivedCmd_par);
- if (res == 2) { //Field is off!
- cardSTATE = MFEMUL_NOFIELD;
- LEDsoff();
- continue;
- } else if (res == 1) {
- break; //return value 1 means button press
- }
-
- // REQ or WUP request in ANY state and WUP in HALTED state
- if (len == 1 && ((receivedCmd[0] == ISO14443A_CMD_REQA && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == ISO14443A_CMD_WUPA)) {
- selTimer = GetTickCount();
- EmSendCmdEx(rATQA, sizeof(rATQA), (receivedCmd[0] == ISO14443A_CMD_WUPA));
- cardSTATE = MFEMUL_SELECT1;
-
- // init crypto block
- LED_B_OFF();
- LED_C_OFF();
- crypto1_destroy(pcs);
- cardAUTHKEY = 0xff;
- if (flags & FLAG_RANDOM_NONCE) {
- nonce = prand();
- }
- continue;
- }
-
- switch (cardSTATE) {
- case MFEMUL_NOFIELD:
- case MFEMUL_HALTED:
- case MFEMUL_IDLE:{
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- break;
- }
- case MFEMUL_SELECT1:{
- // select all - 0x93 0x20
- if (len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && receivedCmd[1] == 0x20)) {
- if (MF_DBGLEVEL >= 4) Dbprintf("SELECT ALL received");
- EmSendCmd(rUIDBCC1, sizeof(rUIDBCC1));
- break;
- }
-
- // select card - 0x93 0x70 ...
- if (len == 9 &&
- (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], rUIDBCC1, 4) == 0)) {
- if (MF_DBGLEVEL >= 4)
- Dbprintf("SELECT %02x%02x%02x%02x received",receivedCmd[2],receivedCmd[3],receivedCmd[4],receivedCmd[5]);
-
- switch(_UID_LEN) {
- case 4:
- cardSTATE = MFEMUL_WORK;
- LED_B_ON();
- if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol1 time: %d", GetTickCount() - selTimer);
- EmSendCmd(rSAKfinal, sizeof(rSAKfinal));
- break;
- case 7:
- cardSTATE = MFEMUL_SELECT2;
- EmSendCmd(rSAK1, sizeof(rSAK1));
- break;
- case 10:
- cardSTATE = MFEMUL_SELECT2;
- EmSendCmd(rSAK1, sizeof(rSAK1));
- break;
- default:break;
- }
- } else {
- cardSTATE_TO_IDLE();
- }
- break;
- }
- case MFEMUL_SELECT3:{
- if (!len) {
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- break;
- }
- // select all cl3 - 0x97 0x20
- if (len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && receivedCmd[1] == 0x20)) {
- EmSendCmd(rUIDBCC3, sizeof(rUIDBCC3));
- break;
- }
- // select card cl3 - 0x97 0x70
- if (len == 9 &&
- (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 &&
- receivedCmd[1] == 0x70 &&
- memcmp(&receivedCmd[2], rUIDBCC3, 4) == 0) ) {
-
- EmSendCmd(rSAKfinal, sizeof(rSAKfinal));
- cardSTATE = MFEMUL_WORK;
- LED_B_ON();
- if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol3 time: %d", GetTickCount() - selTimer);
- break;
- }
- cardSTATE_TO_IDLE();
- break;
- }
- case MFEMUL_AUTH1:{
- if( len != 8) {
- cardSTATE_TO_IDLE();
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- break;
- }
-
- uint32_t nr = bytes_to_num(receivedCmd, 4);
- uint32_t ar = bytes_to_num(&receivedCmd[4], 4);
-
- // Collect AR/NR per keytype & sector
- if(flags & FLAG_NR_AR_ATTACK) {
- for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
- if ( ar_nr_collected[i+mM]==0 || ((cardAUTHSC == ar_nr_resp[i+mM].sector) && (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && (ar_nr_collected[i+mM] > 0)) ) {
- // if first auth for sector, or matches sector and keytype of previous auth
- if (ar_nr_collected[i+mM] < 2) {
- // if we haven't already collected 2 nonces for this sector
- if (ar_nr_resp[ar_nr_collected[i+mM]].ar != ar) {
- // Avoid duplicates... probably not necessary, ar should vary.
- if (ar_nr_collected[i+mM]==0) {
- // first nonce collect
- ar_nr_resp[i+mM].cuid = cuid;
- ar_nr_resp[i+mM].sector = cardAUTHSC;
- ar_nr_resp[i+mM].keytype = cardAUTHKEY;
- ar_nr_resp[i+mM].nonce = nonce;
- ar_nr_resp[i+mM].nr = nr;
- ar_nr_resp[i+mM].ar = ar;
- nonce1_count++;
- // add this nonce to first moebius nonce
- ar_nr_resp[i+ATTACK_KEY_COUNT].cuid = cuid;
- ar_nr_resp[i+ATTACK_KEY_COUNT].sector = cardAUTHSC;
- ar_nr_resp[i+ATTACK_KEY_COUNT].keytype = cardAUTHKEY;
- ar_nr_resp[i+ATTACK_KEY_COUNT].nonce = nonce;
- ar_nr_resp[i+ATTACK_KEY_COUNT].nr = nr;
- ar_nr_resp[i+ATTACK_KEY_COUNT].ar = ar;
- ar_nr_collected[i+ATTACK_KEY_COUNT]++;
- } else { // second nonce collect (std and moebius)
- ar_nr_resp[i+mM].nonce2 = nonce;
- ar_nr_resp[i+mM].nr2 = nr;
- ar_nr_resp[i+mM].ar2 = ar;
- if (!gettingMoebius) {
- nonce2_count++;
- // check if this was the last second nonce we need for std attack
- if ( nonce2_count == nonce1_count ) {
- // done collecting std test switch to moebius
- // first finish incrementing last sample
- ar_nr_collected[i+mM]++;
- // switch to moebius collection
- gettingMoebius = true;
- mM = ATTACK_KEY_COUNT;
- if (flags & FLAG_RANDOM_NONCE) {
- nonce = prand();
- } else {
- nonce = nonce*7;
- }
- break;
- }
- } else {
- moebius_n_count++;
- // if we've collected all the nonces we need - finish.
- if (nonce1_count == moebius_n_count) finished = true;
- }
- }
- ar_nr_collected[i+mM]++;
- }
- }
- // we found right spot for this nonce stop looking
- break;
- }
- }
- }
-
- // --- crypto
- crypto1_word(pcs, nr , 1);
- cardRr = ar ^ crypto1_word(pcs, 0, 0);
-
- // test if auth OK
- if (cardRr != prng_successor(nonce, 64)){
- if (MF_DBGLEVEL >= 2) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x",
- cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B',
- cardRr, prng_successor(nonce, 64));
- // Shouldn't we respond anything here?
- // Right now, we don't nack or anything, which causes the
- // reader to do a WUPA after a while. /Martin
- // -- which is the correct response. /piwi
- cardSTATE_TO_IDLE();
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- break;
- }
-
- //auth successful
- ans = prng_successor(nonce, 96) ^ crypto1_word(pcs, 0, 0);
-
- num_to_bytes(ans, 4, rAUTH_AT);
- // --- crypto
- EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
- LED_C_ON();
- cardSTATE = MFEMUL_WORK;
- if (MF_DBGLEVEL >= 4) Dbprintf("AUTH COMPLETED for sector %d with key %c. time=%d",
- cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B',
- GetTickCount() - authTimer);
- break;
- }
- case MFEMUL_SELECT2:{
- if (!len) {
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- break;
- }
- // select all cl2 - 0x95 0x20
- if (len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && receivedCmd[1] == 0x20)) {
- EmSendCmd(rUIDBCC2, sizeof(rUIDBCC2));
- break;
- }
-
- // select cl2 card - 0x95 0x70 xxxxxxxxxxxx
- if (len == 9 &&
- (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], rUIDBCC2, 4) == 0)) {
- switch(_UID_LEN) {
- case 7:
- EmSendCmd(rSAKfinal, sizeof(rSAKfinal));
- cardSTATE = MFEMUL_WORK;
- LED_B_ON();
- if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol2 time: %d", GetTickCount() - selTimer);
- break;
- case 10:
- EmSendCmd(rSAK1, sizeof(rSAK1));
- cardSTATE = MFEMUL_SELECT3;
- break;
- default:break;
- }
- break;
- }
-
- // i guess there is a command). go into the work state.
- if (len != 4) {
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- break;
- }
- cardSTATE = MFEMUL_WORK;
- //goto lbWORK;
- //intentional fall-through to the next case-stmt
- }
-
- case MFEMUL_WORK:{
- if (len == 0) {
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- break;
- }
-
- bool encrypted_data = (cardAUTHKEY != 0xFF) ;
-
- if(encrypted_data) {
- // decrypt seqence
- mf_crypto1_decrypt(pcs, receivedCmd, len);
- }
-
- if (len == 4 && (receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61)) {
-
- // if authenticating to a block that shouldn't exist - as long as we are not doing the reader attack
- if (receivedCmd[1] >= 16 * 4 && !(flags & FLAG_NR_AR_ATTACK)) {
- //is this the correct response to an auth on a out of range block? marshmellow
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking",receivedCmd[0],receivedCmd[1],receivedCmd[1]);
- break;
- }
-
- authTimer = GetTickCount();
- cardAUTHSC = receivedCmd[1] / 4; // received block num
- cardAUTHKEY = receivedCmd[0] - 0x60;
- crypto1_destroy(pcs);//Added by martin
- crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY));
- //uint64_t key=emlGetKey(cardAUTHSC, cardAUTHKEY);
- //Dbprintf("key: %04x%08x",(uint32_t)(key>>32)&0xFFFF,(uint32_t)(key&0xFFFFFFFF));
-
- if (!encrypted_data) { // first authentication
- if (MF_DBGLEVEL >= 4) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
-
- crypto1_word(pcs, cuid ^ nonce, 0);//Update crypto state
- num_to_bytes(nonce, 4, rAUTH_AT); // Send nonce
- } else { // nested authentication
- if (MF_DBGLEVEL >= 4) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
- ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0);
- num_to_bytes(ans, 4, rAUTH_AT);
- }
-
- EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
- //Dbprintf("Sending rAUTH %02x%02x%02x%02x", rAUTH_AT[0],rAUTH_AT[1],rAUTH_AT[2],rAUTH_AT[3]);
- cardSTATE = MFEMUL_AUTH1;
- break;
- }
-
- // rule 13 of 7.5.3. in ISO 14443-4. chaining shall be continued
- // BUT... ACK --> NACK
- if (len == 1 && receivedCmd[0] == CARD_ACK) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- break;
- }
-
- // rule 12 of 7.5.3. in ISO 14443-4. R(NAK) --> R(ACK)
- if (len == 1 && receivedCmd[0] == CARD_NACK_NA) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
- break;
- }
-
- if(len != 4) {
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- break;
- }
-
- if(receivedCmd[0] == 0x30 // read block
- || receivedCmd[0] == 0xA0 // write block
- || receivedCmd[0] == 0xC0 // inc
- || receivedCmd[0] == 0xC1 // dec
- || receivedCmd[0] == 0xC2 // restore
- || receivedCmd[0] == 0xB0) { // transfer
- if (receivedCmd[1] >= 16 * 4) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking",receivedCmd[0],receivedCmd[1],receivedCmd[1]);
- break;
- }
-
- if (receivedCmd[1] / 4 != cardAUTHSC) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on block (0x%02x) not authenticated for (0x%02x), nacking",receivedCmd[0],receivedCmd[1],cardAUTHSC);
- break;
- }
- }
- // read block
- if (receivedCmd[0] == 0x30) {
- if (MF_DBGLEVEL >= 4) {
- Dbprintf("Reader reading block %d (0x%02x)",receivedCmd[1],receivedCmd[1]);
- }
- emlGetMem(response, receivedCmd[1], 1);
- AppendCrc14443a(response, 16);
- mf_crypto1_encrypt(pcs, response, 18, response_par);
- EmSendCmdPar(response, 18, response_par);
- numReads++;
- if(exitAfterNReads > 0 && numReads == exitAfterNReads) {
- Dbprintf("%d reads done, exiting", numReads);
- finished = true;
- }
- break;
- }
- // write block
- if (receivedCmd[0] == 0xA0) {
- if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0xA0 write block %d (%02x)",receivedCmd[1],receivedCmd[1]);
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
- cardSTATE = MFEMUL_WRITEBL2;
- cardWRBL = receivedCmd[1];
- break;
- }
- // increment, decrement, restore
- if (receivedCmd[0] == 0xC0 || receivedCmd[0] == 0xC1 || receivedCmd[0] == 0xC2) {
- if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0x%02x inc(0xC1)/dec(0xC0)/restore(0xC2) block %d (%02x)",receivedCmd[0],receivedCmd[1],receivedCmd[1]);
- if (emlCheckValBl(receivedCmd[1])) {
- if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate on block, but emlCheckValBl failed, nacking");
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- break;
- }
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
- if (receivedCmd[0] == 0xC1)
- cardSTATE = MFEMUL_INTREG_INC;
- if (receivedCmd[0] == 0xC0)
- cardSTATE = MFEMUL_INTREG_DEC;
- if (receivedCmd[0] == 0xC2)
- cardSTATE = MFEMUL_INTREG_REST;
- cardWRBL = receivedCmd[1];
- break;
- }
- // transfer
- if (receivedCmd[0] == 0xB0) {
- if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0x%02x transfer block %d (%02x)",receivedCmd[0],receivedCmd[1],receivedCmd[1]);
- if (emlSetValBl(cardINTREG, cardINTBLOCK, receivedCmd[1]))
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- else
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
- break;
- }
- // halt
- if (receivedCmd[0] == 0x50 && receivedCmd[1] == 0x00) {
- LED_B_OFF();
- LED_C_OFF();
- cardSTATE = MFEMUL_HALTED;
- if (MF_DBGLEVEL >= 4) Dbprintf("--> HALTED. Selected time: %d ms", GetTickCount() - selTimer);
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- break;
- }
- // RATS
- if (receivedCmd[0] == 0xe0) {//RATS
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- break;
- }
- // command not allowed
- if (MF_DBGLEVEL >= 4) Dbprintf("Received command not allowed, nacking");
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- break;
- }
- case MFEMUL_WRITEBL2:{
- if (len == 18){
- mf_crypto1_decrypt(pcs, receivedCmd, len);
- emlSetMem(receivedCmd, cardWRBL, 1);
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
- cardSTATE = MFEMUL_WORK;
- } else {
- cardSTATE_TO_IDLE();
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- }
- break;
- }
-
- case MFEMUL_INTREG_INC:{
- mf_crypto1_decrypt(pcs, receivedCmd, len);
- memcpy(&ans, receivedCmd, 4);
- if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- cardSTATE_TO_IDLE();
- break;
- }
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- cardINTREG = cardINTREG + ans;
- cardSTATE = MFEMUL_WORK;
- break;
- }
- case MFEMUL_INTREG_DEC:{
- mf_crypto1_decrypt(pcs, receivedCmd, len);
- memcpy(&ans, receivedCmd, 4);
- if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- cardSTATE_TO_IDLE();
- break;
- }
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- cardINTREG = cardINTREG - ans;
- cardSTATE = MFEMUL_WORK;
- break;
- }
- case MFEMUL_INTREG_REST:{
- mf_crypto1_decrypt(pcs, receivedCmd, len);
- memcpy(&ans, receivedCmd, 4);
- if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- cardSTATE_TO_IDLE();
- break;
- }
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
- cardSTATE = MFEMUL_WORK;
- break;
- }
- }
- button_pushed = BUTTON_PRESS();
- }
-
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- LEDsoff();
-
- if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1) {
- for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
- if (ar_nr_collected[i] == 2) {
- Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
- Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
- ar_nr_resp[i].cuid, //UID
- ar_nr_resp[i].nonce, //NT
- ar_nr_resp[i].nr, //NR1
- ar_nr_resp[i].ar, //AR1
- ar_nr_resp[i].nr2, //NR2
- ar_nr_resp[i].ar2 //AR2
- );
- }
- }
- for ( uint8_t i = ATTACK_KEY_COUNT; i < ATTACK_KEY_COUNT*2; i++) {
- if (ar_nr_collected[i] == 2) {
- Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
- Dbprintf("../tools/mfkey/mfkey32v2 %08x %08x %08x %08x %08x %08x %08x",
- ar_nr_resp[i].cuid, //UID
- ar_nr_resp[i].nonce, //NT
- ar_nr_resp[i].nr, //NR1
- ar_nr_resp[i].ar, //AR1
- ar_nr_resp[i].nonce2,//NT2
- ar_nr_resp[i].nr2, //NR2
- ar_nr_resp[i].ar2 //AR2
- );
- }
- }
- }
- if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, BigBuf_get_traceLen());
-
- if(flags & FLAG_INTERACTIVE) { // Interactive mode flag, means we need to send ACK
- //Send the collected ar_nr in the response
- cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,button_pushed,0,&ar_nr_resp,sizeof(ar_nr_resp));
- }
-}
-
//-----------------------------------------------------------------------------
// MIFARE sniffer.
#include <stdint.h>
#include <stdbool.h>
+#include "usb_cmd.h"
#include "mifare.h"
+typedef struct {
+ uint8_t* response;
+ uint8_t* modulation;
+ uint16_t response_n;
+ uint16_t modulation_n;
+ uint32_t ProxToAirDuration;
+ uint8_t par; // enough for precalculated parity of 8 Byte responses
+} tag_response_info_t;
+
extern void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *par);
extern void AppendCrc14443a(uint8_t *data, int len);
+extern void RAMFUNC SnoopIso14443a(uint8_t param);
+extern void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t *data);
+extern void ReaderIso14443a(UsbCommand *c);
extern void ReaderTransmit(uint8_t *frame, uint16_t len, uint32_t *timing);
extern void ReaderTransmitBitsPar(uint8_t *frame, uint16_t bits, uint8_t *par, uint32_t *timing);
extern void ReaderTransmitPar(uint8_t *frame, uint16_t len, uint8_t *par, uint32_t *timing);
extern int ReaderReceive(uint8_t *receivedAnswer, uint8_t *par);
+extern void ReaderMifare(bool first_try);
+
+extern int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity);
+extern int EmSendCmd(uint8_t *resp, uint16_t respLen);
+extern int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool correctionNeeded);
+extern int EmSend4bit(uint8_t resp);
+extern int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par);
+extern int EmSendPrecompiledCmd(tag_response_info_t *response_info, bool correctionNeeded);
+
+extern bool prepare_allocated_tag_modulation(tag_response_info_t *response_info, uint8_t **buffer, size_t *buffer_size);
extern void iso14443a_setup(uint8_t fpga_minor_mode);
extern int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data);
-extern int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *resp_data, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades);
+extern int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *resp_data, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats);
extern void iso14a_set_trigger(bool enable);
+extern void iso14a_set_timeout(uint32_t timeout);
#endif /* __ISO14443A_H */
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
-// Routines to support ISO 14443 type A.
+// Routines to support ISO 14443 type B.
//-----------------------------------------------------------------------------
#ifndef __ISO14443B_H
int i;
uint8_t *tab = BigBuf_get_addr();
- //note this may destroy the bigbuf so be sure this is called before now...
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+ //note FpgaDownloadAndGo destroys the bigbuf so be sure this is called before now...
+ //FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK;
//Program the 7 data blocks for supplied 224bit UID
uint32_t data[] = {0, uid1, uid2, uid3, uid4, uid5, uid6, uid7};
// and the block 0 for Indala224 format
- //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7)
- data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (7 << T55x7_MAXBLOCK_SHIFT);
+ //Config for Indala (RF/32;PSK2 with RF/2;Maxblock=7)
+ data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK2 | (7 << T55x7_MAXBLOCK_SHIFT);
//TODO add selection of chip for Q5 or T55x7
- // data[0] = (((32-2)>>1)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK1 | 7 << T5555_MAXBLOCK_SHIFT;
+ // data[0] = (((32-2)>>1)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK2 | 7 << T5555_MAXBLOCK_SHIFT;
WriteT55xx(data, 0, 8);
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
// T5567WriteBlock(0x603E10E2,0);
#include "parity.h"\r
#include "crc.h"\r
\r
-#define AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation)\r
-#define PRE_AUTHENTICATION_LEADTIME 400 // some (non standard) cards need a pause after select before they are ready for first authentication\r
-\r
-\r
// the block number for the ISO14443-4 PCB\r
static uint8_t pcb_blocknum = 0;\r
// Deselect card by sending a s-block. the crc is precalced for speed\r
LED_C_OFF();\r
\r
while (true) {\r
- if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
+ if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
break;\r
};\r
\r
clear_trace();\r
\r
- if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {\r
+ if(!iso14443a_select_card(NULL, NULL, NULL, true, 0, true)) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
OnError(0);\r
return;\r
\r
clear_trace();\r
\r
- int len = iso14443a_select_card(NULL, NULL, NULL, true, 0);\r
+ int len = iso14443a_select_card(NULL, NULL, NULL, true, 0, true);\r
if(!len) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len);\r
OnError(1);\r
LED_C_OFF();\r
\r
isOK = 1;\r
- if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
+ if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {\r
isOK = 0;\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
}\r
return;\r
}\r
\r
- int len = iso14443a_select_card(NULL, NULL, NULL, true, 0);\r
+ int len = iso14443a_select_card(NULL, NULL, NULL, true, 0, true);\r
if (!len) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%d)",len);\r
OnError(1);\r
LED_C_OFF();\r
\r
while (true) {\r
- if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
+ if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
break;\r
};\r
\r
clear_trace();\r
\r
- if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {\r
+ if(!iso14443a_select_card(NULL, NULL, NULL, true, 0, true)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
OnError(0);\r
return;\r
\r
clear_trace();\r
\r
- if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {\r
+ if(!iso14443a_select_card(NULL, NULL, NULL, true, 0, true)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
OnError(0);\r
return;\r
\r
if (!have_uid) { // need a full select cycle to get the uid first\r
iso14a_card_select_t card_info;\r
- if(!iso14443a_select_card(uid, &card_info, &cuid, true, 0)) {\r
+ if(!iso14443a_select_card(uid, &card_info, &cuid, true, 0, true)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("AcquireNonces: Can't select card (ALL)");\r
continue;\r
}\r
}\r
have_uid = true;\r
} else { // no need for anticollision. We can directly select the card\r
- if(!iso14443a_select_card(uid, NULL, NULL, false, cascade_levels)) {\r
+ if(!iso14443a_select_card(uid, NULL, NULL, false, cascade_levels, true)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("AcquireNonces: Can't select card (UID)");\r
continue;\r
}\r
continue;\r
}\r
\r
- if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
+ if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");\r
rtr--;\r
continue;\r
continue;\r
}\r
\r
- if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
+ if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");\r
continue;\r
};\r
// MIFARE check keys. key count up to 85.\r
//\r
//-----------------------------------------------------------------------------\r
-void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
+void MifareChkKeys(uint16_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)\r
{\r
uint8_t blockNo = arg0 & 0xff;\r
uint8_t keyType = (arg0 >> 8) & 0xff;\r
- bool clearTrace = arg1;\r
+ bool clearTrace = arg1 & 0x01;\r
+ bool multisectorCheck = arg1 & 0x02;\r
+ uint8_t set14aTimeout = (arg1 >> 8) & 0xff;\r
uint8_t keyCount = arg2;\r
- uint64_t ui64Key = 0;\r
-\r
- bool have_uid = false;\r
- uint8_t cascade_levels = 0;\r
- uint32_t timeout = 0;\r
- int i;\r
- byte_t isOK = 0;\r
- uint8_t uid[10];\r
- uint32_t cuid;\r
- struct Crypto1State mpcs = {0, 0};\r
- struct Crypto1State *pcs;\r
- pcs = &mpcs;\r
\r
// clear debug level\r
int OLD_MF_DBGLEVEL = MF_DBGLEVEL;\r
if (clearTrace) clear_trace();\r
set_tracing(true);\r
\r
- for (i = 0; i < keyCount; i++) {\r
-// if(mifare_classic_halt(pcs, cuid)) {\r
-// if (MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Halt error");\r
-// }\r
+ if (set14aTimeout){\r
+ iso14a_set_timeout(set14aTimeout * 10); // timeout: ms = x/106 35-minimum, 50-OK 106-recommended 500-safe\r
+ }\r
+ \r
+ if (multisectorCheck) {\r
+ TKeyIndex keyIndex = {{0}};\r
+ uint8_t sectorCnt = blockNo;\r
+ int res = MifareMultisectorChk(datain, keyCount, sectorCnt, keyType, OLD_MF_DBGLEVEL, &keyIndex);\r
\r
- // Iceman: use piwi's faster nonce collecting part in hardnested.\r
- if (!have_uid) { // need a full select cycle to get the uid first\r
- iso14a_card_select_t card_info;\r
- if(!iso14443a_select_card(uid, &card_info, &cuid, true, 0)) {\r
- if (OLD_MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Can't select card");\r
- --i; // try same key once again\r
- continue;\r
- }\r
- switch (card_info.uidlen) {\r
- case 4 : cascade_levels = 1; break;\r
- case 7 : cascade_levels = 2; break;\r
- case 10: cascade_levels = 3; break;\r
- default: break;\r
- }\r
- have_uid = true;\r
- } else { // no need for anticollision. We can directly select the card\r
- if(!iso14443a_select_card(uid, NULL, NULL, false, cascade_levels)) {\r
- if (OLD_MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Can't select card (UID)");\r
- --i; // try same key once again\r
- continue;\r
- }\r
+ LED_B_ON();\r
+ if (res >= 0) {\r
+ cmd_send(CMD_ACK, 1, 0, 0, keyIndex, 80);\r
+ } else {\r
+ cmd_send(CMD_ACK, 0, 0, 0, NULL, 0);\r
}\r
-\r
- ui64Key = bytes_to_num(datain + i * 6, 6);\r
- if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
- uint8_t dummy_answer = 0;\r
- ReaderTransmit(&dummy_answer, 1, NULL);\r
- timeout = GetCountSspClk() + AUTHENTICATION_TIMEOUT;\r
-\r
- // wait for the card to become ready again\r
- while(GetCountSspClk() < timeout);\r
- continue;\r
+ LED_B_OFF();\r
+ } else { \r
+ int res = MifareChkBlockKeys(datain, keyCount, blockNo, keyType, OLD_MF_DBGLEVEL);\r
+ \r
+ LED_B_ON();\r
+ if (res > 0) {\r
+ cmd_send(CMD_ACK, 1, 0, 0, datain + (res - 1) * 6, 6);\r
+ } else {\r
+ cmd_send(CMD_ACK, 0, 0, 0, NULL, 0);\r
}\r
-\r
- isOK = 1;\r
- break;\r
+ LED_B_OFF();\r
}\r
\r
- LED_B_ON();\r
- cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);\r
- LED_B_OFF();\r
-\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
\r
\r
bool isOK = true;\r
\r
- if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
+ if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {\r
isOK = false;\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
}\r
// Work with "magic Chinese" card (email him: ouyangweidaxian@live.cn)\r
//\r
//-----------------------------------------------------------------------------\r
+\r
+static bool isBlockTrailer(int blockN) {\r
+ if (blockN >= 0 && blockN < 128) {\r
+ return ((blockN & 0x03) == 0x03);\r
+ }\r
+ if (blockN >= 128 && blockN <= 256) {\r
+ return ((blockN & 0x0F) == 0x0F);\r
+ }\r
+ return FALSE;\r
+}\r
+\r
+void MifareCWipe(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
+ // var\r
+ byte_t isOK = 0;\r
+ uint32_t numBlocks = arg0;\r
+ // cmdParams:\r
+ // bit 0 - wipe gen1a\r
+ // bit 1 - fill card with default data\r
+ // bit 2 - gen1a = 0, gen1b = 1\r
+ uint8_t cmdParams = arg1;\r
+ bool needWipe = cmdParams & 0x01;\r
+ bool needFill = cmdParams & 0x02;\r
+ bool gen1b = cmdParams & 0x04;\r
+ \r
+ uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r
+ uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r
+ \r
+ uint8_t block0[16] = {0x01, 0x02, 0x03, 0x04, 0x04, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xBE, 0xAF};\r
+ uint8_t block1[16] = {0x00};\r
+ uint8_t blockK[16] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x08, 0x77, 0x8F, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};\r
+ uint8_t d_block[18] = {0x00};\r
+ \r
+ // card commands\r
+ uint8_t wupC1[] = { 0x40 };\r
+ uint8_t wupC2[] = { 0x43 };\r
+ uint8_t wipeC[] = { 0x41 };\r
+ \r
+ // iso14443 setup\r
+ LED_A_ON();\r
+ LED_B_OFF();\r
+ LED_C_OFF();\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+ // tracing\r
+ clear_trace();\r
+ set_tracing(true);\r
+ \r
+ while (true){\r
+ // wipe\r
+ if (needWipe){\r
+ ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+ if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");\r
+ break;\r
+ };\r
+\r
+ ReaderTransmit(wipeC, sizeof(wipeC), NULL);\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+ if (MF_DBGLEVEL >= 1) Dbprintf("wipeC error");\r
+ break;\r
+ };\r
+\r
+ if(mifare_classic_halt(NULL, 0)) {\r
+ if (MF_DBGLEVEL > 2) Dbprintf("Halt error");\r
+ };\r
+ };\r
+ \r
+ // put default data\r
+ if (needFill){\r
+ // select commands\r
+ ReaderTransmitBitsPar(wupC1, 7, 0, NULL);\r
+\r
+ // gen1b magic tag : do no issue wupC2 and don't expect 0x0a response after SELECT_UID (after getting UID from chip in 'hf mf csetuid' command)\r
+ if (!gen1b) { \r
+\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+ if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");\r
+ break;\r
+ };\r
+\r
+ ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+ if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");\r
+ break;\r
+ };\r
+ }\r
+\r
+ // send blocks command\r
+ for (int blockNo = 0; blockNo < numBlocks; blockNo++) {\r
+ if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {\r
+ if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error");\r
+ break;\r
+ };\r
+ \r
+ // check type of block and add crc\r
+ if (!isBlockTrailer(blockNo)){\r
+ memcpy(d_block, block1, 16);\r
+ } else {\r
+ memcpy(d_block, blockK, 16);\r
+ }\r
+ if (blockNo == 0) {\r
+ memcpy(d_block, block0, 16);\r
+ }\r
+ AppendCrc14443a(d_block, 16);\r
+\r
+ // send write command\r
+ ReaderTransmit(d_block, sizeof(d_block), NULL);\r
+ if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) {\r
+ if (MF_DBGLEVEL >= 1) Dbprintf("write block send data error");\r
+ break;\r
+ };\r
+ }\r
+ \r
+ // halt\r
+ // do no issue halt command for gen1b \r
+ if (!gen1b) {\r
+ if (mifare_classic_halt(NULL, 0)) {\r
+ if (MF_DBGLEVEL > 2) Dbprintf("Halt error");\r
+ break;\r
+ }\r
+ }\r
+ }\r
+ break;\r
+ } \r
+\r
+ // send USB response\r
+ LED_B_ON();\r
+ cmd_send(CMD_ACK,isOK,0,0,NULL,0);\r
+ LED_B_OFF();\r
+ \r
+ // reset fpga\r
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+ LEDsoff();\r
+ \r
+ return;\r
+}\r
+\r
void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
\r
// params\r
\r
// get UID from chip\r
if (workFlags & 0x01) {\r
- if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
+ if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
- break;\r
+ // Continue, if we set wrong UID or wrong UID checksum or some ATQA or SAK we will can't select card. But we need to write block 0 to make card work.\r
+ //break;\r
};\r
\r
if(mifare_classic_halt(NULL, cuid)) {\r
if (MF_DBGLEVEL > 2) Dbprintf("Halt error");\r
// Continue, some magic tags misbehavies and send an answer to it.\r
- // break;\r
+ // break;\r
};\r
};\r
\r
break;\r
};\r
\r
- if(mifare_classic_halt(NULL, cuid)) {\r
+ if(mifare_classic_halt(NULL, 0)) {\r
if (MF_DBGLEVEL > 2) Dbprintf("Halt error");\r
// Continue, some magic tags misbehavies and send an answer to it.\r
// break;\r
if (workFlags & 0x04) {\r
// do no issue halt command for gen1b magic tag (#db# halt error. response len: 1)\r
if (!(workFlags & 0x40)) {\r
- if (mifare_classic_halt(NULL, cuid)) {\r
+ if (mifare_classic_halt(NULL, 0)) {\r
if (MF_DBGLEVEL > 2) Dbprintf("Halt error");\r
// Continue, some magic tags misbehavies and send an answer to it.\r
// break;\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
clear_trace();\r
\r
- int len = iso14443a_select_card(uid, NULL, &cuid, true, 0);\r
+ int len = iso14443a_select_card(uid, NULL, &cuid, true, 0, true);\r
if(!len) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
OnError(1);\r
--- /dev/null
+//-----------------------------------------------------------------------------
+// Merlok - June 2011, 2012
+// Gerhard de Koning Gans - May 2008
+// Hagen Fritsch - June 2010
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Mifare Classic Card Simulation
+//-----------------------------------------------------------------------------
+
+#include "mifaresim.h"
+#include "iso14443a.h"
+#include "iso14443crc.h"
+#include "crapto1/crapto1.h"
+#include "BigBuf.h"
+#include "string.h"
+#include "mifareutil.h"
+#include "fpgaloader.h"
+#include "proxmark3.h"
+#include "usb_cdc.h"
+#include "cmd.h"
+#include "protocols.h"
+#include "apps.h"
+
+//mifare emulator states
+#define MFEMUL_NOFIELD 0
+#define MFEMUL_IDLE 1
+#define MFEMUL_SELECT1 2
+#define MFEMUL_SELECT2 3
+#define MFEMUL_SELECT3 4
+#define MFEMUL_AUTH1 5
+#define MFEMUL_AUTH2 6
+#define MFEMUL_WORK 7
+#define MFEMUL_WRITEBL2 8
+#define MFEMUL_INTREG_INC 9
+#define MFEMUL_INTREG_DEC 10
+#define MFEMUL_INTREG_REST 11
+#define MFEMUL_HALTED 12
+
+#define cardSTATE_TO_IDLE() { cardSTATE = MFEMUL_IDLE; LED_B_OFF(); LED_C_OFF(); }
+
+
+
+static void MifareSimInit(uint8_t flags, uint8_t *datain, tag_response_info_t **responses, uint32_t *cuid, uint8_t *uid_len) {
+
+ #define TAG_RESPONSE_COUNT 5 // number of precompiled responses
+ static uint8_t rATQA[] = {0x04, 0x00}; // indicate Mifare classic 1k 4Byte UID
+ static uint8_t rUIDBCC1[] = {0x00, 0x00, 0x00, 0x00, 0x00}; // UID 1st cascade level
+ static uint8_t rUIDBCC2[] = {0x00, 0x00, 0x00, 0x00, 0x00}; // UID 2nd cascade level
+ static uint8_t rSAKfinal[]= {0x08, 0xb6, 0xdd}; // mifare 1k indicated
+ static uint8_t rSAK1[] = {0x04, 0xda, 0x17}; // indicate UID not finished
+
+ *uid_len = 4;
+ // UID can be set from emulator memory or incoming data and can be 4 or 7 bytes long
+ if (flags & FLAG_4B_UID_IN_DATA) { // get UID from datain
+ memcpy(rUIDBCC1, datain, 4);
+ } else if (flags & FLAG_7B_UID_IN_DATA) {
+ rUIDBCC1[0] = 0x88;
+ memcpy(rUIDBCC1+1, datain, 3);
+ memcpy(rUIDBCC2, datain+3, 4);
+ *uid_len = 7;
+ } else {
+ uint8_t probable_atqa;
+ emlGetMemBt(&probable_atqa, 7, 1); // get UID from emul memory - weak guess at length
+ if (probable_atqa == 0x00) { // ---------- 4BUID
+ emlGetMemBt(rUIDBCC1, 0, 4);
+ } else { // ---------- 7BUID
+ rUIDBCC1[0] = 0x88;
+ emlGetMemBt(rUIDBCC1+1, 0, 3);
+ emlGetMemBt(rUIDBCC2, 3, 4);
+ *uid_len = 7;
+ }
+ }
+
+ switch (*uid_len) {
+ case 4:
+ *cuid = bytes_to_num(rUIDBCC1, 4);
+ rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
+ if (MF_DBGLEVEL >= 2) {
+ Dbprintf("4B UID: %02x%02x%02x%02x",
+ rUIDBCC1[0], rUIDBCC1[1], rUIDBCC1[2], rUIDBCC1[3] );
+ }
+ break;
+ case 7:
+ rATQA[0] |= 0x40;
+ *cuid = bytes_to_num(rUIDBCC2, 4);
+ rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
+ rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3];
+ if (MF_DBGLEVEL >= 2) {
+ Dbprintf("7B UID: %02x %02x %02x %02x %02x %02x %02x",
+ rUIDBCC1[1], rUIDBCC1[2], rUIDBCC1[3], rUIDBCC2[0], rUIDBCC2[1], rUIDBCC2[2], rUIDBCC2[3] );
+ }
+ break;
+ default:
+ break;
+ }
+
+ static tag_response_info_t responses_init[TAG_RESPONSE_COUNT] = {
+ { .response = rATQA, .response_n = sizeof(rATQA) }, // Answer to request - respond with card type
+ { .response = rUIDBCC1, .response_n = sizeof(rUIDBCC1) }, // Anticollision cascade1 - respond with first part of uid
+ { .response = rUIDBCC2, .response_n = sizeof(rUIDBCC2) }, // Anticollision cascade2 - respond with 2nd part of uid
+ { .response = rSAKfinal, .response_n = sizeof(rSAKfinal) }, // Acknowledge select - last cascade
+ { .response = rSAK1, .response_n = sizeof(rSAK1) } // Acknowledge select - previous cascades
+ };
+
+ // Prepare ("precompile") the responses of the anticollision phase. There will be not enough time to do this at the moment the reader sends its REQA or SELECT
+ // There are 7 predefined responses with a total of 18 bytes data to transmit. Coded responses need one byte per bit to transfer (data, parity, start, stop, correction)
+ // 18 * 8 data bits, 18 * 1 parity bits, 5 start bits, 5 stop bits, 5 correction bits -> need 177 bytes buffer
+ #define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 177 // number of bytes required for precompiled responses
+
+ uint8_t *free_buffer_pointer = BigBuf_malloc(ALLOCATED_TAG_MODULATION_BUFFER_SIZE);
+ size_t free_buffer_size = ALLOCATED_TAG_MODULATION_BUFFER_SIZE;
+ for (size_t i = 0; i < TAG_RESPONSE_COUNT; i++) {
+ prepare_allocated_tag_modulation(&responses_init[i], &free_buffer_pointer, &free_buffer_size);
+ }
+
+ *responses = responses_init;
+
+ // indices into responses array:
+ #define ATQA 0
+ #define UIDBCC1 1
+ #define UIDBCC2 2
+ #define SAKfinal 3
+ #define SAK1 4
+
+}
+
+
+static bool HasValidCRC(uint8_t *receivedCmd, uint16_t receivedCmd_len) {
+ uint8_t CRC_byte_1, CRC_byte_2;
+ ComputeCrc14443(CRC_14443_A, receivedCmd, receivedCmd_len-2, &CRC_byte_1, &CRC_byte_2);
+ return (receivedCmd[receivedCmd_len-2] == CRC_byte_1 && receivedCmd[receivedCmd_len-1] == CRC_byte_2);
+}
+
+
+/**
+ *MIFARE 1K simulate.
+ *
+ *@param flags :
+ * FLAG_INTERACTIVE - In interactive mode, we are expected to finish the operation with an ACK
+ * FLAG_4B_UID_IN_DATA - means that there is a 4-byte UID in the data-section, we're expected to use that
+ * FLAG_7B_UID_IN_DATA - means that there is a 7-byte UID in the data-section, we're expected to use that
+ * FLAG_10B_UID_IN_DATA - use 10-byte UID in the data-section not finished
+ * FLAG_NR_AR_ATTACK - means we should collect NR_AR responses for bruteforcing later
+ * FLAG_RANDOM_NONCE - means we should generate some pseudo-random nonce data (only allows moebius attack)
+ *@param exitAfterNReads, exit simulation after n blocks have been read, 0 is infinite ...
+ * (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted)
+ */
+void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain)
+{
+ tag_response_info_t *responses;
+ uint8_t uid_len = 4;
+ uint32_t cuid = 0;
+ uint8_t cardWRBL = 0;
+ uint8_t cardAUTHSC = 0;
+ uint8_t cardAUTHKEY = 0xff; // no authentication
+ uint32_t cardRr = 0;
+ //uint32_t rn_enc = 0;
+ uint32_t ans = 0;
+ uint32_t cardINTREG = 0;
+ uint8_t cardINTBLOCK = 0;
+ struct Crypto1State mpcs = {0, 0};
+ struct Crypto1State *pcs;
+ pcs = &mpcs;
+ uint32_t numReads = 0;//Counts numer of times reader reads a block
+ uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE];
+ uint8_t receivedCmd_dec[MAX_MIFARE_FRAME_SIZE];
+ uint8_t receivedCmd_par[MAX_MIFARE_PARITY_SIZE];
+ uint16_t receivedCmd_len;
+ uint8_t response[MAX_MIFARE_FRAME_SIZE];
+ uint8_t response_par[MAX_MIFARE_PARITY_SIZE];
+
+ uint8_t rAUTH_NT[] = {0x01, 0x02, 0x03, 0x04};
+ uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00};
+
+ //Here, we collect UID,sector,keytype,NT,AR,NR,NT2,AR2,NR2
+ // This will be used in the reader-only attack.
+
+ //allow collecting up to 7 sets of nonces to allow recovery of up to 7 keys
+ #define ATTACK_KEY_COUNT 7 // keep same as define in cmdhfmf.c -> readerAttack() (Cannot be more than 7)
+ nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types (nml, moebius) 36 * 7 * 2 bytes = 504 bytes
+ memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
+
+ uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; //*2 for 2nd attack type (moebius)
+ memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
+ uint8_t nonce1_count = 0;
+ uint8_t nonce2_count = 0;
+ uint8_t moebius_n_count = 0;
+ bool gettingMoebius = false;
+ uint8_t mM = 0; //moebius_modifier for collection storage
+
+ // Authenticate response - nonce
+ uint32_t nonce;
+ if (flags & FLAG_RANDOM_NONCE) {
+ nonce = prand();
+ } else {
+ nonce = bytes_to_num(rAUTH_NT, 4);
+ }
+
+ // free eventually allocated BigBuf memory but keep Emulator Memory
+ BigBuf_free_keep_EM();
+
+ MifareSimInit(flags, datain, &responses, &cuid, &uid_len);
+
+ // We need to listen to the high-frequency, peak-detected path.
+ iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
+
+ // clear trace
+ clear_trace();
+ set_tracing(true);
+ ResetSspClk();
+
+ bool finished = false;
+ bool button_pushed = BUTTON_PRESS();
+ int cardSTATE = MFEMUL_NOFIELD;
+
+ while (!button_pushed && !finished && !usb_poll_validate_length()) {
+ WDT_HIT();
+
+ // find reader field
+ if (cardSTATE == MFEMUL_NOFIELD) {
+ int vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
+ if (vHf > MF_MINFIELDV) {
+ LED_A_ON();
+ cardSTATE_TO_IDLE();
+ }
+ button_pushed = BUTTON_PRESS();
+ continue;
+ }
+
+ //Now, get data
+ int res = EmGetCmd(receivedCmd, &receivedCmd_len, receivedCmd_par);
+
+ if (res == 2) { //Field is off!
+ LEDsoff();
+ cardSTATE = MFEMUL_NOFIELD;
+ continue;
+ } else if (res == 1) { // button pressed
+ button_pushed = true;
+ break;
+ }
+
+ // WUPA in HALTED state or REQA or WUPA in any other state
+ if (receivedCmd_len == 1 && ((receivedCmd[0] == ISO14443A_CMD_REQA && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == ISO14443A_CMD_WUPA)) {
+ EmSendPrecompiledCmd(&responses[ATQA], (receivedCmd[0] == ISO14443A_CMD_WUPA));
+
+ // init crypto block
+ crypto1_destroy(pcs);
+ cardAUTHKEY = 0xff;
+ if (flags & FLAG_RANDOM_NONCE) {
+ nonce = prand();
+ }
+ LED_B_OFF();
+ LED_C_OFF();
+ cardSTATE = MFEMUL_SELECT1;
+ continue;
+ }
+
+ switch (cardSTATE) {
+ case MFEMUL_NOFIELD:
+ case MFEMUL_HALTED:
+ case MFEMUL_IDLE:{
+ break;
+ }
+ case MFEMUL_SELECT1:{
+ // select all - 0x93 0x20
+ if (receivedCmd_len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && receivedCmd[1] == 0x20)) {
+ if (MF_DBGLEVEL >= 4) Dbprintf("SELECT ALL CL1 received");
+ EmSendPrecompiledCmd(&responses[UIDBCC1], false);
+ break;
+ }
+ // select card - 0x93 0x70 ...
+ if (receivedCmd_len == 9 &&
+ (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], responses[UIDBCC1].response, 4) == 0)) {
+ if (MF_DBGLEVEL >= 4) Dbprintf("SELECT CL1 %02x%02x%02x%02x received",receivedCmd[2],receivedCmd[3],receivedCmd[4],receivedCmd[5]);
+ if (uid_len == 4) {
+ EmSendPrecompiledCmd(&responses[SAKfinal], false);
+ LED_B_ON();
+ cardSTATE = MFEMUL_WORK;
+ break;
+ } else if (uid_len == 7) {
+ EmSendPrecompiledCmd(&responses[SAK1], false);
+ cardSTATE = MFEMUL_SELECT2;
+ break;
+ }
+ }
+ cardSTATE_TO_IDLE();
+ break;
+ }
+ case MFEMUL_SELECT2:{
+ // select all cl2 - 0x95 0x20
+ if (receivedCmd_len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && receivedCmd[1] == 0x20)) {
+ if (MF_DBGLEVEL >= 4) Dbprintf("SELECT ALL CL2 received");
+ EmSendPrecompiledCmd(&responses[UIDBCC2], false);
+ break;
+ }
+ // select cl2 card - 0x95 0x70 xxxxxxxxxxxx
+ if (receivedCmd_len == 9 &&
+ (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], responses[UIDBCC2].response, 4) == 0)) {
+ if (uid_len == 7) {
+ if (MF_DBGLEVEL >= 4) Dbprintf("SELECT CL2 %02x%02x%02x%02x received",receivedCmd[2],receivedCmd[3],receivedCmd[4],receivedCmd[5]);
+ EmSendPrecompiledCmd(&responses[SAKfinal], false);
+ LED_B_ON();
+ cardSTATE = MFEMUL_WORK;
+ break;
+ }
+ }
+ cardSTATE_TO_IDLE();
+ break;
+ }
+ case MFEMUL_WORK:{
+ if (receivedCmd_len != 4) { // all commands must have exactly 4 bytes
+ break;
+ }
+ bool encrypted_data = (cardAUTHKEY != 0xFF) ;
+ if (encrypted_data) {
+ // decrypt seqence
+ mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, receivedCmd_dec);
+ } else {
+ memcpy(receivedCmd_dec, receivedCmd, receivedCmd_len);
+ }
+ if (!HasValidCRC(receivedCmd_dec, receivedCmd_len)) { // all commands must have a valid CRC
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+ break;
+ }
+ if (receivedCmd_dec[0] == MIFARE_AUTH_KEYA || receivedCmd_dec[0] == MIFARE_AUTH_KEYB) {
+ // if authenticating to a block that shouldn't exist - as long as we are not doing the reader attack
+ if (receivedCmd_dec[1] >= 16 * 4 && !(flags & FLAG_NR_AR_ATTACK)) {
+ //is this the correct response to an auth on a out of range block? marshmellow
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+ if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking",receivedCmd_dec[0],receivedCmd_dec[1],receivedCmd_dec[1]);
+ break;
+ }
+ cardAUTHSC = receivedCmd_dec[1] / 4; // received block num
+ cardAUTHKEY = receivedCmd_dec[0] & 0x01;
+ crypto1_destroy(pcs);//Added by martin
+ crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY));
+ if (!encrypted_data) { // first authentication
+ if (MF_DBGLEVEL >= 4) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d",receivedCmd_dec[1], receivedCmd_dec[1], cardAUTHKEY);
+ crypto1_word(pcs, cuid ^ nonce, 0);//Update crypto state
+ num_to_bytes(nonce, 4, rAUTH_AT); // Send nonce
+ } else { // nested authentication
+ if (MF_DBGLEVEL >= 4) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %d", receivedCmd_dec[1], receivedCmd_dec[1], cardAUTHKEY);
+ ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0);
+ num_to_bytes(ans, 4, rAUTH_AT);
+ }
+ EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
+ cardSTATE = MFEMUL_AUTH1;
+ break;
+ }
+ if (!encrypted_data) { // all other commands must be encrypted (authenticated)
+ break;
+ }
+ if(receivedCmd_dec[0] == ISO14443A_CMD_READBLOCK
+ || receivedCmd_dec[0] == ISO14443A_CMD_WRITEBLOCK
+ || receivedCmd_dec[0] == MIFARE_CMD_INC
+ || receivedCmd_dec[0] == MIFARE_CMD_DEC
+ || receivedCmd_dec[0] == MIFARE_CMD_RESTORE
+ || receivedCmd_dec[0] == MIFARE_CMD_TRANSFER) {
+ if (receivedCmd_dec[1] >= 16 * 4) {
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+ if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking",receivedCmd_dec[0],receivedCmd_dec[1],receivedCmd_dec[1]);
+ break;
+ }
+ if (receivedCmd_dec[1] / 4 != cardAUTHSC) {
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+ if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on block (0x%02x) not authenticated for (0x%02x), nacking",receivedCmd_dec[0],receivedCmd_dec[1],cardAUTHSC);
+ break;
+ }
+ }
+ if (receivedCmd_dec[0] == ISO14443A_CMD_READBLOCK) {
+ if (MF_DBGLEVEL >= 4) {
+ Dbprintf("Reader reading block %d (0x%02x)",receivedCmd_dec[1],receivedCmd_dec[1]);
+ }
+ emlGetMem(response, receivedCmd_dec[1], 1);
+ AppendCrc14443a(response, 16);
+ mf_crypto1_encrypt(pcs, response, 18, response_par);
+ EmSendCmdPar(response, 18, response_par);
+ numReads++;
+ if(exitAfterNReads > 0 && numReads == exitAfterNReads) {
+ Dbprintf("%d reads done, exiting", numReads);
+ finished = true;
+ }
+ break;
+ }
+ if (receivedCmd_dec[0] == ISO14443A_CMD_WRITEBLOCK) {
+ if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0xA0 write block %d (%02x)",receivedCmd_dec[1],receivedCmd_dec[1]);
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
+ cardWRBL = receivedCmd_dec[1];
+ cardSTATE = MFEMUL_WRITEBL2;
+ break;
+ }
+ if (receivedCmd_dec[0] == MIFARE_CMD_INC || receivedCmd_dec[0] == MIFARE_CMD_DEC || receivedCmd_dec[0] == MIFARE_CMD_RESTORE) {
+ if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0x%02x inc(0xC1)/dec(0xC0)/restore(0xC2) block %d (%02x)",receivedCmd_dec[0],receivedCmd_dec[1],receivedCmd_dec[1]);
+ if (emlCheckValBl(receivedCmd_dec[1])) {
+ if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate on block, but emlCheckValBl failed, nacking");
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+ break;
+ }
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
+ cardWRBL = receivedCmd_dec[1];
+ if (receivedCmd_dec[0] == MIFARE_CMD_INC)
+ cardSTATE = MFEMUL_INTREG_INC;
+ if (receivedCmd_dec[0] == MIFARE_CMD_DEC)
+ cardSTATE = MFEMUL_INTREG_DEC;
+ if (receivedCmd_dec[0] == MIFARE_CMD_RESTORE)
+ cardSTATE = MFEMUL_INTREG_REST;
+ break;
+ }
+ if (receivedCmd_dec[0] == MIFARE_CMD_TRANSFER) {
+ if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0x%02x transfer block %d (%02x)",receivedCmd_dec[0],receivedCmd_dec[1],receivedCmd_dec[1]);
+ if (emlSetValBl(cardINTREG, cardINTBLOCK, receivedCmd_dec[1]))
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+ else
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
+ break;
+ }
+ // halt
+ if (receivedCmd_dec[0] == ISO14443A_CMD_HALT && receivedCmd_dec[1] == 0x00) {
+ if (MF_DBGLEVEL >= 4) Dbprintf("--> HALTED.");
+ LED_B_OFF();
+ LED_C_OFF();
+ cardSTATE = MFEMUL_HALTED;
+ break;
+ }
+ // command not allowed
+ if (MF_DBGLEVEL >= 4) Dbprintf("Received command not allowed, nacking");
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+ break;
+ }
+ case MFEMUL_AUTH1:{
+ if (receivedCmd_len != 8) {
+ cardSTATE_TO_IDLE();
+ break;
+ }
+
+ uint32_t nr = bytes_to_num(receivedCmd, 4);
+ uint32_t ar = bytes_to_num(&receivedCmd[4], 4);
+
+ // Collect AR/NR per keytype & sector
+ if(flags & FLAG_NR_AR_ATTACK) {
+ for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
+ if ( ar_nr_collected[i+mM]==0 || ((cardAUTHSC == ar_nr_resp[i+mM].sector) && (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && (ar_nr_collected[i+mM] > 0)) ) {
+ // if first auth for sector, or matches sector and keytype of previous auth
+ if (ar_nr_collected[i+mM] < 2) {
+ // if we haven't already collected 2 nonces for this sector
+ if (ar_nr_resp[ar_nr_collected[i+mM]].ar != ar) {
+ // Avoid duplicates... probably not necessary, ar should vary.
+ if (ar_nr_collected[i+mM]==0) {
+ // first nonce collect
+ ar_nr_resp[i+mM].cuid = cuid;
+ ar_nr_resp[i+mM].sector = cardAUTHSC;
+ ar_nr_resp[i+mM].keytype = cardAUTHKEY;
+ ar_nr_resp[i+mM].nonce = nonce;
+ ar_nr_resp[i+mM].nr = nr;
+ ar_nr_resp[i+mM].ar = ar;
+ nonce1_count++;
+ // add this nonce to first moebius nonce
+ ar_nr_resp[i+ATTACK_KEY_COUNT].cuid = cuid;
+ ar_nr_resp[i+ATTACK_KEY_COUNT].sector = cardAUTHSC;
+ ar_nr_resp[i+ATTACK_KEY_COUNT].keytype = cardAUTHKEY;
+ ar_nr_resp[i+ATTACK_KEY_COUNT].nonce = nonce;
+ ar_nr_resp[i+ATTACK_KEY_COUNT].nr = nr;
+ ar_nr_resp[i+ATTACK_KEY_COUNT].ar = ar;
+ ar_nr_collected[i+ATTACK_KEY_COUNT]++;
+ } else { // second nonce collect (std and moebius)
+ ar_nr_resp[i+mM].nonce2 = nonce;
+ ar_nr_resp[i+mM].nr2 = nr;
+ ar_nr_resp[i+mM].ar2 = ar;
+ if (!gettingMoebius) {
+ nonce2_count++;
+ // check if this was the last second nonce we need for std attack
+ if ( nonce2_count == nonce1_count ) {
+ // done collecting std test switch to moebius
+ // first finish incrementing last sample
+ ar_nr_collected[i+mM]++;
+ // switch to moebius collection
+ gettingMoebius = true;
+ mM = ATTACK_KEY_COUNT;
+ if (flags & FLAG_RANDOM_NONCE) {
+ nonce = prand();
+ } else {
+ nonce = nonce*7;
+ }
+ break;
+ }
+ } else {
+ moebius_n_count++;
+ // if we've collected all the nonces we need - finish.
+ if (nonce1_count == moebius_n_count) finished = true;
+ }
+ }
+ ar_nr_collected[i+mM]++;
+ }
+ }
+ // we found right spot for this nonce stop looking
+ break;
+ }
+ }
+ }
+
+ // --- crypto
+ crypto1_word(pcs, nr , 1);
+ cardRr = ar ^ crypto1_word(pcs, 0, 0);
+
+ // test if auth OK
+ if (cardRr != prng_successor(nonce, 64)){
+ if (MF_DBGLEVEL >= 2) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x",
+ cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B',
+ cardRr, prng_successor(nonce, 64));
+ // Shouldn't we respond anything here?
+ // Right now, we don't nack or anything, which causes the
+ // reader to do a WUPA after a while. /Martin
+ // -- which is the correct response. /piwi
+ cardAUTHKEY = 0xff; // not authenticated
+ cardSTATE_TO_IDLE();
+ break;
+ }
+ ans = prng_successor(nonce, 96) ^ crypto1_word(pcs, 0, 0);
+ num_to_bytes(ans, 4, rAUTH_AT);
+ EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
+ if (MF_DBGLEVEL >= 4) Dbprintf("AUTH COMPLETED for sector %d with key %c.", cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B');
+ LED_C_ON();
+ cardSTATE = MFEMUL_WORK;
+ break;
+ }
+ case MFEMUL_WRITEBL2:{
+ if (receivedCmd_len == 18) {
+ mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, receivedCmd_dec);
+ if (HasValidCRC(receivedCmd_dec, receivedCmd_len)) {
+ emlSetMem(receivedCmd_dec, cardWRBL, 1);
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
+ cardSTATE = MFEMUL_WORK;
+ break;
+ }
+ }
+ cardSTATE_TO_IDLE();
+ break;
+ }
+ case MFEMUL_INTREG_INC:{
+ if (receivedCmd_len == 6) {
+ mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t*)&ans);
+ if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+ cardSTATE_TO_IDLE();
+ break;
+ }
+ cardINTREG = cardINTREG + ans;
+ }
+ cardSTATE = MFEMUL_WORK;
+ break;
+ }
+ case MFEMUL_INTREG_DEC:{
+ if (receivedCmd_len == 6) {
+ mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t*)&ans);
+ if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+ cardSTATE_TO_IDLE();
+ break;
+ }
+ }
+ cardINTREG = cardINTREG - ans;
+ cardSTATE = MFEMUL_WORK;
+ break;
+ }
+ case MFEMUL_INTREG_REST:{
+ mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t*)&ans);
+ if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+ cardSTATE_TO_IDLE();
+ break;
+ }
+ cardSTATE = MFEMUL_WORK;
+ break;
+ }
+ }
+ button_pushed = BUTTON_PRESS();
+ }
+
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ LEDsoff();
+
+ if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1) {
+ for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
+ if (ar_nr_collected[i] == 2) {
+ Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
+ Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
+ ar_nr_resp[i].cuid, //UID
+ ar_nr_resp[i].nonce, //NT
+ ar_nr_resp[i].nr, //NR1
+ ar_nr_resp[i].ar, //AR1
+ ar_nr_resp[i].nr2, //NR2
+ ar_nr_resp[i].ar2 //AR2
+ );
+ }
+ }
+ for ( uint8_t i = ATTACK_KEY_COUNT; i < ATTACK_KEY_COUNT*2; i++) {
+ if (ar_nr_collected[i] == 2) {
+ Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
+ Dbprintf("../tools/mfkey/mfkey32v2 %08x %08x %08x %08x %08x %08x %08x",
+ ar_nr_resp[i].cuid, //UID
+ ar_nr_resp[i].nonce, //NT
+ ar_nr_resp[i].nr, //NR1
+ ar_nr_resp[i].ar, //AR1
+ ar_nr_resp[i].nonce2,//NT2
+ ar_nr_resp[i].nr2, //NR2
+ ar_nr_resp[i].ar2 //AR2
+ );
+ }
+ }
+ }
+ if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", get_tracing(), BigBuf_get_traceLen());
+
+ if(flags & FLAG_INTERACTIVE) { // Interactive mode flag, means we need to send ACK
+ //Send the collected ar_nr in the response
+ cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,button_pushed,0,&ar_nr_resp,sizeof(ar_nr_resp));
+ }
+}
--- /dev/null
+//-----------------------------------------------------------------------------
+// Merlok - June 2011, 2012
+// Gerhard de Koning Gans - May 2008
+// Hagen Fritsch - June 2010
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Mifare Classic Card Simulation
+//-----------------------------------------------------------------------------
+
+#ifndef __MIFARESIM_H
+#define __MIFARESIM_H
+
+#include <stdint.h>
+
+extern void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain);
+
+#endif
// Work with mifare cards.\r
//-----------------------------------------------------------------------------\r
\r
+#include <string.h>\r
#include "mifareutil.h"\r
#include "proxmark3.h"\r
#include "apps.h"\r
#include "util.h"\r
#include "parity.h"\r
-#include "string.h"\r
\r
#include "iso14443crc.h"\r
#include "iso14443a.h"\r
#include "crapto1/crapto1.h"\r
-#include "des.h"\r
+#include "polarssl/des.h"\r
\r
int MF_DBGLEVEL = MF_DBG_ALL;\r
\r
// crypto1 helpers\r
-void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len){\r
+void mf_crypto1_decryptEx(struct Crypto1State *pcs, uint8_t *data_in, int len, uint8_t *data_out){\r
uint8_t bt = 0;\r
int i;\r
\r
if (len != 1) {\r
for (i = 0; i < len; i++)\r
- data[i] = crypto1_byte(pcs, 0x00, 0) ^ data[i];\r
+ data_out[i] = crypto1_byte(pcs, 0x00, 0) ^ data_in[i];\r
} else {\r
bt = 0;\r
for (i = 0; i < 4; i++)\r
- bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data[0], i)) << i;\r
+ bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data_in[0], i)) << i;\r
\r
- data[0] = bt;\r
+ data_out[0] = bt;\r
}\r
return;\r
}\r
\r
+void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len){\r
+ mf_crypto1_decryptEx(pcs, data, len, data);\r
+}\r
+\r
void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, uint8_t *par) {\r
uint8_t bt = 0;\r
int i;\r
\r
/// 3des2k\r
\r
+ des3_context ctx = { 0x00 };\r
uint8_t random_a[8] = {1,1,1,1,1,1,1,1};\r
uint8_t random_b[8] = {0x00};\r
uint8_t enc_random_b[8] = {0x00};\r
memcpy(enc_random_b,resp+1,8);\r
\r
// decrypt nonce.\r
- tdes_2key_dec(random_b, enc_random_b, sizeof(random_b), key, IV );\r
+ // tdes_2key_dec(random_b, enc_random_b, sizeof(random_b), key, IV );\r
+ des3_set2key_dec(&ctx, key);\r
+ des3_crypt_cbc(&ctx // des3_context\r
+ , DES_DECRYPT // int mode\r
+ , sizeof(random_b) // length\r
+ , IV // iv[8]\r
+ , enc_random_b // input\r
+ , random_b // output\r
+ );\r
+\r
rol(random_b,8);\r
memcpy(rnd_ab ,random_a,8);\r
memcpy(rnd_ab+8,random_b,8);\r
}\r
\r
// encrypt out, in, length, key, iv\r
- tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b);\r
+ //tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b);\r
+ des3_set2key_enc(&ctx, key);\r
+ des3_crypt_cbc(&ctx // des3_context\r
+ , DES_ENCRYPT // int mode\r
+ , sizeof(rnd_ab) // length\r
+ , enc_random_b // iv[8]\r
+ , rnd_ab // input\r
+ , rnd_ab // output\r
+ );\r
+\r
//len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, resp, respPar, NULL);\r
len = mifare_sendcmd(0xAF, rnd_ab, sizeof(rnd_ab), resp, respPar, NULL);\r
if (len != 11) {\r
memcpy(enc_resp, resp+1, 8);\r
\r
// decrypt out, in, length, key, iv \r
- tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b);\r
+ // tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b);\r
+ des3_set2key_dec(&ctx, key);\r
+ des3_crypt_cbc(&ctx // des3_context\r
+ , DES_DECRYPT // int mode\r
+ , 8 // length\r
+ , enc_random_b // iv[8]\r
+ , enc_resp // input\r
+ , resp_random_a // output\r
+ );\r
if ( memcmp(resp_random_a, random_a, 8) != 0 ) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("failed authentication");\r
return 0;\r
}\r
return 1;\r
}\r
+\r
+//-----------------------------------------------------------------------------\r
+// MIFARE check keys\r
+//\r
+//-----------------------------------------------------------------------------\r
+// one key check\r
+int MifareChkBlockKey(uint8_t *uid, uint32_t *cuid, uint8_t *cascade_levels, uint64_t ui64Key, uint8_t blockNo, uint8_t keyType, uint8_t debugLevel) {\r
+\r
+ struct Crypto1State mpcs = {0, 0};\r
+ struct Crypto1State *pcs;\r
+ pcs = &mpcs;\r
+\r
+ // Iceman: use piwi's faster nonce collecting part in hardnested.\r
+ if (*cascade_levels == 0) { // need a full select cycle to get the uid first\r
+ iso14a_card_select_t card_info;\r
+ if(!iso14443a_select_card(uid, &card_info, cuid, true, 0, true)) {\r
+ if (debugLevel >= 1) Dbprintf("ChkKeys: Can't select card");\r
+ return 1;\r
+ }\r
+ switch (card_info.uidlen) {\r
+ case 4 : *cascade_levels = 1; break;\r
+ case 7 : *cascade_levels = 2; break;\r
+ case 10: *cascade_levels = 3; break;\r
+ default: break;\r
+ }\r
+ } else { // no need for anticollision. We can directly select the card\r
+ if(!iso14443a_select_card(uid, NULL, NULL, false, *cascade_levels, true)) {\r
+ if (debugLevel >= 1) Dbprintf("ChkKeys: Can't select card (UID) lvl=%d", *cascade_levels);\r
+ return 1;\r
+ }\r
+ }\r
+ \r
+ if(mifare_classic_auth(pcs, *cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
+// SpinDelayUs(AUTHENTICATION_TIMEOUT); // it not needs because mifare_classic_auth have timeout from iso14a_set_timeout()\r
+ return 2;\r
+ } else {\r
+/* // let it be here. it like halt command, but maybe it will work in some strange cases\r
+ uint8_t dummy_answer = 0;\r
+ ReaderTransmit(&dummy_answer, 1, NULL);\r
+ int timeout = GetCountSspClk() + AUTHENTICATION_TIMEOUT; \r
+ // wait for the card to become ready again\r
+ while(GetCountSspClk() < timeout) {};\r
+*/\r
+ // it needs after success authentication\r
+ mifare_classic_halt(pcs, *cuid);\r
+ }\r
+ \r
+ return 0;\r
+}\r
+\r
+// multi key check\r
+int MifareChkBlockKeys(uint8_t *keys, uint8_t keyCount, uint8_t blockNo, uint8_t keyType, uint8_t debugLevel) {\r
+ uint8_t uid[10];\r
+ uint32_t cuid = 0;\r
+ uint8_t cascade_levels = 0;\r
+ uint64_t ui64Key = 0;\r
+\r
+ int retryCount = 0;\r
+ for (uint8_t i = 0; i < keyCount; i++) {\r
+\r
+ // Allow button press / usb cmd to interrupt device\r
+ if (BUTTON_PRESS() && !usb_poll_validate_length()) { \r
+ Dbprintf("ChkKeys: Cancel operation. Exit...");\r
+ return -2;\r
+ }\r
+\r
+ ui64Key = bytes_to_num(keys + i * 6, 6);\r
+ int res = MifareChkBlockKey(uid, &cuid, &cascade_levels, ui64Key, blockNo, keyType, debugLevel);\r
+ \r
+ // can't select\r
+ if (res == 1) {\r
+ retryCount++;\r
+ if (retryCount >= 5) {\r
+ Dbprintf("ChkKeys: block=%d key=%d. Can't select. Exit...", blockNo, keyType);\r
+ return -1;\r
+ }\r
+ --i; // try the same key once again\r
+\r
+ SpinDelay(20);\r
+// Dbprintf("ChkKeys: block=%d key=%d. Try the same key once again...", blockNo, keyType);\r
+ continue;\r
+ }\r
+ \r
+ // can't authenticate\r
+ if (res == 2) {\r
+ retryCount = 0;\r
+ continue; // can't auth. wrong key.\r
+ }\r
+\r
+ return i + 1;\r
+ }\r
+ \r
+ return 0;\r
+}\r
+\r
+// multisector multikey check\r
+int MifareMultisectorChk(uint8_t *keys, uint8_t keyCount, uint8_t SectorCount, uint8_t keyType, uint8_t debugLevel, TKeyIndex *keyIndex) {\r
+ int res = 0;\r
+ \r
+// int clk = GetCountSspClk();\r
+\r
+ for(int sc = 0; sc < SectorCount; sc++){\r
+ WDT_HIT();\r
+\r
+ int keyAB = keyType;\r
+ do {\r
+ res = MifareChkBlockKeys(keys, keyCount, FirstBlockOfSector(sc), keyAB & 0x01, debugLevel);\r
+ if (res < 0){\r
+ return res;\r
+ }\r
+ if (res > 0){\r
+ (*keyIndex)[keyAB & 0x01][sc] = res;\r
+ }\r
+ } while(--keyAB > 0);\r
+ }\r
+ \r
+// Dbprintf("%d %d", GetCountSspClk() - clk, (GetCountSspClk() - clk)/(SectorCount*keyCount*(keyType==2?2:1)));\r
+ \r
+ return 0;\r
+}\r
+\r
+\r
#define __MIFAREUTIL_H\r
\r
#include "crapto1/crapto1.h"\r
+#include "usb_cdc.h"\r
\r
// mifare authentication\r
#define CRYPT_NONE 0\r
#define CRYPT_REQUEST 2\r
#define AUTH_FIRST 0 \r
#define AUTH_NESTED 2\r
+#define AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation)\r
+#define PRE_AUTHENTICATION_LEADTIME 400 // some (non standard) cards need a pause after select before they are ready for first authentication\r
\r
// mifare 4bit card answers\r
#define CARD_ACK 0x0A // 1010 - ACK\r
\r
extern int MF_DBGLEVEL;\r
\r
-//mifare emulator states\r
-#define MFEMUL_NOFIELD 0\r
-#define MFEMUL_IDLE 1\r
-#define MFEMUL_SELECT1 2\r
-#define MFEMUL_SELECT2 3\r
-#define MFEMUL_SELECT3 4\r
-#define MFEMUL_AUTH1 5\r
-#define MFEMUL_AUTH2 6\r
-#define MFEMUL_WORK 7\r
-#define MFEMUL_WRITEBL2 8\r
-#define MFEMUL_INTREG_INC 9\r
-#define MFEMUL_INTREG_DEC 10\r
-#define MFEMUL_INTREG_REST 11\r
-#define MFEMUL_HALTED 12\r
-\r
-#define cardSTATE_TO_IDLE() cardSTATE = MFEMUL_IDLE; LED_B_OFF(); LED_C_OFF();\r
-\r
//functions\r
int mifare_sendcmd(uint8_t cmd, uint8_t *data, uint8_t data_size, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing);\r
int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing);\r
\r
// crypto functions\r
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *receivedCmd, int len);\r
+void mf_crypto1_decryptEx(struct Crypto1State *pcs, uint8_t *data_in, int len, uint8_t *data_out);\r
void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, uint8_t *par);\r
uint8_t mf_crypto1_encrypt4bit(struct Crypto1State *pcs, uint8_t data);\r
\r
int emlSetValBl(uint32_t blReg, uint8_t blBlock, int blockNum);\r
int emlCheckValBl(int blockNum);\r
\r
+// mifare check keys\r
+typedef uint8_t TKeyIndex[2][40];\r
+int MifareChkBlockKey(uint8_t *uid, uint32_t *cuid, uint8_t *cascade_levels, uint64_t ui64Key, uint8_t blockNo, uint8_t keyType, uint8_t debugLevel);\r
+int MifareChkBlockKeys(uint8_t *keys, uint8_t keyCount, uint8_t blockNo, uint8_t keyType, uint8_t debugLevel);\r
+int MifareMultisectorChk(uint8_t *keys, uint8_t keyCount, uint8_t SectorCount, uint8_t keyType, uint8_t debugLevel, TKeyIndex *keyIndex);\r
+\r
#endif\r
RM = rm -f
MV = mv
-#COMMON_FLAGS = -m32
+ENV_LDFLAGS := $(LDFLAGS)
+ENV_CFLAGS := $(CFLAGS)
VPATH = ../common ../zlib ../uart
OBJDIR = obj
LDLIBS = -L/opt/local/lib -L/usr/local/lib -lreadline -lpthread -lm
LUALIB = ../liblua/liblua.a
-LDFLAGS = $(COMMON_FLAGS)
-CFLAGS = -std=c99 -D_ISOC99_SOURCE -I. -I../include -I../common -I../zlib -I../uart -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O3
+LDFLAGS = $(ENV_LDFLAGS)
+CFLAGS = $(ENV_CFLAGS) -std=c99 -D_ISOC99_SOURCE -I. -I../include -I../common -I../zlib -I../uart -I/opt/local/include -I../liblua -Wall -g -O3
CXXFLAGS = -I../include -Wall -O3
LUAPLATFORM = generic
CMDSRCS = crapto1/crapto1.c\
crapto1/crypto1.c\
+ polarssl/des.c \
+ polarssl/aes.c\
mfkey.c\
loclass/cipher.c \
loclass/cipherutils.c \
- loclass/des.c \
loclass/ikeys.c \
loclass/elite_crack.c\
loclass/fileutils.c\
cmdscript.c\
pm3_binlib.c\
pm3_bitlib.c\
- aes.c\
protocols.c\
sha1.c\
cmdcrc.c\
$(MULTIARCHSRCS:%.c=$(OBJDIR)/%_AVX.o) \
$(MULTIARCHSRCS:%.c=$(OBJDIR)/%_AVX2.o)
-GCC_GTEQ_490 := $(shell expr `gcc -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/'` \>= 40900)
+GCC_VERSION := $(shell gcc --version | awk '/gcc/{print $$NF;}' | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/')
+CLANG_VERSION := $(shell gcc --version | awk '/Apple LLVM version/{print $$4;}' | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/')
+ifneq ($(CLANG_VERSION), )
+ SUPPORTS_AVX512 := $(shell [ $(CLANG_VERSION) -ge 80000 ] && echo "True" )
+endif
+ifneq ($(GCC_VERSION), )
+ SUPPORTS_AVX512 := $(shell [ $(GCC_VERSION) -ge 40900 ] && echo "True" )
+endif
HARD_SWITCH_NOSIMD = -mno-mmx -mno-sse2 -mno-avx -mno-avx2
HARD_SWITCH_MMX = -mmmx -mno-sse2 -mno-avx -mno-avx2
HARD_SWITCH_SSE2 = -mmmx -msse2 -mno-avx -mno-avx2
HARD_SWITCH_AVX = -mmmx -msse2 -mavx -mno-avx2
HARD_SWITCH_AVX2 = -mmmx -msse2 -mavx -mavx2
HARD_SWITCH_AVX512 = -mmmx -msse2 -mavx -mavx2 -mavx512f
-ifeq "$(GCC_GTEQ_490)" "1"
+ifeq "$(SUPPORTS_AVX512)" "True"
HARD_SWITCH_NOSIMD += -mno-avx512f
HARD_SWITCH_MMX += -mno-avx512f
HARD_SWITCH_SSE2 += -mno-avx512f
+++ /dev/null
-/*
- * FIPS-197 compliant AES implementation
- *
- * Copyright (C) 2006-2014, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-/*
- * The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
- *
- * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
- * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
- */
-
-#if !defined(POLARSSL_CONFIG_FILE)
-#include "polarssl_config.h"
-#else
-#include POLARSSL_CONFIG_FILE
-#endif
-
-#if defined(POLARSSL_AES_C)
-
-#include "aes.h"
-#if defined(POLARSSL_PADLOCK_C)
-#include "polarssl/padlock.h"
-#endif
-#if defined(POLARSSL_AESNI_C)
-#include "polarssl/aesni.h"
-#endif
-
-#if defined(POLARSSL_PLATFORM_C)
-#include "polarssl/platform.h"
-#else
-#define polarssl_printf printf
-#endif
-
-#if !defined(POLARSSL_AES_ALT)
-
-/* Implementation that should never be optimized out by the compiler */
-static void polarssl_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * 32-bit integer manipulation macros (little endian)
- */
-#ifndef GET_UINT32_LE
-#define GET_UINT32_LE(n,b,i) \
-{ \
- (n) = ( (uint32_t) (b)[(i) ] ) \
- | ( (uint32_t) (b)[(i) + 1] << 8 ) \
- | ( (uint32_t) (b)[(i) + 2] << 16 ) \
- | ( (uint32_t) (b)[(i) + 3] << 24 ); \
-}
-#endif
-
-#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i) \
-{ \
- (b)[(i) ] = (unsigned char) ( (n) ); \
- (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
- (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
- (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
-}
-#endif
-
-#if defined(POLARSSL_PADLOCK_C) && \
- ( defined(POLARSSL_HAVE_X86) || defined(PADLOCK_ALIGN16) )
-static int aes_padlock_ace = -1;
-#endif
-
-#if defined(POLARSSL_AES_ROM_TABLES)
-/*
- * Forward S-box
- */
-static const unsigned char FSb[256] =
-{
- 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
- 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
- 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
- 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
- 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
- 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
- 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
- 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
- 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
- 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
- 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
- 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
- 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
- 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
- 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
- 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
- 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
- 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
- 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
- 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
- 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
- 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
- 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
- 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
- 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
- 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
- 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
- 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
- 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
- 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
- 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
- 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
-};
-
-/*
- * Forward tables
- */
-#define FT \
-\
- V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
- V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
- V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
- V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
- V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
- V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
- V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
- V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
- V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
- V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
- V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
- V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
- V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
- V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
- V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
- V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
- V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
- V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
- V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
- V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
- V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
- V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
- V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
- V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
- V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
- V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
- V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
- V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
- V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
- V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
- V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
- V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
- V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
- V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
- V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
- V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
- V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
- V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
- V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
- V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
- V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
- V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
- V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
- V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
- V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
- V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
- V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
- V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
- V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
- V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
- V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
- V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
- V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
- V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
- V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
- V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
- V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
- V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
- V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
- V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
- V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
- V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
- V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
- V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
-
-#define V(a,b,c,d) 0x##a##b##c##d
-static const uint32_t FT0[256] = { FT };
-#undef V
-
-#define V(a,b,c,d) 0x##b##c##d##a
-static const uint32_t FT1[256] = { FT };
-#undef V
-
-#define V(a,b,c,d) 0x##c##d##a##b
-static const uint32_t FT2[256] = { FT };
-#undef V
-
-#define V(a,b,c,d) 0x##d##a##b##c
-static const uint32_t FT3[256] = { FT };
-#undef V
-
-#undef FT
-
-/*
- * Reverse S-box
- */
-static const unsigned char RSb[256] =
-{
- 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
- 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
- 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
- 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
- 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
- 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
- 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
- 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
- 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
- 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
- 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
- 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
- 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
- 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
- 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
- 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
- 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
- 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
- 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
- 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
- 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
- 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
- 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
- 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
- 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
- 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
- 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
- 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
- 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
- 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
- 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
- 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
-};
-
-/*
- * Reverse tables
- */
-#define RT \
-\
- V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
- V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
- V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
- V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
- V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
- V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
- V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
- V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
- V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
- V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
- V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
- V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
- V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
- V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
- V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
- V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
- V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
- V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
- V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
- V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
- V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
- V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
- V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
- V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
- V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
- V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
- V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
- V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
- V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
- V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
- V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
- V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
- V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
- V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
- V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
- V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
- V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
- V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
- V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
- V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
- V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
- V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
- V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
- V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
- V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
- V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
- V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
- V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
- V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
- V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
- V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
- V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
- V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
- V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
- V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
- V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
- V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
- V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
- V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
- V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
- V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
- V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
- V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
- V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
-
-#define V(a,b,c,d) 0x##a##b##c##d
-static const uint32_t RT0[256] = { RT };
-#undef V
-
-#define V(a,b,c,d) 0x##b##c##d##a
-static const uint32_t RT1[256] = { RT };
-#undef V
-
-#define V(a,b,c,d) 0x##c##d##a##b
-static const uint32_t RT2[256] = { RT };
-#undef V
-
-#define V(a,b,c,d) 0x##d##a##b##c
-static const uint32_t RT3[256] = { RT };
-#undef V
-
-#undef RT
-
-/*
- * Round constants
- */
-static const uint32_t RCON[10] =
-{
- 0x00000001, 0x00000002, 0x00000004, 0x00000008,
- 0x00000010, 0x00000020, 0x00000040, 0x00000080,
- 0x0000001B, 0x00000036
-};
-
-#else /* POLARSSL_AES_ROM_TABLES */
-
-/*
- * Forward S-box & tables
- */
-static unsigned char FSb[256];
-static uint32_t FT0[256];
-static uint32_t FT1[256];
-static uint32_t FT2[256];
-static uint32_t FT3[256];
-
-/*
- * Reverse S-box & tables
- */
-static unsigned char RSb[256];
-static uint32_t RT0[256];
-static uint32_t RT1[256];
-static uint32_t RT2[256];
-static uint32_t RT3[256];
-
-/*
- * Round constants
- */
-static uint32_t RCON[10];
-
-/*
- * Tables generation code
- */
-#define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
-#define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
-#define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
-
-static int aes_init_done = 0;
-
-static void aes_gen_tables( void )
-{
- int i, x, y, z;
- int pow[256];
- int log[256];
-
- /*
- * compute pow and log tables over GF(2^8)
- */
- for( i = 0, x = 1; i < 256; i++ )
- {
- pow[i] = x;
- log[x] = i;
- x = ( x ^ XTIME( x ) ) & 0xFF;
- }
-
- /*
- * calculate the round constants
- */
- for( i = 0, x = 1; i < 10; i++ )
- {
- RCON[i] = (uint32_t) x;
- x = XTIME( x ) & 0xFF;
- }
-
- /*
- * generate the forward and reverse S-boxes
- */
- FSb[0x00] = 0x63;
- RSb[0x63] = 0x00;
-
- for( i = 1; i < 256; i++ )
- {
- x = pow[255 - log[i]];
-
- y = x; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
- x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
- x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
- x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
- x ^= y ^ 0x63;
-
- FSb[i] = (unsigned char) x;
- RSb[x] = (unsigned char) i;
- }
-
- /*
- * generate the forward and reverse tables
- */
- for( i = 0; i < 256; i++ )
- {
- x = FSb[i];
- y = XTIME( x ) & 0xFF;
- z = ( y ^ x ) & 0xFF;
-
- FT0[i] = ( (uint32_t) y ) ^
- ( (uint32_t) x << 8 ) ^
- ( (uint32_t) x << 16 ) ^
- ( (uint32_t) z << 24 );
-
- FT1[i] = ROTL8( FT0[i] );
- FT2[i] = ROTL8( FT1[i] );
- FT3[i] = ROTL8( FT2[i] );
-
- x = RSb[i];
-
- RT0[i] = ( (uint32_t) MUL( 0x0E, x ) ) ^
- ( (uint32_t) MUL( 0x09, x ) << 8 ) ^
- ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
- ( (uint32_t) MUL( 0x0B, x ) << 24 );
-
- RT1[i] = ROTL8( RT0[i] );
- RT2[i] = ROTL8( RT1[i] );
- RT3[i] = ROTL8( RT2[i] );
- }
-}
-
-#endif /* POLARSSL_AES_ROM_TABLES */
-
-void aes_init( aes_context *ctx )
-{
- memset( ctx, 0, sizeof( aes_context ) );
-}
-
-void aes_free( aes_context *ctx )
-{
- if( ctx == NULL )
- return;
-
- polarssl_zeroize( ctx, sizeof( aes_context ) );
-}
-
-/*
- * AES key schedule (encryption)
- */
-int aes_setkey_enc( aes_context *ctx, const unsigned char *key,
- unsigned int keysize )
-{
- unsigned int i;
- uint32_t *RK;
-
-#if !defined(POLARSSL_AES_ROM_TABLES)
- if( aes_init_done == 0 )
- {
- aes_gen_tables();
- aes_init_done = 1;
-
- }
-#endif
-
- switch( keysize )
- {
- case 128: ctx->nr = 10; break;
- case 192: ctx->nr = 12; break;
- case 256: ctx->nr = 14; break;
- default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH );
- }
-
-#if defined(POLARSSL_PADLOCK_C) && defined(PADLOCK_ALIGN16)
- if( aes_padlock_ace == -1 )
- aes_padlock_ace = padlock_supports( PADLOCK_ACE );
-
- if( aes_padlock_ace )
- ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
- else
-#endif
- ctx->rk = RK = ctx->buf;
-
-#if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64)
- if( aesni_supports( POLARSSL_AESNI_AES ) )
- return( aesni_setkey_enc( (unsigned char *) ctx->rk, key, keysize ) );
-#endif
-
- for( i = 0; i < ( keysize >> 5 ); i++ )
- {
- GET_UINT32_LE( RK[i], key, i << 2 );
- }
-
- switch( ctx->nr )
- {
- case 10:
-
- for( i = 0; i < 10; i++, RK += 4 )
- {
- RK[4] = RK[0] ^ RCON[i] ^
- ( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
- ( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 );
-
- RK[5] = RK[1] ^ RK[4];
- RK[6] = RK[2] ^ RK[5];
- RK[7] = RK[3] ^ RK[6];
- }
- break;
-
- case 12:
-
- for( i = 0; i < 8; i++, RK += 6 )
- {
- RK[6] = RK[0] ^ RCON[i] ^
- ( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
- ( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 );
-
- RK[7] = RK[1] ^ RK[6];
- RK[8] = RK[2] ^ RK[7];
- RK[9] = RK[3] ^ RK[8];
- RK[10] = RK[4] ^ RK[9];
- RK[11] = RK[5] ^ RK[10];
- }
- break;
-
- case 14:
-
- for( i = 0; i < 7; i++, RK += 8 )
- {
- RK[8] = RK[0] ^ RCON[i] ^
- ( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
- ( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 );
-
- RK[9] = RK[1] ^ RK[8];
- RK[10] = RK[2] ^ RK[9];
- RK[11] = RK[3] ^ RK[10];
-
- RK[12] = RK[4] ^
- ( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^
- ( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
-
- RK[13] = RK[5] ^ RK[12];
- RK[14] = RK[6] ^ RK[13];
- RK[15] = RK[7] ^ RK[14];
- }
- break;
- }
-
- return( 0 );
-}
-
-/*
- * AES key schedule (decryption)
- */
-int aes_setkey_dec( aes_context *ctx, const unsigned char *key,
- unsigned int keysize )
-{
- int i, j, ret;
- aes_context cty;
- uint32_t *RK;
- uint32_t *SK;
-
- aes_init( &cty );
-
-#if defined(POLARSSL_PADLOCK_C) && defined(PADLOCK_ALIGN16)
- if( aes_padlock_ace == -1 )
- aes_padlock_ace = padlock_supports( PADLOCK_ACE );
-
- if( aes_padlock_ace )
- ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
- else
-#endif
- ctx->rk = RK = ctx->buf;
-
- /* Also checks keysize */
- if( ( ret = aes_setkey_enc( &cty, key, keysize ) ) != 0 )
- goto exit;
-
- ctx->nr = cty.nr;
-
-#if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64)
- if( aesni_supports( POLARSSL_AESNI_AES ) )
- {
- aesni_inverse_key( (unsigned char *) ctx->rk,
- (const unsigned char *) cty.rk, ctx->nr );
- goto exit;
- }
-#endif
-
- SK = cty.rk + cty.nr * 4;
-
- *RK++ = *SK++;
- *RK++ = *SK++;
- *RK++ = *SK++;
- *RK++ = *SK++;
-
- for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
- {
- for( j = 0; j < 4; j++, SK++ )
- {
- *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^
- RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^
- RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
- RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
- }
- }
-
- *RK++ = *SK++;
- *RK++ = *SK++;
- *RK++ = *SK++;
- *RK++ = *SK++;
-
-exit:
- aes_free( &cty );
-
- return( ret );
-}
-
-#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
-{ \
- X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \
- FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
- FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
- FT3[ ( Y3 >> 24 ) & 0xFF ]; \
- \
- X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \
- FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
- FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
- FT3[ ( Y0 >> 24 ) & 0xFF ]; \
- \
- X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \
- FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
- FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
- FT3[ ( Y1 >> 24 ) & 0xFF ]; \
- \
- X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \
- FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
- FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
- FT3[ ( Y2 >> 24 ) & 0xFF ]; \
-}
-
-#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
-{ \
- X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \
- RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
- RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
- RT3[ ( Y1 >> 24 ) & 0xFF ]; \
- \
- X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \
- RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
- RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
- RT3[ ( Y2 >> 24 ) & 0xFF ]; \
- \
- X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \
- RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
- RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
- RT3[ ( Y3 >> 24 ) & 0xFF ]; \
- \
- X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \
- RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
- RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
- RT3[ ( Y0 >> 24 ) & 0xFF ]; \
-}
-
-/*
- * AES-ECB block encryption/decryption
- */
-int aes_crypt_ecb( aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] )
-{
- int i;
- uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
-
-#if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64)
- if( aesni_supports( POLARSSL_AESNI_AES ) )
- return( aesni_crypt_ecb( ctx, mode, input, output ) );
-#endif
-
-#if defined(POLARSSL_PADLOCK_C) && defined(POLARSSL_HAVE_X86)
- if( aes_padlock_ace )
- {
- if( padlock_xcryptecb( ctx, mode, input, output ) == 0 )
- return( 0 );
-
- // If padlock data misaligned, we just fall back to
- // unaccelerated mode
- //
- }
-#endif
-
- RK = ctx->rk;
-
- GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
- GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
- GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
- GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
-
- if( mode == AES_DECRYPT )
- {
- for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
- {
- AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
- AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
- }
-
- AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
-
- X0 = *RK++ ^ \
- ( (uint32_t) RSb[ ( Y0 ) & 0xFF ] ) ^
- ( (uint32_t) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
-
- X1 = *RK++ ^ \
- ( (uint32_t) RSb[ ( Y1 ) & 0xFF ] ) ^
- ( (uint32_t) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
-
- X2 = *RK++ ^ \
- ( (uint32_t) RSb[ ( Y2 ) & 0xFF ] ) ^
- ( (uint32_t) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
-
- X3 = *RK++ ^ \
- ( (uint32_t) RSb[ ( Y3 ) & 0xFF ] ) ^
- ( (uint32_t) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
- }
- else /* AES_ENCRYPT */
- {
- for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
- {
- AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
- AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
- }
-
- AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
-
- X0 = *RK++ ^ \
- ( (uint32_t) FSb[ ( Y0 ) & 0xFF ] ) ^
- ( (uint32_t) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
-
- X1 = *RK++ ^ \
- ( (uint32_t) FSb[ ( Y1 ) & 0xFF ] ) ^
- ( (uint32_t) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
-
- X2 = *RK++ ^ \
- ( (uint32_t) FSb[ ( Y2 ) & 0xFF ] ) ^
- ( (uint32_t) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
-
- X3 = *RK++ ^ \
- ( (uint32_t) FSb[ ( Y3 ) & 0xFF ] ) ^
- ( (uint32_t) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
- }
-
- PUT_UINT32_LE( X0, output, 0 );
- PUT_UINT32_LE( X1, output, 4 );
- PUT_UINT32_LE( X2, output, 8 );
- PUT_UINT32_LE( X3, output, 12 );
-
- return( 0 );
-}
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
-/*
- * AES-CBC buffer encryption/decryption
- */
-int aes_crypt_cbc( aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output )
-{
- int i;
- unsigned char temp[16];
-
- if( length % 16 )
- return( POLARSSL_ERR_AES_INVALID_INPUT_LENGTH );
-
-#if defined(POLARSSL_PADLOCK_C) && defined(POLARSSL_HAVE_X86)
- if( aes_padlock_ace )
- {
- if( padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
- return( 0 );
-
- // If padlock data misaligned, we just fall back to
- // unaccelerated mode
- //
- }
-#endif
-
- if( mode == AES_DECRYPT )
- {
- while( length > 0 )
- {
- memcpy( temp, input, 16 );
- aes_crypt_ecb( ctx, mode, input, output );
-
- for( i = 0; i < 16; i++ )
- output[i] = (unsigned char)( output[i] ^ iv[i] );
-
- memcpy( iv, temp, 16 );
-
- input += 16;
- output += 16;
- length -= 16;
- }
- }
- else
- {
- while( length > 0 )
- {
- for( i = 0; i < 16; i++ )
- output[i] = (unsigned char)( input[i] ^ iv[i] );
-
- aes_crypt_ecb( ctx, mode, output, output );
- memcpy( iv, output, 16 );
-
- input += 16;
- output += 16;
- length -= 16;
- }
- }
-
- return( 0 );
-}
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
-/*
- * AES-CFB128 buffer encryption/decryption
- */
-int aes_crypt_cfb128( aes_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output )
-{
- int c;
- size_t n = *iv_off;
-
- if( mode == AES_DECRYPT )
- {
- while( length-- )
- {
- if( n == 0 )
- aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
-
- c = *input++;
- *output++ = (unsigned char)( c ^ iv[n] );
- iv[n] = (unsigned char) c;
-
- n = ( n + 1 ) & 0x0F;
- }
- }
- else
- {
- while( length-- )
- {
- if( n == 0 )
- aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
-
- iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
-
- n = ( n + 1 ) & 0x0F;
- }
- }
-
- *iv_off = n;
-
- return( 0 );
-}
-
-/*
- * AES-CFB8 buffer encryption/decryption
- */
-#include <stdio.h>
-int aes_crypt_cfb8( aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output )
-{
- unsigned char c;
- unsigned char ov[17];
-
- while( length-- )
- {
- memcpy( ov, iv, 16 );
- aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
-
- if( mode == AES_DECRYPT )
- ov[16] = *input;
-
- c = *output++ = (unsigned char)( iv[0] ^ *input++ );
-
- if( mode == AES_ENCRYPT )
- ov[16] = c;
-
- memcpy( iv, ov + 1, 16 );
- }
-
- return( 0 );
-}
-#endif /*POLARSSL_CIPHER_MODE_CFB */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
-/*
- * AES-CTR buffer encryption/decryption
- */
-int aes_crypt_ctr( aes_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[16],
- unsigned char stream_block[16],
- const unsigned char *input,
- unsigned char *output )
-{
- int c, i;
- size_t n = *nc_off;
-
- while( length-- )
- {
- if( n == 0 ) {
- aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block );
-
- for( i = 16; i > 0; i-- )
- if( ++nonce_counter[i - 1] != 0 )
- break;
- }
- c = *input++;
- *output++ = (unsigned char)( c ^ stream_block[n] );
-
- n = ( n + 1 ) & 0x0F;
- }
-
- *nc_off = n;
-
- return( 0 );
-}
-#endif /* POLARSSL_CIPHER_MODE_CTR */
-
-#endif /* !POLARSSL_AES_ALT */
-
-#if defined(POLARSSL_SELF_TEST)
-
-#include <stdio.h>
-
-/*
- * AES test vectors from:
- *
- * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip
- */
-static const unsigned char aes_test_ecb_dec[3][16] =
-{
- { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58,
- 0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 },
- { 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2,
- 0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 },
- { 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D,
- 0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE }
-};
-
-static const unsigned char aes_test_ecb_enc[3][16] =
-{
- { 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73,
- 0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F },
- { 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11,
- 0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 },
- { 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D,
- 0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 }
-};
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
-static const unsigned char aes_test_cbc_dec[3][16] =
-{
- { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73,
- 0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 },
- { 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75,
- 0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B },
- { 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75,
- 0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 }
-};
-
-static const unsigned char aes_test_cbc_enc[3][16] =
-{
- { 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84,
- 0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D },
- { 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB,
- 0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 },
- { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5,
- 0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 }
-};
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
-/*
- * AES-CFB128 test vectors from:
- *
- * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
- */
-static const unsigned char aes_test_cfb128_key[3][32] =
-{
- { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
- 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C },
- { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
- 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
- 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B },
- { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
- 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
- 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
- 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
-};
-
-static const unsigned char aes_test_cfb128_iv[16] =
-{
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-};
-
-static const unsigned char aes_test_cfb128_pt[64] =
-{
- 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
- 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
- 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
- 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
- 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
- 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
- 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
- 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
-};
-
-static const unsigned char aes_test_cfb128_ct[3][64] =
-{
- { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20,
- 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A,
- 0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F,
- 0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B,
- 0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40,
- 0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF,
- 0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E,
- 0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 },
- { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB,
- 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74,
- 0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21,
- 0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A,
- 0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1,
- 0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9,
- 0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0,
- 0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF },
- { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B,
- 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60,
- 0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8,
- 0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B,
- 0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92,
- 0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9,
- 0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8,
- 0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 }
-};
-#endif /* POLARSSL_CIPHER_MODE_CFB */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
-/*
- * AES-CTR test vectors from:
- *
- * http://www.faqs.org/rfcs/rfc3686.html
- */
-
-static const unsigned char aes_test_ctr_key[3][16] =
-{
- { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
- 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
- { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
- 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
- { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
- 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
-};
-
-static const unsigned char aes_test_ctr_nonce_counter[3][16] =
-{
- { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
- { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
- 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
- { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
- 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
-};
-
-static const unsigned char aes_test_ctr_pt[3][48] =
-{
- { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
- 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
-
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
-
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
- 0x20, 0x21, 0x22, 0x23 }
-};
-
-static const unsigned char aes_test_ctr_ct[3][48] =
-{
- { 0xE4, 0x09, 0x5D, 0x4F, 0xB7, 0xA7, 0xB3, 0x79,
- 0x2D, 0x61, 0x75, 0xA3, 0x26, 0x13, 0x11, 0xB8 },
- { 0x51, 0x04, 0xA1, 0x06, 0x16, 0x8A, 0x72, 0xD9,
- 0x79, 0x0D, 0x41, 0xEE, 0x8E, 0xDA, 0xD3, 0x88,
- 0xEB, 0x2E, 0x1E, 0xFC, 0x46, 0xDA, 0x57, 0xC8,
- 0xFC, 0xE6, 0x30, 0xDF, 0x91, 0x41, 0xBE, 0x28 },
- { 0xC1, 0xCF, 0x48, 0xA8, 0x9F, 0x2F, 0xFD, 0xD9,
- 0xCF, 0x46, 0x52, 0xE9, 0xEF, 0xDB, 0x72, 0xD7,
- 0x45, 0x40, 0xA4, 0x2B, 0xDE, 0x6D, 0x78, 0x36,
- 0xD5, 0x9A, 0x5C, 0xEA, 0xAE, 0xF3, 0x10, 0x53,
- 0x25, 0xB2, 0x07, 0x2F }
-};
-
-static const int aes_test_ctr_len[3] =
- { 16, 32, 36 };
-#endif /* POLARSSL_CIPHER_MODE_CTR */
-
-/*
- * Checkup routine
- */
-int aes_self_test( int verbose )
-{
- int ret = 0, i, j, u, v;
- unsigned char key[32];
- unsigned char buf[64];
- unsigned char iv[16];
-#if defined(POLARSSL_CIPHER_MODE_CBC)
- unsigned char prv[16];
-#endif
-#if defined(POLARSSL_CIPHER_MODE_CTR) || defined(POLARSSL_CIPHER_MODE_CFB)
- size_t offset;
-#endif
-#if defined(POLARSSL_CIPHER_MODE_CTR)
- int len;
- unsigned char nonce_counter[16];
- unsigned char stream_block[16];
-#endif
- aes_context ctx;
-
- memset( key, 0, 32 );
- aes_init( &ctx );
-
- /*
- * ECB mode
- */
- for( i = 0; i < 6; i++ )
- {
- u = i >> 1;
- v = i & 1;
-
- if( verbose != 0 )
- polarssl_printf( " AES-ECB-%3d (%s): ", 128 + u * 64,
- ( v == AES_DECRYPT ) ? "dec" : "enc" );
-
- memset( buf, 0, 16 );
-
- if( v == AES_DECRYPT )
- {
- aes_setkey_dec( &ctx, key, 128 + u * 64 );
-
- for( j = 0; j < 10000; j++ )
- aes_crypt_ecb( &ctx, v, buf, buf );
-
- if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 )
- {
- if( verbose != 0 )
- polarssl_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
- }
- else
- {
- aes_setkey_enc( &ctx, key, 128 + u * 64 );
-
- for( j = 0; j < 10000; j++ )
- aes_crypt_ecb( &ctx, v, buf, buf );
-
- if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 )
- {
- if( verbose != 0 )
- polarssl_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
- }
-
- if( verbose != 0 )
- polarssl_printf( "passed\n" );
- }
-
- if( verbose != 0 )
- polarssl_printf( "\n" );
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
- /*
- * CBC mode
- */
- for( i = 0; i < 6; i++ )
- {
- u = i >> 1;
- v = i & 1;
-
- if( verbose != 0 )
- polarssl_printf( " AES-CBC-%3d (%s): ", 128 + u * 64,
- ( v == AES_DECRYPT ) ? "dec" : "enc" );
-
- memset( iv , 0, 16 );
- memset( prv, 0, 16 );
- memset( buf, 0, 16 );
-
- if( v == AES_DECRYPT )
- {
- aes_setkey_dec( &ctx, key, 128 + u * 64 );
-
- for( j = 0; j < 10000; j++ )
- aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
-
- if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 )
- {
- if( verbose != 0 )
- polarssl_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
- }
- else
- {
- aes_setkey_enc( &ctx, key, 128 + u * 64 );
-
- for( j = 0; j < 10000; j++ )
- {
- unsigned char tmp[16];
-
- aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
-
- memcpy( tmp, prv, 16 );
- memcpy( prv, buf, 16 );
- memcpy( buf, tmp, 16 );
- }
-
- if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 )
- {
- if( verbose != 0 )
- polarssl_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
- }
-
- if( verbose != 0 )
- polarssl_printf( "passed\n" );
- }
-
- if( verbose != 0 )
- polarssl_printf( "\n" );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
- /*
- * CFB128 mode
- */
- for( i = 0; i < 6; i++ )
- {
- u = i >> 1;
- v = i & 1;
-
- if( verbose != 0 )
- polarssl_printf( " AES-CFB128-%3d (%s): ", 128 + u * 64,
- ( v == AES_DECRYPT ) ? "dec" : "enc" );
-
- memcpy( iv, aes_test_cfb128_iv, 16 );
- memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 );
-
- offset = 0;
- aes_setkey_enc( &ctx, key, 128 + u * 64 );
-
- if( v == AES_DECRYPT )
- {
- memcpy( buf, aes_test_cfb128_ct[u], 64 );
- aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
-
- if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 )
- {
- if( verbose != 0 )
- polarssl_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
- }
- else
- {
- memcpy( buf, aes_test_cfb128_pt, 64 );
- aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
-
- if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 )
- {
- if( verbose != 0 )
- polarssl_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
- }
-
- if( verbose != 0 )
- polarssl_printf( "passed\n" );
- }
-
- if( verbose != 0 )
- polarssl_printf( "\n" );
-#endif /* POLARSSL_CIPHER_MODE_CFB */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
- /*
- * CTR mode
- */
- for( i = 0; i < 6; i++ )
- {
- u = i >> 1;
- v = i & 1;
-
- if( verbose != 0 )
- polarssl_printf( " AES-CTR-128 (%s): ",
- ( v == AES_DECRYPT ) ? "dec" : "enc" );
-
- memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
- memcpy( key, aes_test_ctr_key[u], 16 );
-
- offset = 0;
- aes_setkey_enc( &ctx, key, 128 );
-
- if( v == AES_DECRYPT )
- {
- len = aes_test_ctr_len[u];
- memcpy( buf, aes_test_ctr_ct[u], len );
-
- aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
- buf, buf );
-
- if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 )
- {
- if( verbose != 0 )
- polarssl_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
- }
- else
- {
- len = aes_test_ctr_len[u];
- memcpy( buf, aes_test_ctr_pt[u], len );
-
- aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
- buf, buf );
-
- if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 )
- {
- if( verbose != 0 )
- polarssl_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
- }
-
- if( verbose != 0 )
- polarssl_printf( "passed\n" );
- }
-
- if( verbose != 0 )
- polarssl_printf( "\n" );
-#endif /* POLARSSL_CIPHER_MODE_CTR */
-
- ret = 0;
-
-exit:
- aes_free( &ctx );
-
- return( ret );
-}
-
-#endif /* POLARSSL_SELF_TEST */
-
-#endif /* POLARSSL_AES_C */
+++ /dev/null
-/**
- * \file aes.h
- *
- * \brief AES block cipher
- *
- * Copyright (C) 2006-2014, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#ifndef POLARSSL_AES_H
-#define POLARSSL_AES_H
-
-#if !defined(POLARSSL_CONFIG_FILE)
-#include "polarssl_config.h"
-#else
-#include POLARSSL_CONFIG_FILE
-#endif
-
-#include <string.h>
-
-#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
-#include <basetsd.h>
-typedef UINT32 uint32_t;
-#else
-#include <inttypes.h>
-#endif
-
-/* padlock.c and aesni.c rely on these values! */
-#define AES_ENCRYPT 1
-#define AES_DECRYPT 0
-
-#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
-#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
-
-#if !defined(POLARSSL_AES_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief AES context structure
- *
- * \note buf is able to hold 32 extra bytes, which can be used:
- * - for alignment purposes if VIA padlock is used, and/or
- * - to simplify key expansion in the 256-bit case by
- * generating an extra round key
- */
-typedef struct
-{
- int nr; /*!< number of rounds */
- uint32_t *rk; /*!< AES round keys */
- uint32_t buf[68]; /*!< unaligned data */
-}
-aes_context;
-
-/**
- * \brief Initialize AES context
- *
- * \param ctx AES context to be initialized
- */
-void aes_init( aes_context *ctx );
-
-/**
- * \brief Clear AES context
- *
- * \param ctx AES context to be cleared
- */
-void aes_free( aes_context *ctx );
-
-/**
- * \brief AES key schedule (encryption)
- *
- * \param ctx AES context to be initialized
- * \param key encryption key
- * \param keysize must be 128, 192 or 256
- *
- * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
- */
-int aes_setkey_enc( aes_context *ctx, const unsigned char *key,
- unsigned int keysize );
-
-/**
- * \brief AES key schedule (decryption)
- *
- * \param ctx AES context to be initialized
- * \param key decryption key
- * \param keysize must be 128, 192 or 256
- *
- * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
- */
-int aes_setkey_dec( aes_context *ctx, const unsigned char *key,
- unsigned int keysize );
-
-/**
- * \brief AES-ECB block encryption/decryption
- *
- * \param ctx AES context
- * \param mode AES_ENCRYPT or AES_DECRYPT
- * \param input 16-byte input block
- * \param output 16-byte output block
- *
- * \return 0 if successful
- */
-int aes_crypt_ecb( aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] );
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
-/**
- * \brief AES-CBC buffer encryption/decryption
- * Length should be a multiple of the block
- * size (16 bytes)
- *
- * \param ctx AES context
- * \param mode AES_ENCRYPT or AES_DECRYPT
- * \param length length of the input data
- * \param iv initialization vector (updated after use)
- * \param input buffer holding the input data
- * \param output buffer holding the output data
- *
- * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGTH
- */
-int aes_crypt_cbc( aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
-#if defined(POLARSSL_CIPHER_MODE_CFB)
-/**
- * \brief AES-CFB128 buffer encryption/decryption.
- *
- * Note: Due to the nature of CFB you should use the same key schedule for
- * both encryption and decryption. So a context initialized with
- * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
- *
- * \param ctx AES context
- * \param mode AES_ENCRYPT or AES_DECRYPT
- * \param length length of the input data
- * \param iv_off offset in IV (updated after use)
- * \param iv initialization vector (updated after use)
- * \param input buffer holding the input data
- * \param output buffer holding the output data
- *
- * \return 0 if successful
- */
-int aes_crypt_cfb128( aes_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief AES-CFB8 buffer encryption/decryption.
- *
- * Note: Due to the nature of CFB you should use the same key schedule for
- * both encryption and decryption. So a context initialized with
- * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
- *
- * \param ctx AES context
- * \param mode AES_ENCRYPT or AES_DECRYPT
- * \param length length of the input data
- * \param iv initialization vector (updated after use)
- * \param input buffer holding the input data
- * \param output buffer holding the output data
- *
- * \return 0 if successful
- */
-int aes_crypt_cfb8( aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /*POLARSSL_CIPHER_MODE_CFB */
-
-#if defined(POLARSSL_CIPHER_MODE_CTR)
-/**
- * \brief AES-CTR buffer encryption/decryption
- *
- * Warning: You have to keep the maximum use of your counter in mind!
- *
- * Note: Due to the nature of CTR you should use the same key schedule for
- * both encryption and decryption. So a context initialized with
- * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
- *
- * \param ctx AES context
- * \param length The length of the data
- * \param nc_off The offset in the current stream_block (for resuming
- * within current cipher stream). The offset pointer to
- * should be 0 at the start of a stream.
- * \param nonce_counter The 128-bit nonce and counter.
- * \param stream_block The saved stream-block for resuming. Is overwritten
- * by the function.
- * \param input The input data stream
- * \param output The output data stream
- *
- * \return 0 if successful
- */
-int aes_crypt_ctr( aes_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[16],
- unsigned char stream_block[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CTR */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else /* POLARSSL_AES_ALT */
-#include "aes_alt.h"
-#endif /* POLARSSL_AES_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int aes_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* aes.h */
if (showWaitCycles && !isResponse && next_record_is_response(tracepos, trace)) {
uint32_t next_timestamp = *((uint32_t *)(trace + tracepos));
- PrintAndLog(" %9d | %9d | %s | fdt (Frame Delay Time): %d",
+ PrintAndLog(" %10d | %10d | %s | fdt (Frame Delay Time): %d",
(EndOfTransmissionTimestamp - first_timestamp),
(next_timestamp - first_timestamp),
" ",
// repeat n times
for (int i = 0; i < n; i++) {
// execute anticollision procedure
- UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT, 0, 0}};
+ UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_RATS, 0, 0}};
SendCommand(&c);
UsbCommand resp;
bool power = false;
bool active = false;
bool active_select = false;
+ bool no_rats = false;
uint16_t numbits = 0;
bool bTimeout = false;
uint32_t timeout = 0;
PrintAndLog(" -b number of bits to send. Useful for send partial byte");
PrintAndLog(" -t timeout in ms");
PrintAndLog(" -T use Topaz protocol to send command");
+ PrintAndLog(" -3 ISO14443-3 select only (skip RATS)");
return 0;
}
case 'T':
topazmode = true;
break;
+ case '3':
+ no_rats = true;
+ break;
default:
PrintAndLog("Invalid option");
return 0;
c.arg[0] |= ISO14A_TOPAZMODE;
}
+ if(no_rats) {
+ c.arg[0] |= ISO14A_NO_RATS;
+ }
+
// Max buffer is USB_CMD_DATA_SIZE (512)
c.arg[1] = (datalen & 0xFFFF) | ((uint32_t)numbits << 16);
memcpy(c.d.asBytes,data,datalen);
#include "common.h"
#include "util.h"
#include "cmdmain.h"
-#include "loclass/des.h"
+#include "polarssl/des.h"
#include "loclass/cipherutils.h"
#include "loclass/cipher.h"
#include "loclass/ikeys.h"
fclose(f);
return -1;
}
- UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 0, 0}};
+ UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 1, 0}};
int j; for(j = 0; j < 8; j++) {
c.d.asBytes[j] = data[j];
}
}
int i;
- UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {0, 0, 0}};
+ UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {0, 1, 0}};
for(i = 0; i < 48; i++) {
c.d.asBytes[i] = cmd.arg[2];
}
}\r
}\r
\r
+static int ParamCardSizeSectors(const char c) {\r
+ int numBlocks = 16;\r
+ switch (c) {\r
+ case '0' : numBlocks = 5; break;\r
+ case '2' : numBlocks = 32; break;\r
+ case '4' : numBlocks = 40; break;\r
+ default: numBlocks = 16;\r
+ }\r
+ return numBlocks;\r
+}\r
+\r
+static int ParamCardSizeBlocks(const char c) {\r
+ int numBlocks = 16 * 4;\r
+ switch (c) {\r
+ case '0' : numBlocks = 5 * 4; break;\r
+ case '2' : numBlocks = 32 * 4; break;\r
+ case '4' : numBlocks = 32 * 4 + 8 * 16; break;\r
+ default: numBlocks = 16 * 4;\r
+ }\r
+ return numBlocks;\r
+}\r
+\r
int CmdHF14AMfDump(const char *Cmd)\r
{\r
uint8_t sectorNo, blockNo;\r
UsbCommand resp;\r
\r
char cmdp = param_getchar(Cmd, 0);\r
- switch (cmdp) {\r
- case '0' : numSectors = 5; break;\r
- case '1' :\r
- case '\0': numSectors = 16; break;\r
- case '2' : numSectors = 32; break;\r
- case '4' : numSectors = 40; break;\r
- default: numSectors = 16;\r
- }\r
+ numSectors = ParamCardSizeSectors(cmdp);\r
\r
if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') {\r
PrintAndLog("Usage: hf mf dump [card memory]");\r
return 0;\r
}\r
\r
-\r
-typedef struct {\r
- uint64_t Key[2];\r
- int foundKey[2];\r
-} sector_t;\r
-\r
+//----------------------------------------------\r
+// Nested\r
+//----------------------------------------------\r
+# define NESTED_KEY_COUNT 15\r
+\r
+static void parseParamTDS(const char *Cmd, const uint8_t indx, bool *paramT, bool *paramD, uint8_t *timeout) {\r
+ char ctmp3[3] = {0};\r
+ int len = param_getlength(Cmd, indx);\r
+ if (len > 0 && len < 4){\r
+ param_getstr(Cmd, indx, ctmp3);\r
+ \r
+ *paramT |= (ctmp3[0] == 't' || ctmp3[0] == 'T');\r
+ *paramD |= (ctmp3[0] == 'd' || ctmp3[0] == 'D');\r
+ bool paramS1 = *paramT || *paramD;\r
+\r
+ // slow and very slow\r
+ if (ctmp3[0] == 's' || ctmp3[0] == 'S' || ctmp3[1] == 's' || ctmp3[1] == 'S') {\r
+ *timeout = 11; // slow\r
+ \r
+ if (!paramS1 && (ctmp3[1] == 's' || ctmp3[1] == 'S')) {\r
+ *timeout = 53; // very slow\r
+ }\r
+ if (paramS1 && (ctmp3[2] == 's' || ctmp3[2] == 'S')) {\r
+ *timeout = 53; // very slow\r
+ }\r
+ }\r
+ }\r
+}\r
\r
int CmdHF14AMfNested(const char *Cmd)\r
{\r
uint8_t trgKeyType = 0;\r
uint8_t SectorsCnt = 0;\r
uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r
- uint8_t keyBlock[14*6];\r
+ uint8_t keyBlock[NESTED_KEY_COUNT * 6];\r
uint64_t key64 = 0;\r
- bool transferToEml = false;\r
+ // timeout in units. (ms * 106)/10 or us*0.0106\r
+ uint8_t btimeout14a = MF_CHKKEYS_DEFTIMEOUT; // fast by default\r
+ \r
+ bool autosearchKey = false;\r
\r
+ bool transferToEml = false;\r
bool createDumpFile = false;\r
FILE *fkeys;\r
uint8_t standart[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};\r
\r
if (strlen(Cmd)<3) {\r
PrintAndLog("Usage:");\r
- PrintAndLog(" all sectors: hf mf nested <card memory> <block number> <key A/B> <key (12 hex symbols)> [t,d]");\r
+ PrintAndLog(" all sectors: hf mf nested <card memory> <block number> <key A/B> <key (12 hex symbols)> [t|d|s|ss]");\r
+ PrintAndLog(" all sectors autosearch key: hf mf nested <card memory> * [t|d|s|ss]");\r
PrintAndLog(" one sector: hf mf nested o <block number> <key A/B> <key (12 hex symbols)>");\r
PrintAndLog(" <target block number> <target key A/B> [t]");\r
+ PrintAndLog(" ");\r
PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K");\r
- PrintAndLog("t - transfer keys into emulator memory");\r
- PrintAndLog("d - write keys to binary file");\r
+ PrintAndLog("t - transfer keys to emulator memory");\r
+ PrintAndLog("d - write keys to binary file dumpkeys.bin");\r
+ PrintAndLog("s - Slow (1ms) check keys (required by some non standard cards)");\r
+ PrintAndLog("ss - Very slow (5ms) check keys");\r
PrintAndLog(" ");\r
PrintAndLog(" sample1: hf mf nested 1 0 A FFFFFFFFFFFF ");\r
PrintAndLog(" sample2: hf mf nested 1 0 A FFFFFFFFFFFF t ");\r
PrintAndLog(" sample3: hf mf nested 1 0 A FFFFFFFFFFFF d ");\r
PrintAndLog(" sample4: hf mf nested o 0 A FFFFFFFFFFFF 4 A");\r
+ PrintAndLog(" sample5: hf mf nested 1 * t");\r
+ PrintAndLog(" sample6: hf mf nested 1 * ss");\r
return 0;\r
}\r
\r
+ // <card memory>\r
cmdp = param_getchar(Cmd, 0);\r
- blockNo = param_get8(Cmd, 1);\r
- ctmp = param_getchar(Cmd, 2);\r
-\r
- if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r
- PrintAndLog("Key type must be A or B");\r
- return 1;\r
+ if (cmdp == 'o' || cmdp == 'O') {\r
+ cmdp = 'o';\r
+ SectorsCnt = 1;\r
+ } else {\r
+ SectorsCnt = ParamCardSizeSectors(cmdp);\r
}\r
+ \r
+ // <block number>. number or autosearch key (*)\r
+ if (param_getchar(Cmd, 1) == '*') {\r
+ autosearchKey = true;\r
\r
- if (ctmp != 'A' && ctmp != 'a')\r
- keyType = 1;\r
+ parseParamTDS(Cmd, 2, &transferToEml, &createDumpFile, &btimeout14a);\r
\r
- if (param_gethex(Cmd, 3, key, 12)) {\r
- PrintAndLog("Key must include 12 HEX symbols");\r
- return 1;\r
- }\r
+ PrintAndLog("--nested. sectors:%2d, block no:*, eml:%c, dmp=%c checktimeout=%d us", \r
+ SectorsCnt, transferToEml?'y':'n', createDumpFile?'y':'n', ((int)btimeout14a * 10000) / 106);\r
+ } else {\r
+ blockNo = param_get8(Cmd, 1);\r
\r
- if (cmdp == 'o' || cmdp == 'O') {\r
- cmdp = 'o';\r
- trgBlockNo = param_get8(Cmd, 4);\r
- ctmp = param_getchar(Cmd, 5);\r
+ ctmp = param_getchar(Cmd, 2);\r
if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r
- PrintAndLog("Target key type must be A or B");\r
+ PrintAndLog("Key type must be A or B");\r
return 1;\r
}\r
+\r
if (ctmp != 'A' && ctmp != 'a')\r
- trgKeyType = 1;\r
- } else {\r
+ keyType = 1;\r
\r
- switch (cmdp) {\r
- case '0': SectorsCnt = 05; break;\r
- case '1': SectorsCnt = 16; break;\r
- case '2': SectorsCnt = 32; break;\r
- case '4': SectorsCnt = 40; break;\r
- default: SectorsCnt = 16;\r
+ if (param_gethex(Cmd, 3, key, 12)) {\r
+ PrintAndLog("Key must include 12 HEX symbols");\r
+ return 1;\r
}\r
- }\r
\r
- ctmp = param_getchar(Cmd, 4);\r
- if (ctmp == 't' || ctmp == 'T') transferToEml = true;\r
- else if (ctmp == 'd' || ctmp == 'D') createDumpFile = true;\r
+ // check if we can authenticate to sector\r
+ res = mfCheckKeys(blockNo, keyType, true, 1, key, &key64);\r
+ if (res) {\r
+ PrintAndLog("Can't authenticate to block:%3d key type:%c key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
+ return 3;\r
+ }\r
+\r
+ // one sector nested\r
+ if (cmdp == 'o') { \r
+ trgBlockNo = param_get8(Cmd, 4);\r
\r
- ctmp = param_getchar(Cmd, 6);\r
- transferToEml |= (ctmp == 't' || ctmp == 'T');\r
- transferToEml |= (ctmp == 'd' || ctmp == 'D');\r
+ ctmp = param_getchar(Cmd, 5);\r
+ if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r
+ PrintAndLog("Target key type must be A or B");\r
+ return 1;\r
+ }\r
+ if (ctmp != 'A' && ctmp != 'a')\r
+ trgKeyType = 1;\r
\r
- if (cmdp == 'o') {\r
+ parseParamTDS(Cmd, 6, &transferToEml, &createDumpFile, &btimeout14a);\r
+ } else {\r
+ parseParamTDS(Cmd, 4, &transferToEml, &createDumpFile, &btimeout14a);\r
+ }\r
+\r
+ PrintAndLog("--nested. sectors:%2d, block no:%3d, key type:%c, eml:%c, dmp=%c checktimeout=%d us", \r
+ SectorsCnt, blockNo, keyType?'B':'A', transferToEml?'y':'n', createDumpFile?'y':'n', ((int)btimeout14a * 10000) / 106);\r
+ }\r
+\r
+ // one-sector nested\r
+ if (cmdp == 'o') { // ------------------------------------ one sector working\r
PrintAndLog("--target block no:%3d, target key type:%c ", trgBlockNo, trgKeyType?'B':'A');\r
int16_t isOK = mfnested(blockNo, keyType, key, trgBlockNo, trgKeyType, keyBlock, true);\r
if (isOK) {\r
else\r
num_to_bytes(key64, 6, &keyBlock[10]);\r
mfEmlSetMem(keyBlock, sectortrailer, 1);\r
+ PrintAndLog("Key transferred to emulator memory.");\r
}\r
} else {\r
PrintAndLog("No valid key found");\r
if (e_sector == NULL) return 1;\r
\r
//test current key and additional standard keys first\r
- memcpy(keyBlock, key, 6);\r
- num_to_bytes(0xffffffffffff, 6, (uint8_t*)(keyBlock + 1 * 6));\r
- num_to_bytes(0x000000000000, 6, (uint8_t*)(keyBlock + 2 * 6));\r
- num_to_bytes(0xa0a1a2a3a4a5, 6, (uint8_t*)(keyBlock + 3 * 6));\r
- num_to_bytes(0xb0b1b2b3b4b5, 6, (uint8_t*)(keyBlock + 4 * 6));\r
- num_to_bytes(0xaabbccddeeff, 6, (uint8_t*)(keyBlock + 5 * 6));\r
- num_to_bytes(0x4d3a99c351dd, 6, (uint8_t*)(keyBlock + 6 * 6));\r
- num_to_bytes(0x1a982c7e459a, 6, (uint8_t*)(keyBlock + 7 * 6));\r
- num_to_bytes(0xd3f7d3f7d3f7, 6, (uint8_t*)(keyBlock + 8 * 6));\r
- num_to_bytes(0x714c5c886e97, 6, (uint8_t*)(keyBlock + 9 * 6));\r
- num_to_bytes(0x587ee5f9350f, 6, (uint8_t*)(keyBlock + 10 * 6));\r
- num_to_bytes(0xa0478cc39091, 6, (uint8_t*)(keyBlock + 11 * 6));\r
- num_to_bytes(0x533cb6c723f6, 6, (uint8_t*)(keyBlock + 12 * 6));\r
- num_to_bytes(0x8fd0a4f256e9, 6, (uint8_t*)(keyBlock + 13 * 6));\r
+ for (int defaultKeyCounter = 0; defaultKeyCounter < MifareDefaultKeysSize; defaultKeyCounter++){\r
+ num_to_bytes(MifareDefaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));\r
+ }\r
\r
PrintAndLog("Testing known keys. Sector count=%d", SectorsCnt);\r
- for (i = 0; i < SectorsCnt; i++) {\r
- for (j = 0; j < 2; j++) {\r
- if (e_sector[i].foundKey[j]) continue;\r
-\r
- res = mfCheckKeys(FirstBlockOfSector(i), j, true, 6, keyBlock, &key64);\r
-\r
- if (!res) {\r
- e_sector[i].Key[j] = key64;\r
- e_sector[i].foundKey[j] = 1;\r
+ mfCheckKeysSec(SectorsCnt, 2, btimeout14a, true, NESTED_KEY_COUNT, keyBlock, e_sector);\r
+ \r
+ // get known key from array\r
+ bool keyFound = false;\r
+ if (autosearchKey) {\r
+ for (i = 0; i < SectorsCnt; i++) {\r
+ for (j = 0; j < 2; j++) {\r
+ if (e_sector[i].foundKey[j]) {\r
+ // get known key\r
+ blockNo = i * 4;\r
+ keyType = j;\r
+ num_to_bytes(e_sector[i].Key[j], 6, key);\r
+ \r
+ keyFound = true;\r
+ break;\r
+ }\r
}\r
+ if (keyFound) break;\r
+ } \r
+\r
+ // Can't found a key....\r
+ if (!keyFound) {\r
+ PrintAndLog("Can't found any of the known keys.");\r
+ return 4;\r
}\r
+ PrintAndLog("--auto key. block no:%3d, key type:%c key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
}\r
\r
// nested sectors\r
PrintAndLog("Found valid key:%012" PRIx64, key64);\r
e_sector[sectorNo].foundKey[trgKeyType] = 1;\r
e_sector[sectorNo].Key[trgKeyType] = key64;\r
+ \r
+ // try to check this key as a key to the other sectors\r
+ mfCheckKeysSec(SectorsCnt, 2, btimeout14a, true, 1, keyBlock, e_sector);\r
}\r
}\r
}\r
}\r
\r
- printf("Time in nested: %1.3f (%1.3f sec per key)\n\n", ((float)(msclock() - msclock1))/1000.0, ((float)(msclock() - msclock1))/iterations/1000.0);\r
-\r
- PrintAndLog("-----------------------------------------------\nIterations count: %d\n\n", iterations);\r
- //print them\r
+ // print nested statistic\r
+ PrintAndLog("\n\n-----------------------------------------------\nNested statistic:\nIterations count: %d", iterations);\r
+ PrintAndLog("Time in nested: %1.3f (%1.3f sec per key)", ((float)(msclock() - msclock1))/1000.0, ((float)(msclock() - msclock1))/iterations/1000.0);\r
+ \r
+ // print result\r
PrintAndLog("|---|----------------|---|----------------|---|");\r
PrintAndLog("|sec|key A |res|key B |res|");\r
PrintAndLog("|---|----------------|---|----------------|---|");\r
}\r
PrintAndLog("|---|----------------|---|----------------|---|");\r
\r
- // transfer them to the emulator\r
+ // transfer keys to the emulator memory\r
if (transferToEml) {\r
for (i = 0; i < SectorsCnt; i++) {\r
mfEmlGetMem(keyBlock, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1);\r
num_to_bytes(e_sector[i].Key[1], 6, &keyBlock[10]);\r
mfEmlSetMem(keyBlock, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1);\r
}\r
+ PrintAndLog("Keys transferred to emulator memory.");\r
}\r
\r
// Create dump file\r
int CmdHF14AMfChk(const char *Cmd)\r
{\r
if (strlen(Cmd)<3) {\r
- PrintAndLog("Usage: hf mf chk <block number>|<*card memory> <key type (A/B/?)> [t|d] [<key (12 hex symbols)>] [<dic (*.dic)>]");\r
+ PrintAndLog("Usage: hf mf chk <block number>|<*card memory> <key type (A/B/?)> [t|d|s|ss] [<key (12 hex symbols)>] [<dic (*.dic)>]");\r
PrintAndLog(" * - all sectors");\r
PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K");\r
PrintAndLog("d - write keys to binary file\n");\r
PrintAndLog("t - write keys to emulator memory");\r
+ PrintAndLog("s - slow execute. timeout 1ms");\r
+ PrintAndLog("ss- very slow execute. timeout 5ms");\r
PrintAndLog(" sample: hf mf chk 0 A 1234567890ab keys.dic");\r
PrintAndLog(" hf mf chk *1 ? t");\r
PrintAndLog(" hf mf chk *1 ? d");\r
+ PrintAndLog(" hf mf chk *1 ? s");\r
+ PrintAndLog(" hf mf chk *1 ? dss");\r
return 0;\r
}\r
\r
int i, res;\r
int keycnt = 0;\r
char ctmp = 0x00;\r
+ char ctmp3[3] = {0x00};\r
uint8_t blockNo = 0;\r
- uint8_t SectorsCnt = 1;\r
+ uint8_t SectorsCnt = 0;\r
uint8_t keyType = 0;\r
uint64_t key64 = 0;\r
+ uint32_t timeout14a = 0; // timeout in us\r
+ bool param3InUse = false;\r
\r
int transferToEml = 0;\r
int createDumpFile = 0;\r
+ \r
+ sector_t *e_sector = NULL;\r
\r
keyBlock = calloc(stKeyBlock, 6);\r
if (keyBlock == NULL) return 1;\r
\r
- uint64_t defaultKeys[] =\r
- {\r
- 0xffffffffffff, // Default key (first key used by program if no user defined key)\r
- 0x000000000000, // Blank key\r
- 0xa0a1a2a3a4a5, // NFCForum MAD key\r
- 0xb0b1b2b3b4b5,\r
- 0xaabbccddeeff,\r
- 0x4d3a99c351dd,\r
- 0x1a982c7e459a,\r
- 0xd3f7d3f7d3f7,\r
- 0x714c5c886e97,\r
- 0x587ee5f9350f,\r
- 0xa0478cc39091,\r
- 0x533cb6c723f6,\r
- 0x8fd0a4f256e9\r
- };\r
- int defaultKeysSize = sizeof(defaultKeys) / sizeof(uint64_t);\r
-\r
- for (int defaultKeyCounter = 0; defaultKeyCounter < defaultKeysSize; defaultKeyCounter++)\r
- {\r
- num_to_bytes(defaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));\r
+ int defaultKeysSize = MifareDefaultKeysSize;\r
+ for (int defaultKeyCounter = 0; defaultKeyCounter < defaultKeysSize; defaultKeyCounter++){\r
+ num_to_bytes(MifareDefaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));\r
}\r
\r
if (param_getchar(Cmd, 0)=='*') {\r
- blockNo = 3;\r
- switch(param_getchar(Cmd+1, 0)) {\r
- case '0': SectorsCnt = 5; break;\r
- case '1': SectorsCnt = 16; break;\r
- case '2': SectorsCnt = 32; break;\r
- case '4': SectorsCnt = 40; break;\r
- default: SectorsCnt = 16;\r
- }\r
+ SectorsCnt = ParamCardSizeSectors(param_getchar(Cmd + 1, 0));\r
}\r
else\r
blockNo = param_get8(Cmd, 0);\r
ctmp = param_getchar(Cmd, 1);\r
switch (ctmp) {\r
case 'a': case 'A':\r
- keyType = !0;\r
+ keyType = 0;\r
break;\r
case 'b': case 'B':\r
- keyType = !1;\r
+ keyType = 1;\r
break;\r
case '?':\r
keyType = 2;\r
return 1;\r
};\r
\r
+ // transfer to emulator & create dump file\r
ctmp = param_getchar(Cmd, 2);\r
- if (ctmp == 't' || ctmp == 'T') transferToEml = 1;\r
- else if (ctmp == 'd' || ctmp == 'D') createDumpFile = 1;\r
-\r
- for (i = transferToEml || createDumpFile; param_getchar(Cmd, 2 + i); i++) {\r
+ if (ctmp == 't' || ctmp == 'T') transferToEml = 1;\r
+ if (ctmp == 'd' || ctmp == 'D') createDumpFile = 1;\r
+ \r
+ param3InUse = transferToEml | createDumpFile;\r
+ \r
+ timeout14a = 500; // fast by default\r
+ // double parameters - ts, ds\r
+ int clen = param_getlength(Cmd, 2);\r
+ if (clen == 2 || clen == 3){\r
+ param_getstr(Cmd, 2, ctmp3);\r
+ ctmp = ctmp3[1];\r
+ }\r
+ //parse\r
+ if (ctmp == 's' || ctmp == 'S') {\r
+ timeout14a = 1000; // slow\r
+ if (!param3InUse && clen == 2 && (ctmp3[1] == 's' || ctmp3[1] == 'S')) {\r
+ timeout14a = 5000; // very slow\r
+ }\r
+ if (param3InUse && clen == 3 && (ctmp3[2] == 's' || ctmp3[2] == 'S')) {\r
+ timeout14a = 5000; // very slow\r
+ }\r
+ param3InUse = true;\r
+ }\r
+\r
+ for (i = param3InUse; param_getchar(Cmd, 2 + i); i++) {\r
if (!param_gethex(Cmd, 2 + i, keyBlock + 6 * keycnt, 12)) {\r
if ( stKeyBlock - keycnt < 2) {\r
p = realloc(keyBlock, 6*(stKeyBlock+=10));\r
}\r
}\r
\r
+ // fill with default keys\r
if (keycnt == 0) {\r
PrintAndLog("No key specified, trying default keys");\r
for (;keycnt < defaultKeysSize; keycnt++)\r
}\r
\r
// initialize storage for found keys\r
- bool validKey[2][40];\r
- uint8_t foundKey[2][40][6];\r
- for (uint16_t t = 0; t < 2; t++) {\r
+ e_sector = calloc(SectorsCnt, sizeof(sector_t));\r
+ if (e_sector == NULL) return 1;\r
+ for (uint8_t keyAB = 0; keyAB < 2; keyAB++) {\r
for (uint16_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r
- validKey[t][sectorNo] = false;\r
- for (uint16_t i = 0; i < 6; i++) {\r
- foundKey[t][sectorNo][i] = 0xff;\r
- }\r
+ e_sector[sectorNo].Key[keyAB] = 0xffffffffffff;\r
+ e_sector[sectorNo].foundKey[keyAB] = 0;\r
}\r
}\r
+ printf("\n");\r
+\r
+ bool foundAKey = false;\r
+ uint32_t max_keys = keycnt > USB_CMD_DATA_SIZE / 6 ? USB_CMD_DATA_SIZE / 6 : keycnt;\r
+ if (SectorsCnt) {\r
+ PrintAndLog("To cancel this operation press the button on the proxmark...");\r
+ printf("--");\r
+ for (uint32_t c = 0; c < keycnt; c += max_keys) {\r
+\r
+ uint32_t size = keycnt-c > max_keys ? max_keys : keycnt-c;\r
+ res = mfCheckKeysSec(SectorsCnt, keyType, timeout14a * 1.06 / 100, true, size, &keyBlock[6 * c], e_sector); // timeout is (ms * 106)/10 or us*0.0106\r
\r
- for ( int t = !keyType; t < 2; keyType==2?(t++):(t=2) ) {\r
- int b=blockNo;\r
- for (int i = 0; i < SectorsCnt; ++i) {\r
- PrintAndLog("--sector:%2d, block:%3d, key type:%C, key count:%2d ", i, b, t?'B':'A', keycnt);\r
- uint32_t max_keys = keycnt>USB_CMD_DATA_SIZE/6?USB_CMD_DATA_SIZE/6:keycnt;\r
+ if (res != 1) {\r
+ if (!res) {\r
+ printf("o");\r
+ foundAKey = true;\r
+ } else {\r
+ printf(".");\r
+ }\r
+ } else {\r
+ printf("\n");\r
+ PrintAndLog("Command execute timeout");\r
+ }\r
+ }\r
+ } else {\r
+ int keyAB = keyType;\r
+ do {\r
for (uint32_t c = 0; c < keycnt; c+=max_keys) {\r
- uint32_t size = keycnt-c>max_keys?max_keys:keycnt-c;\r
- res = mfCheckKeys(b, t, true, size, &keyBlock[6*c], &key64);\r
+\r
+ uint32_t size = keycnt-c > max_keys ? max_keys : keycnt-c;\r
+ res = mfCheckKeys(blockNo, keyAB & 0x01, true, size, &keyBlock[6 * c], &key64); \r
+\r
if (res != 1) {\r
if (!res) {\r
- PrintAndLog("Found valid key:[%012" PRIx64 "]",key64);\r
- num_to_bytes(key64, 6, foundKey[t][i]);\r
- validKey[t][i] = true;\r
+ PrintAndLog("Found valid key:[%d:%c]%012" PRIx64, blockNo, (keyAB & 0x01)?'B':'A', key64);\r
+ foundAKey = true;\r
}\r
} else {\r
PrintAndLog("Command execute timeout");\r
}\r
}\r
- b<127?(b+=4):(b+=16);\r
+ } while(--keyAB > 0);\r
+ }\r
+ \r
+ // print result\r
+ if (foundAKey) {\r
+ if (SectorsCnt) {\r
+ PrintAndLog("");\r
+ PrintAndLog("|---|----------------|---|----------------|---|");\r
+ PrintAndLog("|sec|key A |res|key B |res|");\r
+ PrintAndLog("|---|----------------|---|----------------|---|");\r
+ for (i = 0; i < SectorsCnt; i++) {\r
+ PrintAndLog("|%03d| %012" PRIx64 " | %d | %012" PRIx64 " | %d |", i,\r
+ e_sector[i].Key[0], e_sector[i].foundKey[0], e_sector[i].Key[1], e_sector[i].foundKey[1]);\r
+ }\r
+ PrintAndLog("|---|----------------|---|----------------|---|");\r
}\r
- }\r
-\r
+ } else {\r
+ PrintAndLog("");\r
+ PrintAndLog("No valid keys found.");\r
+ } \r
+ \r
if (transferToEml) {\r
uint8_t block[16];\r
for (uint16_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r
- if (validKey[0][sectorNo] || validKey[1][sectorNo]) {\r
+ if (e_sector[sectorNo].foundKey[0] || e_sector[sectorNo].foundKey[1]) {\r
mfEmlGetMem(block, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1);\r
for (uint16_t t = 0; t < 2; t++) {\r
- if (validKey[t][sectorNo]) {\r
- memcpy(block + t*10, foundKey[t][sectorNo], 6);\r
+ if (e_sector[sectorNo].foundKey[t]) {\r
+ num_to_bytes(e_sector[sectorNo].Key[t], 6, block + t * 10);\r
}\r
}\r
mfEmlSetMem(block, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1);\r
FILE *fkeys = fopen("dumpkeys.bin","wb");\r
if (fkeys == NULL) {\r
PrintAndLog("Could not create file dumpkeys.bin");\r
+ free(e_sector);\r
free(keyBlock);\r
return 1;\r
}\r
- for (uint16_t t = 0; t < 2; t++) {\r
- fwrite(foundKey[t], 1, 6*SectorsCnt, fkeys);\r
+ uint8_t mkey[6];\r
+ for (uint8_t t = 0; t < 2; t++) {\r
+ for (uint8_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r
+ num_to_bytes(e_sector[sectorNo].Key[t], 6, mkey);\r
+ fwrite(mkey, 1, 6, fkeys);\r
+ }\r
}\r
fclose(fkeys);\r
PrintAndLog("Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys.");\r
}\r
\r
+ free(e_sector);\r
free(keyBlock);\r
PrintAndLog("");\r
return 0;\r
\r
int CmdHF14AMfCSetUID(const char *Cmd)\r
{\r
- uint8_t wipeCard = 0;\r
uint8_t uid[8] = {0x00};\r
uint8_t oldUid[8] = {0x00};\r
uint8_t atqa[2] = {0x00};\r
uint8_t sak[1] = {0x00};\r
- uint8_t atqaPresent = 1;\r
+ uint8_t atqaPresent = 0;\r
int res;\r
- char ctmp;\r
- int argi=0;\r
-\r
- if (strlen(Cmd) < 1 || param_getchar(Cmd, argi) == 'h') {\r
- PrintAndLog("Usage: hf mf csetuid <UID 8 hex symbols> [ATQA 4 hex symbols SAK 2 hex symbols] [w]");\r
- PrintAndLog("sample: hf mf csetuid 01020304");\r
- PrintAndLog("sample: hf mf csetuid 01020304 0004 08 w");\r
- PrintAndLog("Set UID, ATQA, and SAK for magic Chinese card (only works with such cards)");\r
- PrintAndLog("If you also want to wipe the card then add 'w' at the end of the command line.");\r
- return 0;\r
- }\r
\r
- if (param_getchar(Cmd, argi) && param_gethex(Cmd, argi, uid, 8)) {\r
+ uint8_t needHelp = 0;\r
+ char cmdp = 1;\r
+ \r
+ if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 8)) {\r
PrintAndLog("UID must include 8 HEX symbols");\r
return 1;\r
}\r
- argi++;\r
\r
- ctmp = param_getchar(Cmd, argi);\r
- if (ctmp == 'w' || ctmp == 'W') {\r
- wipeCard = 1;\r
- atqaPresent = 0;\r
+ if (param_getlength(Cmd, 1) > 1 && param_getlength(Cmd, 2) > 1) {\r
+ atqaPresent = 1;\r
+ cmdp = 3;\r
+ \r
+ if (param_gethex(Cmd, 1, atqa, 4)) {\r
+ PrintAndLog("ATQA must include 4 HEX symbols");\r
+ return 1;\r
+ }\r
+ \r
+ if (param_gethex(Cmd, 2, sak, 2)) {\r
+ PrintAndLog("SAK must include 2 HEX symbols");\r
+ return 1;\r
+ }\r
}\r
\r
- if (atqaPresent) {\r
- if (param_getchar(Cmd, argi)) {\r
- if (param_gethex(Cmd, argi, atqa, 4)) {\r
- PrintAndLog("ATQA must include 4 HEX symbols");\r
- return 1;\r
- }\r
- argi++;\r
- if (!param_getchar(Cmd, argi) || param_gethex(Cmd, argi, sak, 2)) {\r
- PrintAndLog("SAK must include 2 HEX symbols");\r
- return 1;\r
- }\r
- argi++;\r
- } else\r
- atqaPresent = 0;\r
+ while(param_getchar(Cmd, cmdp) != 0x00)\r
+ {\r
+ switch(param_getchar(Cmd, cmdp))\r
+ {\r
+ case 'h':\r
+ case 'H':\r
+ needHelp = 1;\r
+ break;\r
+ default:\r
+ PrintAndLog("ERROR: Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
+ needHelp = 1;\r
+ break;\r
+ }\r
+ cmdp++;\r
}\r
\r
- if(!wipeCard) {\r
- ctmp = param_getchar(Cmd, argi);\r
- if (ctmp == 'w' || ctmp == 'W') {\r
- wipeCard = 1;\r
- }\r
+ if (strlen(Cmd) < 1 || needHelp) {\r
+ PrintAndLog("");\r
+ PrintAndLog("Usage: hf mf csetuid <UID 8 hex symbols> [ATQA 4 hex symbols SAK 2 hex symbols]");\r
+ PrintAndLog("sample: hf mf csetuid 01020304");\r
+ PrintAndLog("sample: hf mf csetuid 01020304 0004 08");\r
+ PrintAndLog("Set UID, ATQA, and SAK for magic Chinese card (only works with such cards)");\r
+ return 0;\r
}\r
\r
- PrintAndLog("--wipe card:%s uid:%s", (wipeCard)?"YES":"NO", sprint_hex(uid, 4));\r
+ PrintAndLog("uid:%s", sprint_hex(uid, 4));\r
+ if (atqaPresent) {\r
+ PrintAndLog("--atqa:%s sak:%02x", sprint_hex(atqa, 2), sak[0]);\r
+ }\r
\r
- res = mfCSetUID(uid, (atqaPresent)?atqa:NULL, (atqaPresent)?sak:NULL, oldUid, wipeCard);\r
+ res = mfCSetUID(uid, (atqaPresent)?atqa:NULL, (atqaPresent)?sak:NULL, oldUid);\r
if (res) {\r
- PrintAndLog("Can't set UID. error=%d", res);\r
+ PrintAndLog("Can't set UID. Error=%d", res);\r
return 1;\r
}\r
\r
return 0;\r
}\r
\r
+int CmdHF14AMfCWipe(const char *Cmd)\r
+{\r
+ int res, gen = 0;\r
+ int numBlocks = 16 * 4;\r
+ bool wipeCard = false;\r
+ bool fillCard = false;\r
+ \r
+ if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
+ PrintAndLog("Usage: hf mf cwipe [card size] [w] [p]");\r
+ PrintAndLog("sample: hf mf cwipe 1 w s");\r
+ PrintAndLog("[card size]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
+ PrintAndLog("w - Wipe magic Chinese card (only works with gen:1a cards)");\r
+ PrintAndLog("f - Fill the card with default data and keys (works with gen:1a and gen:1b cards only)");\r
+ return 0;\r
+ }\r
+\r
+ gen = mfCIdentify();\r
+ if ((gen != 1) && (gen != 2)) \r
+ return 1;\r
+ \r
+ numBlocks = ParamCardSizeBlocks(param_getchar(Cmd, 0));\r
+\r
+ char cmdp = 0;\r
+ while(param_getchar(Cmd, cmdp) != 0x00){\r
+ switch(param_getchar(Cmd, cmdp)) {\r
+ case 'w':\r
+ case 'W':\r
+ wipeCard = 1;\r
+ break;\r
+ case 'f':\r
+ case 'F':\r
+ fillCard = 1;\r
+ break;\r
+ default:\r
+ break;\r
+ }\r
+ cmdp++;\r
+ }\r
+\r
+ if (!wipeCard && !fillCard) \r
+ wipeCard = true;\r
+\r
+ PrintAndLog("--blocks count:%2d wipe:%c fill:%c", numBlocks, (wipeCard)?'y':'n', (fillCard)?'y':'n');\r
+\r
+ if (gen == 2) {\r
+ /* generation 1b magic card */\r
+ if (wipeCard) {\r
+ PrintAndLog("WARNING: can't wipe magic card 1b generation");\r
+ }\r
+ res = mfCWipe(numBlocks, true, false, fillCard); \r
+ } else {\r
+ /* generation 1a magic card by default */\r
+ res = mfCWipe(numBlocks, false, wipeCard, fillCard); \r
+ }\r
+\r
+ if (res) {\r
+ PrintAndLog("Can't wipe. error=%d", res);\r
+ return 1;\r
+ }\r
+ PrintAndLog("OK");\r
+ return 0;\r
+}\r
+\r
int CmdHF14AMfCSetBlk(const char *Cmd)\r
{\r
uint8_t memBlock[16] = {0x00};\r
}\r
\r
gen = mfCIdentify();\r
+ if ((gen != 1) && (gen != 2)) \r
+ return 1;\r
\r
blockNo = param_get8(Cmd, 0);\r
\r
if (param_getchar(Cmd, 0) == 'h') {\r
PrintAndLog("It saves `magic Chinese` card dump into the file `filename.eml` or `cardID.eml`");\r
PrintAndLog("or into emulator memory (option `e`). 4K card: (option `4`)");\r
- PrintAndLog("Usage: hf mf esave [file name w/o `.eml`][e][4]");\r
- PrintAndLog("Sample: hf mf esave ");\r
- PrintAndLog(" hf mf esave filename");\r
- PrintAndLog(" hf mf esave e");\r
- PrintAndLog(" hf mf esave 4");\r
- PrintAndLog(" hf mf esave filename 4");\r
- PrintAndLog(" hf mf esave e 4");\r
+ PrintAndLog("Usage: hf mf csave [file name w/o `.eml`][e][4]");\r
+ PrintAndLog("Sample: hf mf csave ");\r
+ PrintAndLog(" hf mf csave filename");\r
+ PrintAndLog(" hf mf csave e");\r
+ PrintAndLog(" hf mf csave 4");\r
+ PrintAndLog(" hf mf csave filename 4");\r
+ PrintAndLog(" hf mf csave e 4");\r
return 0;\r
}\r
\r
{"esave", CmdHF14AMfESave, 0, "Save to file emul dump"},\r
{"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"},\r
{"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"},\r
+ {"cwipe", CmdHF14AMfCWipe, 0, "Wipe magic Chinese card"},\r
{"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"},\r
{"csetblk", CmdHF14AMfCSetBlk, 0, "Write block - Magic Chinese card"},\r
{"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block - Magic Chinese card"},\r
#ifndef CMDHFMF_H__\r
#define CMDHFMF_H__\r
\r
+#include "mifaredefault.h"\r
+\r
extern int CmdHFMF(const char *Cmd);\r
extern int CmdHF14AMfDbg(const char* cmd);
extern int CmdHF14AMfESave(const char* cmd);\r
extern int CmdHF14AMfECFill(const char* cmd);\r
extern int CmdHF14AMfEKeyPrn(const char* cmd);\r
+extern int CmdHF14AMfCWipe(const char* cmd);\r
extern int CmdHF14AMfCSetUID(const char* cmd);\r
extern int CmdHF14AMfCSetBlk(const char* cmd);\r
extern int CmdHF14AMfCGetBlk(const char* cmd);\r
static void get_SIMD_instruction_set(char* instruction_set) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) strcpy(instruction_set, "AVX512F");
else if (__builtin_cpu_supports("avx2")) strcpy(instruction_set, "AVX2");
#include "usb_cmd.h"
#include "cmdmain.h"
#include "ui.h"
-#include "loclass/des.h"
+#include "polarssl/des.h"
#include "cmdhfmf.h"
#include "cmdhf14a.h"
#include "mifare.h"
}
static void ul_switch_on_field(void) {
- UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};
+ UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT | ISO14A_NO_RATS, 0, 0}};
clearCommandBuffer();
SendCommand(&c);
}
sscanf(Cmd, "%i", &gap);
- // convert to bitstream if necessary
-
+ // convert to bitstream if necessary
ChkBitstream(Cmd);
//can send only 512 bits at a time (1 byte sent per bit...)
printf("Sending [%d bytes]", GraphTraceLen);
for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) {
- UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}};
+ UsbCommand c = {CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}};
for (j = 0; j < USB_CMD_DATA_SIZE; j++) {
c.d.asBytes[j] = GraphBuffer[i+j];
char tmp2[20];
int phaseoff;
high = low = 0;
- memset(tmpbuff, 0, MAX_GRAPH_TRACE_LEN / 64);
+ memset(tmpbuff, 0, sizeof(tmpbuff));
// get user entry if any
sscanf(Cmd, "%i %i", &clk, &invert);
// extended data
PrintAndLog(" <Q5> : Specify write to Q5 (t5555 instead of t55x7)");
PrintAndLog("");
- PrintAndLog("Sample: lf animal clone 999 112233");
+ PrintAndLog("Sample: lf fdx clone 999 112233");
return 0;
}
}
uint8_t invert=0;
size_t size = DemodBufferLen;
- int startIdx = indala26decode(DemodBuffer, &size, &invert);
- if (startIdx < 0 || size > 224) {
- if (g_debugMode) PrintAndLog("Error2: %i",startIdx);
- return -1;
+ int startIdx = indala64decode(DemodBuffer, &size, &invert);
+ if (startIdx < 0 || size != 64) {
+ // try 224 indala
+ invert = 0;
+ size = DemodBufferLen;
+ startIdx = indala224decode(DemodBuffer, &size, &invert);
+ if (startIdx < 0 || size != 224) {
+ if (g_debugMode) PrintAndLog("Error2: %i",startIdx);
+ return -1;
+ }
}
setDemodBuf(DemodBuffer, size, (size_t)startIdx);
setClockGrid(g_DemodClock, g_DemodStartIdx + (startIdx*g_DemodClock));
int usage_lf_visa2k_clone(void){
PrintAndLog("clone a Visa2000 tag to a T55x7 tag.");
- PrintAndLog("Usage: lf visa2k clone [h] <card ID> <Q5>");
+ PrintAndLog("Usage: lf visa2000 clone [h] <card ID> <Q5>");
PrintAndLog("Options:");
PrintAndLog(" h : This help");
- PrintAndLog(" <card ID> : Visa2k card ID");
+ PrintAndLog(" <card ID> : Visa2000 card ID");
PrintAndLog(" <Q5> : specify write to Q5 (t5555 instead of t55x7)");
PrintAndLog("");
- PrintAndLog("Sample: lf visa2k clone 112233");
+ PrintAndLog("Sample: lf visa2000 clone 112233");
return 0;
}
int usage_lf_visa2k_sim(void) {
- PrintAndLog("Enables simulation of visa2k card with specified card number.");
+ PrintAndLog("Enables simulation of visa2000 card with specified card number.");
PrintAndLog("Simulation runs until the button is pressed or another USB command is issued.");
PrintAndLog("");
- PrintAndLog("Usage: lf visa2k sim [h] <card ID>");
+ PrintAndLog("Usage: lf visa2000 sim [h] <card ID>");
PrintAndLog("Options:");
PrintAndLog(" h : This help");
- PrintAndLog(" <card ID> : Visa2k card ID");
+ PrintAndLog(" <card ID> : Visa2000 card ID");
PrintAndLog("");
- PrintAndLog("Sample: lf visa2k sim 112233");
+ PrintAndLog("Sample: lf visa2000 sim 112233");
return 0;
}
//ASK / Manchester
bool st = true;
if (!ASKDemod_ext("64 0 0", false, false, 1, &st)) {
- if (g_debugMode) PrintAndLog("DEBUG: Error - Visa2k: ASK/Manchester Demod failed");
+ if (g_debugMode) PrintAndLog("DEBUG: Error - Visa2000: ASK/Manchester Demod failed");
return 0;
}
size_t size = DemodBufferLen;
if (ans < 0){
if (g_debugMode){
if (ans == -1)
- PrintAndLog("DEBUG: Error - Visa2k: too few bits found");
+ PrintAndLog("DEBUG: Error - Visa2000: too few bits found");
else if (ans == -2)
- PrintAndLog("DEBUG: Error - Visa2k: preamble not found");
+ PrintAndLog("DEBUG: Error - Visa2000: preamble not found");
else if (ans == -3)
- PrintAndLog("DEBUG: Error - Visa2k: Size not correct: %d", size);
+ PrintAndLog("DEBUG: Error - Visa2000: Size not correct: %d", size);
else
- PrintAndLog("DEBUG: Error - Visa2k: ans: %d", ans);
+ PrintAndLog("DEBUG: Error - Visa2000: ans: %d", ans);
}
return 0;
}
* @param ms_timeout
* @return true if command was returned, otherwise false
*/
-bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout) {
+bool WaitForResponseTimeoutW(uint32_t cmd, UsbCommand* response, size_t ms_timeout, bool show_warning) {
UsbCommand resp;
}
}
msleep(10); // XXX ugh
- if (dm_seconds == 200) { // Two seconds elapsed
+ if (dm_seconds == 200 && show_warning) { // Two seconds elapsed
PrintAndLog("Waiting for a response from the proxmark...");
PrintAndLog("Don't forget to cancel its operation first by pressing on the button");
}
return false;
}
+bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout) {
+ return WaitForResponseTimeoutW(cmd, response, ms_timeout, true);
+}
bool WaitForResponse(uint32_t cmd, UsbCommand* response) {
- return WaitForResponseTimeout(cmd,response,-1);
+ return WaitForResponseTimeoutW(cmd, response, -1, true);
}
extern void UsbCommandReceived(UsbCommand *UC);
extern int CommandReceived(char *Cmd);
+extern bool WaitForResponseTimeoutW(uint32_t cmd, UsbCommand* response, size_t ms_timeout, bool show_warning);
extern bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout);
extern bool WaitForResponse(uint32_t cmd, UsbCommand* response);
extern void clearCommandBuffer();
static void usage(void)
{
- fprintf(stderr, "Usage: fpga_compress <infile1> <infile2> ... <infile_n> <outfile>\n");
- fprintf(stderr, " Combine n FPGA bitstream files and compress them into one.\n\n");
- fprintf(stderr, " fpga_compress -d <infile> <outfile>");
- fprintf(stderr, " Decompress <infile>. Write result to <outfile>");
- fprintf(stderr, " fpga_compress -t <infile> <outfile>");
- fprintf(stderr, " Compress hardnested table <infile>. Write result to <outfile>");
+ fprintf(stdout, "Usage: fpga_compress <infile1> <infile2> ... <infile_n> <outfile>\n");
+ fprintf(stdout, " Combine n FPGA bitstream files and compress them into one.\n\n");
+ fprintf(stdout, " fpga_compress -d <infile> <outfile>");
+ fprintf(stdout, " Decompress <infile>. Write result to <outfile>");
+ fprintf(stdout, " fpga_compress -t <infile> <outfile>");
+ fprintf(stdout, " Compress hardnested table <infile>. Write result to <outfile>");
}
ret = deflate(&compressed_fpga_stream, Z_FINISH);
}
- fprintf(stderr, "compressed %u input bytes to %lu output bytes\n", i, compressed_fpga_stream.total_out);
+ fprintf(stdout, "compressed %u input bytes to %lu output bytes\n", i, compressed_fpga_stream.total_out);
if (ret != Z_STREAM_END) {
fprintf(stderr, "Error in deflate(): %i %s\n", ret, compressed_fpga_stream.msg);
// }
#endif
// add the even state bits
- const bitslice_t const *restrict bitsliced_even_state = bitsliced_even_states[block_idx];
+ const bitslice_t *restrict bitsliced_even_state = bitsliced_even_states[block_idx];
for(uint32_t state_idx = 1; state_idx < STATE_SIZE; state_idx += 2) {
state_p[state_idx] = bitsliced_even_state[state_idx/2];
}
// determine the available instruction set at runtime and call the correct function
const uint64_t crack_states_bitsliced_dispatch(uint32_t cuid, uint8_t *best_first_bytes, statelist_t *p, uint32_t *keys_found, uint64_t *num_keys_tested, uint32_t nonces_to_bruteforce, uint8_t *bf_test_nonce_2nd_byte, noncelist_t *nonces) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) crack_states_bitsliced_function_p = &crack_states_bitsliced_AVX512;
else if (__builtin_cpu_supports("avx2")) crack_states_bitsliced_function_p = &crack_states_bitsliced_AVX2;
void bitslice_test_nonces_dispatch(uint32_t nonces_to_bruteforce, uint32_t *bf_test_nonce, uint8_t *bf_test_nonce_par) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitslice_test_nonces_function_p = &bitslice_test_nonces_AVX512;
else if (__builtin_cpu_supports("avx2")) bitslice_test_nonces_function_p = &bitslice_test_nonces_AVX2;
// determine the available instruction set at runtime and call the correct function
uint32_t *malloc_bitarray_dispatch(uint32_t x) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) malloc_bitarray_function_p = &malloc_bitarray_AVX512;
else if (__builtin_cpu_supports("avx2")) malloc_bitarray_function_p = &malloc_bitarray_AVX2;
void free_bitarray_dispatch(uint32_t *x) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) free_bitarray_function_p = &free_bitarray_AVX512;
else if (__builtin_cpu_supports("avx2")) free_bitarray_function_p = &free_bitarray_AVX2;
uint32_t bitcount_dispatch(uint32_t a) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitcount_function_p = &bitcount_AVX512;
else if (__builtin_cpu_supports("avx2")) bitcount_function_p = &bitcount_AVX2;
uint32_t count_states_dispatch(uint32_t *bitarray) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_states_function_p = &count_states_AVX512;
else if (__builtin_cpu_supports("avx2")) count_states_function_p = &count_states_AVX2;
void bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitarray_AND_function_p = &bitarray_AND_AVX512;
else if (__builtin_cpu_supports("avx2")) bitarray_AND_function_p = &bitarray_AND_AVX2;
void bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitarray_low20_AND_function_p = &bitarray_low20_AND_AVX512;
else if (__builtin_cpu_supports("avx2")) bitarray_low20_AND_function_p = &bitarray_low20_AND_AVX2;
uint32_t count_bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_AND_function_p = &count_bitarray_AND_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_AND_function_p = &count_bitarray_AND_AVX2;
uint32_t count_bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_low20_AND_function_p = &count_bitarray_low20_AND_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_low20_AND_function_p = &count_bitarray_low20_AND_AVX2;
void bitarray_AND4_dispatch(uint32_t *A, uint32_t *B, uint32_t *C, uint32_t *D) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitarray_AND4_function_p = &bitarray_AND4_AVX512;
else if (__builtin_cpu_supports("avx2")) bitarray_AND4_function_p = &bitarray_AND4_AVX2;
void bitarray_OR_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitarray_OR_function_p = &bitarray_OR_AVX512;
else if (__builtin_cpu_supports("avx2")) bitarray_OR_function_p = &bitarray_OR_AVX2;
uint32_t count_bitarray_AND2_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_AND2_function_p = &count_bitarray_AND2_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_AND2_function_p = &count_bitarray_AND2_AVX2;
uint32_t count_bitarray_AND3_dispatch(uint32_t *A, uint32_t *B, uint32_t *C) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_AND3_function_p = &count_bitarray_AND3_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_AND3_function_p = &count_bitarray_AND3_AVX2;
uint32_t count_bitarray_AND4_dispatch(uint32_t *A, uint32_t *B, uint32_t *C, uint32_t *D) {
#if defined (__i386__) || defined (__x86_64__)
- #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+ #if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_AND4_function_p = &count_bitarray_AND4_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_AND4_function_p = &count_bitarray_AND4_AVX2;
bool r6 = r >> 1 & 0x1;
bool r7 = r & 0x1;
- bool z0 = (r0 & r2) ^ (r1 & ~r3) ^ (r2 | r4);
+ bool z0 = (r0 & r2) ^ (r1 & !r3) ^ (r2 | r4);
bool z1 = (r0 | r2) ^ ( r5 | r7) ^ r1 ^ r6 ^ x ^ y;
- bool z2 = (r3 & ~r5) ^ (r4 & r6 ) ^ r7 ^ x;
+ bool z2 = (r3 & !r5) ^ (r4 & r6 ) ^ r7 ^ x;
// The three bitz z0.. z1 are packed into a uint8_t:
// 00000ZZZ
+++ /dev/null
-/*
- * FIPS-46-3 compliant Triple-DES implementation
- *
- * Copyright (C) 2006-2014, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-/*
- * DES, on which TDES is based, was originally designed by Horst Feistel
- * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
- *
- * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
- */
-
-//#include "polarssl/config.h"
-#define POLARSSL_DES_C
-
-#if defined(POLARSSL_DES_C)
-
-#include "des.h"
-
-#if defined(POLARSSL_PLATFORM_C)
-#include "polarssl/platform.h"
-#else
-#define polarssl_printf printf
-#endif
-
-#if !defined(POLARSSL_DES_ALT)
-
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i) \
-{ \
- (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
- | ( (uint32_t) (b)[(i) + 1] << 16 ) \
- | ( (uint32_t) (b)[(i) + 2] << 8 ) \
- | ( (uint32_t) (b)[(i) + 3] ); \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i) \
-{ \
- (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
- (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
- (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
- (b)[(i) + 3] = (unsigned char) ( (n) ); \
-}
-#endif
-
-/*
- * Expanded DES S-boxes
- */
-static const uint32_t SB1[64] =
-{
- 0x01010400, 0x00000000, 0x00010000, 0x01010404,
- 0x01010004, 0x00010404, 0x00000004, 0x00010000,
- 0x00000400, 0x01010400, 0x01010404, 0x00000400,
- 0x01000404, 0x01010004, 0x01000000, 0x00000004,
- 0x00000404, 0x01000400, 0x01000400, 0x00010400,
- 0x00010400, 0x01010000, 0x01010000, 0x01000404,
- 0x00010004, 0x01000004, 0x01000004, 0x00010004,
- 0x00000000, 0x00000404, 0x00010404, 0x01000000,
- 0x00010000, 0x01010404, 0x00000004, 0x01010000,
- 0x01010400, 0x01000000, 0x01000000, 0x00000400,
- 0x01010004, 0x00010000, 0x00010400, 0x01000004,
- 0x00000400, 0x00000004, 0x01000404, 0x00010404,
- 0x01010404, 0x00010004, 0x01010000, 0x01000404,
- 0x01000004, 0x00000404, 0x00010404, 0x01010400,
- 0x00000404, 0x01000400, 0x01000400, 0x00000000,
- 0x00010004, 0x00010400, 0x00000000, 0x01010004
-};
-
-static const uint32_t SB2[64] =
-{
- 0x80108020, 0x80008000, 0x00008000, 0x00108020,
- 0x00100000, 0x00000020, 0x80100020, 0x80008020,
- 0x80000020, 0x80108020, 0x80108000, 0x80000000,
- 0x80008000, 0x00100000, 0x00000020, 0x80100020,
- 0x00108000, 0x00100020, 0x80008020, 0x00000000,
- 0x80000000, 0x00008000, 0x00108020, 0x80100000,
- 0x00100020, 0x80000020, 0x00000000, 0x00108000,
- 0x00008020, 0x80108000, 0x80100000, 0x00008020,
- 0x00000000, 0x00108020, 0x80100020, 0x00100000,
- 0x80008020, 0x80100000, 0x80108000, 0x00008000,
- 0x80100000, 0x80008000, 0x00000020, 0x80108020,
- 0x00108020, 0x00000020, 0x00008000, 0x80000000,
- 0x00008020, 0x80108000, 0x00100000, 0x80000020,
- 0x00100020, 0x80008020, 0x80000020, 0x00100020,
- 0x00108000, 0x00000000, 0x80008000, 0x00008020,
- 0x80000000, 0x80100020, 0x80108020, 0x00108000
-};
-
-static const uint32_t SB3[64] =
-{
- 0x00000208, 0x08020200, 0x00000000, 0x08020008,
- 0x08000200, 0x00000000, 0x00020208, 0x08000200,
- 0x00020008, 0x08000008, 0x08000008, 0x00020000,
- 0x08020208, 0x00020008, 0x08020000, 0x00000208,
- 0x08000000, 0x00000008, 0x08020200, 0x00000200,
- 0x00020200, 0x08020000, 0x08020008, 0x00020208,
- 0x08000208, 0x00020200, 0x00020000, 0x08000208,
- 0x00000008, 0x08020208, 0x00000200, 0x08000000,
- 0x08020200, 0x08000000, 0x00020008, 0x00000208,
- 0x00020000, 0x08020200, 0x08000200, 0x00000000,
- 0x00000200, 0x00020008, 0x08020208, 0x08000200,
- 0x08000008, 0x00000200, 0x00000000, 0x08020008,
- 0x08000208, 0x00020000, 0x08000000, 0x08020208,
- 0x00000008, 0x00020208, 0x00020200, 0x08000008,
- 0x08020000, 0x08000208, 0x00000208, 0x08020000,
- 0x00020208, 0x00000008, 0x08020008, 0x00020200
-};
-
-static const uint32_t SB4[64] =
-{
- 0x00802001, 0x00002081, 0x00002081, 0x00000080,
- 0x00802080, 0x00800081, 0x00800001, 0x00002001,
- 0x00000000, 0x00802000, 0x00802000, 0x00802081,
- 0x00000081, 0x00000000, 0x00800080, 0x00800001,
- 0x00000001, 0x00002000, 0x00800000, 0x00802001,
- 0x00000080, 0x00800000, 0x00002001, 0x00002080,
- 0x00800081, 0x00000001, 0x00002080, 0x00800080,
- 0x00002000, 0x00802080, 0x00802081, 0x00000081,
- 0x00800080, 0x00800001, 0x00802000, 0x00802081,
- 0x00000081, 0x00000000, 0x00000000, 0x00802000,
- 0x00002080, 0x00800080, 0x00800081, 0x00000001,
- 0x00802001, 0x00002081, 0x00002081, 0x00000080,
- 0x00802081, 0x00000081, 0x00000001, 0x00002000,
- 0x00800001, 0x00002001, 0x00802080, 0x00800081,
- 0x00002001, 0x00002080, 0x00800000, 0x00802001,
- 0x00000080, 0x00800000, 0x00002000, 0x00802080
-};
-
-static const uint32_t SB5[64] =
-{
- 0x00000100, 0x02080100, 0x02080000, 0x42000100,
- 0x00080000, 0x00000100, 0x40000000, 0x02080000,
- 0x40080100, 0x00080000, 0x02000100, 0x40080100,
- 0x42000100, 0x42080000, 0x00080100, 0x40000000,
- 0x02000000, 0x40080000, 0x40080000, 0x00000000,
- 0x40000100, 0x42080100, 0x42080100, 0x02000100,
- 0x42080000, 0x40000100, 0x00000000, 0x42000000,
- 0x02080100, 0x02000000, 0x42000000, 0x00080100,
- 0x00080000, 0x42000100, 0x00000100, 0x02000000,
- 0x40000000, 0x02080000, 0x42000100, 0x40080100,
- 0x02000100, 0x40000000, 0x42080000, 0x02080100,
- 0x40080100, 0x00000100, 0x02000000, 0x42080000,
- 0x42080100, 0x00080100, 0x42000000, 0x42080100,
- 0x02080000, 0x00000000, 0x40080000, 0x42000000,
- 0x00080100, 0x02000100, 0x40000100, 0x00080000,
- 0x00000000, 0x40080000, 0x02080100, 0x40000100
-};
-
-static const uint32_t SB6[64] =
-{
- 0x20000010, 0x20400000, 0x00004000, 0x20404010,
- 0x20400000, 0x00000010, 0x20404010, 0x00400000,
- 0x20004000, 0x00404010, 0x00400000, 0x20000010,
- 0x00400010, 0x20004000, 0x20000000, 0x00004010,
- 0x00000000, 0x00400010, 0x20004010, 0x00004000,
- 0x00404000, 0x20004010, 0x00000010, 0x20400010,
- 0x20400010, 0x00000000, 0x00404010, 0x20404000,
- 0x00004010, 0x00404000, 0x20404000, 0x20000000,
- 0x20004000, 0x00000010, 0x20400010, 0x00404000,
- 0x20404010, 0x00400000, 0x00004010, 0x20000010,
- 0x00400000, 0x20004000, 0x20000000, 0x00004010,
- 0x20000010, 0x20404010, 0x00404000, 0x20400000,
- 0x00404010, 0x20404000, 0x00000000, 0x20400010,
- 0x00000010, 0x00004000, 0x20400000, 0x00404010,
- 0x00004000, 0x00400010, 0x20004010, 0x00000000,
- 0x20404000, 0x20000000, 0x00400010, 0x20004010
-};
-
-static const uint32_t SB7[64] =
-{
- 0x00200000, 0x04200002, 0x04000802, 0x00000000,
- 0x00000800, 0x04000802, 0x00200802, 0x04200800,
- 0x04200802, 0x00200000, 0x00000000, 0x04000002,
- 0x00000002, 0x04000000, 0x04200002, 0x00000802,
- 0x04000800, 0x00200802, 0x00200002, 0x04000800,
- 0x04000002, 0x04200000, 0x04200800, 0x00200002,
- 0x04200000, 0x00000800, 0x00000802, 0x04200802,
- 0x00200800, 0x00000002, 0x04000000, 0x00200800,
- 0x04000000, 0x00200800, 0x00200000, 0x04000802,
- 0x04000802, 0x04200002, 0x04200002, 0x00000002,
- 0x00200002, 0x04000000, 0x04000800, 0x00200000,
- 0x04200800, 0x00000802, 0x00200802, 0x04200800,
- 0x00000802, 0x04000002, 0x04200802, 0x04200000,
- 0x00200800, 0x00000000, 0x00000002, 0x04200802,
- 0x00000000, 0x00200802, 0x04200000, 0x00000800,
- 0x04000002, 0x04000800, 0x00000800, 0x00200002
-};
-
-static const uint32_t SB8[64] =
-{
- 0x10001040, 0x00001000, 0x00040000, 0x10041040,
- 0x10000000, 0x10001040, 0x00000040, 0x10000000,
- 0x00040040, 0x10040000, 0x10041040, 0x00041000,
- 0x10041000, 0x00041040, 0x00001000, 0x00000040,
- 0x10040000, 0x10000040, 0x10001000, 0x00001040,
- 0x00041000, 0x00040040, 0x10040040, 0x10041000,
- 0x00001040, 0x00000000, 0x00000000, 0x10040040,
- 0x10000040, 0x10001000, 0x00041040, 0x00040000,
- 0x00041040, 0x00040000, 0x10041000, 0x00001000,
- 0x00000040, 0x10040040, 0x00001000, 0x00041040,
- 0x10001000, 0x00000040, 0x10000040, 0x10040000,
- 0x10040040, 0x10000000, 0x00040000, 0x10001040,
- 0x00000000, 0x10041040, 0x00040040, 0x10000040,
- 0x10040000, 0x10001000, 0x10001040, 0x00000000,
- 0x10041040, 0x00041000, 0x00041000, 0x00001040,
- 0x00001040, 0x00040040, 0x10000000, 0x10041000
-};
-
-/*
- * PC1: left and right halves bit-swap
- */
-static const uint32_t LHs[16] =
-{
- 0x00000000, 0x00000001, 0x00000100, 0x00000101,
- 0x00010000, 0x00010001, 0x00010100, 0x00010101,
- 0x01000000, 0x01000001, 0x01000100, 0x01000101,
- 0x01010000, 0x01010001, 0x01010100, 0x01010101
-};
-
-static const uint32_t RHs[16] =
-{
- 0x00000000, 0x01000000, 0x00010000, 0x01010000,
- 0x00000100, 0x01000100, 0x00010100, 0x01010100,
- 0x00000001, 0x01000001, 0x00010001, 0x01010001,
- 0x00000101, 0x01000101, 0x00010101, 0x01010101,
-};
-
-/*
- * Initial Permutation macro
- */
-#define DES_IP(X,Y) \
-{ \
- T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
- T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
- T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
- T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
- Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
- T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
- X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
-}
-
-/*
- * Final Permutation macro
- */
-#define DES_FP(X,Y) \
-{ \
- X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
- T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
- Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
- T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
- T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
- T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
- T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
-}
-
-/*
- * DES round macro
- */
-#define DES_ROUND(X,Y) \
-{ \
- T = *SK++ ^ X; \
- Y ^= SB8[ (T ) & 0x3F ] ^ \
- SB6[ (T >> 8) & 0x3F ] ^ \
- SB4[ (T >> 16) & 0x3F ] ^ \
- SB2[ (T >> 24) & 0x3F ]; \
- \
- T = *SK++ ^ ((X << 28) | (X >> 4)); \
- Y ^= SB7[ (T ) & 0x3F ] ^ \
- SB5[ (T >> 8) & 0x3F ] ^ \
- SB3[ (T >> 16) & 0x3F ] ^ \
- SB1[ (T >> 24) & 0x3F ]; \
-}
-
-#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
-
-static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
- 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
- 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
- 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
- 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
- 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
- 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
- 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
- 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
- 254 };
-
-void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
-{
- int i;
-
- for( i = 0; i < DES_KEY_SIZE; i++ )
- key[i] = odd_parity_table[key[i] / 2];
-}
-
-/*
- * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
- */
-int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
-{
- int i;
-
- for( i = 0; i < DES_KEY_SIZE; i++ )
- if ( key[i] != odd_parity_table[key[i] / 2] )
- return( 1 );
-
- return( 0 );
-}
-
-/*
- * Table of weak and semi-weak keys
- *
- * Source: http://en.wikipedia.org/wiki/Weak_key
- *
- * Weak:
- * Alternating ones + zeros (0x0101010101010101)
- * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
- * '0xE0E0E0E0F1F1F1F1'
- * '0x1F1F1F1F0E0E0E0E'
- *
- * Semi-weak:
- * 0x011F011F010E010E and 0x1F011F010E010E01
- * 0x01E001E001F101F1 and 0xE001E001F101F101
- * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
- * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
- * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
- * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
- *
- */
-
-#define WEAK_KEY_COUNT 16
-
-static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
-{
- { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
- { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
- { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
- { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
-
- { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
- { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
- { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
- { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
- { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
- { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
- { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
- { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
- { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
- { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
- { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
- { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
-};
-
-int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
-{
- int i;
-
- for( i = 0; i < WEAK_KEY_COUNT; i++ )
- if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
- return( 1 );
-
- return( 0 );
-}
-
-static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
-{
- int i;
- uint32_t X, Y, T;
-
- GET_UINT32_BE( X, key, 0 );
- GET_UINT32_BE( Y, key, 4 );
-
- /*
- * Permuted Choice 1
- */
- T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
- T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
-
- X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
- | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
- | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
- | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
-
- Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
- | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
- | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
- | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
-
- X &= 0x0FFFFFFF;
- Y &= 0x0FFFFFFF;
-
- /*
- * calculate subkeys
- */
- for( i = 0; i < 16; i++ )
- {
- if( i < 2 || i == 8 || i == 15 )
- {
- X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
- Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
- }
- else
- {
- X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
- Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
- }
-
- *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
- | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
- | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
- | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
- | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
- | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
- | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
- | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
- | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
- | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
- | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
-
- *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
- | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
- | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
- | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
- | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
- | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
- | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
- | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
- | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
- | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
- | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
- }
-}
-
-/*
- * DES key schedule (56-bit, encryption)
- */
-int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
-{
- des_setkey( ctx->sk, key );
-
- return( 0 );
-}
-
-/*
- * DES key schedule (56-bit, decryption)
- */
-int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
-{
- int i;
-
- des_setkey( ctx->sk, key );
-
- for( i = 0; i < 16; i += 2 )
- {
- SWAP( ctx->sk[i ], ctx->sk[30 - i] );
- SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
- }
-
- return( 0 );
-}
-
-static void des3_set2key( uint32_t esk[96],
- uint32_t dsk[96],
- const unsigned char key[DES_KEY_SIZE*2] )
-{
- int i;
-
- des_setkey( esk, key );
- des_setkey( dsk + 32, key + 8 );
-
- for( i = 0; i < 32; i += 2 )
- {
- dsk[i ] = esk[30 - i];
- dsk[i + 1] = esk[31 - i];
-
- esk[i + 32] = dsk[62 - i];
- esk[i + 33] = dsk[63 - i];
-
- esk[i + 64] = esk[i ];
- esk[i + 65] = esk[i + 1];
-
- dsk[i + 64] = dsk[i ];
- dsk[i + 65] = dsk[i + 1];
- }
-}
-
-/*
- * Triple-DES key schedule (112-bit, encryption)
- */
-int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
-{
- uint32_t sk[96];
-
- des3_set2key( ctx->sk, sk, key );
- memset( sk, 0, sizeof( sk ) );
-
- return( 0 );
-}
-
-/*
- * Triple-DES key schedule (112-bit, decryption)
- */
-int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
-{
- uint32_t sk[96];
-
- des3_set2key( sk, ctx->sk, key );
- memset( sk, 0, sizeof( sk ) );
-
- return( 0 );
-}
-
-static void des3_set3key( uint32_t esk[96],
- uint32_t dsk[96],
- const unsigned char key[24] )
-{
- int i;
-
- des_setkey( esk, key );
- des_setkey( dsk + 32, key + 8 );
- des_setkey( esk + 64, key + 16 );
-
- for( i = 0; i < 32; i += 2 )
- {
- dsk[i ] = esk[94 - i];
- dsk[i + 1] = esk[95 - i];
-
- esk[i + 32] = dsk[62 - i];
- esk[i + 33] = dsk[63 - i];
-
- dsk[i + 64] = esk[30 - i];
- dsk[i + 65] = esk[31 - i];
- }
-}
-
-/*
- * Triple-DES key schedule (168-bit, encryption)
- */
-int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
-{
- uint32_t sk[96];
-
- des3_set3key( ctx->sk, sk, key );
- memset( sk, 0, sizeof( sk ) );
-
- return( 0 );
-}
-
-/*
- * Triple-DES key schedule (168-bit, decryption)
- */
-int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
-{
- uint32_t sk[96];
-
- des3_set3key( sk, ctx->sk, key );
- memset( sk, 0, sizeof( sk ) );
-
- return( 0 );
-}
-
-/*
- * DES-ECB block encryption/decryption
- */
-int des_crypt_ecb( des_context *ctx,
- const unsigned char input[8],
- unsigned char output[8] )
-{
- int i;
- uint32_t X, Y, T, *SK;
-
- SK = ctx->sk;
-
- GET_UINT32_BE( X, input, 0 );
- GET_UINT32_BE( Y, input, 4 );
-
- DES_IP( X, Y );
-
- for( i = 0; i < 8; i++ )
- {
- DES_ROUND( Y, X );
- DES_ROUND( X, Y );
- }
-
- DES_FP( Y, X );
-
- PUT_UINT32_BE( Y, output, 0 );
- PUT_UINT32_BE( X, output, 4 );
-
- return( 0 );
-}
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
-/*
- * DES-CBC buffer encryption/decryption
- */
-int des_crypt_cbc( des_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output )
-{
- int i;
- unsigned char temp[8];
-
- if( length % 8 )
- return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
-
- if( mode == DES_ENCRYPT )
- {
- while( length > 0 )
- {
- for( i = 0; i < 8; i++ )
- output[i] = (unsigned char)( input[i] ^ iv[i] );
-
- des_crypt_ecb( ctx, output, output );
- memcpy( iv, output, 8 );
-
- input += 8;
- output += 8;
- length -= 8;
- }
- }
- else /* DES_DECRYPT */
- {
- while( length > 0 )
- {
- memcpy( temp, input, 8 );
- des_crypt_ecb( ctx, input, output );
-
- for( i = 0; i < 8; i++ )
- output[i] = (unsigned char)( output[i] ^ iv[i] );
-
- memcpy( iv, temp, 8 );
-
- input += 8;
- output += 8;
- length -= 8;
- }
- }
-
- return( 0 );
-}
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
-/*
- * 3DES-ECB block encryption/decryption
- */
-int des3_crypt_ecb( des3_context *ctx,
- const unsigned char input[8],
- unsigned char output[8] )
-{
- int i;
- uint32_t X, Y, T, *SK;
-
- SK = ctx->sk;
-
- GET_UINT32_BE( X, input, 0 );
- GET_UINT32_BE( Y, input, 4 );
-
- DES_IP( X, Y );
-
- for( i = 0; i < 8; i++ )
- {
- DES_ROUND( Y, X );
- DES_ROUND( X, Y );
- }
-
- for( i = 0; i < 8; i++ )
- {
- DES_ROUND( X, Y );
- DES_ROUND( Y, X );
- }
-
- for( i = 0; i < 8; i++ )
- {
- DES_ROUND( Y, X );
- DES_ROUND( X, Y );
- }
-
- DES_FP( Y, X );
-
- PUT_UINT32_BE( Y, output, 0 );
- PUT_UINT32_BE( X, output, 4 );
-
- return( 0 );
-}
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
-/*
- * 3DES-CBC buffer encryption/decryption
- */
-int des3_crypt_cbc( des3_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output )
-{
- int i;
- unsigned char temp[8];
-
- if( length % 8 )
- return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
-
- if( mode == DES_ENCRYPT )
- {
- while( length > 0 )
- {
- for( i = 0; i < 8; i++ )
- output[i] = (unsigned char)( input[i] ^ iv[i] );
-
- des3_crypt_ecb( ctx, output, output );
- memcpy( iv, output, 8 );
-
- input += 8;
- output += 8;
- length -= 8;
- }
- }
- else /* DES_DECRYPT */
- {
- while( length > 0 )
- {
- memcpy( temp, input, 8 );
- des3_crypt_ecb( ctx, input, output );
-
- for( i = 0; i < 8; i++ )
- output[i] = (unsigned char)( output[i] ^ iv[i] );
-
- memcpy( iv, temp, 8 );
-
- input += 8;
- output += 8;
- length -= 8;
- }
- }
-
- return( 0 );
-}
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
-#endif /* !POLARSSL_DES_ALT */
-
-#if defined(POLARSSL_SELF_TEST)
-
-#include <stdio.h>
-
-/*
- * DES and 3DES test vectors from:
- *
- * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
- */
-static const unsigned char des3_test_keys[24] =
-{
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
- 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
-};
-
-static const unsigned char des3_test_buf[8] =
-{
- 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
-};
-
-static const unsigned char des3_test_ecb_dec[3][8] =
-{
- { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
- { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
- { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
-};
-
-static const unsigned char des3_test_ecb_enc[3][8] =
-{
- { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
- { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
- { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
-};
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
-static const unsigned char des3_test_iv[8] =
-{
- 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
-};
-
-static const unsigned char des3_test_cbc_dec[3][8] =
-{
- { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
- { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
- { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
-};
-
-static const unsigned char des3_test_cbc_enc[3][8] =
-{
- { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
- { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
- { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
-};
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
-/*
- * Checkup routine
- */
-int des_self_test( int verbose )
-{
- int i, j, u, v;
- des_context ctx;
- des3_context ctx3;
- unsigned char key[24];
- unsigned char buf[8];
-#if defined(POLARSSL_CIPHER_MODE_CBC)
- unsigned char prv[8];
- unsigned char iv[8];
-#endif
-
- memset( key, 0, 24 );
-
- /*
- * ECB mode
- */
- for( i = 0; i < 6; i++ )
- {
- u = i >> 1;
- v = i & 1;
-
- if( verbose != 0 )
- polarssl_printf( " DES%c-ECB-%3d (%s): ",
- ( u == 0 ) ? ' ' : '3', 56 + u * 56,
- ( v == DES_DECRYPT ) ? "dec" : "enc" );
-
- memcpy( buf, des3_test_buf, 8 );
-
- switch( i )
- {
- case 0:
- des_setkey_dec( &ctx, des3_test_keys );
- break;
-
- case 1:
- des_setkey_enc( &ctx, des3_test_keys );
- break;
-
- case 2:
- des3_set2key_dec( &ctx3, des3_test_keys );
- break;
-
- case 3:
- des3_set2key_enc( &ctx3, des3_test_keys );
- break;
-
- case 4:
- des3_set3key_dec( &ctx3, des3_test_keys );
- break;
-
- case 5:
- des3_set3key_enc( &ctx3, des3_test_keys );
- break;
-
- default:
- return( 1 );
- }
-
- for( j = 0; j < 10000; j++ )
- {
- if( u == 0 )
- des_crypt_ecb( &ctx, buf, buf );
- else
- des3_crypt_ecb( &ctx3, buf, buf );
- }
-
- if( ( v == DES_DECRYPT &&
- memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
- ( v != DES_DECRYPT &&
- memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
- {
- if( verbose != 0 )
- polarssl_printf( "failed\n" );
-
- return( 1 );
- }
-
- if( verbose != 0 )
- polarssl_printf( "passed\n" );
- }
-
- if( verbose != 0 )
- polarssl_printf( "\n" );
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
- /*
- * CBC mode
- */
- for( i = 0; i < 6; i++ )
- {
- u = i >> 1;
- v = i & 1;
-
- if( verbose != 0 )
- polarssl_printf( " DES%c-CBC-%3d (%s): ",
- ( u == 0 ) ? ' ' : '3', 56 + u * 56,
- ( v == DES_DECRYPT ) ? "dec" : "enc" );
-
- memcpy( iv, des3_test_iv, 8 );
- memcpy( prv, des3_test_iv, 8 );
- memcpy( buf, des3_test_buf, 8 );
-
- switch( i )
- {
- case 0:
- des_setkey_dec( &ctx, des3_test_keys );
- break;
-
- case 1:
- des_setkey_enc( &ctx, des3_test_keys );
- break;
-
- case 2:
- des3_set2key_dec( &ctx3, des3_test_keys );
- break;
-
- case 3:
- des3_set2key_enc( &ctx3, des3_test_keys );
- break;
-
- case 4:
- des3_set3key_dec( &ctx3, des3_test_keys );
- break;
-
- case 5:
- des3_set3key_enc( &ctx3, des3_test_keys );
- break;
-
- default:
- return( 1 );
- }
-
- if( v == DES_DECRYPT )
- {
- for( j = 0; j < 10000; j++ )
- {
- if( u == 0 )
- des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
- else
- des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
- }
- }
- else
- {
- for( j = 0; j < 10000; j++ )
- {
- unsigned char tmp[8];
-
- if( u == 0 )
- des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
- else
- des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
-
- memcpy( tmp, prv, 8 );
- memcpy( prv, buf, 8 );
- memcpy( buf, tmp, 8 );
- }
-
- memcpy( buf, prv, 8 );
- }
-
- if( ( v == DES_DECRYPT &&
- memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
- ( v != DES_DECRYPT &&
- memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
- {
- if( verbose != 0 )
- polarssl_printf( "failed\n" );
-
- return( 1 );
- }
-
- if( verbose != 0 )
- polarssl_printf( "passed\n" );
- }
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
- if( verbose != 0 )
- polarssl_printf( "\n" );
-
- return( 0 );
-}
-
-#endif
-
-#endif
+++ /dev/null
-/**
- * \file des.h
- *
- * \brief DES block cipher
- *
- * Copyright (C) 2006-2013, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#ifndef POLARSSL_DES_H
-#define POLARSSL_DES_H
-
-//#include "config.h"
-/**
- * \def POLARSSL_CIPHER_MODE_CBC
- *
- * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
- */
-#define POLARSSL_CIPHER_MODE_CBC
-
-#include <string.h>
-
-#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
-#include <basetsd.h>
-typedef UINT32 uint32_t;
-#else
-#include <inttypes.h>
-#endif
-
-#define DES_ENCRYPT 1
-#define DES_DECRYPT 0
-
-#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */
-
-#define DES_KEY_SIZE 8
-
-#if !defined(POLARSSL_DES_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief DES context structure
- */
-typedef struct
-{
- int mode; /*!< encrypt/decrypt */
- uint32_t sk[32]; /*!< DES subkeys */
-}
-des_context;
-
-/**
- * \brief Triple-DES context structure
- */
-typedef struct
-{
- int mode; /*!< encrypt/decrypt */
- uint32_t sk[96]; /*!< 3DES subkeys */
-}
-des3_context;
-/*
- * Triple-DES key schedule (112-bit, encryption)
- */
-int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
-
-/*
- * Triple-DES key schedule (112-bit, decryption)
- */
-int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
-
-/*
- * Triple-DES key schedule (168-bit, encryption)
- */
-int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
-
-/*
- * Triple-DES key schedule (168-bit, decryption)
- */
-int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
-
-/**
- * \brief Set key parity on the given key to odd.
- *
- * DES keys are 56 bits long, but each byte is padded with
- * a parity bit to allow verification.
- *
- * \param key 8-byte secret key
- */
-void des_key_set_parity( unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief Check that key parity on the given key is odd.
- *
- * DES keys are 56 bits long, but each byte is padded with
- * a parity bit to allow verification.
- *
- * \param key 8-byte secret key
- *
- * \return 0 is parity was ok, 1 if parity was not correct.
- */
-int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief Check that key is not a weak or semi-weak DES key
- *
- * \param key 8-byte secret key
- *
- * \return 0 if no weak key was found, 1 if a weak key was identified.
- */
-int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief DES key schedule (56-bit, encryption)
- *
- * \param ctx DES context to be initialized
- * \param key 8-byte secret key
- *
- * \return 0
- */
-int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief DES key schedule (56-bit, decryption)
- *
- * \param ctx DES context to be initialized
- * \param key 8-byte secret key
- *
- * \return 0
- */
-int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
-
-/**
- * \brief Triple-DES key schedule (112-bit, encryption)
- *
- * \param ctx 3DES context to be initialized
- * \param key 16-byte secret key
- *
- * \return 0
- */
-int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
-
-/**
- * \brief Triple-DES key schedule (112-bit, decryption)
- *
- * \param ctx 3DES context to be initialized
- * \param key 16-byte secret key
- *
- * \return 0
- */
-int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
-
-/**
- * \brief Triple-DES key schedule (168-bit, encryption)
- *
- * \param ctx 3DES context to be initialized
- * \param key 24-byte secret key
- *
- * \return 0
- */
-int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
-
-/**
- * \brief Triple-DES key schedule (168-bit, decryption)
- *
- * \param ctx 3DES context to be initialized
- * \param key 24-byte secret key
- *
- * \return 0
- */
-int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
-
-/**
- * \brief DES-ECB block encryption/decryption
- *
- * \param ctx DES context
- * \param input 64-bit input block
- * \param output 64-bit output block
- *
- * \return 0 if successful
- */
-int des_crypt_ecb( des_context *ctx,
- const unsigned char input[8],
- unsigned char output[8] );
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
-/**
- * \brief DES-CBC buffer encryption/decryption
- *
- * \param ctx DES context
- * \param mode DES_ENCRYPT or DES_DECRYPT
- * \param length length of the input data
- * \param iv initialization vector (updated after use)
- * \param input buffer holding the input data
- * \param output buffer holding the output data
- */
-int des_crypt_cbc( des_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
-/**
- * \brief 3DES-ECB block encryption/decryption
- *
- * \param ctx 3DES context
- * \param input 64-bit input block
- * \param output 64-bit output block
- *
- * \return 0 if successful
- */
-int des3_crypt_ecb( des3_context *ctx,
- const unsigned char input[8],
- unsigned char output[8] );
-
-#if defined(POLARSSL_CIPHER_MODE_CBC)
-/**
- * \brief 3DES-CBC buffer encryption/decryption
- *
- * \param ctx 3DES context
- * \param mode DES_ENCRYPT or DES_DECRYPT
- * \param length length of the input data
- * \param iv initialization vector (updated after use)
- * \param input buffer holding the input data
- * \param output buffer holding the output data
- *
- * \return 0 if successful, or POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
- */
-int des3_crypt_cbc( des3_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else /* POLARSSL_DES_ALT */
-#include "des_alt.h"
-#endif /* POLARSSL_DES_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int des_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* des.h */
#include "ikeys.h"
#include "elite_crack.h"
#include "fileutils.h"
-#include "des.h"
+#include "polarssl/des.h"
/**
* @brief Permutes a key from standard NIST format to Iclass specific format
#include <inttypes.h>
#include "fileutils.h"
#include "cipherutils.h"
-#include "des.h"
+#include "polarssl/des.h"
uint8_t pi[35] = {0x0F,0x17,0x1B,0x1D,0x1E,0x27,0x2B,0x2D,0x2E,0x33,0x35,0x39,0x36,0x3A,0x3C,0x47,0x4B,0x4D,0x4E,0x53,0x55,0x56,0x59,0x5A,0x5C,0x63,0x65,0x66,0x69,0x6A,0x6C,0x71,0x72,0x74,0x78};
ISO14A_APPEND_CRC = 0x20,
ISO14A_SET_TIMEOUT = 0x40,
ISO14A_NO_SELECT = 0x80,
- ISO14A_TOPAZMODE = 0x100
+ ISO14A_TOPAZMODE = 0x100,
+ ISO14A_NO_RATS = 0x200
}
local ISO14443a_TYPES = {}
-- This function does a connect and retrieves som einfo
-- @param dont_disconnect - if true, does not disable the field
+-- @param no_rats - if true, skips ISO14443-4 select (RATS)
-- @return if successfull: an table containing card info
-- @return if unsuccessfull : nil, error
-local function read14443a(dont_disconnect)
+local function read14443a(dont_disconnect, no_rats)
local command, result, info, err, data
command = Command:new{cmd = cmds.CMD_READER_ISO_14443a,
if dont_disconnect then
command.arg1 = command.arg1 + ISO14A_COMMAND.ISO14A_NO_DISCONNECT
end
+ if no_rats then
+ command.arg1 = command.arg1 + ISO14A_COMMAND.ISO14A_NO_RATS
+ end
local result,err = sendToDevice(command)
if result then
local count,cmd,arg0,arg1,arg2 = bin.unpack('LLLL',result)
--- /dev/null
+//-----------------------------------------------------------------------------
+// Copyright (C) 2017 Merlok
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Mifare default constants
+//-----------------------------------------------------------------------------
+
+#ifndef MIFAREDEFAULT_H__
+#define MIFAREDEFAULT_H__
+
+#include <inttypes.h>
+
+#define MifareDefaultKeysSize sizeof(MifareDefaultKeys) / sizeof(uint64_t)
+
+static const uint64_t MifareDefaultKeys[] =
+{
+ 0xffffffffffff, // Default key (first key used by program if no user defined key)
+ 0x000000000000, // Blank key
+ 0xa0a1a2a3a4a5, // NFCForum MAD key
+ 0xb0b1b2b3b4b5,
+ 0xaabbccddeeff,
+ 0x1a2b3c4d5e6f,
+ 0x123456789abc,
+ 0x010203040506,
+ 0x123456abcdef,
+ 0xabcdef123456,
+ 0x4d3a99c351dd,
+ 0x1a982c7e459a,
+ 0xd3f7d3f7d3f7,
+ 0x714c5c886e97,
+ 0x587ee5f9350f,
+ 0xa0478cc39091,
+ 0x533cb6c723f6,
+ 0x8fd0a4f256e9
+};
+
+#endif
\r
*key = -1;\r
\r
- UsbCommand c = {CMD_MIFARE_CHKKEYS, {((blockNo & 0xff) | ((keyType&0xff)<<8)), clear_trace, keycnt}};\r
+ UsbCommand c = {CMD_MIFARE_CHKKEYS, {((blockNo & 0xff) | ((keyType & 0xff) << 8)), clear_trace, keycnt}}; \r
memcpy(c.d.asBytes, keyBlock, 6 * keycnt);\r
SendCommand(&c);\r
\r
UsbCommand resp;\r
- if (!WaitForResponseTimeout(CMD_ACK,&resp,3000)) return 1;\r
+ if (!WaitForResponseTimeout(CMD_ACK,&resp,3000)) return 1; \r
if ((resp.arg[0] & 0xff) != 0x01) return 2;\r
*key = bytes_to_num(resp.d.asBytes, 6);\r
return 0;\r
}\r
\r
+int mfCheckKeysSec(uint8_t sectorCnt, uint8_t keyType, uint8_t timeout14a, bool clear_trace, uint8_t keycnt, uint8_t * keyBlock, sector_t * e_sector){\r
+\r
+ uint8_t keyPtr = 0;\r
+\r
+ if (e_sector == NULL)\r
+ return -1;\r
+\r
+ UsbCommand c = {CMD_MIFARE_CHKKEYS, {((sectorCnt & 0xff) | ((keyType & 0xff) << 8)), (clear_trace | 0x02)|((timeout14a & 0xff) << 8), keycnt}}; \r
+ memcpy(c.d.asBytes, keyBlock, 6 * keycnt);\r
+ SendCommand(&c);\r
+\r
+ UsbCommand resp;\r
+ if (!WaitForResponseTimeoutW(CMD_ACK, &resp, MAX(3000, 1000 + 13 * sectorCnt * keycnt * (keyType == 2 ? 2 : 1)), false)) return 1; // timeout: 13 ms / fail auth\r
+ if ((resp.arg[0] & 0xff) != 0x01) return 2;\r
+ \r
+ bool foundAKey = false;\r
+ for(int sec = 0; sec < sectorCnt; sec++){\r
+ for(int keyAB = 0; keyAB < 2; keyAB++){\r
+ keyPtr = *(resp.d.asBytes + keyAB * 40 + sec);\r
+ if (keyPtr){\r
+ e_sector[sec].foundKey[keyAB] = true;\r
+ e_sector[sec].Key[keyAB] = bytes_to_num(keyBlock + (keyPtr - 1) * 6, 6);\r
+ foundAKey = true;\r
+ }\r
+ }\r
+ }\r
+ return foundAKey ? 0 : 3;\r
+}\r
+\r
// Compare 16 Bits out of cryptostate\r
int Compare16Bits(const void * a, const void * b) {\r
if ((*(uint64_t*)b & 0x00ff000000ff0000) == (*(uint64_t*)a & 0x00ff000000ff0000)) return 0;\r
UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};\r
SendCommand(&c);\r
\r
- UsbCommand resp;\r
+ UsbCommand resp;\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
isOK = resp.arg[0] & 0xff;\r
memcpy(data, resp.d.asBytes, 16);\r
memcpy(c.d.asBytes, data, 16);\r
SendCommand(&c);\r
\r
- UsbCommand resp;\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
+ UsbCommand resp;\r
+ if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {\r
isOK = resp.arg[0] & 0xff;\r
if (uid != NULL)\r
memcpy(uid, resp.d.asBytes, 4);\r
PrintAndLog("Command execute timeout");\r
return 1;\r
}\r
+\r
return 0;\r
}\r
\r
-int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, bool wantWipe) {\r
+int mfCWipe(uint32_t numSectors, bool gen1b, bool wantWipe, bool wantFill) {\r
+ uint8_t isOK = 0;\r
+ uint8_t cmdParams = wantWipe + wantFill * 0x02 + gen1b * 0x04;\r
+ UsbCommand c = {CMD_MIFARE_CWIPE, {numSectors, cmdParams, 0}};\r
+ SendCommand(&c);\r
+\r
+ UsbCommand resp;\r
+ WaitForResponse(CMD_ACK,&resp);\r
+ isOK = resp.arg[0] & 0xff;\r
+ \r
+ return isOK;\r
+}\r
+\r
+int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID) {\r
uint8_t oldblock0[16] = {0x00};\r
uint8_t block0[16] = {0x00};\r
- int old, gen = 0;\r
+ int gen = 0, res;\r
\r
gen = mfCIdentify();\r
\r
+ /* generation 1a magic card by default */\r
+ uint8_t cmdParams = CSETBLOCK_SINGLE_OPER;\r
if (gen == 2) {\r
/* generation 1b magic card */\r
- old = mfCGetBlock(0, oldblock0, CSETBLOCK_SINGLE_OPER | CSETBLOCK_MAGIC_1B);\r
- } else {\r
- /* generation 1a magic card by default */\r
- old = mfCGetBlock(0, oldblock0, CSETBLOCK_SINGLE_OPER);\r
+ cmdParams = CSETBLOCK_SINGLE_OPER | CSETBLOCK_MAGIC_1B;\r
}\r
+ \r
+ res = mfCGetBlock(0, oldblock0, cmdParams);\r
\r
- if (old == 0) {\r
+ if (res == 0) {\r
memcpy(block0, oldblock0, 16);\r
PrintAndLog("old block 0: %s", sprint_hex(block0,16));\r
} else {\r
// UID\r
memcpy(block0, uid, 4);\r
// Mifare UID BCC\r
- block0[4] = block0[0]^block0[1]^block0[2]^block0[3];\r
+ block0[4] = block0[0] ^ block0[1] ^ block0[2] ^ block0[3];\r
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7, reversed)\r
- if (sak!=NULL)\r
- block0[5]=sak[0];\r
- if (atqa!=NULL) {\r
- block0[6]=atqa[1];\r
- block0[7]=atqa[0];\r
+ if (sak != NULL)\r
+ block0[5] = sak[0];\r
+ if (atqa != NULL) {\r
+ block0[6] = atqa[1];\r
+ block0[7] = atqa[0];\r
}\r
- PrintAndLog("new block 0: %s", sprint_hex(block0,16));\r
+ PrintAndLog("new block 0: %s", sprint_hex(block0, 16));\r
\r
- if (gen == 2) {\r
- /* generation 1b magic card */\r
- return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER | CSETBLOCK_MAGIC_1B);\r
- } else {\r
- /* generation 1a magic card by default */\r
- return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER);\r
+ res = mfCSetBlock(0, block0, oldUID, false, cmdParams);\r
+ if (res) {\r
+ PrintAndLog("Can't set block 0. Error: %d", res);\r
+ return res;\r
}\r
+ \r
+ return 0;\r
}\r
\r
+int mfCIdentify()\r
+{\r
+ UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};\r
+ SendCommand(&c);\r
+\r
+ UsbCommand resp;\r
+ WaitForResponse(CMD_ACK,&resp);\r
+\r
+ // iso14a_card_select_t card;\r
+ // memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));\r
+\r
+ // uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision\r
+\r
+ // if(select_status != 0) {\r
+ // uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0\r
+ // c.arg[0] = ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_DISCONNECT;\r
+ // c.arg[1] = 2;\r
+ // c.arg[2] = 0;\r
+ // memcpy(c.d.asBytes, rats, 2);\r
+ // SendCommand(&c);\r
+ // WaitForResponse(CMD_ACK,&resp);\r
+ // }\r
+\r
+ c.cmd = CMD_MIFARE_CIDENT;\r
+ c.arg[0] = 0;\r
+ c.arg[1] = 0;\r
+ c.arg[2] = 0;\r
+ SendCommand(&c);\r
+ WaitForResponse(CMD_ACK,&resp);\r
+\r
+ uint8_t isGeneration = resp.arg[0] & 0xff;\r
+ switch( isGeneration ){\r
+ case 1: PrintAndLog("Chinese magic backdoor commands (GEN 1a) detected"); break;\r
+ case 2: PrintAndLog("Chinese magic backdoor command (GEN 1b) detected"); break;\r
+ default: PrintAndLog("No chinese magic backdoor command detected"); break;\r
+ }\r
+\r
+ // disconnect\r
+ c.cmd = CMD_READER_ISO_14443a;\r
+ c.arg[0] = 0;\r
+ c.arg[1] = 0;\r
+ c.arg[2] = 0;\r
+ SendCommand(&c);\r
+\r
+ return (int) isGeneration;\r
+}\r
+\r
+\r
// SNIFFER\r
\r
// constants\r
return 0;\r
}\r
\r
+// DECODING\r
+\r
int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len){\r
/*\r
uint32_t nt; // tag challenge\r
return 0;\r
}\r
\r
-int mfCIdentify()\r
-{\r
- UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};\r
- SendCommand(&c);\r
-\r
- UsbCommand resp;\r
- WaitForResponse(CMD_ACK,&resp);\r
-\r
- iso14a_card_select_t card;\r
- memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));\r
-\r
- uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision\r
-\r
- if(select_status != 0) {\r
- uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0\r
- c.arg[0] = ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_DISCONNECT;\r
- c.arg[1] = 2;\r
- c.arg[2] = 0;\r
- memcpy(c.d.asBytes, rats, 2);\r
- SendCommand(&c);\r
- WaitForResponse(CMD_ACK,&resp);\r
- }\r
-\r
- c.cmd = CMD_MIFARE_CIDENT;\r
- c.arg[0] = 0;\r
- c.arg[1] = 0;\r
- c.arg[2] = 0;\r
- SendCommand(&c);\r
- WaitForResponse(CMD_ACK,&resp);\r
-\r
- uint8_t isGeneration = resp.arg[0] & 0xff;\r
- switch( isGeneration ){\r
- case 1: PrintAndLog("Chinese magic backdoor commands (GEN 1a) detected"); break;\r
- case 2: PrintAndLog("Chinese magic backdoor command (GEN 1b) detected"); break;\r
- default: PrintAndLog("No chinese magic backdoor command detected"); break;\r
- }\r
-\r
- // disconnect\r
- c.cmd = CMD_READER_ISO_14443a;\r
- c.arg[0] = 0;\r
- c.arg[1] = 0;\r
- c.arg[2] = 0;\r
- SendCommand(&c);\r
-\r
- return (int) isGeneration;\r
-}\r
-// Merlok, 2011\r
+// Merlok, 2011, 2017\r
// people from mifare@nethemba.com, 2010\r
//\r
// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
#include <stdbool.h>\r
#include "data.h"\r
\r
+// defaults\r
+// timeout in units. (ms * 106)/10 or us*0.0106\r
+// 5 == 500us\r
+#define MF_CHKKEYS_DEFTIMEOUT 5\r
+\r
// mfCSetBlock work flags\r
#define CSETBLOCK_UID 0x01\r
#define CSETBLOCK_WUPC 0x02\r
#define CSETBLOCK_SINGLE_OPER 0x1F\r
#define CSETBLOCK_MAGIC_1B 0x40\r
\r
+typedef struct {\r
+ uint64_t Key[2];\r
+ int foundKey[2];\r
+} sector_t;\r
+\r
extern char logHexFileName[FILE_PATH_SIZE];\r
\r
extern int mfDarkside(uint64_t *key);\r
extern int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t *ResultKeys, bool calibrate);\r
extern int mfCheckKeys (uint8_t blockNo, uint8_t keyType, bool clear_trace, uint8_t keycnt, uint8_t *keyBlock, uint64_t *key);\r
+extern int mfCheckKeysSec(uint8_t sectorCnt, uint8_t keyType, uint8_t timeout14a, bool clear_trace, uint8_t keycnt, uint8_t * keyBlock, sector_t * e_sector);\r
\r
extern int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount);\r
extern int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount);\r
\r
-extern int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, bool wantWipe);\r
+extern int mfCWipe(uint32_t numSectors, bool gen1b, bool wantWipe, bool wantFill);\r
+extern int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID);\r
extern int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uint8_t params);\r
extern int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params);\r
\r
size_t len;
const char *s=luaL_checklstring(L,2,&len); /* switched s and f */
const char *f=luaL_checkstring(L,1);
- int i_read = luaL_optint(L,3,1)-1;
+ int i_read = luaL_optinteger(L,3,1)-1;
+ // int i_read = luaL_optint(L,3,1)-1;
unsigned int i;
if (i_read >= 0) {
i = i_read;
lua_pop(L, 1);
return 1;
}
-
+++ /dev/null
-/**
- * \file config.h
- *
- * \brief Configuration options (set of defines)
- *
- * Copyright (C) 2006-2014, Brainspark B.V.
- *
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * This set of compile-time options may be used to enable
- * or disable features selectively, and reduce the global
- * memory footprint.
- */
-#ifndef POLARSSL_CONFIG_H
-#define POLARSSL_CONFIG_H
-
-#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
-#endif
-
-/**
- * \name SECTION: System support
- *
- * This section sets system specific settings.
- * \{
- */
-
-/**
- * \def POLARSSL_HAVE_INT8
- *
- * The system uses 8-bit wide native integers.
- *
- * Uncomment if native integers are 8-bit wide.
- */
-//#define POLARSSL_HAVE_INT8
-
-/**
- * \def POLARSSL_HAVE_INT16
- *
- * The system uses 16-bit wide native integers.
- *
- * Uncomment if native integers are 16-bit wide.
- */
-//#define POLARSSL_HAVE_INT16
-
-/**
- * \def POLARSSL_HAVE_LONGLONG
- *
- * The compiler supports the 'long long' type.
- * (Only used on 32-bit platforms)
- */
-#define POLARSSL_HAVE_LONGLONG
-
-/**
- * \def POLARSSL_HAVE_ASM
- *
- * The compiler has support for asm().
- *
- * Requires support for asm() in compiler.
- *
- * Used in:
- * library/timing.c
- * library/padlock.c
- * include/polarssl/bn_mul.h
- *
- * Comment to disable the use of assembly code.
- */
-#define POLARSSL_HAVE_ASM
-
-/**
- * \def POLARSSL_HAVE_SSE2
- *
- * CPU supports SSE2 instruction set.
- *
- * Uncomment if the CPU supports SSE2 (IA-32 specific).
- */
-//#define POLARSSL_HAVE_SSE2
-
-/**
- * \def POLARSSL_HAVE_TIME
- *
- * System has time.h and time() / localtime() / gettimeofday().
- *
- * Comment if your system does not support time functions
- */
-#define POLARSSL_HAVE_TIME
-
-/**
- * \def POLARSSL_HAVE_IPV6
- *
- * System supports the basic socket interface for IPv6 (RFC 3493),
- * specifically getaddrinfo(), freeaddrinfo() and struct sockaddr_storage.
- *
- * Note: on Windows/MingW, XP or higher is required.
- *
- * Comment if your system does not support the IPv6 socket interface
- */
-#define POLARSSL_HAVE_IPV6
-
-/**
- * \def POLARSSL_PLATFORM_MEMORY
- *
- * Enable the memory allocation layer.
- *
- * By default PolarSSL uses the system-provided malloc() and free().
- * This allows different allocators (self-implemented or provided) to be
- * provided to the platform abstraction layer.
- *
- * Enabling POLARSSL_PLATFORM_MEMORY will provide "platform_set_malloc_free()"
- * to allow you to set an alternative malloc() and free() function pointer.
- *
- * Requires: POLARSSL_PLATFORM_C
- *
- * Enable this layer to allow use of alternative memory allocators.
- */
-//#define POLARSSL_PLATFORM_MEMORY
-
-/**
- * \def POLARSSL_PLATFORM_NO_STD_FUNCTIONS
- *
- * Do not assign standard functions in the platform layer (e.g. malloc() to
- * POLARSSL_PLATFORM_STD_MALLOC and printf() to POLARSSL_PLATFORM_STD_PRINTF)
- *
- * This makes sure there are no linking errors on platforms that do not support
- * these functions. You will HAVE to provide alternatives, either at runtime
- * via the platform_set_xxx() functions or at compile time by setting
- * the POLARSSL_PLATFORM_STD_XXX defines.
- *
- * Requires: POLARSSL_PLATFORM_C
- *
- * Uncomment to prevent default assignment of standard functions in the
- * platform layer.
- */
-//#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS
-
-/**
- * \def POLARSSL_PLATFORM_XXX_ALT
- *
- * Uncomment a macro to let PolarSSL support the function in the platform
- * abstraction layer.
- *
- * Example: In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT, PolarSSL will
- * provide a function "platform_set_printf()" that allows you to set an
- * alternative printf function pointer.
- *
- * All these define require POLARSSL_PLATFORM_C to be defined!
- *
- * Uncomment a macro to enable alternate implementation of specific base
- * platform function
- */
-//#define POLARSSL_PLATFORM_PRINTF_ALT
-//#define POLARSSL_PLATFORM_FPRINTF_ALT
-/* \} name SECTION: System support */
-
-/**
- * \name SECTION: PolarSSL feature support
- *
- * This section sets support for features that are or are not needed
- * within the modules that are enabled.
- * \{
- */
-
-/**
- * \def POLARSSL_TIMING_ALT
- *
- * Uncomment to provide your own alternate implementation for hardclock(),
- * get_timer(), set_alarm() and m_sleep().
- *
- * Only works if you have POLARSSL_TIMING_C enabled.
- *
- * You will need to provide a header "timing_alt.h" and an implementation at
- * compile time.
- */
-//#define POLARSSL_TIMING_ALT
-
-/**
- * \def POLARSSL_XXX_ALT
- *
- * Uncomment a macro to let PolarSSL use your alternate core implementation of
- * a symmetric or hash algorithm (e.g. platform specific assembly optimized
- * implementations). Keep in mind that the function prototypes should remain
- * the same.
- *
- * Example: In case you uncomment POLARSSL_AES_ALT, PolarSSL will no longer
- * provide the "struct aes_context" definition and omit the base function
- * declarations and implementations. "aes_alt.h" will be included from
- * "aes.h" to include the new function definitions.
- *
- * Uncomment a macro to enable alternate implementation for core algorithm
- * functions
- */
-//#define POLARSSL_AES_ALT
-//#define POLARSSL_ARC4_ALT
-//#define POLARSSL_BLOWFISH_ALT
-//#define POLARSSL_CAMELLIA_ALT
-//#define POLARSSL_DES_ALT
-//#define POLARSSL_XTEA_ALT
-//#define POLARSSL_MD2_ALT
-//#define POLARSSL_MD4_ALT
-//#define POLARSSL_MD5_ALT
-//#define POLARSSL_RIPEMD160_ALT
-//#define POLARSSL_SHA1_ALT
-//#define POLARSSL_SHA256_ALT
-//#define POLARSSL_SHA512_ALT
-
-/**
- * \def POLARSSL_AES_ROM_TABLES
- *
- * Store the AES tables in ROM.
- *
- * Uncomment this macro to store the AES tables in ROM.
- *
- */
-//#define POLARSSL_AES_ROM_TABLES
-
-/**
- * \def POLARSSL_CIPHER_MODE_CBC
- *
- * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
- */
-#define POLARSSL_CIPHER_MODE_CBC
-
-/**
- * \def POLARSSL_CIPHER_MODE_CFB
- *
- * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
- */
-#define POLARSSL_CIPHER_MODE_CFB
-
-/**
- * \def POLARSSL_CIPHER_MODE_CTR
- *
- * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
- */
-#define POLARSSL_CIPHER_MODE_CTR
-
-/**
- * \def POLARSSL_CIPHER_NULL_CIPHER
- *
- * Enable NULL cipher.
- * Warning: Only do so when you know what you are doing. This allows for
- * encryption or channels without any security!
- *
- * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
- * the following ciphersuites:
- * TLS_ECDH_ECDSA_WITH_NULL_SHA
- * TLS_ECDH_RSA_WITH_NULL_SHA
- * TLS_ECDHE_ECDSA_WITH_NULL_SHA
- * TLS_ECDHE_RSA_WITH_NULL_SHA
- * TLS_ECDHE_PSK_WITH_NULL_SHA384
- * TLS_ECDHE_PSK_WITH_NULL_SHA256
- * TLS_ECDHE_PSK_WITH_NULL_SHA
- * TLS_DHE_PSK_WITH_NULL_SHA384
- * TLS_DHE_PSK_WITH_NULL_SHA256
- * TLS_DHE_PSK_WITH_NULL_SHA
- * TLS_RSA_WITH_NULL_SHA256
- * TLS_RSA_WITH_NULL_SHA
- * TLS_RSA_WITH_NULL_MD5
- * TLS_RSA_PSK_WITH_NULL_SHA384
- * TLS_RSA_PSK_WITH_NULL_SHA256
- * TLS_RSA_PSK_WITH_NULL_SHA
- * TLS_PSK_WITH_NULL_SHA384
- * TLS_PSK_WITH_NULL_SHA256
- * TLS_PSK_WITH_NULL_SHA
- *
- * Uncomment this macro to enable the NULL cipher and ciphersuites
- */
-//#define POLARSSL_CIPHER_NULL_CIPHER
-
-/**
- * \def POLARSSL_CIPHER_PADDING_XXX
- *
- * Uncomment or comment macros to add support for specific padding modes
- * in the cipher layer with cipher modes that support padding (e.g. CBC)
- *
- * If you disable all padding modes, only full blocks can be used with CBC.
- *
- * Enable padding modes in the cipher layer.
- */
-#define POLARSSL_CIPHER_PADDING_PKCS7
-#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
-#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN
-#define POLARSSL_CIPHER_PADDING_ZEROS
-
-/**
- * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
- *
- * Enable weak ciphersuites in SSL / TLS.
- * Warning: Only do so when you know what you are doing. This allows for
- * channels with virtually no security at all!
- *
- * This enables the following ciphersuites:
- * TLS_RSA_WITH_DES_CBC_SHA
- * TLS_DHE_RSA_WITH_DES_CBC_SHA
- *
- * Uncomment this macro to enable weak ciphersuites
- */
-//#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
-
-/**
- * \def POLARSSL_REMOVE_ARC4_CIPHERSUITES
- *
- * Remove RC4 ciphersuites by default in SSL / TLS.
- * This flag removes the ciphersuites based on RC4 from the default list as
- * returned by ssl_list_ciphersuites(). However, it is still possible to
- * enable (some of) them with ssl_set_ciphersuites() by including them
- * explicitly.
- *
- * Uncomment this macro to remove RC4 ciphersuites by default.
- */
-//#define POLARSSL_REMOVE_ARC4_CIPHERSUITES
-
-/**
- * \def POLARSSL_ECP_XXXX_ENABLED
- *
- * Enables specific curves within the Elliptic Curve module.
- * By default all supported curves are enabled.
- *
- * Comment macros to disable the curve and functions for it
- */
-#define POLARSSL_ECP_DP_SECP192R1_ENABLED
-#define POLARSSL_ECP_DP_SECP224R1_ENABLED
-#define POLARSSL_ECP_DP_SECP256R1_ENABLED
-#define POLARSSL_ECP_DP_SECP384R1_ENABLED
-#define POLARSSL_ECP_DP_SECP521R1_ENABLED
-#define POLARSSL_ECP_DP_SECP192K1_ENABLED
-#define POLARSSL_ECP_DP_SECP224K1_ENABLED
-#define POLARSSL_ECP_DP_SECP256K1_ENABLED
-#define POLARSSL_ECP_DP_BP256R1_ENABLED
-#define POLARSSL_ECP_DP_BP384R1_ENABLED
-#define POLARSSL_ECP_DP_BP512R1_ENABLED
-//#define POLARSSL_ECP_DP_M221_ENABLED // Not implemented yet!
-#define POLARSSL_ECP_DP_M255_ENABLED
-//#define POLARSSL_ECP_DP_M383_ENABLED // Not implemented yet!
-//#define POLARSSL_ECP_DP_M511_ENABLED // Not implemented yet!
-
-/**
- * \def POLARSSL_ECP_NIST_OPTIM
- *
- * Enable specific 'modulo p' routines for each NIST prime.
- * Depending on the prime and architecture, makes operations 4 to 8 times
- * faster on the corresponding curve.
- *
- * Comment this macro to disable NIST curves optimisation.
- */
-#define POLARSSL_ECP_NIST_OPTIM
-
-/**
- * \def POLARSSL_ECDSA_DETERMINISTIC
- *
- * Enable deterministic ECDSA (RFC 6979).
- * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
- * may result in a compromise of the long-term signing key. This is avoided by
- * the deterministic variant.
- *
- * Requires: POLARSSL_HMAC_DRBG_C
- *
- * Comment this macro to disable deterministic ECDSA.
- */
-#define POLARSSL_ECDSA_DETERMINISTIC
-
-/**
- * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
- *
- * Enable the PSK based ciphersuite modes in SSL / TLS.
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_PSK_WITH_AES_256_GCM_SHA384
- * TLS_PSK_WITH_AES_256_CBC_SHA384
- * TLS_PSK_WITH_AES_256_CBC_SHA
- * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_PSK_WITH_AES_128_GCM_SHA256
- * TLS_PSK_WITH_AES_128_CBC_SHA256
- * TLS_PSK_WITH_AES_128_CBC_SHA
- * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_PSK_WITH_3DES_EDE_CBC_SHA
- * TLS_PSK_WITH_RC4_128_SHA
- */
-#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
-
-/**
- * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
- *
- * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: POLARSSL_DHM_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- * TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- * TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
- * TLS_DHE_PSK_WITH_RC4_128_SHA
- */
-#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
-
-/**
- * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
- *
- * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: POLARSSL_ECDH_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- * TLS_ECDHE_PSK_WITH_RC4_128_SHA
- */
-#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-
-/**
- * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
- *
- * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
- * POLARSSL_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- * TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- * TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
- * TLS_RSA_PSK_WITH_RC4_128_SHA
- */
-#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
-
-/**
- * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
- *
- * Enable the RSA-only based ciphersuite modes in SSL / TLS.
- *
- * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
- * POLARSSL_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_RSA_WITH_AES_256_GCM_SHA384
- * TLS_RSA_WITH_AES_256_CBC_SHA256
- * TLS_RSA_WITH_AES_256_CBC_SHA
- * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- * TLS_RSA_WITH_AES_128_GCM_SHA256
- * TLS_RSA_WITH_AES_128_CBC_SHA256
- * TLS_RSA_WITH_AES_128_CBC_SHA
- * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- * TLS_RSA_WITH_3DES_EDE_CBC_SHA
- * TLS_RSA_WITH_RC4_128_SHA
- * TLS_RSA_WITH_RC4_128_MD5
- */
-#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED
-
-/**
- * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
- *
- * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
- * POLARSSL_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- */
-#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
-
-/**
- * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- *
- * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
- * POLARSSL_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- * TLS_ECDHE_RSA_WITH_RC4_128_SHA
- */
-#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-
-/**
- * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
- *
- * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- */
-#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-
-/**
- * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
- *
- * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-
-/**
- * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
- *
- * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_ECDH_RSA_WITH_RC4_128_SHA
- * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
-
-/**
- * \def POLARSSL_PK_PARSE_EC_EXTENDED
- *
- * Enhance support for reading EC keys using variants of SEC1 not allowed by
- * RFC 5915 and RFC 5480.
- *
- * Currently this means parsing the SpecifiedECDomain choice of EC
- * parameters (only known groups are supported, not arbitrary domains, to
- * avoid validation issues).
- *
- * Disable if you only need to support RFC 5915 + 5480 key formats.
- */
-#define POLARSSL_PK_PARSE_EC_EXTENDED
-
-/**
- * \def POLARSSL_ERROR_STRERROR_BC
- *
- * Make available the backward compatible error_strerror() next to the
- * current polarssl_strerror().
- *
- * For new code, it is recommended to use polarssl_strerror() instead and
- * disable this.
- *
- * Disable if you run into name conflicts and want to really remove the
- * error_strerror()
- */
-#define POLARSSL_ERROR_STRERROR_BC
-
-/**
- * \def POLARSSL_ERROR_STRERROR_DUMMY
- *
- * Enable a dummy error function to make use of polarssl_strerror() in
- * third party libraries easier when POLARSSL_ERROR_C is disabled
- * (no effect when POLARSSL_ERROR_C is enabled).
- *
- * You can safely disable this if POLARSSL_ERROR_C is enabled, or if you're
- * not using polarssl_strerror() or error_strerror() in your application.
- *
- * Disable if you run into name conflicts and want to really remove the
- * polarssl_strerror()
- */
-#define POLARSSL_ERROR_STRERROR_DUMMY
-
-/**
- * \def POLARSSL_GENPRIME
- *
- * Enable the prime-number generation code.
- *
- * Requires: POLARSSL_BIGNUM_C
- */
-#define POLARSSL_GENPRIME
-
-/**
- * \def POLARSSL_FS_IO
- *
- * Enable functions that use the filesystem.
- */
-#define POLARSSL_FS_IO
-
-/**
- * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
- *
- * Do not add default entropy sources. These are the platform specific,
- * hardclock and HAVEGE based poll functions.
- *
- * This is useful to have more control over the added entropy sources in an
- * application.
- *
- * Uncomment this macro to prevent loading of default entropy functions.
- */
-//#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
-
-/**
- * \def POLARSSL_NO_PLATFORM_ENTROPY
- *
- * Do not use built-in platform entropy functions.
- * This is useful if your platform does not support
- * standards like the /dev/urandom or Windows CryptoAPI.
- *
- * Uncomment this macro to disable the built-in platform entropy functions.
- */
-//#define POLARSSL_NO_PLATFORM_ENTROPY
-
-/**
- * \def POLARSSL_ENTROPY_FORCE_SHA256
- *
- * Force the entropy accumulator to use a SHA-256 accumulator instead of the
- * default SHA-512 based one (if both are available).
- *
- * Requires: POLARSSL_SHA256_C
- *
- * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
- * if you have performance concerns.
- *
- * This option is only useful if both POLARSSL_SHA256_C and
- * POLARSSL_SHA512_C are defined. Otherwise the available hash module is used.
- */
-//#define POLARSSL_ENTROPY_FORCE_SHA256
-
-/**
- * \def POLARSSL_MEMORY_DEBUG
- *
- * Enable debugging of buffer allocator memory issues. Automatically prints
- * (to stderr) all (fatal) messages on memory allocation issues. Enables
- * function for 'debug output' of allocated memory.
- *
- * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
- *
- * Uncomment this macro to let the buffer allocator print out error messages.
- */
-//#define POLARSSL_MEMORY_DEBUG
-
-/**
- * \def POLARSSL_MEMORY_BACKTRACE
- *
- * Include backtrace information with each allocated block.
- *
- * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
- * GLIBC-compatible backtrace() an backtrace_symbols() support
- *
- * Uncomment this macro to include backtrace information
- */
-//#define POLARSSL_MEMORY_BACKTRACE
-
-/**
- * \def POLARSSL_PKCS1_V15
- *
- * Enable support for PKCS#1 v1.5 encoding.
- *
- * Requires: POLARSSL_RSA_C
- *
- * This enables support for PKCS#1 v1.5 operations.
- */
-#define POLARSSL_PKCS1_V15
-
-/**
- * \def POLARSSL_PKCS1_V21
- *
- * Enable support for PKCS#1 v2.1 encoding.
- *
- * Requires: POLARSSL_MD_C, POLARSSL_RSA_C
- *
- * This enables support for RSAES-OAEP and RSASSA-PSS operations.
- */
-#define POLARSSL_PKCS1_V21
-
-/**
- * \def POLARSSL_RSA_NO_CRT
- *
- * Do not use the Chinese Remainder Theorem for the RSA private operation.
- *
- * Uncomment this macro to disable the use of CRT in RSA.
- *
- */
-//#define POLARSSL_RSA_NO_CRT
-
-/**
- * \def POLARSSL_SELF_TEST
- *
- * Enable the checkup functions (*_self_test).
- */
-#define POLARSSL_SELF_TEST
-
-/**
- * \def POLARSSL_SSL_ALL_ALERT_MESSAGES
- *
- * Enable sending of alert messages in case of encountered errors as per RFC.
- * If you choose not to send the alert messages, PolarSSL can still communicate
- * with other servers, only debugging of failures is harder.
- *
- * The advantage of not sending alert messages, is that no information is given
- * about reasons for failures thus preventing adversaries of gaining intel.
- *
- * Enable sending of all alert messages
- */
-#define POLARSSL_SSL_ALERT_MESSAGES
-
-/**
- * \def POLARSSL_SSL_DEBUG_ALL
- *
- * Enable the debug messages in SSL module for all issues.
- * Debug messages have been disabled in some places to prevent timing
- * attacks due to (unbalanced) debugging function calls.
- *
- * If you need all error reporting you should enable this during debugging,
- * but remove this for production servers that should log as well.
- *
- * Uncomment this macro to report all debug messages on errors introducing
- * a timing side-channel.
- *
- */
-//#define POLARSSL_SSL_DEBUG_ALL
-
-/**
- * \def POLARSSL_SSL_HW_RECORD_ACCEL
- *
- * Enable hooking functions in SSL module for hardware acceleration of
- * individual records.
- *
- * Uncomment this macro to enable hooking functions.
- */
-//#define POLARSSL_SSL_HW_RECORD_ACCEL
-
-/**
- * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
- *
- * Enable support for receiving and parsing SSLv2 Client Hello messages for the
- * SSL Server module (POLARSSL_SSL_SRV_C).
- *
- * Comment this macro to disable support for SSLv2 Client Hello messages.
- */
-#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
-
-/**
- * \def POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE
- *
- * Pick the ciphersuite according to the client's preferences rather than ours
- * in the SSL Server module (POLARSSL_SSL_SRV_C).
- *
- * Uncomment this macro to respect client's ciphersuite order
- */
-//#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE
-
-/**
- * \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH
- *
- * Enable support for RFC 6066 max_fragment_length extension in SSL.
- *
- * Comment this macro to disable support for the max_fragment_length extension
- */
-#define POLARSSL_SSL_MAX_FRAGMENT_LENGTH
-
-/**
- * \def POLARSSL_SSL_PROTO_SSL3
- *
- * Enable support for SSL 3.0.
- *
- * Requires: POLARSSL_MD5_C
- * POLARSSL_SHA1_C
- *
- * Comment this macro to disable support for SSL 3.0
- */
-#define POLARSSL_SSL_PROTO_SSL3
-
-/**
- * \def POLARSSL_SSL_PROTO_TLS1
- *
- * Enable support for TLS 1.0.
- *
- * Requires: POLARSSL_MD5_C
- * POLARSSL_SHA1_C
- *
- * Comment this macro to disable support for TLS 1.0
- */
-#define POLARSSL_SSL_PROTO_TLS1
-
-/**
- * \def POLARSSL_SSL_PROTO_TLS1_1
- *
- * Enable support for TLS 1.1.
- *
- * Requires: POLARSSL_MD5_C
- * POLARSSL_SHA1_C
- *
- * Comment this macro to disable support for TLS 1.1
- */
-#define POLARSSL_SSL_PROTO_TLS1_1
-
-/**
- * \def POLARSSL_SSL_PROTO_TLS1_2
- *
- * Enable support for TLS 1.2.
- *
- * Requires: POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C
- * (Depends on ciphersuites)
- *
- * Comment this macro to disable support for TLS 1.2
- */
-#define POLARSSL_SSL_PROTO_TLS1_2
-
-/**
- * \def POLARSSL_SSL_ALPN
- *
- * Enable support for Application Layer Protocol Negotiation.
- * draft-ietf-tls-applayerprotoneg-05
- *
- * Comment this macro to disable support for ALPN.
- */
-#define POLARSSL_SSL_ALPN
-
-/**
- * \def POLARSSL_SSL_SESSION_TICKETS
- *
- * Enable support for RFC 5077 session tickets in SSL.
- *
- * Requires: POLARSSL_AES_C
- * POLARSSL_SHA256_C
- * POLARSSL_CIPHER_MODE_CBC
- *
- * Comment this macro to disable support for SSL session tickets
- */
-#define POLARSSL_SSL_SESSION_TICKETS
-
-/**
- * \def POLARSSL_SSL_SERVER_NAME_INDICATION
- *
- * Enable support for RFC 6066 server name indication (SNI) in SSL.
- *
- * Comment this macro to disable support for server name indication in SSL
- */
-#define POLARSSL_SSL_SERVER_NAME_INDICATION
-
-/**
- * \def POLARSSL_SSL_TRUNCATED_HMAC
- *
- * Enable support for RFC 6066 truncated HMAC in SSL.
- *
- * Comment this macro to disable support for truncated HMAC in SSL
- */
-#define POLARSSL_SSL_TRUNCATED_HMAC
-
-/**
- * \def POLARSSL_SSL_SET_CURVES
- *
- * Enable ssl_set_curves().
- *
- * This is disabled by default since it breaks binary compatibility with the
- * 1.3.x line. If you choose to enable it, you will need to rebuild your
- * application against the new header files, relinking will not be enough.
- * It will be enabled by default, or no longer an option, in the 1.4 branch.
- *
- * Uncomment to make ssl_set_curves() available.
- */
-//#define POLARSSL_SSL_SET_CURVES
-
-/**
- * \def POLARSSL_THREADING_ALT
- *
- * Provide your own alternate threading implementation.
- *
- * Requires: POLARSSL_THREADING_C
- *
- * Uncomment this to allow your own alternate threading implementation.
- */
-//#define POLARSSL_THREADING_ALT
-
-/**
- * \def POLARSSL_THREADING_PTHREAD
- *
- * Enable the pthread wrapper layer for the threading layer.
- *
- * Requires: POLARSSL_THREADING_C
- *
- * Uncomment this to enable pthread mutexes.
- */
-//#define POLARSSL_THREADING_PTHREAD
-
-/**
- * \def POLARSSL_VERSION_FEATURES
- *
- * Allow run-time checking of compile-time enabled features. Thus allowing users
- * to check at run-time if the library is for instance compiled with threading
- * support via version_check_feature().
- *
- * Requires: POLARSSL_VERSION_C
- *
- * Comment this to disable run-time checking and save ROM space
- */
-#define POLARSSL_VERSION_FEATURES
-
-/**
- * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an extension in a v1 or v2 certificate.
- *
- * Uncomment to prevent an error.
- */
-//#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
-
-/**
- * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an unknown critical extension.
- *
- * Uncomment to prevent an error.
- */
-//#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-
-/**
- * \def POLARSSL_X509_CHECK_KEY_USAGE
- *
- * Enable verification of the keyUsage extension (CA and leaf certificates).
- *
- * Disabling this avoids problems with mis-issued and/or misused
- * (intermediate) CA and leaf certificates.
- *
- * \warning Depending on your PKI use, disabling this can be a security risk!
- *
- * Comment to skip keyUsage checking for both CA and leaf certificates.
- */
-#define POLARSSL_X509_CHECK_KEY_USAGE
-
-/**
- * \def POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
- *
- * Enable verification of the extendedKeyUsage extension (leaf certificates).
- *
- * Disabling this avoids problems with mis-issued and/or misused certificates.
- *
- * \warning Depending on your PKI use, disabling this can be a security risk!
- *
- * Comment to skip extendedKeyUsage checking for certificates.
- */
-#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
-
-/**
- * \def POLARSSL_X509_RSASSA_PSS_SUPPORT
- *
- * Enable parsing and verification of X.509 certificates, CRLs and CSRS
- * signed with RSASSA-PSS (aka PKCS#1 v2.1).
- *
- * Comment this macro to disallow using RSASSA-PSS in certificates.
- */
-#define POLARSSL_X509_RSASSA_PSS_SUPPORT
-
-/**
- * \def POLARSSL_ZLIB_SUPPORT
- *
- * If set, the SSL/TLS module uses ZLIB to support compression and
- * decompression of packet data.
- *
- * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
- * CRIME attack. Before enabling this option, you should examine with care if
- * CRIME or similar exploits may be a applicable to your use case.
- *
- * Used in: library/ssl_tls.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- *
- * This feature requires zlib library and headers to be present.
- *
- * Uncomment to enable use of ZLIB
- */
-//#define POLARSSL_ZLIB_SUPPORT
-/* \} name SECTION: PolarSSL feature support */
-
-/**
- * \name SECTION: PolarSSL modules
- *
- * This section enables or disables entire modules in PolarSSL
- * \{
- */
-
-/**
- * \def POLARSSL_AESNI_C
- *
- * Enable AES-NI support on x86-64.
- *
- * Module: library/aesni.c
- * Caller: library/aes.c
- *
- * Requires: POLARSSL_HAVE_ASM
- *
- * This modules adds support for the AES-NI instructions on x86-64
- */
-//#define POLARSSL_AESNI_C
-
-/**
- * \def POLARSSL_AES_C
- *
- * Enable the AES block cipher.
- *
- * Module: library/aes.c
- * Caller: library/ssl_tls.c
- * library/pem.c
- * library/ctr_drbg.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- * TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- * TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- * TLS_RSA_WITH_AES_256_GCM_SHA384
- * TLS_RSA_WITH_AES_256_CBC_SHA256
- * TLS_RSA_WITH_AES_256_CBC_SHA
- * TLS_RSA_WITH_AES_128_GCM_SHA256
- * TLS_RSA_WITH_AES_128_CBC_SHA256
- * TLS_RSA_WITH_AES_128_CBC_SHA
- * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- * TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- * TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- * TLS_PSK_WITH_AES_256_GCM_SHA384
- * TLS_PSK_WITH_AES_256_CBC_SHA384
- * TLS_PSK_WITH_AES_256_CBC_SHA
- * TLS_PSK_WITH_AES_128_GCM_SHA256
- * TLS_PSK_WITH_AES_128_CBC_SHA256
- * TLS_PSK_WITH_AES_128_CBC_SHA
- *
- * PEM_PARSE uses AES for decrypting encrypted keys.
- */
-#define POLARSSL_AES_C
-
-/**
- * \def POLARSSL_ARC4_C
- *
- * Enable the ARCFOUR stream cipher.
- *
- * Module: library/arc4.c
- * Caller: library/ssl_tls.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- * TLS_ECDH_RSA_WITH_RC4_128_SHA
- * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- * TLS_ECDHE_RSA_WITH_RC4_128_SHA
- * TLS_ECDHE_PSK_WITH_RC4_128_SHA
- * TLS_DHE_PSK_WITH_RC4_128_SHA
- * TLS_RSA_WITH_RC4_128_SHA
- * TLS_RSA_WITH_RC4_128_MD5
- * TLS_RSA_PSK_WITH_RC4_128_SHA
- * TLS_PSK_WITH_RC4_128_SHA
- */
-#define POLARSSL_ARC4_C
-
-/**
- * \def POLARSSL_ASN1_PARSE_C
- *
- * Enable the generic ASN1 parser.
- *
- * Module: library/asn1.c
- * Caller: library/x509.c
- * library/dhm.c
- * library/pkcs12.c
- * library/pkcs5.c
- * library/pkparse.c
- */
-#define POLARSSL_ASN1_PARSE_C
-
-/**
- * \def POLARSSL_ASN1_WRITE_C
- *
- * Enable the generic ASN1 writer.
- *
- * Module: library/asn1write.c
- * Caller: library/ecdsa.c
- * library/pkwrite.c
- * library/x509_create.c
- * library/x509write_crt.c
- * library/x509write_csr.c
- */
-#define POLARSSL_ASN1_WRITE_C
-
-/**
- * \def POLARSSL_BASE64_C
- *
- * Enable the Base64 module.
- *
- * Module: library/base64.c
- * Caller: library/pem.c
- *
- * This module is required for PEM support (required by X.509).
- */
-#define POLARSSL_BASE64_C
-
-/**
- * \def POLARSSL_BIGNUM_C
- *
- * Enable the multi-precision integer library.
- *
- * Module: library/bignum.c
- * Caller: library/dhm.c
- * library/ecp.c
- * library/ecdsa.c
- * library/rsa.c
- * library/ssl_tls.c
- *
- * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
- */
-#define POLARSSL_BIGNUM_C
-
-/**
- * \def POLARSSL_BLOWFISH_C
- *
- * Enable the Blowfish block cipher.
- *
- * Module: library/blowfish.c
- */
-#define POLARSSL_BLOWFISH_C
-
-/**
- * \def POLARSSL_CAMELLIA_C
- *
- * Enable the Camellia block cipher.
- *
- * Module: library/camellia.c
- * Caller: library/ssl_tls.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define POLARSSL_CAMELLIA_C
-
-/**
- * \def POLARSSL_CCM_C
- *
- * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
- *
- * Module: library/ccm.c
- *
- * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
- *
- * This module enables the AES-CCM ciphersuites, if other requisites are
- * enabled as well.
- */
-#define POLARSSL_CCM_C
-
-/**
- * \def POLARSSL_CERTS_C
- *
- * Enable the test certificates.
- *
- * Module: library/certs.c
- * Caller:
- *
- * Requires: POLARSSL_PEM_PARSE_C
- *
- * This module is used for testing (ssl_client/server).
- */
-#define POLARSSL_CERTS_C
-
-/**
- * \def POLARSSL_CIPHER_C
- *
- * Enable the generic cipher layer.
- *
- * Module: library/cipher.c
- * Caller: library/ssl_tls.c
- *
- * Uncomment to enable generic cipher wrappers.
- */
-#define POLARSSL_CIPHER_C
-
-/**
- * \def POLARSSL_CTR_DRBG_C
- *
- * Enable the CTR_DRBG AES-256-based random generator.
- *
- * Module: library/ctr_drbg.c
- * Caller:
- *
- * Requires: POLARSSL_AES_C
- *
- * This module provides the CTR_DRBG AES-256 random number generator.
- */
-#define POLARSSL_CTR_DRBG_C
-
-/**
- * \def POLARSSL_DEBUG_C
- *
- * Enable the debug functions.
- *
- * Module: library/debug.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- *
- * This module provides debugging functions.
- */
-#define POLARSSL_DEBUG_C
-
-/**
- * \def POLARSSL_DES_C
- *
- * Enable the DES block cipher.
- *
- * Module: library/des.c
- * Caller: library/pem.c
- * library/ssl_tls.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
- * TLS_RSA_WITH_3DES_EDE_CBC_SHA
- * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
- * TLS_PSK_WITH_3DES_EDE_CBC_SHA
- *
- * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
- */
-#define POLARSSL_DES_C
-
-/**
- * \def POLARSSL_DHM_C
- *
- * Enable the Diffie-Hellman-Merkle module.
- *
- * Module: library/dhm.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- *
- * This module is used by the following key exchanges:
- * DHE-RSA, DHE-PSK
- */
-#define POLARSSL_DHM_C
-
-/**
- * \def POLARSSL_ECDH_C
- *
- * Enable the elliptic curve Diffie-Hellman library.
- *
- * Module: library/ecdh.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- *
- * This module is used by the following key exchanges:
- * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
- *
- * Requires: POLARSSL_ECP_C
- */
-#define POLARSSL_ECDH_C
-
-/**
- * \def POLARSSL_ECDSA_C
- *
- * Enable the elliptic curve DSA library.
- *
- * Module: library/ecdsa.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- * ECDHE-ECDSA
- *
- * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
- */
-#define POLARSSL_ECDSA_C
-
-/**
- * \def POLARSSL_ECP_C
- *
- * Enable the elliptic curve over GF(p) library.
- *
- * Module: library/ecp.c
- * Caller: library/ecdh.c
- * library/ecdsa.c
- *
- * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED
- */
-#define POLARSSL_ECP_C
-
-/**
- * \def POLARSSL_ENTROPY_C
- *
- * Enable the platform-specific entropy code.
- *
- * Module: library/entropy.c
- * Caller:
- *
- * Requires: POLARSSL_SHA512_C or POLARSSL_SHA256_C
- *
- * This module provides a generic entropy pool
- */
-#define POLARSSL_ENTROPY_C
-
-/**
- * \def POLARSSL_ERROR_C
- *
- * Enable error code to error string conversion.
- *
- * Module: library/error.c
- * Caller:
- *
- * This module enables polarssl_strerror().
- */
-#define POLARSSL_ERROR_C
-
-/**
- * \def POLARSSL_GCM_C
- *
- * Enable the Galois/Counter Mode (GCM) for AES.
- *
- * Module: library/gcm.c
- *
- * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
- *
- * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
- * requisites are enabled as well.
- */
-#define POLARSSL_GCM_C
-
-/**
- * \def POLARSSL_HAVEGE_C
- *
- * Enable the HAVEGE random generator.
- *
- * Warning: the HAVEGE random generator is not suitable for virtualized
- * environments
- *
- * Warning: the HAVEGE random generator is dependent on timing and specific
- * processor traits. It is therefore not advised to use HAVEGE as
- * your applications primary random generator or primary entropy pool
- * input. As a secondary input to your entropy pool, it IS able add
- * the (limited) extra entropy it provides.
- *
- * Module: library/havege.c
- * Caller:
- *
- * Requires: POLARSSL_TIMING_C
- *
- * Uncomment to enable the HAVEGE random generator.
- */
-//#define POLARSSL_HAVEGE_C
-
-/**
- * \def POLARSSL_HMAC_DRBG_C
- *
- * Enable the HMAC_DRBG random generator.
- *
- * Module: library/hmac_drbg.c
- * Caller:
- *
- * Requires: POLARSSL_MD_C
- *
- * Uncomment to enable the HMAC_DRBG random number geerator.
- */
-#define POLARSSL_HMAC_DRBG_C
-
-/**
- * \def POLARSSL_MD_C
- *
- * Enable the generic message digest layer.
- *
- * Module: library/md.c
- * Caller:
- *
- * Uncomment to enable generic message digest wrappers.
- */
-#define POLARSSL_MD_C
-
-/**
- * \def POLARSSL_MD2_C
- *
- * Enable the MD2 hash algorithm.
- *
- * Module: library/md2.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD2-signed X.509 certs.
- */
-//#define POLARSSL_MD2_C
-
-/**
- * \def POLARSSL_MD4_C
- *
- * Enable the MD4 hash algorithm.
- *
- * Module: library/md4.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD4-signed X.509 certs.
- */
-//#define POLARSSL_MD4_C
-
-/**
- * \def POLARSSL_MD5_C
- *
- * Enable the MD5 hash algorithm.
- *
- * Module: library/md5.c
- * Caller: library/md.c
- * library/pem.c
- * library/ssl_tls.c
- *
- * This module is required for SSL/TLS and X.509.
- * PEM_PARSE uses MD5 for decrypting encrypted keys.
- */
-#define POLARSSL_MD5_C
-
-/**
- * \def POLARSSL_MEMORY_C
- * Deprecated since 1.3.5. Please use POLARSSL_PLATFORM_MEMORY instead.
- */
-//#define POLARSSL_MEMORY_C
-
-/**
- * \def POLARSSL_MEMORY_BUFFER_ALLOC_C
- *
- * Enable the buffer allocator implementation that makes use of a (stack)
- * based buffer to 'allocate' dynamic memory. (replaces malloc() and free()
- * calls)
- *
- * Module: library/memory_buffer_alloc.c
- *
- * Requires: POLARSSL_PLATFORM_C
- * POLARSSL_PLATFORM_MEMORY (to use it within PolarSSL)
- *
- * Enable this module to enable the buffer memory allocator.
- */
-//#define POLARSSL_MEMORY_BUFFER_ALLOC_C
-
-/**
- * \def POLARSSL_NET_C
- *
- * Enable the TCP/IP networking routines.
- *
- * Module: library/net.c
- *
- * This module provides TCP/IP networking routines.
- */
-#define POLARSSL_NET_C
-
-/**
- * \def POLARSSL_OID_C
- *
- * Enable the OID database.
- *
- * Module: library/oid.c
- * Caller: library/asn1write.c
- * library/pkcs5.c
- * library/pkparse.c
- * library/pkwrite.c
- * library/rsa.c
- * library/x509.c
- * library/x509_create.c
- * library/x509_crl.c
- * library/x509_crt.c
- * library/x509_csr.c
- * library/x509write_crt.c
- * library/x509write_csr.c
- *
- * This modules translates between OIDs and internal values.
- */
-#define POLARSSL_OID_C
-
-/**
- * \def POLARSSL_PADLOCK_C
- *
- * Enable VIA Padlock support on x86.
- *
- * Module: library/padlock.c
- * Caller: library/aes.c
- *
- * Requires: POLARSSL_HAVE_ASM
- *
- * This modules adds support for the VIA PadLock on x86.
- */
-//#define POLARSSL_PADLOCK_C
-
-/**
- * \def POLARSSL_PBKDF2_C
- *
- * Enable PKCS#5 PBKDF2 key derivation function.
- * DEPRECATED: Use POLARSSL_PKCS5_C instead
- *
- * Module: library/pbkdf2.c
- *
- * Requires: POLARSSL_PKCS5_C
- *
- * This module adds support for the PKCS#5 PBKDF2 key derivation function.
- */
-#define POLARSSL_PBKDF2_C
-
-/**
- * \def POLARSSL_PEM_PARSE_C
- *
- * Enable PEM decoding / parsing.
- *
- * Module: library/pem.c
- * Caller: library/dhm.c
- * library/pkparse.c
- * library/x509_crl.c
- * library/x509_crt.c
- * library/x509_csr.c
- *
- * Requires: POLARSSL_BASE64_C
- *
- * This modules adds support for decoding / parsing PEM files.
- */
-#define POLARSSL_PEM_PARSE_C
-
-/**
- * \def POLARSSL_PEM_WRITE_C
- *
- * Enable PEM encoding / writing.
- *
- * Module: library/pem.c
- * Caller: library/pkwrite.c
- * library/x509write_crt.c
- * library/x509write_csr.c
- *
- * Requires: POLARSSL_BASE64_C
- *
- * This modules adds support for encoding / writing PEM files.
- */
-#define POLARSSL_PEM_WRITE_C
-
-/**
- * \def POLARSSL_PK_C
- *
- * Enable the generic public (asymetric) key layer.
- *
- * Module: library/pk.c
- * Caller: library/ssl_tls.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- *
- * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C
- *
- * Uncomment to enable generic public key wrappers.
- */
-#define POLARSSL_PK_C
-
-/**
- * \def POLARSSL_PK_PARSE_C
- *
- * Enable the generic public (asymetric) key parser.
- *
- * Module: library/pkparse.c
- * Caller: library/x509_crt.c
- * library/x509_csr.c
- *
- * Requires: POLARSSL_PK_C
- *
- * Uncomment to enable generic public key parse functions.
- */
-#define POLARSSL_PK_PARSE_C
-
-/**
- * \def POLARSSL_PK_WRITE_C
- *
- * Enable the generic public (asymetric) key writer.
- *
- * Module: library/pkwrite.c
- * Caller: library/x509write.c
- *
- * Requires: POLARSSL_PK_C
- *
- * Uncomment to enable generic public key write functions.
- */
-#define POLARSSL_PK_WRITE_C
-
-/**
- * \def POLARSSL_PKCS5_C
- *
- * Enable PKCS#5 functions.
- *
- * Module: library/pkcs5.c
- *
- * Requires: POLARSSL_MD_C
- *
- * This module adds support for the PKCS#5 functions.
- */
-#define POLARSSL_PKCS5_C
-
-/**
- * \def POLARSSL_PKCS11_C
- *
- * Enable wrapper for PKCS#11 smartcard support.
- *
- * Module: library/pkcs11.c
- * Caller: library/pk.c
- *
- * Requires: POLARSSL_PK_C
- *
- * This module enables SSL/TLS PKCS #11 smartcard support.
- * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
- */
-//#define POLARSSL_PKCS11_C
-
-/**
- * \def POLARSSL_PKCS12_C
- *
- * Enable PKCS#12 PBE functions.
- * Adds algorithms for parsing PKCS#8 encrypted private keys
- *
- * Module: library/pkcs12.c
- * Caller: library/pkparse.c
- *
- * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C
- * Can use: POLARSSL_ARC4_C
- *
- * This module enables PKCS#12 functions.
- */
-#define POLARSSL_PKCS12_C
-
-/**
- * \def POLARSSL_PLATFORM_C
- *
- * Enable the platform abstraction layer that allows you to re-assign
- * functions like malloc(), free(), printf(), fprintf()
- *
- * Module: library/platform.c
- * Caller: Most other .c files
- *
- * This module enables abstraction of common (libc) functions.
- */
-//#define POLARSSL_PLATFORM_C
-
-/**
- * \def POLARSSL_RIPEMD160_C
- *
- * Enable the RIPEMD-160 hash algorithm.
- *
- * Module: library/ripemd160.c
- * Caller: library/md.c
- *
- */
-#define POLARSSL_RIPEMD160_C
-
-/**
- * \def POLARSSL_RSA_C
- *
- * Enable the RSA public-key cryptosystem.
- *
- * Module: library/rsa.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- * library/x509.c
- *
- * This module is used by the following key exchanges:
- * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
- *
- * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
- */
-#define POLARSSL_RSA_C
-
-/**
- * \def POLARSSL_SHA1_C
- *
- * Enable the SHA1 cryptographic hash algorithm.
- *
- * Module: library/sha1.c
- * Caller: library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- * library/x509write_crt.c
- *
- * This module is required for SSL/TLS and SHA1-signed certificates.
- */
-#define POLARSSL_SHA1_C
-
-/**
- * \def POLARSSL_SHA256_C
- *
- * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
- * (Used to be POLARSSL_SHA2_C)
- *
- * Module: library/sha256.c
- * Caller: library/entropy.c
- * library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- *
- * This module adds support for SHA-224 and SHA-256.
- * This module is required for the SSL/TLS 1.2 PRF function.
- */
-#define POLARSSL_SHA256_C
-
-/**
- * \def POLARSSL_SHA512_C
- *
- * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
- * (Used to be POLARSSL_SHA4_C)
- *
- * Module: library/sha512.c
- * Caller: library/entropy.c
- * library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- *
- * This module adds support for SHA-384 and SHA-512.
- */
-#define POLARSSL_SHA512_C
-
-/**
- * \def POLARSSL_SSL_CACHE_C
- *
- * Enable simple SSL cache implementation.
- *
- * Module: library/ssl_cache.c
- * Caller:
- *
- * Requires: POLARSSL_SSL_CACHE_C
- */
-#define POLARSSL_SSL_CACHE_C
-
-/**
- * \def POLARSSL_SSL_CLI_C
- *
- * Enable the SSL/TLS client code.
- *
- * Module: library/ssl_cli.c
- * Caller:
- *
- * Requires: POLARSSL_SSL_TLS_C
- *
- * This module is required for SSL/TLS client support.
- */
-#define POLARSSL_SSL_CLI_C
-
-/**
- * \def POLARSSL_SSL_SRV_C
- *
- * Enable the SSL/TLS server code.
- *
- * Module: library/ssl_srv.c
- * Caller:
- *
- * Requires: POLARSSL_SSL_TLS_C
- *
- * This module is required for SSL/TLS server support.
- */
-#define POLARSSL_SSL_SRV_C
-
-/**
- * \def POLARSSL_SSL_TLS_C
- *
- * Enable the generic SSL/TLS code.
- *
- * Module: library/ssl_tls.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- *
- * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C
- * and at least one of the POLARSSL_SSL_PROTO_* defines
- *
- * This module is required for SSL/TLS.
- */
-#define POLARSSL_SSL_TLS_C
-
-/**
- * \def POLARSSL_THREADING_C
- *
- * Enable the threading abstraction layer.
- * By default PolarSSL assumes it is used in a non-threaded environment or that
- * contexts are not shared between threads. If you do intend to use contexts
- * between threads, you will need to enable this layer to prevent race
- * conditions.
- *
- * Module: library/threading.c
- *
- * This allows different threading implementations (self-implemented or
- * provided).
- *
- * You will have to enable either POLARSSL_THREADING_ALT or
- * POLARSSL_THREADING_PTHREAD.
- *
- * Enable this layer to allow use of mutexes within PolarSSL
- */
-//#define POLARSSL_THREADING_C
-
-/**
- * \def POLARSSL_TIMING_C
- *
- * Enable the portable timing interface.
- *
- * Module: library/timing.c
- * Caller: library/havege.c
- *
- * This module is used by the HAVEGE random number generator.
- */
-#define POLARSSL_TIMING_C
-
-/**
- * \def POLARSSL_VERSION_C
- *
- * Enable run-time version information.
- *
- * Module: library/version.c
- *
- * This module provides run-time version information.
- */
-#define POLARSSL_VERSION_C
-
-/**
- * \def POLARSSL_X509_USE_C
- *
- * Enable X.509 core for using certificates.
- *
- * Module: library/x509.c
- * Caller: library/x509_crl.c
- * library/x509_crt.c
- * library/x509_csr.c
- *
- * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C,
- * POLARSSL_PK_PARSE_C
- *
- * This module is required for the X.509 parsing modules.
- */
-#define POLARSSL_X509_USE_C
-
-/**
- * \def POLARSSL_X509_CRT_PARSE_C
- *
- * Enable X.509 certificate parsing.
- *
- * Module: library/x509_crt.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- *
- * Requires: POLARSSL_X509_USE_C
- *
- * This module is required for X.509 certificate parsing.
- */
-#define POLARSSL_X509_CRT_PARSE_C
-
-/**
- * \def POLARSSL_X509_CRL_PARSE_C
- *
- * Enable X.509 CRL parsing.
- *
- * Module: library/x509_crl.c
- * Caller: library/x509_crt.c
- *
- * Requires: POLARSSL_X509_USE_C
- *
- * This module is required for X.509 CRL parsing.
- */
-#define POLARSSL_X509_CRL_PARSE_C
-
-/**
- * \def POLARSSL_X509_CSR_PARSE_C
- *
- * Enable X.509 Certificate Signing Request (CSR) parsing.
- *
- * Module: library/x509_csr.c
- * Caller: library/x509_crt_write.c
- *
- * Requires: POLARSSL_X509_USE_C
- *
- * This module is used for reading X.509 certificate request.
- */
-#define POLARSSL_X509_CSR_PARSE_C
-
-/**
- * \def POLARSSL_X509_CREATE_C
- *
- * Enable X.509 core for creating certificates.
- *
- * Module: library/x509_create.c
- *
- * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C
- *
- * This module is the basis for creating X.509 certificates and CSRs.
- */
-#define POLARSSL_X509_CREATE_C
-
-/**
- * \def POLARSSL_X509_CRT_WRITE_C
- *
- * Enable creating X.509 certificates.
- *
- * Module: library/x509_crt_write.c
- *
- * Requires: POLARSSL_CREATE_C
- *
- * This module is required for X.509 certificate creation.
- */
-#define POLARSSL_X509_CRT_WRITE_C
-
-/**
- * \def POLARSSL_X509_CSR_WRITE_C
- *
- * Enable creating X.509 Certificate Signing Requests (CSR).
- *
- * Module: library/x509_csr_write.c
- *
- * Requires: POLARSSL_CREATE_C
- *
- * This module is required for X.509 certificate request writing.
- */
-#define POLARSSL_X509_CSR_WRITE_C
-
-/**
- * \def POLARSSL_XTEA_C
- *
- * Enable the XTEA block cipher.
- *
- * Module: library/xtea.c
- * Caller:
- */
-#define POLARSSL_XTEA_C
-
-/* \} name SECTION: PolarSSL modules */
-
-/**
- * \name SECTION: Module configuration options
- *
- * This section allows for the setting of module specific sizes and
- * configuration options. The default values are already present in the
- * relevant header files and should suffice for the regular use cases.
- *
- * Our advice is to enable options and change their values here
- * only if you have a good reason and know the consequences.
- *
- * Please check the respective header file for documentation on these
- * parameters (to prevent duplicate documentation).
- * \{
- */
-
-/* MPI / BIGNUM options */
-//#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
-//#define POLARSSL_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
-
-/* CTR_DRBG options */
-//#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
-//#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-//#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-//#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-//#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-
-/* HMAC_DRBG options */
-//#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-//#define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-//#define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-//#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-
-/* ECP options */
-//#define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
-//#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
-//#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
-
-/* Entropy options */
-//#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
-//#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
-
-/* Memory buffer allocator options */
-//#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
-
-/* Platform options */
-//#define POLARSSL_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */
-//#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
-//#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
-//#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
-
-/* SSL Cache options */
-//#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
-//#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
-
-/* SSL options */
-//#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
-//#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
-//#define POLARSSL_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
-
-/**
- * Complete list of ciphersuites to use, in order of preference.
- *
- * \warning No dependency checking is done on that field! This option can only
- * be used to restrict the set of available ciphersuites. It is your
- * responsibility to make sure the needed modules are active.
- *
- * Use this to save a few hundred bytes of ROM (default ordering of all
- * available ciphersuites) and a few to a few hundred bytes of RAM.
- *
- * The value below is only an example, not the default.
- */
-//#define SSL_CIPHERSUITES TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-
-/* Debug options */
-//#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
-
-/* \} name SECTION: Module configuration options */
-
-
-#endif /* POLARSSL_CONFIG_H */
static ProxGuiQT *gui = NULL;
static WorkerThread *main_loop_thread = NULL;
-WorkerThread::WorkerThread(char *script_cmds_file, bool usb_present) : script_cmds_file(script_cmds_file), usb_present(usb_present)
+WorkerThread::WorkerThread(char *script_cmds_file, char *script_cmd, bool usb_present) : script_cmds_file(script_cmds_file), script_cmd(script_cmd), usb_present(usb_present)
{
}
}
void WorkerThread::run() {
- main_loop(script_cmds_file, usb_present);
+ main_loop(script_cmds_file, script_cmd, usb_present);
}
extern "C" void ShowGraphWindow(void)
if (!gui)
return;
- main_loop_thread->start();
gui->MainLoop();
}
-extern "C" void InitGraphics(int argc, char **argv, char *script_cmds_file, bool usb_present)
+extern "C" void InitGraphics(int argc, char **argv, char *script_cmds_file, char *script_cmd, bool usb_present)
{
#ifdef Q_WS_X11
bool useGUI = getenv("DISPLAY") != 0;
if (!useGUI)
return;
- gui = new ProxGuiQT(argc, argv);
- main_loop_thread = new WorkerThread(script_cmds_file, usb_present);
- QObject::connect(main_loop_thread, SIGNAL(finished()), main_loop_thread, SLOT(deleteLater()));
- QObject::connect(main_loop_thread, SIGNAL(finished()), gui, SLOT(_Exit()));
+ main_loop_thread = new WorkerThread(script_cmds_file, script_cmd, usb_present);
+ gui = new ProxGuiQT(argc, argv, main_loop_thread);
}
-
extern "C" void ExitGraphics(void)
{
- if (!gui)
- return;
+ if (!gui)
+ return;
- gui->Exit();
- gui = NULL;
+ gui->Exit();
+ gui = NULL;
}
void HideGraphWindow(void);
void RepaintGraphWindow(void);
void MainGraphics(void);
-void InitGraphics(int argc, char **argv, char *script_cmds_file, bool usb_present);
+void InitGraphics(int argc, char **argv, char *script_cmds_file, char *script_cmd, bool usb_present);
void ExitGraphics(void);
#define MAX_GRAPH_TRACE_LEN (40000*8)
delete this;
}
+void ProxGuiQT::_StartProxmarkThread(void) {
+ if (!proxmarkThread)
+ return;
+
+ // if thread finished delete self and delete application
+ QObject::connect(proxmarkThread, SIGNAL(finished()), proxmarkThread, SLOT(deleteLater()));
+ QObject::connect(proxmarkThread, SIGNAL(finished()), this, SLOT(_Exit()));
+ // start proxmark thread
+ proxmarkThread->start();
+}
+
void ProxGuiQT::MainLoop()
{
plotapp = new QApplication(argc, argv);
connect(this, SIGNAL(HideGraphWindowSignal()), this, SLOT(_HideGraphWindow()));
connect(this, SIGNAL(ExitSignal()), this, SLOT(_Exit()));
+ //start proxmark thread after starting event loop
+ QTimer::singleShot(200, this, SLOT(_StartProxmarkThread()));
+
plotapp->exec();
}
-ProxGuiQT::ProxGuiQT(int argc, char **argv) : plotapp(NULL), plotwidget(NULL),
- argc(argc), argv(argv)
+ProxGuiQT::ProxGuiQT(int argc, char **argv, WorkerThread *wthread) : plotapp(NULL), plotwidget(NULL),
+ argc(argc), argv(argv), proxmarkThread(wthread)
{
}
void vchange_dthr_down(int v);
};
+class WorkerThread : public QThread {
+ Q_OBJECT;
+ public:
+ WorkerThread(char*, char*, bool);
+ ~WorkerThread();
+ void run();
+ private:
+ char *script_cmds_file = NULL;
+ char *script_cmd = NULL;
+ bool usb_present;
+};
+
class ProxGuiQT : public QObject
{
Q_OBJECT;
int argc;
char **argv;
void (*main_func)(void);
+ WorkerThread *proxmarkThread;
public:
- ProxGuiQT(int argc, char **argv);
+ ProxGuiQT(int argc, char **argv, WorkerThread *wthread);
~ProxGuiQT(void);
void ShowGraphWindow(void);
void RepaintGraphWindow(void);
void _RepaintGraphWindow(void);
void _HideGraphWindow(void);
void _Exit(void);
+ void _StartProxmarkThread(void);
signals:
void ShowGraphWindowSignal(void);
void RepaintGraphWindowSignal(void);
void ExitSignal(void);
};
-
-class WorkerThread : public QThread {
- Q_OBJECT;
-public:
- WorkerThread(char*, bool);
- ~WorkerThread();
- void run();
-private:
- char *script_cmds_file = NULL;
- bool usb_present;
-};
-
#endif // PROXGUI_QT
#include <readline/history.h>
#include "proxmark3.h"
+#include "util_posix.h"
#include "proxgui.h"
#include "cmdmain.h"
#include "uart.h"
#include "ui.h"
+#include "util.h"
#include "cmdparser.h"
#include "cmdhw.h"
#include "whereami.h"
+#ifdef _WIN32
+#define SERIAL_PORT_H "com3"
+#else
+#define SERIAL_PORT_H "/dev/ttyACM0"
+#endif
// a global mutex to prevent interlaced printing from different threads
pthread_mutex_t print_lock;
}
-void main_loop(char *script_cmds_file, bool usb_present) {
+void main_loop(char *script_cmds_file, char *script_cmd, bool usb_present) {
struct receiver_arg rarg;
char *cmd = NULL;
pthread_t reader_thread;
-
+ bool execCommand = (script_cmd != NULL);
+ bool stdinOnPipe = !isatty(STDIN_FILENO);
+
if (usb_present) {
rarg.run = 1;
pthread_create(&reader_thread, NULL, &uart_receiver, &rarg);
CmdVersion(NULL);
}
+ // file with script
FILE *script_file = NULL;
- char script_cmd_buf[256]; // iceman, needs lua script the same file_path_buffer as the rest
+ char script_cmd_buf[256] = {0}; // iceman, needs lua script the same file_path_buffer as the rest
if (script_cmds_file) {
script_file = fopen(script_cmds_file, "r");
if (script_file) {
- printf("using 'scripting' commands file %s\n", script_cmds_file);
+ printf("executing commands from file: %s\n", script_cmds_file);
}
}
-
+
read_history(".history");
while(1) {
-
// If there is a script file
if (script_file)
{
+ memset(script_cmd_buf, 0, sizeof(script_cmd_buf));
if (!fgets(script_cmd_buf, sizeof(script_cmd_buf), script_file)) {
fclose(script_file);
script_file = NULL;
} else {
- char *nl;
- nl = strrchr(script_cmd_buf, '\r');
- if (nl) *nl = '\0';
-
- nl = strrchr(script_cmd_buf, '\n');
- if (nl) *nl = '\0';
+ strcleanrn(script_cmd_buf, sizeof(script_cmd_buf));
- if ((cmd = (char*) malloc(strlen(script_cmd_buf) + 1)) != NULL) {
- memset(cmd, 0, strlen(script_cmd_buf));
- strcpy(cmd, script_cmd_buf);
- printf("%s\n", cmd);
+ if ((cmd = strmcopy(script_cmd_buf)) != NULL) {
+ printf(PROXPROMPT"%s\n", cmd);
+ }
+ }
+ } else {
+ // If there is a script command
+ if (execCommand){
+ if ((cmd = strmcopy(script_cmd)) != NULL) {
+ printf(PROXPROMPT"%s\n", cmd);
+ }
+
+ execCommand = false;
+ } else {
+ // exit after exec command
+ if (script_cmd)
+ break;
+
+ // if there is a pipe from stdin
+ if (stdinOnPipe) {
+ memset(script_cmd_buf, 0, sizeof(script_cmd_buf));
+ if (!fgets(script_cmd_buf, sizeof(script_cmd_buf), stdin)) {
+ printf("\nStdin end. Exit...\n");
+ break;
+ }
+ strcleanrn(script_cmd_buf, sizeof(script_cmd_buf));
+
+ if ((cmd = strmcopy(script_cmd_buf)) != NULL) {
+ printf(PROXPROMPT"%s\n", cmd);
+ }
+
+ } else {
+ // read command from command prompt
+ cmd = readline(PROXPROMPT);
}
}
}
- if (!script_file) {
- cmd = readline(PROXPROMPT);
- }
-
+ // execute command
if (cmd) {
while(cmd[strlen(cmd) - 1] == ' ')
}
}
free(cmd);
+ cmd = NULL;
} else {
printf("\n");
break;
}
}
-
+
write_history(".history");
if (usb_present) {
fclose(script_file);
script_file = NULL;
}
-
}
static void dumpAllHelp(int markdown)
}
}
+static void show_help(bool showFullHelp, char *command_line){
+ printf("syntax: %s <port> [-h|-help|-m|-f|-flush|-w|-wait|-c|-command|-l|-lua] [cmd_script_file_name] [command][lua_script_name]\n", command_line);
+ printf("\tLinux example:'%s /dev/ttyACM0'\n", command_line);
+ printf("\tWindows example:'%s com3'\n\n", command_line);
+
+ if (showFullHelp){
+ printf("help: <-h|-help> Dump all interactive command's help at once.\n");
+ printf("\t%s -h\n\n", command_line);
+ printf("markdown: <-m> Dump all interactive help at once in markdown syntax\n");
+ printf("\t%s -m\n\n", command_line);
+ printf("flush: <-f|-flush> Output will be flushed after every print.\n");
+ printf("\t%s -f\n\n", command_line);
+ printf("wait: <-w|-wait> 20sec waiting the serial port to appear in the OS\n");
+ printf("\t%s "SERIAL_PORT_H" -w\n\n", command_line);
+ printf("script: A script file with one proxmark3 command per line.\n\n");
+ printf("command: <-c|-command> Execute one proxmark3 command.\n");
+ printf("\t%s "SERIAL_PORT_H" -c \"hf mf chk 1* ?\"\n", command_line);
+ printf("\t%s "SERIAL_PORT_H" -command \"hf mf nested 1 *\"\n\n", command_line);
+ printf("lua: <-l|-lua> Execute lua script.\n");
+ printf("\t%s "SERIAL_PORT_H" -l hf_read\n\n", command_line);
+ }
+}
int main(int argc, char* argv[]) {
srand(time(0));
+ bool usb_present = false;
+ bool waitCOMPort = false;
+ bool executeCommand = false;
+ bool addLuaExec = false;
+ char *script_cmds_file = NULL;
+ char *script_cmd = NULL;
+
if (argc < 2) {
- printf("syntax: %s <port>\n\n",argv[0]);
- printf("\tLinux example:'%s /dev/ttyACM0'\n\n", argv[0]);
- printf("help: %s -h\n\n", argv[0]);
- printf("\tDump all interactive help at once\n");
- printf("markdown: %s -m\n\n", argv[0]);
- printf("\tDump all interactive help at once in markdown syntax\n");
+ show_help(true, argv[0]);
return 1;
}
- if (strcmp(argv[1], "-h") == 0) {
- printf("syntax: %s <port>\n\n",argv[0]);
- printf("\tLinux example:'%s /dev/ttyACM0'\n\n", argv[0]);
- dumpAllHelp(0);
- return 0;
+
+ for (int i = 1; i < argc; i++) {
+ if (strcmp(argv[i], "-h") == 0 || strcmp(argv[i],"-help") == 0) {
+ show_help(false, argv[0]);
+ dumpAllHelp(0);
+ return 0;
+ }
+
+ if (strcmp(argv[i], "-m") == 0) {
+ dumpAllHelp(1);
+ return 0;
+ }
+
+ if(strcmp(argv[i],"-f") == 0 || strcmp(argv[i],"-flush") == 0){
+ printf("Output will be flushed after every print.\n");
+ flushAfterWrite = 1;
+ }
+
+ if(strcmp(argv[i],"-w") == 0 || strcmp(argv[i],"-wait") == 0){
+ waitCOMPort = true;
+ }
+
+ if(strcmp(argv[i],"-c") == 0 || strcmp(argv[i],"-command") == 0){
+ executeCommand = true;
+ }
+
+ if(strcmp(argv[i],"-l") == 0 || strcmp(argv[i],"-lua") == 0){
+ executeCommand = true;
+ addLuaExec = true;
+ }
}
- if (strcmp(argv[1], "-m") == 0) {
- dumpAllHelp(1);
- return 0;
+
+ // If the user passed the filename of the 'script' to execute, get it from last parameter
+ if (argc > 2 && argv[argc - 1] && argv[argc - 1][0] != '-') {
+ if (executeCommand){
+ script_cmd = argv[argc - 1];
+
+ while(script_cmd[strlen(script_cmd) - 1] == ' ')
+ script_cmd[strlen(script_cmd) - 1] = 0x00;
+
+ if (strlen(script_cmd) == 0) {
+ script_cmd = NULL;
+ } else {
+ if (addLuaExec){
+ // add "script run " to command
+ char *ctmp = NULL;
+ int len = strlen(script_cmd) + 11 + 1;
+ if ((ctmp = (char*) malloc(len)) != NULL) {
+ memset(ctmp, 0, len);
+ strcpy(ctmp, "script run ");
+ strcpy(&ctmp[11], script_cmd);
+ script_cmd = ctmp;
+ }
+ }
+
+ printf("Execute command from commandline: %s\n", script_cmd);
+ }
+ } else {
+ script_cmds_file = argv[argc - 1];
+ }
}
+ // check command
+ if (executeCommand && (!script_cmd || strlen(script_cmd) == 0)){
+ printf("ERROR: execute command: command not found.\n");
+ return 2;
+ }
+
+ // set global variables
set_my_executable_path();
- bool usb_present = false;
- char *script_cmds_file = NULL;
-
- sp = uart_open(argv[1]);
+ // open uart
+ if (!waitCOMPort) {
+ sp = uart_open(argv[1]);
+ } else {
+ printf("Waiting for Proxmark to appear on %s ", argv[1]);
+ int openCount = 0;
+ do {
+ sp = uart_open(argv[1]);
+ msleep(1000);
+ printf(".");
+ } while(++openCount < 20 && (sp == INVALID_SERIAL_PORT || sp == CLAIMED_SERIAL_PORT));
+ printf("\n");
+ }
+
+ // check result of uart opening
if (sp == INVALID_SERIAL_PORT) {
printf("ERROR: invalid serial port\n");
usb_present = false;
usb_present = true;
offline = 0;
}
-
- // If the user passed the filename of the 'script' to execute, get it
- if (argc > 2 && argv[2]) {
- if (argv[2][0] == 'f' && //buzzy, if a word 'flush' passed, flush the output after every log entry.
- argv[2][1] == 'l' &&
- argv[2][2] == 'u' &&
- argv[2][3] == 's' &&
- argv[2][4] == 'h')
- {
- printf("Output will be flushed after every print.\n");
- flushAfterWrite = 1;
- }
- else
- script_cmds_file = argv[2];
- }
-
+
// create a mutex to avoid interlacing print commands from our different threads
pthread_mutex_init(&print_lock, NULL);
#ifdef HAVE_GUI
- InitGraphics(argc, argv, script_cmds_file, usb_present);
+#ifdef _WIN32
+ InitGraphics(argc, argv, script_cmds_file, script_cmd, usb_present);
MainGraphics();
#else
- main_loop(script_cmds_file, usb_present);
+ char* display = getenv("DISPLAY");
+
+ if (display && strlen(display) > 1)
+ {
+ InitGraphics(argc, argv, script_cmds_file, script_cmd, usb_present);
+ MainGraphics();
+ }
+ else
+ {
+ main_loop(script_cmds_file, script_cmd, usb_present);
+ }
+#endif
+#else
+ main_loop(script_cmds_file, script_cmd, usb_present);
#endif
// Clean up the port
void SendCommand(UsbCommand *c);
const char *get_my_executable_path(void);
const char *get_my_executable_directory(void);
-void main_loop(char *script_cmds_file, bool usb_present);
+void main_loop(char *script_cmds_file, char *script_cmd, bool usb_present);
#ifdef __cplusplus
}
#include "../common/crc16.h"
#include "../common/crc64.h"
#include "../common/sha1.h"
-#include "aes.h"
+#include "polarssl/aes.h"
#include "cmdcrc.h"
/**
* The following params expected:
-p stay connected - dont inactivate the field
-x <payload> Data to send (NO SPACES!)
-d Debug flag
+ -t Topaz mode
+ -3 Skip ISO14443-4 select
Examples :
print(example)
end
+
---
-- The main entry point
function main(args)
local stayconnected = false
local payload = nil
local doconnect = true
+ local topaz_mode = false
+ local no_rats = false
-- Read the parameters
- for o, a in getopt.getopt(args, 'corcpx:') do
+ for o, a in getopt.getopt(args, 'orcpx:dt3') do
if o == "o" then doconnect = false end
if o == "r" then ignore_response = true end
if o == "c" then appendcrc = true end
if o == "p" then stayconnected = true end
if o == "x" then payload = a end
if o == "d" then DEBUG = true end
+ if o == "t" then topaz_mode = true end
+ if o == "3" then no_rats = true end
end
-- First of all, connect
dbg("doconnect")
-- We reuse the connect functionality from a
-- common library
- info, err = lib14a.read1443a(true)
+ info, err = lib14a.read1443a(true, no_rats)
if err then return oops(err) end
print(("Connected to card, uid = %s"):format(info.uid))
-- The actual raw payload, if any
if payload then
- res,err = sendRaw(payload,{ignore_response = ignore_response})
+ res,err = sendRaw(payload,{ignore_response = ignore_response, topaz_mode = topaz_mode})
if err then return oops(err) end
if not ignoreresponse then
end
-
function sendRaw(rawdata, options)
print(">> ", rawdata)
local flags = lib14a.ISO14A_COMMAND.ISO14A_NO_DISCONNECT + lib14a.ISO14A_COMMAND.ISO14A_RAW
+ if options.topaz_mode == true then flags = flags + lib14a.ISO14A_COMMAND.ISO14A_TOPAZMODE end
local command = Command:new{cmd = cmds.CMD_READER_ISO_14443a,
arg1 = flags, -- Send raw
-- GET TAG UID
- result, err = lib14a.read1443a(false)
+ result, err = lib14a.read1443a(false, true)
if not result then
return oops(err)
end
--\r
-- Read information from a card\r
function GetCardInfo()\r
- result, err = lib14a.read1443a(false)\r
+ result, err = lib14a.read1443a(false, true)\r
if not result then\r
print(err)\r
return\r
print(desc);
- result, err = reader.read1443a()
+ result, err = reader.read1443a(false, true)
if not result then
print(err)
return
-- @return if unsuccessfull : nil, error
function wait_for_mifare()
while not core.ukbhit() do
- res, err = reader.read1443a()
+ res, err = reader.read1443a(false, true)
if res then return res end
-- err means that there was no response from card
end
-- find tag
- result, err = lib14a.read1443a(false)
+ result, err = lib14a.read1443a(false, true)
if not result then return oops(err) end
-- load keys
local cmdSetDbgOff = "hf mf dbg 0"
core.console( cmdSetDbgOff)
- result, err = lib14a.read1443a(false)
+ result, err = lib14a.read1443a(false, true)
if not result then
return oops(err)
end
// -------------------------------------------------------------------------
// line - param line
-// bg, en - symbol numbers in param line of beginning an ending parameter
+// bg, en - symbol numbers in param line of beginning and ending parameter
// paramnum - param number (from 0)
// -------------------------------------------------------------------------
int param_getptr(const char *line, int *bg, int *en, int paramnum)
}
+int param_getlength(const char *line, int paramnum)
+{
+ int bg, en;
+
+ if (param_getptr(line, &bg, &en, paramnum)) return 0;
+
+ return en - bg + 1;
+}
+
char param_getchar(const char *line, int paramnum)
{
int bg, en;
}
}
+// replace \r \n to \0
+void strcleanrn(char *buf, size_t len) {
+ strcreplace(buf, len, '\n', '\0');
+ strcreplace(buf, len, '\r', '\0');
+}
+// replace char in buffer
+void strcreplace(char *buf, size_t len, char from, char to) {
+ for (size_t i = 0; i < len; i++) {
+ if (buf[i] == from)
+ buf[i] = to;
+ }
+}
+
+char *strmcopy(char *buf) {
+ char * str = NULL;
+ if ((str = (char*) malloc(strlen(buf) + 1)) != NULL) {
+ memset(str, 0, strlen(buf) + 1);
+ strcpy(str, buf);
+ }
+ return str;
+}
// determine number of logical CPU cores (use for multithreaded functions)
extern uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize);
extern void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest);
+extern int param_getlength(const char *line, int paramnum);
extern char param_getchar(const char *line, int paramnum);
extern int param_getptr(const char *line, int *bg, int *en, int paramnum);
extern uint8_t param_get8(const char *line, int paramnum);
extern void rol(uint8_t *data, const size_t len);
extern void clean_ascii(unsigned char *buf, size_t len);
+void strcleanrn(char *buf, size_t len);
+void strcreplace(char *buf, size_t len, char from, char to);
+char *strmcopy(char *buf);
extern int num_CPUs(void); // number of logical CPUs
}
#endif // _WIN32
-#ifdef __MACH__
+#ifdef __APPLE__
#define CLOCK_MONOTONIC (1)
#define CLOCK_REALTIME (2)
} else if (clk_id == CLOCK_MONOTONIC) {
static uint64_t clock_start_time = 0;
- static mach_timebase_info_data_t timebase_ifo = {0, 0};
+ static mach_timebase_info_data_t timebase_info = {0, 0};
uint64_t now = mach_absolute_time();
if (clock_start_time == 0) {
- //kern_return_t mach_status = mach_timebase_info(&timebase_ifo);
- // appease "unused variable" warning for release builds
- //(void)mach_status;
+ mach_timebase_info(&timebase_info);
clock_start_time = now;
}
now = (uint64_t)((double)(now - clock_start_time)
- * (double)timebase_ifo.numer
- / (double)timebase_ifo.denom);
+ * (double)timebase_info.numer
+ / (double)timebase_info.denom);
t->tv_sec = now / 1000000000;
t->tv_nsec = now % 1000000000;
# Also search prerequisites in the common directory (for usb.c), the fpga directory (for fpga.bit), and the zlib directory
-VPATH = . ../common ../common/crapto1 ../fpga ../zlib
+VPATH = . ../common ../common/crapto1 ../common/polarssl ../fpga ../zlib
INCLUDES = ../include/proxmark3.h ../include/at91sam7s512.h ../include/config_gpio.h ../include/usb_cmd.h $(APP_INCLUDES)
}
// redesigned by marshmellow adjusted from existing decode functions
-// indala id decoding - only tested on 26 bit tags, but attempted to make it work for more
-int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert) {
- //26 bit 40134 format (don't know other formats)
- uint8_t preamble[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
- uint8_t preamble_i[] = {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0};
- size_t startidx = 0;
- if (!preambleSearch(bitStream, preamble, sizeof(preamble), size, &startidx)){
- // if didn't find preamble try again inverting
- if (!preambleSearch(bitStream, preamble_i, sizeof(preamble_i), size, &startidx)) return -1;
+// indala id decoding
+int indala64decode(uint8_t *bitStream, size_t *size, uint8_t *invert) {
+ //standard 64 bit indala formats including 26 bit 40134 format
+ uint8_t preamble64[] = {1,0,1,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 1};
+ uint8_t preamble64_i[] = {0,1,0,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 0};
+ size_t startidx = 0;
+ size_t found_size = *size;
+ bool found = preambleSearch(bitStream, preamble64, sizeof(preamble64), &found_size, &startidx);
+ if (!found) {
+ found = preambleSearch(bitStream, preamble64_i, sizeof(preamble64_i), &found_size, &startidx);
+ if (!found) return -1;
*invert ^= 1;
- }
- if (*size != 64 && *size != 224) return -2;
+ }
+ if (found_size != 64) return -2;
if (*invert==1)
- for (size_t i = startidx; i < *size + startidx; i++)
+ for (size_t i = startidx; i < found_size + startidx; i++)
+ bitStream[i] ^= 1;
+
+ // note: don't change *size until we are sure we got it...
+ *size = found_size;
+ return (int) startidx;
+}
+
+int indala224decode(uint8_t *bitStream, size_t *size, uint8_t *invert) {
+ //large 224 bit indala formats (different preamble too...)
+ uint8_t preamble224[] = {1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,1};
+ uint8_t preamble224_i[] = {0,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,0};
+ size_t startidx = 0;
+ size_t found_size = *size;
+ bool found = preambleSearch(bitStream, preamble224, sizeof(preamble224), &found_size, &startidx);
+ if (!found) {
+ found = preambleSearch(bitStream, preamble224_i, sizeof(preamble224_i), &found_size, &startidx);
+ if (!found) return -1;
+ *invert ^= 1;
+ }
+ if (found_size != 224) return -2;
+ if (*invert==1 && startidx > 0)
+ for (size_t i = startidx-1; i < found_size + startidx + 2; i++)
bitStream[i] ^= 1;
+ // 224 formats are typically PSK2 (afaik 2017 Marshmellow)
+ // note loses 1 bit at beginning of transformation...
+ // don't need to verify array is big enough as to get here there has to be a full preamble after all of our data
+ psk1TOpsk2(bitStream + (startidx-1), found_size+2);
+ startidx++;
+
+ *size = found_size;
return (int) startidx;
}
extern int gProxII_Demod(uint8_t BitStream[], size_t *size);
extern int HIDdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo, int *waveStartIdx);
extern int IOdemodFSK(uint8_t *dest, size_t size, int *waveStartIdx);
-extern int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
+extern int indala64decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
+extern int indala224decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
extern int ParadoxdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo, int *waveStartIdx);
extern int PrescoDemod(uint8_t *dest, size_t *size);
extern int PyramiddemodFSK(uint8_t *dest, size_t *size, int *waveStartIdx);
--- /dev/null
+/*
+ * FIPS-197 compliant AES implementation
+ *
+ * Copyright (C) 2006-2014, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
+ *
+ * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
+ * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
+ */
+
+#if !defined(POLARSSL_CONFIG_FILE)
+#include "polarssl_config.h"
+#else
+#include POLARSSL_CONFIG_FILE
+#endif
+
+#if defined(POLARSSL_AES_C)
+
+#include "aes.h"
+#if defined(POLARSSL_PADLOCK_C)
+#include "polarssl/padlock.h"
+#endif
+#if defined(POLARSSL_AESNI_C)
+#include "polarssl/aesni.h"
+#endif
+
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#define polarssl_printf printf
+#endif
+
+#if !defined(POLARSSL_AES_ALT)
+
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * 32-bit integer manipulation macros (little endian)
+ */
+#ifndef GET_UINT32_LE
+#define GET_UINT32_LE(n,b,i) \
+{ \
+ (n) = ( (uint32_t) (b)[(i) ] ) \
+ | ( (uint32_t) (b)[(i) + 1] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 3] << 24 ); \
+}
+#endif
+
+#ifndef PUT_UINT32_LE
+#define PUT_UINT32_LE(n,b,i) \
+{ \
+ (b)[(i) ] = (unsigned char) ( (n) ); \
+ (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
+ (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
+ (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
+}
+#endif
+
+#if defined(POLARSSL_PADLOCK_C) && \
+ ( defined(POLARSSL_HAVE_X86) || defined(PADLOCK_ALIGN16) )
+static int aes_padlock_ace = -1;
+#endif
+
+#if defined(POLARSSL_AES_ROM_TABLES)
+/*
+ * Forward S-box
+ */
+static const unsigned char FSb[256] =
+{
+ 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
+ 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
+ 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
+ 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
+ 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
+ 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
+ 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
+ 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
+ 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
+ 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
+ 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
+ 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
+ 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
+ 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
+ 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
+ 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
+ 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
+ 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
+ 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
+ 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
+ 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
+ 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
+ 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
+ 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
+ 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
+ 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
+ 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
+ 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
+ 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
+ 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
+ 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
+ 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
+};
+
+/*
+ * Forward tables
+ */
+#define FT \
+\
+ V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
+ V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
+ V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
+ V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
+ V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
+ V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
+ V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
+ V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
+ V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
+ V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
+ V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
+ V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
+ V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
+ V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
+ V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
+ V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
+ V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
+ V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
+ V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
+ V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
+ V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
+ V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
+ V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
+ V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
+ V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
+ V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
+ V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
+ V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
+ V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
+ V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
+ V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
+ V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
+ V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
+ V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
+ V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
+ V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
+ V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
+ V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
+ V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
+ V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
+ V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
+ V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
+ V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
+ V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
+ V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
+ V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
+ V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
+ V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
+ V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
+ V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
+ V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
+ V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
+ V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
+ V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
+ V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
+ V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
+ V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
+ V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
+ V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
+ V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
+ V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
+ V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
+ V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
+ V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
+
+#define V(a,b,c,d) 0x##a##b##c##d
+static const uint32_t FT0[256] = { FT };
+#undef V
+
+#define V(a,b,c,d) 0x##b##c##d##a
+static const uint32_t FT1[256] = { FT };
+#undef V
+
+#define V(a,b,c,d) 0x##c##d##a##b
+static const uint32_t FT2[256] = { FT };
+#undef V
+
+#define V(a,b,c,d) 0x##d##a##b##c
+static const uint32_t FT3[256] = { FT };
+#undef V
+
+#undef FT
+
+/*
+ * Reverse S-box
+ */
+static const unsigned char RSb[256] =
+{
+ 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
+ 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
+ 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
+ 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
+ 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
+ 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
+ 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
+ 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
+ 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
+ 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
+ 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
+ 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
+ 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
+ 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
+ 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
+ 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
+ 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
+ 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
+ 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
+ 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
+ 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
+ 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
+ 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
+ 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
+ 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
+ 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
+ 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
+ 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
+ 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
+ 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
+ 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
+ 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
+};
+
+/*
+ * Reverse tables
+ */
+#define RT \
+\
+ V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
+ V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
+ V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
+ V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
+ V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
+ V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
+ V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
+ V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
+ V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
+ V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
+ V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
+ V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
+ V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
+ V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
+ V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
+ V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
+ V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
+ V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
+ V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
+ V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
+ V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
+ V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
+ V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
+ V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
+ V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
+ V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
+ V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
+ V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
+ V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
+ V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
+ V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
+ V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
+ V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
+ V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
+ V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
+ V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
+ V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
+ V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
+ V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
+ V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
+ V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
+ V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
+ V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
+ V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
+ V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
+ V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
+ V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
+ V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
+ V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
+ V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
+ V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
+ V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
+ V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
+ V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
+ V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
+ V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
+ V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
+ V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
+ V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
+ V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
+ V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
+ V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
+ V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
+ V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
+
+#define V(a,b,c,d) 0x##a##b##c##d
+static const uint32_t RT0[256] = { RT };
+#undef V
+
+#define V(a,b,c,d) 0x##b##c##d##a
+static const uint32_t RT1[256] = { RT };
+#undef V
+
+#define V(a,b,c,d) 0x##c##d##a##b
+static const uint32_t RT2[256] = { RT };
+#undef V
+
+#define V(a,b,c,d) 0x##d##a##b##c
+static const uint32_t RT3[256] = { RT };
+#undef V
+
+#undef RT
+
+/*
+ * Round constants
+ */
+static const uint32_t RCON[10] =
+{
+ 0x00000001, 0x00000002, 0x00000004, 0x00000008,
+ 0x00000010, 0x00000020, 0x00000040, 0x00000080,
+ 0x0000001B, 0x00000036
+};
+
+#else /* POLARSSL_AES_ROM_TABLES */
+
+/*
+ * Forward S-box & tables
+ */
+static unsigned char FSb[256];
+static uint32_t FT0[256];
+static uint32_t FT1[256];
+static uint32_t FT2[256];
+static uint32_t FT3[256];
+
+/*
+ * Reverse S-box & tables
+ */
+static unsigned char RSb[256];
+static uint32_t RT0[256];
+static uint32_t RT1[256];
+static uint32_t RT2[256];
+static uint32_t RT3[256];
+
+/*
+ * Round constants
+ */
+static uint32_t RCON[10];
+
+/*
+ * Tables generation code
+ */
+#define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
+#define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
+#define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
+
+static int aes_init_done = 0;
+
+static void aes_gen_tables( void )
+{
+ int i, x, y, z;
+ int pow[256];
+ int log[256];
+
+ /*
+ * compute pow and log tables over GF(2^8)
+ */
+ for( i = 0, x = 1; i < 256; i++ )
+ {
+ pow[i] = x;
+ log[x] = i;
+ x = ( x ^ XTIME( x ) ) & 0xFF;
+ }
+
+ /*
+ * calculate the round constants
+ */
+ for( i = 0, x = 1; i < 10; i++ )
+ {
+ RCON[i] = (uint32_t) x;
+ x = XTIME( x ) & 0xFF;
+ }
+
+ /*
+ * generate the forward and reverse S-boxes
+ */
+ FSb[0x00] = 0x63;
+ RSb[0x63] = 0x00;
+
+ for( i = 1; i < 256; i++ )
+ {
+ x = pow[255 - log[i]];
+
+ y = x; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
+ x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
+ x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
+ x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
+ x ^= y ^ 0x63;
+
+ FSb[i] = (unsigned char) x;
+ RSb[x] = (unsigned char) i;
+ }
+
+ /*
+ * generate the forward and reverse tables
+ */
+ for( i = 0; i < 256; i++ )
+ {
+ x = FSb[i];
+ y = XTIME( x ) & 0xFF;
+ z = ( y ^ x ) & 0xFF;
+
+ FT0[i] = ( (uint32_t) y ) ^
+ ( (uint32_t) x << 8 ) ^
+ ( (uint32_t) x << 16 ) ^
+ ( (uint32_t) z << 24 );
+
+ FT1[i] = ROTL8( FT0[i] );
+ FT2[i] = ROTL8( FT1[i] );
+ FT3[i] = ROTL8( FT2[i] );
+
+ x = RSb[i];
+
+ RT0[i] = ( (uint32_t) MUL( 0x0E, x ) ) ^
+ ( (uint32_t) MUL( 0x09, x ) << 8 ) ^
+ ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
+ ( (uint32_t) MUL( 0x0B, x ) << 24 );
+
+ RT1[i] = ROTL8( RT0[i] );
+ RT2[i] = ROTL8( RT1[i] );
+ RT3[i] = ROTL8( RT2[i] );
+ }
+}
+
+#endif /* POLARSSL_AES_ROM_TABLES */
+
+void aes_init( aes_context *ctx )
+{
+ memset( ctx, 0, sizeof( aes_context ) );
+}
+
+void aes_free( aes_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( aes_context ) );
+}
+
+/*
+ * AES key schedule (encryption)
+ */
+int aes_setkey_enc( aes_context *ctx, const unsigned char *key,
+ unsigned int keysize )
+{
+ unsigned int i;
+ uint32_t *RK;
+
+#if !defined(POLARSSL_AES_ROM_TABLES)
+ if( aes_init_done == 0 )
+ {
+ aes_gen_tables();
+ aes_init_done = 1;
+
+ }
+#endif
+
+ switch( keysize )
+ {
+ case 128: ctx->nr = 10; break;
+ case 192: ctx->nr = 12; break;
+ case 256: ctx->nr = 14; break;
+ default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH );
+ }
+
+#if defined(POLARSSL_PADLOCK_C) && defined(PADLOCK_ALIGN16)
+ if( aes_padlock_ace == -1 )
+ aes_padlock_ace = padlock_supports( PADLOCK_ACE );
+
+ if( aes_padlock_ace )
+ ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
+ else
+#endif
+ ctx->rk = RK = ctx->buf;
+
+#if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64)
+ if( aesni_supports( POLARSSL_AESNI_AES ) )
+ return( aesni_setkey_enc( (unsigned char *) ctx->rk, key, keysize ) );
+#endif
+
+ for( i = 0; i < ( keysize >> 5 ); i++ )
+ {
+ GET_UINT32_LE( RK[i], key, i << 2 );
+ }
+
+ switch( ctx->nr )
+ {
+ case 10:
+
+ for( i = 0; i < 10; i++, RK += 4 )
+ {
+ RK[4] = RK[0] ^ RCON[i] ^
+ ( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 );
+
+ RK[5] = RK[1] ^ RK[4];
+ RK[6] = RK[2] ^ RK[5];
+ RK[7] = RK[3] ^ RK[6];
+ }
+ break;
+
+ case 12:
+
+ for( i = 0; i < 8; i++, RK += 6 )
+ {
+ RK[6] = RK[0] ^ RCON[i] ^
+ ( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 );
+
+ RK[7] = RK[1] ^ RK[6];
+ RK[8] = RK[2] ^ RK[7];
+ RK[9] = RK[3] ^ RK[8];
+ RK[10] = RK[4] ^ RK[9];
+ RK[11] = RK[5] ^ RK[10];
+ }
+ break;
+
+ case 14:
+
+ for( i = 0; i < 7; i++, RK += 8 )
+ {
+ RK[8] = RK[0] ^ RCON[i] ^
+ ( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 );
+
+ RK[9] = RK[1] ^ RK[8];
+ RK[10] = RK[2] ^ RK[9];
+ RK[11] = RK[3] ^ RK[10];
+
+ RK[12] = RK[4] ^
+ ( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
+
+ RK[13] = RK[5] ^ RK[12];
+ RK[14] = RK[6] ^ RK[13];
+ RK[15] = RK[7] ^ RK[14];
+ }
+ break;
+ }
+
+ return( 0 );
+}
+
+/*
+ * AES key schedule (decryption)
+ */
+int aes_setkey_dec( aes_context *ctx, const unsigned char *key,
+ unsigned int keysize )
+{
+ int i, j, ret;
+ aes_context cty;
+ uint32_t *RK;
+ uint32_t *SK;
+
+ aes_init( &cty );
+
+#if defined(POLARSSL_PADLOCK_C) && defined(PADLOCK_ALIGN16)
+ if( aes_padlock_ace == -1 )
+ aes_padlock_ace = padlock_supports( PADLOCK_ACE );
+
+ if( aes_padlock_ace )
+ ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
+ else
+#endif
+ ctx->rk = RK = ctx->buf;
+
+ /* Also checks keysize */
+ if( ( ret = aes_setkey_enc( &cty, key, keysize ) ) != 0 )
+ goto exit;
+
+ ctx->nr = cty.nr;
+
+#if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64)
+ if( aesni_supports( POLARSSL_AESNI_AES ) )
+ {
+ aesni_inverse_key( (unsigned char *) ctx->rk,
+ (const unsigned char *) cty.rk, ctx->nr );
+ goto exit;
+ }
+#endif
+
+ SK = cty.rk + cty.nr * 4;
+
+ *RK++ = *SK++;
+ *RK++ = *SK++;
+ *RK++ = *SK++;
+ *RK++ = *SK++;
+
+ for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
+ {
+ for( j = 0; j < 4; j++, SK++ )
+ {
+ *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^
+ RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^
+ RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
+ RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
+ }
+ }
+
+ *RK++ = *SK++;
+ *RK++ = *SK++;
+ *RK++ = *SK++;
+ *RK++ = *SK++;
+
+exit:
+ aes_free( &cty );
+
+ return( ret );
+}
+
+#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
+{ \
+ X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \
+ FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
+ FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
+ FT3[ ( Y3 >> 24 ) & 0xFF ]; \
+ \
+ X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \
+ FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
+ FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
+ FT3[ ( Y0 >> 24 ) & 0xFF ]; \
+ \
+ X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \
+ FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
+ FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
+ FT3[ ( Y1 >> 24 ) & 0xFF ]; \
+ \
+ X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \
+ FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
+ FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
+ FT3[ ( Y2 >> 24 ) & 0xFF ]; \
+}
+
+#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
+{ \
+ X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \
+ RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
+ RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
+ RT3[ ( Y1 >> 24 ) & 0xFF ]; \
+ \
+ X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \
+ RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
+ RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
+ RT3[ ( Y2 >> 24 ) & 0xFF ]; \
+ \
+ X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \
+ RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
+ RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
+ RT3[ ( Y3 >> 24 ) & 0xFF ]; \
+ \
+ X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \
+ RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
+ RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
+ RT3[ ( Y0 >> 24 ) & 0xFF ]; \
+}
+
+/*
+ * AES-ECB block encryption/decryption
+ */
+int aes_crypt_ecb( aes_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16] )
+{
+ int i;
+ uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
+
+#if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64)
+ if( aesni_supports( POLARSSL_AESNI_AES ) )
+ return( aesni_crypt_ecb( ctx, mode, input, output ) );
+#endif
+
+#if defined(POLARSSL_PADLOCK_C) && defined(POLARSSL_HAVE_X86)
+ if( aes_padlock_ace )
+ {
+ if( padlock_xcryptecb( ctx, mode, input, output ) == 0 )
+ return( 0 );
+
+ // If padlock data misaligned, we just fall back to
+ // unaccelerated mode
+ //
+ }
+#endif
+
+ RK = ctx->rk;
+
+ GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
+ GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
+ GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
+ GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
+
+ if( mode == AES_DECRYPT )
+ {
+ for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
+ {
+ AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
+ AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
+ }
+
+ AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
+
+ X0 = *RK++ ^ \
+ ( (uint32_t) RSb[ ( Y0 ) & 0xFF ] ) ^
+ ( (uint32_t) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
+
+ X1 = *RK++ ^ \
+ ( (uint32_t) RSb[ ( Y1 ) & 0xFF ] ) ^
+ ( (uint32_t) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
+
+ X2 = *RK++ ^ \
+ ( (uint32_t) RSb[ ( Y2 ) & 0xFF ] ) ^
+ ( (uint32_t) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
+
+ X3 = *RK++ ^ \
+ ( (uint32_t) RSb[ ( Y3 ) & 0xFF ] ) ^
+ ( (uint32_t) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
+ }
+ else /* AES_ENCRYPT */
+ {
+ for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
+ {
+ AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
+ AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
+ }
+
+ AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
+
+ X0 = *RK++ ^ \
+ ( (uint32_t) FSb[ ( Y0 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
+
+ X1 = *RK++ ^ \
+ ( (uint32_t) FSb[ ( Y1 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
+
+ X2 = *RK++ ^ \
+ ( (uint32_t) FSb[ ( Y2 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
+
+ X3 = *RK++ ^ \
+ ( (uint32_t) FSb[ ( Y3 ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
+ }
+
+ PUT_UINT32_LE( X0, output, 0 );
+ PUT_UINT32_LE( X1, output, 4 );
+ PUT_UINT32_LE( X2, output, 8 );
+ PUT_UINT32_LE( X3, output, 12 );
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+/*
+ * AES-CBC buffer encryption/decryption
+ */
+int aes_crypt_cbc( aes_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output )
+{
+ int i;
+ unsigned char temp[16];
+
+ if( length % 16 )
+ return( POLARSSL_ERR_AES_INVALID_INPUT_LENGTH );
+
+#if defined(POLARSSL_PADLOCK_C) && defined(POLARSSL_HAVE_X86)
+ if( aes_padlock_ace )
+ {
+ if( padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
+ return( 0 );
+
+ // If padlock data misaligned, we just fall back to
+ // unaccelerated mode
+ //
+ }
+#endif
+
+ if( mode == AES_DECRYPT )
+ {
+ while( length > 0 )
+ {
+ memcpy( temp, input, 16 );
+ aes_crypt_ecb( ctx, mode, input, output );
+
+ for( i = 0; i < 16; i++ )
+ output[i] = (unsigned char)( output[i] ^ iv[i] );
+
+ memcpy( iv, temp, 16 );
+
+ input += 16;
+ output += 16;
+ length -= 16;
+ }
+ }
+ else
+ {
+ while( length > 0 )
+ {
+ for( i = 0; i < 16; i++ )
+ output[i] = (unsigned char)( input[i] ^ iv[i] );
+
+ aes_crypt_ecb( ctx, mode, output, output );
+ memcpy( iv, output, 16 );
+
+ input += 16;
+ output += 16;
+ length -= 16;
+ }
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+/*
+ * AES-CFB128 buffer encryption/decryption
+ */
+int aes_crypt_cfb128( aes_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output )
+{
+ int c;
+ size_t n = *iv_off;
+
+ if( mode == AES_DECRYPT )
+ {
+ while( length-- )
+ {
+ if( n == 0 )
+ aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
+
+ c = *input++;
+ *output++ = (unsigned char)( c ^ iv[n] );
+ iv[n] = (unsigned char) c;
+
+ n = ( n + 1 ) & 0x0F;
+ }
+ }
+ else
+ {
+ while( length-- )
+ {
+ if( n == 0 )
+ aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
+
+ iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+
+ n = ( n + 1 ) & 0x0F;
+ }
+ }
+
+ *iv_off = n;
+
+ return( 0 );
+}
+
+/*
+ * AES-CFB8 buffer encryption/decryption
+ */
+#include <stdio.h>
+int aes_crypt_cfb8( aes_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output )
+{
+ unsigned char c;
+ unsigned char ov[17];
+
+ while( length-- )
+ {
+ memcpy( ov, iv, 16 );
+ aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
+
+ if( mode == AES_DECRYPT )
+ ov[16] = *input;
+
+ c = *output++ = (unsigned char)( iv[0] ^ *input++ );
+
+ if( mode == AES_ENCRYPT )
+ ov[16] = c;
+
+ memcpy( iv, ov + 1, 16 );
+ }
+
+ return( 0 );
+}
+#endif /*POLARSSL_CIPHER_MODE_CFB */
+
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+/*
+ * AES-CTR buffer encryption/decryption
+ */
+int aes_crypt_ctr( aes_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[16],
+ unsigned char stream_block[16],
+ const unsigned char *input,
+ unsigned char *output )
+{
+ int c, i;
+ size_t n = *nc_off;
+
+ while( length-- )
+ {
+ if( n == 0 ) {
+ aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block );
+
+ for( i = 16; i > 0; i-- )
+ if( ++nonce_counter[i - 1] != 0 )
+ break;
+ }
+ c = *input++;
+ *output++ = (unsigned char)( c ^ stream_block[n] );
+
+ n = ( n + 1 ) & 0x0F;
+ }
+
+ *nc_off = n;
+
+ return( 0 );
+}
+#endif /* POLARSSL_CIPHER_MODE_CTR */
+
+#endif /* !POLARSSL_AES_ALT */
+
+#if defined(POLARSSL_SELF_TEST)
+
+#include <stdio.h>
+
+/*
+ * AES test vectors from:
+ *
+ * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip
+ */
+static const unsigned char aes_test_ecb_dec[3][16] =
+{
+ { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58,
+ 0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 },
+ { 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2,
+ 0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 },
+ { 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D,
+ 0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE }
+};
+
+static const unsigned char aes_test_ecb_enc[3][16] =
+{
+ { 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73,
+ 0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F },
+ { 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11,
+ 0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 },
+ { 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D,
+ 0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 }
+};
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+static const unsigned char aes_test_cbc_dec[3][16] =
+{
+ { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73,
+ 0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 },
+ { 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75,
+ 0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B },
+ { 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75,
+ 0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 }
+};
+
+static const unsigned char aes_test_cbc_enc[3][16] =
+{
+ { 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84,
+ 0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D },
+ { 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB,
+ 0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 },
+ { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5,
+ 0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 }
+};
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+/*
+ * AES-CFB128 test vectors from:
+ *
+ * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+ */
+static const unsigned char aes_test_cfb128_key[3][32] =
+{
+ { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
+ 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C },
+ { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
+ 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
+ 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B },
+ { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
+ 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
+ 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
+ 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
+};
+
+static const unsigned char aes_test_cfb128_iv[16] =
+{
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+};
+
+static const unsigned char aes_test_cfb128_pt[64] =
+{
+ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+ 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
+ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
+ 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
+ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
+ 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
+ 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
+ 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
+};
+
+static const unsigned char aes_test_cfb128_ct[3][64] =
+{
+ { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20,
+ 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A,
+ 0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F,
+ 0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B,
+ 0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40,
+ 0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF,
+ 0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E,
+ 0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 },
+ { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB,
+ 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74,
+ 0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21,
+ 0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A,
+ 0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1,
+ 0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9,
+ 0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0,
+ 0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF },
+ { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B,
+ 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60,
+ 0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8,
+ 0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B,
+ 0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92,
+ 0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9,
+ 0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8,
+ 0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 }
+};
+#endif /* POLARSSL_CIPHER_MODE_CFB */
+
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+/*
+ * AES-CTR test vectors from:
+ *
+ * http://www.faqs.org/rfcs/rfc3686.html
+ */
+
+static const unsigned char aes_test_ctr_key[3][16] =
+{
+ { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
+ 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
+ { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
+ 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
+ { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
+ 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
+};
+
+static const unsigned char aes_test_ctr_nonce_counter[3][16] =
+{
+ { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
+ { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
+ 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
+ { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
+ 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
+};
+
+static const unsigned char aes_test_ctr_pt[3][48] =
+{
+ { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
+ 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
+
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
+
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
+ 0x20, 0x21, 0x22, 0x23 }
+};
+
+static const unsigned char aes_test_ctr_ct[3][48] =
+{
+ { 0xE4, 0x09, 0x5D, 0x4F, 0xB7, 0xA7, 0xB3, 0x79,
+ 0x2D, 0x61, 0x75, 0xA3, 0x26, 0x13, 0x11, 0xB8 },
+ { 0x51, 0x04, 0xA1, 0x06, 0x16, 0x8A, 0x72, 0xD9,
+ 0x79, 0x0D, 0x41, 0xEE, 0x8E, 0xDA, 0xD3, 0x88,
+ 0xEB, 0x2E, 0x1E, 0xFC, 0x46, 0xDA, 0x57, 0xC8,
+ 0xFC, 0xE6, 0x30, 0xDF, 0x91, 0x41, 0xBE, 0x28 },
+ { 0xC1, 0xCF, 0x48, 0xA8, 0x9F, 0x2F, 0xFD, 0xD9,
+ 0xCF, 0x46, 0x52, 0xE9, 0xEF, 0xDB, 0x72, 0xD7,
+ 0x45, 0x40, 0xA4, 0x2B, 0xDE, 0x6D, 0x78, 0x36,
+ 0xD5, 0x9A, 0x5C, 0xEA, 0xAE, 0xF3, 0x10, 0x53,
+ 0x25, 0xB2, 0x07, 0x2F }
+};
+
+static const int aes_test_ctr_len[3] =
+ { 16, 32, 36 };
+#endif /* POLARSSL_CIPHER_MODE_CTR */
+
+/*
+ * Checkup routine
+ */
+int aes_self_test( int verbose )
+{
+ int ret = 0, i, j, u, v;
+ unsigned char key[32];
+ unsigned char buf[64];
+ unsigned char iv[16];
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ unsigned char prv[16];
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR) || defined(POLARSSL_CIPHER_MODE_CFB)
+ size_t offset;
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+ int len;
+ unsigned char nonce_counter[16];
+ unsigned char stream_block[16];
+#endif
+ aes_context ctx;
+
+ memset( key, 0, 32 );
+ aes_init( &ctx );
+
+ /*
+ * ECB mode
+ */
+ for( i = 0; i < 6; i++ )
+ {
+ u = i >> 1;
+ v = i & 1;
+
+ if( verbose != 0 )
+ polarssl_printf( " AES-ECB-%3d (%s): ", 128 + u * 64,
+ ( v == AES_DECRYPT ) ? "dec" : "enc" );
+
+ memset( buf, 0, 16 );
+
+ if( v == AES_DECRYPT )
+ {
+ aes_setkey_dec( &ctx, key, 128 + u * 64 );
+
+ for( j = 0; j < 10000; j++ )
+ aes_crypt_ecb( &ctx, v, buf, buf );
+
+ if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 )
+ {
+ if( verbose != 0 )
+ polarssl_printf( "failed\n" );
+
+ ret = 1;
+ goto exit;
+ }
+ }
+ else
+ {
+ aes_setkey_enc( &ctx, key, 128 + u * 64 );
+
+ for( j = 0; j < 10000; j++ )
+ aes_crypt_ecb( &ctx, v, buf, buf );
+
+ if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 )
+ {
+ if( verbose != 0 )
+ polarssl_printf( "failed\n" );
+
+ ret = 1;
+ goto exit;
+ }
+ }
+
+ if( verbose != 0 )
+ polarssl_printf( "passed\n" );
+ }
+
+ if( verbose != 0 )
+ polarssl_printf( "\n" );
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ /*
+ * CBC mode
+ */
+ for( i = 0; i < 6; i++ )
+ {
+ u = i >> 1;
+ v = i & 1;
+
+ if( verbose != 0 )
+ polarssl_printf( " AES-CBC-%3d (%s): ", 128 + u * 64,
+ ( v == AES_DECRYPT ) ? "dec" : "enc" );
+
+ memset( iv , 0, 16 );
+ memset( prv, 0, 16 );
+ memset( buf, 0, 16 );
+
+ if( v == AES_DECRYPT )
+ {
+ aes_setkey_dec( &ctx, key, 128 + u * 64 );
+
+ for( j = 0; j < 10000; j++ )
+ aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
+
+ if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 )
+ {
+ if( verbose != 0 )
+ polarssl_printf( "failed\n" );
+
+ ret = 1;
+ goto exit;
+ }
+ }
+ else
+ {
+ aes_setkey_enc( &ctx, key, 128 + u * 64 );
+
+ for( j = 0; j < 10000; j++ )
+ {
+ unsigned char tmp[16];
+
+ aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
+
+ memcpy( tmp, prv, 16 );
+ memcpy( prv, buf, 16 );
+ memcpy( buf, tmp, 16 );
+ }
+
+ if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 )
+ {
+ if( verbose != 0 )
+ polarssl_printf( "failed\n" );
+
+ ret = 1;
+ goto exit;
+ }
+ }
+
+ if( verbose != 0 )
+ polarssl_printf( "passed\n" );
+ }
+
+ if( verbose != 0 )
+ polarssl_printf( "\n" );
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+ /*
+ * CFB128 mode
+ */
+ for( i = 0; i < 6; i++ )
+ {
+ u = i >> 1;
+ v = i & 1;
+
+ if( verbose != 0 )
+ polarssl_printf( " AES-CFB128-%3d (%s): ", 128 + u * 64,
+ ( v == AES_DECRYPT ) ? "dec" : "enc" );
+
+ memcpy( iv, aes_test_cfb128_iv, 16 );
+ memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 );
+
+ offset = 0;
+ aes_setkey_enc( &ctx, key, 128 + u * 64 );
+
+ if( v == AES_DECRYPT )
+ {
+ memcpy( buf, aes_test_cfb128_ct[u], 64 );
+ aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
+
+ if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 )
+ {
+ if( verbose != 0 )
+ polarssl_printf( "failed\n" );
+
+ ret = 1;
+ goto exit;
+ }
+ }
+ else
+ {
+ memcpy( buf, aes_test_cfb128_pt, 64 );
+ aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
+
+ if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 )
+ {
+ if( verbose != 0 )
+ polarssl_printf( "failed\n" );
+
+ ret = 1;
+ goto exit;
+ }
+ }
+
+ if( verbose != 0 )
+ polarssl_printf( "passed\n" );
+ }
+
+ if( verbose != 0 )
+ polarssl_printf( "\n" );
+#endif /* POLARSSL_CIPHER_MODE_CFB */
+
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+ /*
+ * CTR mode
+ */
+ for( i = 0; i < 6; i++ )
+ {
+ u = i >> 1;
+ v = i & 1;
+
+ if( verbose != 0 )
+ polarssl_printf( " AES-CTR-128 (%s): ",
+ ( v == AES_DECRYPT ) ? "dec" : "enc" );
+
+ memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
+ memcpy( key, aes_test_ctr_key[u], 16 );
+
+ offset = 0;
+ aes_setkey_enc( &ctx, key, 128 );
+
+ if( v == AES_DECRYPT )
+ {
+ len = aes_test_ctr_len[u];
+ memcpy( buf, aes_test_ctr_ct[u], len );
+
+ aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
+ buf, buf );
+
+ if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 )
+ {
+ if( verbose != 0 )
+ polarssl_printf( "failed\n" );
+
+ ret = 1;
+ goto exit;
+ }
+ }
+ else
+ {
+ len = aes_test_ctr_len[u];
+ memcpy( buf, aes_test_ctr_pt[u], len );
+
+ aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
+ buf, buf );
+
+ if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 )
+ {
+ if( verbose != 0 )
+ polarssl_printf( "failed\n" );
+
+ ret = 1;
+ goto exit;
+ }
+ }
+
+ if( verbose != 0 )
+ polarssl_printf( "passed\n" );
+ }
+
+ if( verbose != 0 )
+ polarssl_printf( "\n" );
+#endif /* POLARSSL_CIPHER_MODE_CTR */
+
+ ret = 0;
+
+exit:
+ aes_free( &ctx );
+
+ return( ret );
+}
+
+#endif /* POLARSSL_SELF_TEST */
+
+#endif /* POLARSSL_AES_C */
--- /dev/null
+/**
+ * \file aes.h
+ *
+ * \brief AES block cipher
+ *
+ * Copyright (C) 2006-2014, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_AES_H
+#define POLARSSL_AES_H
+
+#if !defined(POLARSSL_CONFIG_FILE)
+#include "polarssl_config.h"
+#else
+#include POLARSSL_CONFIG_FILE
+#endif
+
+#include <string.h>
+
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
+/* padlock.c and aesni.c rely on these values! */
+#define AES_ENCRYPT 1
+#define AES_DECRYPT 0
+
+#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
+#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
+
+#if !defined(POLARSSL_AES_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief AES context structure
+ *
+ * \note buf is able to hold 32 extra bytes, which can be used:
+ * - for alignment purposes if VIA padlock is used, and/or
+ * - to simplify key expansion in the 256-bit case by
+ * generating an extra round key
+ */
+typedef struct
+{
+ int nr; /*!< number of rounds */
+ uint32_t *rk; /*!< AES round keys */
+ uint32_t buf[68]; /*!< unaligned data */
+}
+aes_context;
+
+/**
+ * \brief Initialize AES context
+ *
+ * \param ctx AES context to be initialized
+ */
+void aes_init( aes_context *ctx );
+
+/**
+ * \brief Clear AES context
+ *
+ * \param ctx AES context to be cleared
+ */
+void aes_free( aes_context *ctx );
+
+/**
+ * \brief AES key schedule (encryption)
+ *
+ * \param ctx AES context to be initialized
+ * \param key encryption key
+ * \param keysize must be 128, 192 or 256
+ *
+ * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
+ */
+int aes_setkey_enc( aes_context *ctx, const unsigned char *key,
+ unsigned int keysize );
+
+/**
+ * \brief AES key schedule (decryption)
+ *
+ * \param ctx AES context to be initialized
+ * \param key decryption key
+ * \param keysize must be 128, 192 or 256
+ *
+ * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
+ */
+int aes_setkey_dec( aes_context *ctx, const unsigned char *key,
+ unsigned int keysize );
+
+/**
+ * \brief AES-ECB block encryption/decryption
+ *
+ * \param ctx AES context
+ * \param mode AES_ENCRYPT or AES_DECRYPT
+ * \param input 16-byte input block
+ * \param output 16-byte output block
+ *
+ * \return 0 if successful
+ */
+int aes_crypt_ecb( aes_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16] );
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+/**
+ * \brief AES-CBC buffer encryption/decryption
+ * Length should be a multiple of the block
+ * size (16 bytes)
+ *
+ * \param ctx AES context
+ * \param mode AES_ENCRYPT or AES_DECRYPT
+ * \param length length of the input data
+ * \param iv initialization vector (updated after use)
+ * \param input buffer holding the input data
+ * \param output buffer holding the output data
+ *
+ * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGTH
+ */
+int aes_crypt_cbc( aes_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output );
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+/**
+ * \brief AES-CFB128 buffer encryption/decryption.
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
+ *
+ * \param ctx AES context
+ * \param mode AES_ENCRYPT or AES_DECRYPT
+ * \param length length of the input data
+ * \param iv_off offset in IV (updated after use)
+ * \param iv initialization vector (updated after use)
+ * \param input buffer holding the input data
+ * \param output buffer holding the output data
+ *
+ * \return 0 if successful
+ */
+int aes_crypt_cfb128( aes_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output );
+
+/**
+ * \brief AES-CFB8 buffer encryption/decryption.
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
+ *
+ * \param ctx AES context
+ * \param mode AES_ENCRYPT or AES_DECRYPT
+ * \param length length of the input data
+ * \param iv initialization vector (updated after use)
+ * \param input buffer holding the input data
+ * \param output buffer holding the output data
+ *
+ * \return 0 if successful
+ */
+int aes_crypt_cfb8( aes_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output );
+#endif /*POLARSSL_CIPHER_MODE_CFB */
+
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+/**
+ * \brief AES-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * Note: Due to the nature of CTR you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
+ *
+ * \param ctx AES context
+ * \param length The length of the data
+ * \param nc_off The offset in the current stream_block (for resuming
+ * within current cipher stream). The offset pointer to
+ * should be 0 at the start of a stream.
+ * \param nonce_counter The 128-bit nonce and counter.
+ * \param stream_block The saved stream-block for resuming. Is overwritten
+ * by the function.
+ * \param input The input data stream
+ * \param output The output data stream
+ *
+ * \return 0 if successful
+ */
+int aes_crypt_ctr( aes_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[16],
+ unsigned char stream_block[16],
+ const unsigned char *input,
+ unsigned char *output );
+#endif /* POLARSSL_CIPHER_MODE_CTR */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_AES_ALT */
+#include "aes_alt.h"
+#endif /* POLARSSL_AES_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Checkup routine
+ *
+ * \return 0 if successful, or 1 if the test failed
+ */
+int aes_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* aes.h */
--- /dev/null
+/*
+ * FIPS-46-3 compliant Triple-DES implementation
+ *
+ * Copyright (C) 2006-2014, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * DES, on which TDES is based, was originally designed by Horst Feistel
+ * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
+ *
+ * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
+ */
+
+//#include "polarssl/config.h"
+#define POLARSSL_DES_C
+
+#if defined(POLARSSL_DES_C)
+
+#include "des.h"
+
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#define polarssl_printf printf
+#endif
+
+#if !defined(POLARSSL_DES_ALT)
+
+/*
+ * 32-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i) \
+{ \
+ (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
+ | ( (uint32_t) (b)[(i) + 1] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 3] ); \
+}
+#endif
+
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i) \
+{ \
+ (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
+ (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
+ (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
+ (b)[(i) + 3] = (unsigned char) ( (n) ); \
+}
+#endif
+
+/*
+ * Expanded DES S-boxes
+ */
+static const uint32_t SB1[64] =
+{
+ 0x01010400, 0x00000000, 0x00010000, 0x01010404,
+ 0x01010004, 0x00010404, 0x00000004, 0x00010000,
+ 0x00000400, 0x01010400, 0x01010404, 0x00000400,
+ 0x01000404, 0x01010004, 0x01000000, 0x00000004,
+ 0x00000404, 0x01000400, 0x01000400, 0x00010400,
+ 0x00010400, 0x01010000, 0x01010000, 0x01000404,
+ 0x00010004, 0x01000004, 0x01000004, 0x00010004,
+ 0x00000000, 0x00000404, 0x00010404, 0x01000000,
+ 0x00010000, 0x01010404, 0x00000004, 0x01010000,
+ 0x01010400, 0x01000000, 0x01000000, 0x00000400,
+ 0x01010004, 0x00010000, 0x00010400, 0x01000004,
+ 0x00000400, 0x00000004, 0x01000404, 0x00010404,
+ 0x01010404, 0x00010004, 0x01010000, 0x01000404,
+ 0x01000004, 0x00000404, 0x00010404, 0x01010400,
+ 0x00000404, 0x01000400, 0x01000400, 0x00000000,
+ 0x00010004, 0x00010400, 0x00000000, 0x01010004
+};
+
+static const uint32_t SB2[64] =
+{
+ 0x80108020, 0x80008000, 0x00008000, 0x00108020,
+ 0x00100000, 0x00000020, 0x80100020, 0x80008020,
+ 0x80000020, 0x80108020, 0x80108000, 0x80000000,
+ 0x80008000, 0x00100000, 0x00000020, 0x80100020,
+ 0x00108000, 0x00100020, 0x80008020, 0x00000000,
+ 0x80000000, 0x00008000, 0x00108020, 0x80100000,
+ 0x00100020, 0x80000020, 0x00000000, 0x00108000,
+ 0x00008020, 0x80108000, 0x80100000, 0x00008020,
+ 0x00000000, 0x00108020, 0x80100020, 0x00100000,
+ 0x80008020, 0x80100000, 0x80108000, 0x00008000,
+ 0x80100000, 0x80008000, 0x00000020, 0x80108020,
+ 0x00108020, 0x00000020, 0x00008000, 0x80000000,
+ 0x00008020, 0x80108000, 0x00100000, 0x80000020,
+ 0x00100020, 0x80008020, 0x80000020, 0x00100020,
+ 0x00108000, 0x00000000, 0x80008000, 0x00008020,
+ 0x80000000, 0x80100020, 0x80108020, 0x00108000
+};
+
+static const uint32_t SB3[64] =
+{
+ 0x00000208, 0x08020200, 0x00000000, 0x08020008,
+ 0x08000200, 0x00000000, 0x00020208, 0x08000200,
+ 0x00020008, 0x08000008, 0x08000008, 0x00020000,
+ 0x08020208, 0x00020008, 0x08020000, 0x00000208,
+ 0x08000000, 0x00000008, 0x08020200, 0x00000200,
+ 0x00020200, 0x08020000, 0x08020008, 0x00020208,
+ 0x08000208, 0x00020200, 0x00020000, 0x08000208,
+ 0x00000008, 0x08020208, 0x00000200, 0x08000000,
+ 0x08020200, 0x08000000, 0x00020008, 0x00000208,
+ 0x00020000, 0x08020200, 0x08000200, 0x00000000,
+ 0x00000200, 0x00020008, 0x08020208, 0x08000200,
+ 0x08000008, 0x00000200, 0x00000000, 0x08020008,
+ 0x08000208, 0x00020000, 0x08000000, 0x08020208,
+ 0x00000008, 0x00020208, 0x00020200, 0x08000008,
+ 0x08020000, 0x08000208, 0x00000208, 0x08020000,
+ 0x00020208, 0x00000008, 0x08020008, 0x00020200
+};
+
+static const uint32_t SB4[64] =
+{
+ 0x00802001, 0x00002081, 0x00002081, 0x00000080,
+ 0x00802080, 0x00800081, 0x00800001, 0x00002001,
+ 0x00000000, 0x00802000, 0x00802000, 0x00802081,
+ 0x00000081, 0x00000000, 0x00800080, 0x00800001,
+ 0x00000001, 0x00002000, 0x00800000, 0x00802001,
+ 0x00000080, 0x00800000, 0x00002001, 0x00002080,
+ 0x00800081, 0x00000001, 0x00002080, 0x00800080,
+ 0x00002000, 0x00802080, 0x00802081, 0x00000081,
+ 0x00800080, 0x00800001, 0x00802000, 0x00802081,
+ 0x00000081, 0x00000000, 0x00000000, 0x00802000,
+ 0x00002080, 0x00800080, 0x00800081, 0x00000001,
+ 0x00802001, 0x00002081, 0x00002081, 0x00000080,
+ 0x00802081, 0x00000081, 0x00000001, 0x00002000,
+ 0x00800001, 0x00002001, 0x00802080, 0x00800081,
+ 0x00002001, 0x00002080, 0x00800000, 0x00802001,
+ 0x00000080, 0x00800000, 0x00002000, 0x00802080
+};
+
+static const uint32_t SB5[64] =
+{
+ 0x00000100, 0x02080100, 0x02080000, 0x42000100,
+ 0x00080000, 0x00000100, 0x40000000, 0x02080000,
+ 0x40080100, 0x00080000, 0x02000100, 0x40080100,
+ 0x42000100, 0x42080000, 0x00080100, 0x40000000,
+ 0x02000000, 0x40080000, 0x40080000, 0x00000000,
+ 0x40000100, 0x42080100, 0x42080100, 0x02000100,
+ 0x42080000, 0x40000100, 0x00000000, 0x42000000,
+ 0x02080100, 0x02000000, 0x42000000, 0x00080100,
+ 0x00080000, 0x42000100, 0x00000100, 0x02000000,
+ 0x40000000, 0x02080000, 0x42000100, 0x40080100,
+ 0x02000100, 0x40000000, 0x42080000, 0x02080100,
+ 0x40080100, 0x00000100, 0x02000000, 0x42080000,
+ 0x42080100, 0x00080100, 0x42000000, 0x42080100,
+ 0x02080000, 0x00000000, 0x40080000, 0x42000000,
+ 0x00080100, 0x02000100, 0x40000100, 0x00080000,
+ 0x00000000, 0x40080000, 0x02080100, 0x40000100
+};
+
+static const uint32_t SB6[64] =
+{
+ 0x20000010, 0x20400000, 0x00004000, 0x20404010,
+ 0x20400000, 0x00000010, 0x20404010, 0x00400000,
+ 0x20004000, 0x00404010, 0x00400000, 0x20000010,
+ 0x00400010, 0x20004000, 0x20000000, 0x00004010,
+ 0x00000000, 0x00400010, 0x20004010, 0x00004000,
+ 0x00404000, 0x20004010, 0x00000010, 0x20400010,
+ 0x20400010, 0x00000000, 0x00404010, 0x20404000,
+ 0x00004010, 0x00404000, 0x20404000, 0x20000000,
+ 0x20004000, 0x00000010, 0x20400010, 0x00404000,
+ 0x20404010, 0x00400000, 0x00004010, 0x20000010,
+ 0x00400000, 0x20004000, 0x20000000, 0x00004010,
+ 0x20000010, 0x20404010, 0x00404000, 0x20400000,
+ 0x00404010, 0x20404000, 0x00000000, 0x20400010,
+ 0x00000010, 0x00004000, 0x20400000, 0x00404010,
+ 0x00004000, 0x00400010, 0x20004010, 0x00000000,
+ 0x20404000, 0x20000000, 0x00400010, 0x20004010
+};
+
+static const uint32_t SB7[64] =
+{
+ 0x00200000, 0x04200002, 0x04000802, 0x00000000,
+ 0x00000800, 0x04000802, 0x00200802, 0x04200800,
+ 0x04200802, 0x00200000, 0x00000000, 0x04000002,
+ 0x00000002, 0x04000000, 0x04200002, 0x00000802,
+ 0x04000800, 0x00200802, 0x00200002, 0x04000800,
+ 0x04000002, 0x04200000, 0x04200800, 0x00200002,
+ 0x04200000, 0x00000800, 0x00000802, 0x04200802,
+ 0x00200800, 0x00000002, 0x04000000, 0x00200800,
+ 0x04000000, 0x00200800, 0x00200000, 0x04000802,
+ 0x04000802, 0x04200002, 0x04200002, 0x00000002,
+ 0x00200002, 0x04000000, 0x04000800, 0x00200000,
+ 0x04200800, 0x00000802, 0x00200802, 0x04200800,
+ 0x00000802, 0x04000002, 0x04200802, 0x04200000,
+ 0x00200800, 0x00000000, 0x00000002, 0x04200802,
+ 0x00000000, 0x00200802, 0x04200000, 0x00000800,
+ 0x04000002, 0x04000800, 0x00000800, 0x00200002
+};
+
+static const uint32_t SB8[64] =
+{
+ 0x10001040, 0x00001000, 0x00040000, 0x10041040,
+ 0x10000000, 0x10001040, 0x00000040, 0x10000000,
+ 0x00040040, 0x10040000, 0x10041040, 0x00041000,
+ 0x10041000, 0x00041040, 0x00001000, 0x00000040,
+ 0x10040000, 0x10000040, 0x10001000, 0x00001040,
+ 0x00041000, 0x00040040, 0x10040040, 0x10041000,
+ 0x00001040, 0x00000000, 0x00000000, 0x10040040,
+ 0x10000040, 0x10001000, 0x00041040, 0x00040000,
+ 0x00041040, 0x00040000, 0x10041000, 0x00001000,
+ 0x00000040, 0x10040040, 0x00001000, 0x00041040,
+ 0x10001000, 0x00000040, 0x10000040, 0x10040000,
+ 0x10040040, 0x10000000, 0x00040000, 0x10001040,
+ 0x00000000, 0x10041040, 0x00040040, 0x10000040,
+ 0x10040000, 0x10001000, 0x10001040, 0x00000000,
+ 0x10041040, 0x00041000, 0x00041000, 0x00001040,
+ 0x00001040, 0x00040040, 0x10000000, 0x10041000
+};
+
+/*
+ * PC1: left and right halves bit-swap
+ */
+static const uint32_t LHs[16] =
+{
+ 0x00000000, 0x00000001, 0x00000100, 0x00000101,
+ 0x00010000, 0x00010001, 0x00010100, 0x00010101,
+ 0x01000000, 0x01000001, 0x01000100, 0x01000101,
+ 0x01010000, 0x01010001, 0x01010100, 0x01010101
+};
+
+static const uint32_t RHs[16] =
+{
+ 0x00000000, 0x01000000, 0x00010000, 0x01010000,
+ 0x00000100, 0x01000100, 0x00010100, 0x01010100,
+ 0x00000001, 0x01000001, 0x00010001, 0x01010001,
+ 0x00000101, 0x01000101, 0x00010101, 0x01010101,
+};
+
+/*
+ * Initial Permutation macro
+ */
+#define DES_IP(X,Y) \
+{ \
+ T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
+ T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
+ T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
+ T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
+ Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
+ T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
+ X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
+}
+
+/*
+ * Final Permutation macro
+ */
+#define DES_FP(X,Y) \
+{ \
+ X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
+ T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
+ Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
+ T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
+ T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
+ T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
+ T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
+}
+
+/*
+ * DES round macro
+ */
+#define DES_ROUND(X,Y) \
+{ \
+ T = *SK++ ^ X; \
+ Y ^= SB8[ (T ) & 0x3F ] ^ \
+ SB6[ (T >> 8) & 0x3F ] ^ \
+ SB4[ (T >> 16) & 0x3F ] ^ \
+ SB2[ (T >> 24) & 0x3F ]; \
+ \
+ T = *SK++ ^ ((X << 28) | (X >> 4)); \
+ Y ^= SB7[ (T ) & 0x3F ] ^ \
+ SB5[ (T >> 8) & 0x3F ] ^ \
+ SB3[ (T >> 16) & 0x3F ] ^ \
+ SB1[ (T >> 24) & 0x3F ]; \
+}
+
+#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
+
+static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
+ 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
+ 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
+ 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
+ 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
+ 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
+ 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
+ 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
+ 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
+ 254 };
+
+void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
+{
+ int i;
+
+ for( i = 0; i < DES_KEY_SIZE; i++ )
+ key[i] = odd_parity_table[key[i] / 2];
+}
+
+/*
+ * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
+ */
+int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
+{
+ int i;
+
+ for( i = 0; i < DES_KEY_SIZE; i++ )
+ if ( key[i] != odd_parity_table[key[i] / 2] )
+ return( 1 );
+
+ return( 0 );
+}
+
+/*
+ * Table of weak and semi-weak keys
+ *
+ * Source: http://en.wikipedia.org/wiki/Weak_key
+ *
+ * Weak:
+ * Alternating ones + zeros (0x0101010101010101)
+ * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
+ * '0xE0E0E0E0F1F1F1F1'
+ * '0x1F1F1F1F0E0E0E0E'
+ *
+ * Semi-weak:
+ * 0x011F011F010E010E and 0x1F011F010E010E01
+ * 0x01E001E001F101F1 and 0xE001E001F101F101
+ * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
+ * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
+ * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
+ * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
+ *
+ */
+
+#define WEAK_KEY_COUNT 16
+
+static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
+{
+ { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
+ { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
+ { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
+ { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
+
+ { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
+ { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
+ { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
+ { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
+ { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
+ { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
+ { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
+ { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
+ { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
+ { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
+ { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
+ { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
+};
+
+int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
+{
+ int i;
+
+ for( i = 0; i < WEAK_KEY_COUNT; i++ )
+ if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
+ return( 1 );
+
+ return( 0 );
+}
+
+static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
+{
+ int i;
+ uint32_t X, Y, T;
+
+ GET_UINT32_BE( X, key, 0 );
+ GET_UINT32_BE( Y, key, 4 );
+
+ /*
+ * Permuted Choice 1
+ */
+ T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
+ T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
+
+ X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
+ | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
+ | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
+ | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
+
+ Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
+ | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
+ | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
+ | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
+
+ X &= 0x0FFFFFFF;
+ Y &= 0x0FFFFFFF;
+
+ /*
+ * calculate subkeys
+ */
+ for( i = 0; i < 16; i++ )
+ {
+ if( i < 2 || i == 8 || i == 15 )
+ {
+ X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
+ Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
+ }
+ else
+ {
+ X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
+ Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
+ }
+
+ *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
+ | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
+ | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
+ | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
+ | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
+ | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
+ | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
+ | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
+ | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
+ | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
+ | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
+
+ *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
+ | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
+ | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
+ | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
+ | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
+ | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
+ | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
+ | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
+ | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
+ | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
+ | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
+ }
+}
+
+/*
+ * DES key schedule (56-bit, encryption)
+ */
+int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
+{
+ des_setkey( ctx->sk, key );
+
+ return( 0 );
+}
+
+/*
+ * DES key schedule (56-bit, decryption)
+ */
+int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
+{
+ int i;
+
+ des_setkey( ctx->sk, key );
+
+ for( i = 0; i < 16; i += 2 )
+ {
+ SWAP( ctx->sk[i ], ctx->sk[30 - i] );
+ SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
+ }
+
+ return( 0 );
+}
+
+static void des3_set2key( uint32_t esk[96],
+ uint32_t dsk[96],
+ const unsigned char key[DES_KEY_SIZE*2] )
+{
+ int i;
+
+ des_setkey( esk, key );
+ des_setkey( dsk + 32, key + 8 );
+
+ for( i = 0; i < 32; i += 2 )
+ {
+ dsk[i ] = esk[30 - i];
+ dsk[i + 1] = esk[31 - i];
+
+ esk[i + 32] = dsk[62 - i];
+ esk[i + 33] = dsk[63 - i];
+
+ esk[i + 64] = esk[i ];
+ esk[i + 65] = esk[i + 1];
+
+ dsk[i + 64] = dsk[i ];
+ dsk[i + 65] = dsk[i + 1];
+ }
+}
+
+/*
+ * Triple-DES key schedule (112-bit, encryption)
+ */
+int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
+{
+ uint32_t sk[96];
+
+ des3_set2key( ctx->sk, sk, key );
+ memset( sk, 0, sizeof( sk ) );
+
+ return( 0 );
+}
+
+/*
+ * Triple-DES key schedule (112-bit, decryption)
+ */
+int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
+{
+ uint32_t sk[96];
+
+ des3_set2key( sk, ctx->sk, key );
+ memset( sk, 0, sizeof( sk ) );
+
+ return( 0 );
+}
+
+static void des3_set3key( uint32_t esk[96],
+ uint32_t dsk[96],
+ const unsigned char key[24] )
+{
+ int i;
+
+ des_setkey( esk, key );
+ des_setkey( dsk + 32, key + 8 );
+ des_setkey( esk + 64, key + 16 );
+
+ for( i = 0; i < 32; i += 2 )
+ {
+ dsk[i ] = esk[94 - i];
+ dsk[i + 1] = esk[95 - i];
+
+ esk[i + 32] = dsk[62 - i];
+ esk[i + 33] = dsk[63 - i];
+
+ dsk[i + 64] = esk[30 - i];
+ dsk[i + 65] = esk[31 - i];
+ }
+}
+
+/*
+ * Triple-DES key schedule (168-bit, encryption)
+ */
+int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
+{
+ uint32_t sk[96];
+
+ des3_set3key( ctx->sk, sk, key );
+ memset( sk, 0, sizeof( sk ) );
+
+ return( 0 );
+}
+
+/*
+ * Triple-DES key schedule (168-bit, decryption)
+ */
+int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
+{
+ uint32_t sk[96];
+
+ des3_set3key( sk, ctx->sk, key );
+ memset( sk, 0, sizeof( sk ) );
+
+ return( 0 );
+}
+
+/*
+ * DES-ECB block encryption/decryption
+ */
+int des_crypt_ecb( des_context *ctx,
+ const unsigned char input[8],
+ unsigned char output[8] )
+{
+ int i;
+ uint32_t X, Y, T, *SK;
+
+ SK = ctx->sk;
+
+ GET_UINT32_BE( X, input, 0 );
+ GET_UINT32_BE( Y, input, 4 );
+
+ DES_IP( X, Y );
+
+ for( i = 0; i < 8; i++ )
+ {
+ DES_ROUND( Y, X );
+ DES_ROUND( X, Y );
+ }
+
+ DES_FP( Y, X );
+
+ PUT_UINT32_BE( Y, output, 0 );
+ PUT_UINT32_BE( X, output, 4 );
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+/*
+ * DES-CBC buffer encryption/decryption
+ */
+int des_crypt_cbc( des_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[8],
+ const unsigned char *input,
+ unsigned char *output )
+{
+ int i;
+ unsigned char temp[8];
+
+ if( length % 8 )
+ return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
+
+ if( mode == DES_ENCRYPT )
+ {
+ while( length > 0 )
+ {
+ for( i = 0; i < 8; i++ )
+ output[i] = (unsigned char)( input[i] ^ iv[i] );
+
+ des_crypt_ecb( ctx, output, output );
+ memcpy( iv, output, 8 );
+
+ input += 8;
+ output += 8;
+ length -= 8;
+ }
+ }
+ else /* DES_DECRYPT */
+ {
+ while( length > 0 )
+ {
+ memcpy( temp, input, 8 );
+ des_crypt_ecb( ctx, input, output );
+
+ for( i = 0; i < 8; i++ )
+ output[i] = (unsigned char)( output[i] ^ iv[i] );
+
+ memcpy( iv, temp, 8 );
+
+ input += 8;
+ output += 8;
+ length -= 8;
+ }
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+/*
+ * 3DES-ECB block encryption/decryption
+ */
+int des3_crypt_ecb( des3_context *ctx,
+ const unsigned char input[8],
+ unsigned char output[8] )
+{
+ int i;
+ uint32_t X, Y, T, *SK;
+
+ SK = ctx->sk;
+
+ GET_UINT32_BE( X, input, 0 );
+ GET_UINT32_BE( Y, input, 4 );
+
+ DES_IP( X, Y );
+
+ for( i = 0; i < 8; i++ )
+ {
+ DES_ROUND( Y, X );
+ DES_ROUND( X, Y );
+ }
+
+ for( i = 0; i < 8; i++ )
+ {
+ DES_ROUND( X, Y );
+ DES_ROUND( Y, X );
+ }
+
+ for( i = 0; i < 8; i++ )
+ {
+ DES_ROUND( Y, X );
+ DES_ROUND( X, Y );
+ }
+
+ DES_FP( Y, X );
+
+ PUT_UINT32_BE( Y, output, 0 );
+ PUT_UINT32_BE( X, output, 4 );
+
+ return( 0 );
+}
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+/*
+ * 3DES-CBC buffer encryption/decryption
+ */
+int des3_crypt_cbc( des3_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[8],
+ const unsigned char *input,
+ unsigned char *output )
+{
+ int i;
+ unsigned char temp[8];
+
+ if( length % 8 )
+ return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
+
+ if( mode == DES_ENCRYPT )
+ {
+ while( length > 0 )
+ {
+ for( i = 0; i < 8; i++ )
+ output[i] = (unsigned char)( input[i] ^ iv[i] );
+
+ des3_crypt_ecb( ctx, output, output );
+ memcpy( iv, output, 8 );
+
+ input += 8;
+ output += 8;
+ length -= 8;
+ }
+ }
+ else /* DES_DECRYPT */
+ {
+ while( length > 0 )
+ {
+ memcpy( temp, input, 8 );
+ des3_crypt_ecb( ctx, input, output );
+
+ for( i = 0; i < 8; i++ )
+ output[i] = (unsigned char)( output[i] ^ iv[i] );
+
+ memcpy( iv, temp, 8 );
+
+ input += 8;
+ output += 8;
+ length -= 8;
+ }
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#endif /* !POLARSSL_DES_ALT */
+
+#if defined(POLARSSL_SELF_TEST)
+
+#include <stdio.h>
+
+/*
+ * DES and 3DES test vectors from:
+ *
+ * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
+ */
+static const unsigned char des3_test_keys[24] =
+{
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
+ 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
+};
+
+static const unsigned char des3_test_buf[8] =
+{
+ 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
+};
+
+static const unsigned char des3_test_ecb_dec[3][8] =
+{
+ { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
+ { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
+ { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
+};
+
+static const unsigned char des3_test_ecb_enc[3][8] =
+{
+ { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
+ { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
+ { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
+};
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+static const unsigned char des3_test_iv[8] =
+{
+ 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
+};
+
+static const unsigned char des3_test_cbc_dec[3][8] =
+{
+ { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
+ { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
+ { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
+};
+
+static const unsigned char des3_test_cbc_enc[3][8] =
+{
+ { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
+ { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
+ { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
+};
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+/*
+ * Checkup routine
+ */
+int des_self_test( int verbose )
+{
+ int i, j, u, v;
+ des_context ctx;
+ des3_context ctx3;
+ unsigned char key[24];
+ unsigned char buf[8];
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ unsigned char prv[8];
+ unsigned char iv[8];
+#endif
+
+ memset( key, 0, 24 );
+
+ /*
+ * ECB mode
+ */
+ for( i = 0; i < 6; i++ )
+ {
+ u = i >> 1;
+ v = i & 1;
+
+ if( verbose != 0 )
+ polarssl_printf( " DES%c-ECB-%3d (%s): ",
+ ( u == 0 ) ? ' ' : '3', 56 + u * 56,
+ ( v == DES_DECRYPT ) ? "dec" : "enc" );
+
+ memcpy( buf, des3_test_buf, 8 );
+
+ switch( i )
+ {
+ case 0:
+ des_setkey_dec( &ctx, des3_test_keys );
+ break;
+
+ case 1:
+ des_setkey_enc( &ctx, des3_test_keys );
+ break;
+
+ case 2:
+ des3_set2key_dec( &ctx3, des3_test_keys );
+ break;
+
+ case 3:
+ des3_set2key_enc( &ctx3, des3_test_keys );
+ break;
+
+ case 4:
+ des3_set3key_dec( &ctx3, des3_test_keys );
+ break;
+
+ case 5:
+ des3_set3key_enc( &ctx3, des3_test_keys );
+ break;
+
+ default:
+ return( 1 );
+ }
+
+ for( j = 0; j < 10000; j++ )
+ {
+ if( u == 0 )
+ des_crypt_ecb( &ctx, buf, buf );
+ else
+ des3_crypt_ecb( &ctx3, buf, buf );
+ }
+
+ if( ( v == DES_DECRYPT &&
+ memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
+ ( v != DES_DECRYPT &&
+ memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
+ {
+ if( verbose != 0 )
+ polarssl_printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ if( verbose != 0 )
+ polarssl_printf( "passed\n" );
+ }
+
+ if( verbose != 0 )
+ polarssl_printf( "\n" );
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ /*
+ * CBC mode
+ */
+ for( i = 0; i < 6; i++ )
+ {
+ u = i >> 1;
+ v = i & 1;
+
+ if( verbose != 0 )
+ polarssl_printf( " DES%c-CBC-%3d (%s): ",
+ ( u == 0 ) ? ' ' : '3', 56 + u * 56,
+ ( v == DES_DECRYPT ) ? "dec" : "enc" );
+
+ memcpy( iv, des3_test_iv, 8 );
+ memcpy( prv, des3_test_iv, 8 );
+ memcpy( buf, des3_test_buf, 8 );
+
+ switch( i )
+ {
+ case 0:
+ des_setkey_dec( &ctx, des3_test_keys );
+ break;
+
+ case 1:
+ des_setkey_enc( &ctx, des3_test_keys );
+ break;
+
+ case 2:
+ des3_set2key_dec( &ctx3, des3_test_keys );
+ break;
+
+ case 3:
+ des3_set2key_enc( &ctx3, des3_test_keys );
+ break;
+
+ case 4:
+ des3_set3key_dec( &ctx3, des3_test_keys );
+ break;
+
+ case 5:
+ des3_set3key_enc( &ctx3, des3_test_keys );
+ break;
+
+ default:
+ return( 1 );
+ }
+
+ if( v == DES_DECRYPT )
+ {
+ for( j = 0; j < 10000; j++ )
+ {
+ if( u == 0 )
+ des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
+ else
+ des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+ }
+ }
+ else
+ {
+ for( j = 0; j < 10000; j++ )
+ {
+ unsigned char tmp[8];
+
+ if( u == 0 )
+ des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
+ else
+ des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+
+ memcpy( tmp, prv, 8 );
+ memcpy( prv, buf, 8 );
+ memcpy( buf, tmp, 8 );
+ }
+
+ memcpy( buf, prv, 8 );
+ }
+
+ if( ( v == DES_DECRYPT &&
+ memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
+ ( v != DES_DECRYPT &&
+ memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
+ {
+ if( verbose != 0 )
+ polarssl_printf( "failed\n" );
+
+ return( 1 );
+ }
+
+ if( verbose != 0 )
+ polarssl_printf( "passed\n" );
+ }
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+ if( verbose != 0 )
+ polarssl_printf( "\n" );
+
+ return( 0 );
+}
+
+#endif
+
+#endif
--- /dev/null
+/**
+ * \file des.h
+ *
+ * \brief DES block cipher
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_DES_H
+#define POLARSSL_DES_H
+
+//#include "config.h"
+/**
+ * \def POLARSSL_CIPHER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ */
+#define POLARSSL_CIPHER_MODE_CBC
+
+#include <string.h>
+
+#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
+#define DES_ENCRYPT 1
+#define DES_DECRYPT 0
+
+#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */
+
+#define DES_KEY_SIZE 8
+
+#if !defined(POLARSSL_DES_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief DES context structure
+ */
+typedef struct
+{
+ int mode; /*!< encrypt/decrypt */
+ uint32_t sk[32]; /*!< DES subkeys */
+}
+des_context;
+
+/**
+ * \brief Triple-DES context structure
+ */
+typedef struct
+{
+ int mode; /*!< encrypt/decrypt */
+ uint32_t sk[96]; /*!< 3DES subkeys */
+}
+des3_context;
+/*
+ * Triple-DES key schedule (112-bit, encryption)
+ */
+int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
+
+/*
+ * Triple-DES key schedule (112-bit, decryption)
+ */
+int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
+
+/*
+ * Triple-DES key schedule (168-bit, encryption)
+ */
+int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
+
+/*
+ * Triple-DES key schedule (168-bit, decryption)
+ */
+int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
+
+/**
+ * \brief Set key parity on the given key to odd.
+ *
+ * DES keys are 56 bits long, but each byte is padded with
+ * a parity bit to allow verification.
+ *
+ * \param key 8-byte secret key
+ */
+void des_key_set_parity( unsigned char key[DES_KEY_SIZE] );
+
+/**
+ * \brief Check that key parity on the given key is odd.
+ *
+ * DES keys are 56 bits long, but each byte is padded with
+ * a parity bit to allow verification.
+ *
+ * \param key 8-byte secret key
+ *
+ * \return 0 is parity was ok, 1 if parity was not correct.
+ */
+int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] );
+
+/**
+ * \brief Check that key is not a weak or semi-weak DES key
+ *
+ * \param key 8-byte secret key
+ *
+ * \return 0 if no weak key was found, 1 if a weak key was identified.
+ */
+int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] );
+
+/**
+ * \brief DES key schedule (56-bit, encryption)
+ *
+ * \param ctx DES context to be initialized
+ * \param key 8-byte secret key
+ *
+ * \return 0
+ */
+int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
+
+/**
+ * \brief DES key schedule (56-bit, decryption)
+ *
+ * \param ctx DES context to be initialized
+ * \param key 8-byte secret key
+ *
+ * \return 0
+ */
+int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
+
+/**
+ * \brief Triple-DES key schedule (112-bit, encryption)
+ *
+ * \param ctx 3DES context to be initialized
+ * \param key 16-byte secret key
+ *
+ * \return 0
+ */
+int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
+
+/**
+ * \brief Triple-DES key schedule (112-bit, decryption)
+ *
+ * \param ctx 3DES context to be initialized
+ * \param key 16-byte secret key
+ *
+ * \return 0
+ */
+int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
+
+/**
+ * \brief Triple-DES key schedule (168-bit, encryption)
+ *
+ * \param ctx 3DES context to be initialized
+ * \param key 24-byte secret key
+ *
+ * \return 0
+ */
+int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
+
+/**
+ * \brief Triple-DES key schedule (168-bit, decryption)
+ *
+ * \param ctx 3DES context to be initialized
+ * \param key 24-byte secret key
+ *
+ * \return 0
+ */
+int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
+
+/**
+ * \brief DES-ECB block encryption/decryption
+ *
+ * \param ctx DES context
+ * \param input 64-bit input block
+ * \param output 64-bit output block
+ *
+ * \return 0 if successful
+ */
+int des_crypt_ecb( des_context *ctx,
+ const unsigned char input[8],
+ unsigned char output[8] );
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+/**
+ * \brief DES-CBC buffer encryption/decryption
+ *
+ * \param ctx DES context
+ * \param mode DES_ENCRYPT or DES_DECRYPT
+ * \param length length of the input data
+ * \param iv initialization vector (updated after use)
+ * \param input buffer holding the input data
+ * \param output buffer holding the output data
+ */
+int des_crypt_cbc( des_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[8],
+ const unsigned char *input,
+ unsigned char *output );
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+/**
+ * \brief 3DES-ECB block encryption/decryption
+ *
+ * \param ctx 3DES context
+ * \param input 64-bit input block
+ * \param output 64-bit output block
+ *
+ * \return 0 if successful
+ */
+int des3_crypt_ecb( des3_context *ctx,
+ const unsigned char input[8],
+ unsigned char output[8] );
+
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+/**
+ * \brief 3DES-CBC buffer encryption/decryption
+ *
+ * \param ctx 3DES context
+ * \param mode DES_ENCRYPT or DES_DECRYPT
+ * \param length length of the input data
+ * \param iv initialization vector (updated after use)
+ * \param input buffer holding the input data
+ * \param output buffer holding the output data
+ *
+ * \return 0 if successful, or POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
+ */
+int des3_crypt_cbc( des3_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[8],
+ const unsigned char *input,
+ unsigned char *output );
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else /* POLARSSL_DES_ALT */
+#include "des_alt.h"
+#endif /* POLARSSL_DES_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Checkup routine
+ *
+ * \return 0 if successful, or 1 if the test failed
+ */
+int des_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* des.h */
--- /dev/null
+/**
+ * \file config.h
+ *
+ * \brief Configuration options (set of defines)
+ *
+ * Copyright (C) 2006-2014, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * This set of compile-time options may be used to enable
+ * or disable features selectively, and reduce the global
+ * memory footprint.
+ */
+#ifndef POLARSSL_CONFIG_H
+#define POLARSSL_CONFIG_H
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+/**
+ * \name SECTION: System support
+ *
+ * This section sets system specific settings.
+ * \{
+ */
+
+/**
+ * \def POLARSSL_HAVE_INT8
+ *
+ * The system uses 8-bit wide native integers.
+ *
+ * Uncomment if native integers are 8-bit wide.
+ */
+//#define POLARSSL_HAVE_INT8
+
+/**
+ * \def POLARSSL_HAVE_INT16
+ *
+ * The system uses 16-bit wide native integers.
+ *
+ * Uncomment if native integers are 16-bit wide.
+ */
+//#define POLARSSL_HAVE_INT16
+
+/**
+ * \def POLARSSL_HAVE_LONGLONG
+ *
+ * The compiler supports the 'long long' type.
+ * (Only used on 32-bit platforms)
+ */
+#define POLARSSL_HAVE_LONGLONG
+
+/**
+ * \def POLARSSL_HAVE_ASM
+ *
+ * The compiler has support for asm().
+ *
+ * Requires support for asm() in compiler.
+ *
+ * Used in:
+ * library/timing.c
+ * library/padlock.c
+ * include/polarssl/bn_mul.h
+ *
+ * Comment to disable the use of assembly code.
+ */
+#define POLARSSL_HAVE_ASM
+
+/**
+ * \def POLARSSL_HAVE_SSE2
+ *
+ * CPU supports SSE2 instruction set.
+ *
+ * Uncomment if the CPU supports SSE2 (IA-32 specific).
+ */
+//#define POLARSSL_HAVE_SSE2
+
+/**
+ * \def POLARSSL_HAVE_TIME
+ *
+ * System has time.h and time() / localtime() / gettimeofday().
+ *
+ * Comment if your system does not support time functions
+ */
+#define POLARSSL_HAVE_TIME
+
+/**
+ * \def POLARSSL_HAVE_IPV6
+ *
+ * System supports the basic socket interface for IPv6 (RFC 3493),
+ * specifically getaddrinfo(), freeaddrinfo() and struct sockaddr_storage.
+ *
+ * Note: on Windows/MingW, XP or higher is required.
+ *
+ * Comment if your system does not support the IPv6 socket interface
+ */
+#define POLARSSL_HAVE_IPV6
+
+/**
+ * \def POLARSSL_PLATFORM_MEMORY
+ *
+ * Enable the memory allocation layer.
+ *
+ * By default PolarSSL uses the system-provided malloc() and free().
+ * This allows different allocators (self-implemented or provided) to be
+ * provided to the platform abstraction layer.
+ *
+ * Enabling POLARSSL_PLATFORM_MEMORY will provide "platform_set_malloc_free()"
+ * to allow you to set an alternative malloc() and free() function pointer.
+ *
+ * Requires: POLARSSL_PLATFORM_C
+ *
+ * Enable this layer to allow use of alternative memory allocators.
+ */
+//#define POLARSSL_PLATFORM_MEMORY
+
+/**
+ * \def POLARSSL_PLATFORM_NO_STD_FUNCTIONS
+ *
+ * Do not assign standard functions in the platform layer (e.g. malloc() to
+ * POLARSSL_PLATFORM_STD_MALLOC and printf() to POLARSSL_PLATFORM_STD_PRINTF)
+ *
+ * This makes sure there are no linking errors on platforms that do not support
+ * these functions. You will HAVE to provide alternatives, either at runtime
+ * via the platform_set_xxx() functions or at compile time by setting
+ * the POLARSSL_PLATFORM_STD_XXX defines.
+ *
+ * Requires: POLARSSL_PLATFORM_C
+ *
+ * Uncomment to prevent default assignment of standard functions in the
+ * platform layer.
+ */
+//#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS
+
+/**
+ * \def POLARSSL_PLATFORM_XXX_ALT
+ *
+ * Uncomment a macro to let PolarSSL support the function in the platform
+ * abstraction layer.
+ *
+ * Example: In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT, PolarSSL will
+ * provide a function "platform_set_printf()" that allows you to set an
+ * alternative printf function pointer.
+ *
+ * All these define require POLARSSL_PLATFORM_C to be defined!
+ *
+ * Uncomment a macro to enable alternate implementation of specific base
+ * platform function
+ */
+//#define POLARSSL_PLATFORM_PRINTF_ALT
+//#define POLARSSL_PLATFORM_FPRINTF_ALT
+/* \} name SECTION: System support */
+
+/**
+ * \name SECTION: PolarSSL feature support
+ *
+ * This section sets support for features that are or are not needed
+ * within the modules that are enabled.
+ * \{
+ */
+
+/**
+ * \def POLARSSL_TIMING_ALT
+ *
+ * Uncomment to provide your own alternate implementation for hardclock(),
+ * get_timer(), set_alarm() and m_sleep().
+ *
+ * Only works if you have POLARSSL_TIMING_C enabled.
+ *
+ * You will need to provide a header "timing_alt.h" and an implementation at
+ * compile time.
+ */
+//#define POLARSSL_TIMING_ALT
+
+/**
+ * \def POLARSSL_XXX_ALT
+ *
+ * Uncomment a macro to let PolarSSL use your alternate core implementation of
+ * a symmetric or hash algorithm (e.g. platform specific assembly optimized
+ * implementations). Keep in mind that the function prototypes should remain
+ * the same.
+ *
+ * Example: In case you uncomment POLARSSL_AES_ALT, PolarSSL will no longer
+ * provide the "struct aes_context" definition and omit the base function
+ * declarations and implementations. "aes_alt.h" will be included from
+ * "aes.h" to include the new function definitions.
+ *
+ * Uncomment a macro to enable alternate implementation for core algorithm
+ * functions
+ */
+//#define POLARSSL_AES_ALT
+//#define POLARSSL_ARC4_ALT
+//#define POLARSSL_BLOWFISH_ALT
+//#define POLARSSL_CAMELLIA_ALT
+//#define POLARSSL_DES_ALT
+//#define POLARSSL_XTEA_ALT
+//#define POLARSSL_MD2_ALT
+//#define POLARSSL_MD4_ALT
+//#define POLARSSL_MD5_ALT
+//#define POLARSSL_RIPEMD160_ALT
+//#define POLARSSL_SHA1_ALT
+//#define POLARSSL_SHA256_ALT
+//#define POLARSSL_SHA512_ALT
+
+/**
+ * \def POLARSSL_AES_ROM_TABLES
+ *
+ * Store the AES tables in ROM.
+ *
+ * Uncomment this macro to store the AES tables in ROM.
+ *
+ */
+//#define POLARSSL_AES_ROM_TABLES
+
+/**
+ * \def POLARSSL_CIPHER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ */
+#define POLARSSL_CIPHER_MODE_CBC
+
+/**
+ * \def POLARSSL_CIPHER_MODE_CFB
+ *
+ * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
+ */
+#define POLARSSL_CIPHER_MODE_CFB
+
+/**
+ * \def POLARSSL_CIPHER_MODE_CTR
+ *
+ * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
+ */
+#define POLARSSL_CIPHER_MODE_CTR
+
+/**
+ * \def POLARSSL_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * the following ciphersuites:
+ * TLS_ECDH_ECDSA_WITH_NULL_SHA
+ * TLS_ECDH_RSA_WITH_NULL_SHA
+ * TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ * TLS_ECDHE_RSA_WITH_NULL_SHA
+ * TLS_ECDHE_PSK_WITH_NULL_SHA384
+ * TLS_ECDHE_PSK_WITH_NULL_SHA256
+ * TLS_ECDHE_PSK_WITH_NULL_SHA
+ * TLS_DHE_PSK_WITH_NULL_SHA384
+ * TLS_DHE_PSK_WITH_NULL_SHA256
+ * TLS_DHE_PSK_WITH_NULL_SHA
+ * TLS_RSA_WITH_NULL_SHA256
+ * TLS_RSA_WITH_NULL_SHA
+ * TLS_RSA_WITH_NULL_MD5
+ * TLS_RSA_PSK_WITH_NULL_SHA384
+ * TLS_RSA_PSK_WITH_NULL_SHA256
+ * TLS_RSA_PSK_WITH_NULL_SHA
+ * TLS_PSK_WITH_NULL_SHA384
+ * TLS_PSK_WITH_NULL_SHA256
+ * TLS_PSK_WITH_NULL_SHA
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+ */
+//#define POLARSSL_CIPHER_NULL_CIPHER
+
+/**
+ * \def POLARSSL_CIPHER_PADDING_XXX
+ *
+ * Uncomment or comment macros to add support for specific padding modes
+ * in the cipher layer with cipher modes that support padding (e.g. CBC)
+ *
+ * If you disable all padding modes, only full blocks can be used with CBC.
+ *
+ * Enable padding modes in the cipher layer.
+ */
+#define POLARSSL_CIPHER_PADDING_PKCS7
+#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
+#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN
+#define POLARSSL_CIPHER_PADDING_ZEROS
+
+/**
+ * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
+ *
+ * Enable weak ciphersuites in SSL / TLS.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * channels with virtually no security at all!
+ *
+ * This enables the following ciphersuites:
+ * TLS_RSA_WITH_DES_CBC_SHA
+ * TLS_DHE_RSA_WITH_DES_CBC_SHA
+ *
+ * Uncomment this macro to enable weak ciphersuites
+ */
+//#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
+
+/**
+ * \def POLARSSL_REMOVE_ARC4_CIPHERSUITES
+ *
+ * Remove RC4 ciphersuites by default in SSL / TLS.
+ * This flag removes the ciphersuites based on RC4 from the default list as
+ * returned by ssl_list_ciphersuites(). However, it is still possible to
+ * enable (some of) them with ssl_set_ciphersuites() by including them
+ * explicitly.
+ *
+ * Uncomment this macro to remove RC4 ciphersuites by default.
+ */
+//#define POLARSSL_REMOVE_ARC4_CIPHERSUITES
+
+/**
+ * \def POLARSSL_ECP_XXXX_ENABLED
+ *
+ * Enables specific curves within the Elliptic Curve module.
+ * By default all supported curves are enabled.
+ *
+ * Comment macros to disable the curve and functions for it
+ */
+#define POLARSSL_ECP_DP_SECP192R1_ENABLED
+#define POLARSSL_ECP_DP_SECP224R1_ENABLED
+#define POLARSSL_ECP_DP_SECP256R1_ENABLED
+#define POLARSSL_ECP_DP_SECP384R1_ENABLED
+#define POLARSSL_ECP_DP_SECP521R1_ENABLED
+#define POLARSSL_ECP_DP_SECP192K1_ENABLED
+#define POLARSSL_ECP_DP_SECP224K1_ENABLED
+#define POLARSSL_ECP_DP_SECP256K1_ENABLED
+#define POLARSSL_ECP_DP_BP256R1_ENABLED
+#define POLARSSL_ECP_DP_BP384R1_ENABLED
+#define POLARSSL_ECP_DP_BP512R1_ENABLED
+//#define POLARSSL_ECP_DP_M221_ENABLED // Not implemented yet!
+#define POLARSSL_ECP_DP_M255_ENABLED
+//#define POLARSSL_ECP_DP_M383_ENABLED // Not implemented yet!
+//#define POLARSSL_ECP_DP_M511_ENABLED // Not implemented yet!
+
+/**
+ * \def POLARSSL_ECP_NIST_OPTIM
+ *
+ * Enable specific 'modulo p' routines for each NIST prime.
+ * Depending on the prime and architecture, makes operations 4 to 8 times
+ * faster on the corresponding curve.
+ *
+ * Comment this macro to disable NIST curves optimisation.
+ */
+#define POLARSSL_ECP_NIST_OPTIM
+
+/**
+ * \def POLARSSL_ECDSA_DETERMINISTIC
+ *
+ * Enable deterministic ECDSA (RFC 6979).
+ * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
+ * may result in a compromise of the long-term signing key. This is avoided by
+ * the deterministic variant.
+ *
+ * Requires: POLARSSL_HMAC_DRBG_C
+ *
+ * Comment this macro to disable deterministic ECDSA.
+ */
+#define POLARSSL_ECDSA_DETERMINISTIC
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS.
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_PSK_WITH_AES_256_CBC_SHA
+ * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_PSK_WITH_AES_128_CBC_SHA
+ * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_PSK_WITH_RC4_128_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
+ *
+ * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_DHM_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_DHE_PSK_WITH_RC4_128_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
+ *
+ * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ * POLARSSL_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_RSA_PSK_WITH_RC4_128_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
+ *
+ * Enable the RSA-only based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ * POLARSSL_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_RSA_WITH_AES_256_CBC_SHA256
+ * TLS_RSA_WITH_AES_256_CBC_SHA
+ * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_RSA_WITH_AES_128_CBC_SHA
+ * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_RSA_WITH_RC4_128_SHA
+ * TLS_RSA_WITH_RC4_128_MD5
+ */
+#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
+ *
+ * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ * POLARSSL_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ *
+ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ * POLARSSL_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ *
+ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ *
+ * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+
+/**
+ * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ *
+ * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDH_RSA_WITH_RC4_128_SHA
+ * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+/**
+ * \def POLARSSL_PK_PARSE_EC_EXTENDED
+ *
+ * Enhance support for reading EC keys using variants of SEC1 not allowed by
+ * RFC 5915 and RFC 5480.
+ *
+ * Currently this means parsing the SpecifiedECDomain choice of EC
+ * parameters (only known groups are supported, not arbitrary domains, to
+ * avoid validation issues).
+ *
+ * Disable if you only need to support RFC 5915 + 5480 key formats.
+ */
+#define POLARSSL_PK_PARSE_EC_EXTENDED
+
+/**
+ * \def POLARSSL_ERROR_STRERROR_BC
+ *
+ * Make available the backward compatible error_strerror() next to the
+ * current polarssl_strerror().
+ *
+ * For new code, it is recommended to use polarssl_strerror() instead and
+ * disable this.
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * error_strerror()
+ */
+#define POLARSSL_ERROR_STRERROR_BC
+
+/**
+ * \def POLARSSL_ERROR_STRERROR_DUMMY
+ *
+ * Enable a dummy error function to make use of polarssl_strerror() in
+ * third party libraries easier when POLARSSL_ERROR_C is disabled
+ * (no effect when POLARSSL_ERROR_C is enabled).
+ *
+ * You can safely disable this if POLARSSL_ERROR_C is enabled, or if you're
+ * not using polarssl_strerror() or error_strerror() in your application.
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * polarssl_strerror()
+ */
+#define POLARSSL_ERROR_STRERROR_DUMMY
+
+/**
+ * \def POLARSSL_GENPRIME
+ *
+ * Enable the prime-number generation code.
+ *
+ * Requires: POLARSSL_BIGNUM_C
+ */
+#define POLARSSL_GENPRIME
+
+/**
+ * \def POLARSSL_FS_IO
+ *
+ * Enable functions that use the filesystem.
+ */
+#define POLARSSL_FS_IO
+
+/**
+ * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources. These are the platform specific,
+ * hardclock and HAVEGE based poll functions.
+ *
+ * This is useful to have more control over the added entropy sources in an
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+ */
+//#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+
+/**
+ * \def POLARSSL_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+//#define POLARSSL_NO_PLATFORM_ENTROPY
+
+/**
+ * \def POLARSSL_ENTROPY_FORCE_SHA256
+ *
+ * Force the entropy accumulator to use a SHA-256 accumulator instead of the
+ * default SHA-512 based one (if both are available).
+ *
+ * Requires: POLARSSL_SHA256_C
+ *
+ * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
+ * if you have performance concerns.
+ *
+ * This option is only useful if both POLARSSL_SHA256_C and
+ * POLARSSL_SHA512_C are defined. Otherwise the available hash module is used.
+ */
+//#define POLARSSL_ENTROPY_FORCE_SHA256
+
+/**
+ * \def POLARSSL_MEMORY_DEBUG
+ *
+ * Enable debugging of buffer allocator memory issues. Automatically prints
+ * (to stderr) all (fatal) messages on memory allocation issues. Enables
+ * function for 'debug output' of allocated memory.
+ *
+ * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
+ *
+ * Uncomment this macro to let the buffer allocator print out error messages.
+ */
+//#define POLARSSL_MEMORY_DEBUG
+
+/**
+ * \def POLARSSL_MEMORY_BACKTRACE
+ *
+ * Include backtrace information with each allocated block.
+ *
+ * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
+ * GLIBC-compatible backtrace() an backtrace_symbols() support
+ *
+ * Uncomment this macro to include backtrace information
+ */
+//#define POLARSSL_MEMORY_BACKTRACE
+
+/**
+ * \def POLARSSL_PKCS1_V15
+ *
+ * Enable support for PKCS#1 v1.5 encoding.
+ *
+ * Requires: POLARSSL_RSA_C
+ *
+ * This enables support for PKCS#1 v1.5 operations.
+ */
+#define POLARSSL_PKCS1_V15
+
+/**
+ * \def POLARSSL_PKCS1_V21
+ *
+ * Enable support for PKCS#1 v2.1 encoding.
+ *
+ * Requires: POLARSSL_MD_C, POLARSSL_RSA_C
+ *
+ * This enables support for RSAES-OAEP and RSASSA-PSS operations.
+ */
+#define POLARSSL_PKCS1_V21
+
+/**
+ * \def POLARSSL_RSA_NO_CRT
+ *
+ * Do not use the Chinese Remainder Theorem for the RSA private operation.
+ *
+ * Uncomment this macro to disable the use of CRT in RSA.
+ *
+ */
+//#define POLARSSL_RSA_NO_CRT
+
+/**
+ * \def POLARSSL_SELF_TEST
+ *
+ * Enable the checkup functions (*_self_test).
+ */
+#define POLARSSL_SELF_TEST
+
+/**
+ * \def POLARSSL_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, PolarSSL can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define POLARSSL_SSL_ALERT_MESSAGES
+
+/**
+ * \def POLARSSL_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+ */
+//#define POLARSSL_SSL_DEBUG_ALL
+
+/**
+ * \def POLARSSL_SSL_HW_RECORD_ACCEL
+ *
+ * Enable hooking functions in SSL module for hardware acceleration of
+ * individual records.
+ *
+ * Uncomment this macro to enable hooking functions.
+ */
+//#define POLARSSL_SSL_HW_RECORD_ACCEL
+
+/**
+ * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+ *
+ * Enable support for receiving and parsing SSLv2 Client Hello messages for the
+ * SSL Server module (POLARSSL_SSL_SRV_C).
+ *
+ * Comment this macro to disable support for SSLv2 Client Hello messages.
+ */
+#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+
+/**
+ * \def POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+ *
+ * Pick the ciphersuite according to the client's preferences rather than ours
+ * in the SSL Server module (POLARSSL_SSL_SRV_C).
+ *
+ * Uncomment this macro to respect client's ciphersuite order
+ */
+//#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+
+/**
+ * \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH
+ *
+ * Enable support for RFC 6066 max_fragment_length extension in SSL.
+ *
+ * Comment this macro to disable support for the max_fragment_length extension
+ */
+#define POLARSSL_SSL_MAX_FRAGMENT_LENGTH
+
+/**
+ * \def POLARSSL_SSL_PROTO_SSL3
+ *
+ * Enable support for SSL 3.0.
+ *
+ * Requires: POLARSSL_MD5_C
+ * POLARSSL_SHA1_C
+ *
+ * Comment this macro to disable support for SSL 3.0
+ */
+#define POLARSSL_SSL_PROTO_SSL3
+
+/**
+ * \def POLARSSL_SSL_PROTO_TLS1
+ *
+ * Enable support for TLS 1.0.
+ *
+ * Requires: POLARSSL_MD5_C
+ * POLARSSL_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.0
+ */
+#define POLARSSL_SSL_PROTO_TLS1
+
+/**
+ * \def POLARSSL_SSL_PROTO_TLS1_1
+ *
+ * Enable support for TLS 1.1.
+ *
+ * Requires: POLARSSL_MD5_C
+ * POLARSSL_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.1
+ */
+#define POLARSSL_SSL_PROTO_TLS1_1
+
+/**
+ * \def POLARSSL_SSL_PROTO_TLS1_2
+ *
+ * Enable support for TLS 1.2.
+ *
+ * Requires: POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C
+ * (Depends on ciphersuites)
+ *
+ * Comment this macro to disable support for TLS 1.2
+ */
+#define POLARSSL_SSL_PROTO_TLS1_2
+
+/**
+ * \def POLARSSL_SSL_ALPN
+ *
+ * Enable support for Application Layer Protocol Negotiation.
+ * draft-ietf-tls-applayerprotoneg-05
+ *
+ * Comment this macro to disable support for ALPN.
+ */
+#define POLARSSL_SSL_ALPN
+
+/**
+ * \def POLARSSL_SSL_SESSION_TICKETS
+ *
+ * Enable support for RFC 5077 session tickets in SSL.
+ *
+ * Requires: POLARSSL_AES_C
+ * POLARSSL_SHA256_C
+ * POLARSSL_CIPHER_MODE_CBC
+ *
+ * Comment this macro to disable support for SSL session tickets
+ */
+#define POLARSSL_SSL_SESSION_TICKETS
+
+/**
+ * \def POLARSSL_SSL_SERVER_NAME_INDICATION
+ *
+ * Enable support for RFC 6066 server name indication (SNI) in SSL.
+ *
+ * Comment this macro to disable support for server name indication in SSL
+ */
+#define POLARSSL_SSL_SERVER_NAME_INDICATION
+
+/**
+ * \def POLARSSL_SSL_TRUNCATED_HMAC
+ *
+ * Enable support for RFC 6066 truncated HMAC in SSL.
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+#define POLARSSL_SSL_TRUNCATED_HMAC
+
+/**
+ * \def POLARSSL_SSL_SET_CURVES
+ *
+ * Enable ssl_set_curves().
+ *
+ * This is disabled by default since it breaks binary compatibility with the
+ * 1.3.x line. If you choose to enable it, you will need to rebuild your
+ * application against the new header files, relinking will not be enough.
+ * It will be enabled by default, or no longer an option, in the 1.4 branch.
+ *
+ * Uncomment to make ssl_set_curves() available.
+ */
+//#define POLARSSL_SSL_SET_CURVES
+
+/**
+ * \def POLARSSL_THREADING_ALT
+ *
+ * Provide your own alternate threading implementation.
+ *
+ * Requires: POLARSSL_THREADING_C
+ *
+ * Uncomment this to allow your own alternate threading implementation.
+ */
+//#define POLARSSL_THREADING_ALT
+
+/**
+ * \def POLARSSL_THREADING_PTHREAD
+ *
+ * Enable the pthread wrapper layer for the threading layer.
+ *
+ * Requires: POLARSSL_THREADING_C
+ *
+ * Uncomment this to enable pthread mutexes.
+ */
+//#define POLARSSL_THREADING_PTHREAD
+
+/**
+ * \def POLARSSL_VERSION_FEATURES
+ *
+ * Allow run-time checking of compile-time enabled features. Thus allowing users
+ * to check at run-time if the library is for instance compiled with threading
+ * support via version_check_feature().
+ *
+ * Requires: POLARSSL_VERSION_C
+ *
+ * Comment this to disable run-time checking and save ROM space
+ */
+#define POLARSSL_VERSION_FEATURES
+
+/**
+ * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an extension in a v1 or v2 certificate.
+ *
+ * Uncomment to prevent an error.
+ */
+//#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
+
+/**
+ * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an unknown critical extension.
+ *
+ * Uncomment to prevent an error.
+ */
+//#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+
+/**
+ * \def POLARSSL_X509_CHECK_KEY_USAGE
+ *
+ * Enable verification of the keyUsage extension (CA and leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused
+ * (intermediate) CA and leaf certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip keyUsage checking for both CA and leaf certificates.
+ */
+#define POLARSSL_X509_CHECK_KEY_USAGE
+
+/**
+ * \def POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
+ *
+ * Enable verification of the extendedKeyUsage extension (leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip extendedKeyUsage checking for certificates.
+ */
+#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
+
+/**
+ * \def POLARSSL_X509_RSASSA_PSS_SUPPORT
+ *
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
+ *
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
+ */
+#define POLARSSL_X509_RSASSA_PSS_SUPPORT
+
+/**
+ * \def POLARSSL_ZLIB_SUPPORT
+ *
+ * If set, the SSL/TLS module uses ZLIB to support compression and
+ * decompression of packet data.
+ *
+ * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
+ * CRIME attack. Before enabling this option, you should examine with care if
+ * CRIME or similar exploits may be a applicable to your use case.
+ *
+ * Used in: library/ssl_tls.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This feature requires zlib library and headers to be present.
+ *
+ * Uncomment to enable use of ZLIB
+ */
+//#define POLARSSL_ZLIB_SUPPORT
+/* \} name SECTION: PolarSSL feature support */
+
+/**
+ * \name SECTION: PolarSSL modules
+ *
+ * This section enables or disables entire modules in PolarSSL
+ * \{
+ */
+
+/**
+ * \def POLARSSL_AESNI_C
+ *
+ * Enable AES-NI support on x86-64.
+ *
+ * Module: library/aesni.c
+ * Caller: library/aes.c
+ *
+ * Requires: POLARSSL_HAVE_ASM
+ *
+ * This modules adds support for the AES-NI instructions on x86-64
+ */
+//#define POLARSSL_AESNI_C
+
+/**
+ * \def POLARSSL_AES_C
+ *
+ * Enable the AES block cipher.
+ *
+ * Module: library/aes.c
+ * Caller: library/ssl_tls.c
+ * library/pem.c
+ * library/ctr_drbg.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ * TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ * TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ * TLS_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_RSA_WITH_AES_256_CBC_SHA256
+ * TLS_RSA_WITH_AES_256_CBC_SHA
+ * TLS_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_RSA_WITH_AES_128_CBC_SHA
+ * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ * TLS_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_PSK_WITH_AES_256_CBC_SHA
+ * TLS_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_PSK_WITH_AES_128_CBC_SHA
+ *
+ * PEM_PARSE uses AES for decrypting encrypted keys.
+ */
+#define POLARSSL_AES_C
+
+/**
+ * \def POLARSSL_ARC4_C
+ *
+ * Enable the ARCFOUR stream cipher.
+ *
+ * Module: library/arc4.c
+ * Caller: library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ * TLS_ECDH_RSA_WITH_RC4_128_SHA
+ * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ * TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ * TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ * TLS_DHE_PSK_WITH_RC4_128_SHA
+ * TLS_RSA_WITH_RC4_128_SHA
+ * TLS_RSA_WITH_RC4_128_MD5
+ * TLS_RSA_PSK_WITH_RC4_128_SHA
+ * TLS_PSK_WITH_RC4_128_SHA
+ */
+#define POLARSSL_ARC4_C
+
+/**
+ * \def POLARSSL_ASN1_PARSE_C
+ *
+ * Enable the generic ASN1 parser.
+ *
+ * Module: library/asn1.c
+ * Caller: library/x509.c
+ * library/dhm.c
+ * library/pkcs12.c
+ * library/pkcs5.c
+ * library/pkparse.c
+ */
+#define POLARSSL_ASN1_PARSE_C
+
+/**
+ * \def POLARSSL_ASN1_WRITE_C
+ *
+ * Enable the generic ASN1 writer.
+ *
+ * Module: library/asn1write.c
+ * Caller: library/ecdsa.c
+ * library/pkwrite.c
+ * library/x509_create.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
+ */
+#define POLARSSL_ASN1_WRITE_C
+
+/**
+ * \def POLARSSL_BASE64_C
+ *
+ * Enable the Base64 module.
+ *
+ * Module: library/base64.c
+ * Caller: library/pem.c
+ *
+ * This module is required for PEM support (required by X.509).
+ */
+#define POLARSSL_BASE64_C
+
+/**
+ * \def POLARSSL_BIGNUM_C
+ *
+ * Enable the multi-precision integer library.
+ *
+ * Module: library/bignum.c
+ * Caller: library/dhm.c
+ * library/ecp.c
+ * library/ecdsa.c
+ * library/rsa.c
+ * library/ssl_tls.c
+ *
+ * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
+ */
+#define POLARSSL_BIGNUM_C
+
+/**
+ * \def POLARSSL_BLOWFISH_C
+ *
+ * Enable the Blowfish block cipher.
+ *
+ * Module: library/blowfish.c
+ */
+#define POLARSSL_BLOWFISH_C
+
+/**
+ * \def POLARSSL_CAMELLIA_C
+ *
+ * Enable the Camellia block cipher.
+ *
+ * Module: library/camellia.c
+ * Caller: library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define POLARSSL_CAMELLIA_C
+
+/**
+ * \def POLARSSL_CCM_C
+ *
+ * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
+ *
+ * Module: library/ccm.c
+ *
+ * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
+ *
+ * This module enables the AES-CCM ciphersuites, if other requisites are
+ * enabled as well.
+ */
+#define POLARSSL_CCM_C
+
+/**
+ * \def POLARSSL_CERTS_C
+ *
+ * Enable the test certificates.
+ *
+ * Module: library/certs.c
+ * Caller:
+ *
+ * Requires: POLARSSL_PEM_PARSE_C
+ *
+ * This module is used for testing (ssl_client/server).
+ */
+#define POLARSSL_CERTS_C
+
+/**
+ * \def POLARSSL_CIPHER_C
+ *
+ * Enable the generic cipher layer.
+ *
+ * Module: library/cipher.c
+ * Caller: library/ssl_tls.c
+ *
+ * Uncomment to enable generic cipher wrappers.
+ */
+#define POLARSSL_CIPHER_C
+
+/**
+ * \def POLARSSL_CTR_DRBG_C
+ *
+ * Enable the CTR_DRBG AES-256-based random generator.
+ *
+ * Module: library/ctr_drbg.c
+ * Caller:
+ *
+ * Requires: POLARSSL_AES_C
+ *
+ * This module provides the CTR_DRBG AES-256 random number generator.
+ */
+#define POLARSSL_CTR_DRBG_C
+
+/**
+ * \def POLARSSL_DEBUG_C
+ *
+ * Enable the debug functions.
+ *
+ * Module: library/debug.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ *
+ * This module provides debugging functions.
+ */
+#define POLARSSL_DEBUG_C
+
+/**
+ * \def POLARSSL_DES_C
+ *
+ * Enable the DES block cipher.
+ *
+ * Module: library/des.c
+ * Caller: library/pem.c
+ * library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *
+ * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
+ */
+#define POLARSSL_DES_C
+
+/**
+ * \def POLARSSL_DHM_C
+ *
+ * Enable the Diffie-Hellman-Merkle module.
+ *
+ * Module: library/dhm.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ * DHE-RSA, DHE-PSK
+ */
+#define POLARSSL_DHM_C
+
+/**
+ * \def POLARSSL_ECDH_C
+ *
+ * Enable the elliptic curve Diffie-Hellman library.
+ *
+ * Module: library/ecdh.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
+ *
+ * Requires: POLARSSL_ECP_C
+ */
+#define POLARSSL_ECDH_C
+
+/**
+ * \def POLARSSL_ECDSA_C
+ *
+ * Enable the elliptic curve DSA library.
+ *
+ * Module: library/ecdsa.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ * ECDHE-ECDSA
+ *
+ * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
+ */
+#define POLARSSL_ECDSA_C
+
+/**
+ * \def POLARSSL_ECP_C
+ *
+ * Enable the elliptic curve over GF(p) library.
+ *
+ * Module: library/ecp.c
+ * Caller: library/ecdh.c
+ * library/ecdsa.c
+ *
+ * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED
+ */
+#define POLARSSL_ECP_C
+
+/**
+ * \def POLARSSL_ENTROPY_C
+ *
+ * Enable the platform-specific entropy code.
+ *
+ * Module: library/entropy.c
+ * Caller:
+ *
+ * Requires: POLARSSL_SHA512_C or POLARSSL_SHA256_C
+ *
+ * This module provides a generic entropy pool
+ */
+#define POLARSSL_ENTROPY_C
+
+/**
+ * \def POLARSSL_ERROR_C
+ *
+ * Enable error code to error string conversion.
+ *
+ * Module: library/error.c
+ * Caller:
+ *
+ * This module enables polarssl_strerror().
+ */
+#define POLARSSL_ERROR_C
+
+/**
+ * \def POLARSSL_GCM_C
+ *
+ * Enable the Galois/Counter Mode (GCM) for AES.
+ *
+ * Module: library/gcm.c
+ *
+ * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
+ *
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
+ */
+#define POLARSSL_GCM_C
+
+/**
+ * \def POLARSSL_HAVEGE_C
+ *
+ * Enable the HAVEGE random generator.
+ *
+ * Warning: the HAVEGE random generator is not suitable for virtualized
+ * environments
+ *
+ * Warning: the HAVEGE random generator is dependent on timing and specific
+ * processor traits. It is therefore not advised to use HAVEGE as
+ * your applications primary random generator or primary entropy pool
+ * input. As a secondary input to your entropy pool, it IS able add
+ * the (limited) extra entropy it provides.
+ *
+ * Module: library/havege.c
+ * Caller:
+ *
+ * Requires: POLARSSL_TIMING_C
+ *
+ * Uncomment to enable the HAVEGE random generator.
+ */
+//#define POLARSSL_HAVEGE_C
+
+/**
+ * \def POLARSSL_HMAC_DRBG_C
+ *
+ * Enable the HMAC_DRBG random generator.
+ *
+ * Module: library/hmac_drbg.c
+ * Caller:
+ *
+ * Requires: POLARSSL_MD_C
+ *
+ * Uncomment to enable the HMAC_DRBG random number geerator.
+ */
+#define POLARSSL_HMAC_DRBG_C
+
+/**
+ * \def POLARSSL_MD_C
+ *
+ * Enable the generic message digest layer.
+ *
+ * Module: library/md.c
+ * Caller:
+ *
+ * Uncomment to enable generic message digest wrappers.
+ */
+#define POLARSSL_MD_C
+
+/**
+ * \def POLARSSL_MD2_C
+ *
+ * Enable the MD2 hash algorithm.
+ *
+ * Module: library/md2.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD2-signed X.509 certs.
+ */
+//#define POLARSSL_MD2_C
+
+/**
+ * \def POLARSSL_MD4_C
+ *
+ * Enable the MD4 hash algorithm.
+ *
+ * Module: library/md4.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD4-signed X.509 certs.
+ */
+//#define POLARSSL_MD4_C
+
+/**
+ * \def POLARSSL_MD5_C
+ *
+ * Enable the MD5 hash algorithm.
+ *
+ * Module: library/md5.c
+ * Caller: library/md.c
+ * library/pem.c
+ * library/ssl_tls.c
+ *
+ * This module is required for SSL/TLS and X.509.
+ * PEM_PARSE uses MD5 for decrypting encrypted keys.
+ */
+#define POLARSSL_MD5_C
+
+/**
+ * \def POLARSSL_MEMORY_C
+ * Deprecated since 1.3.5. Please use POLARSSL_PLATFORM_MEMORY instead.
+ */
+//#define POLARSSL_MEMORY_C
+
+/**
+ * \def POLARSSL_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces malloc() and free()
+ * calls)
+ *
+ * Module: library/memory_buffer_alloc.c
+ *
+ * Requires: POLARSSL_PLATFORM_C
+ * POLARSSL_PLATFORM_MEMORY (to use it within PolarSSL)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+//#define POLARSSL_MEMORY_BUFFER_ALLOC_C
+
+/**
+ * \def POLARSSL_NET_C
+ *
+ * Enable the TCP/IP networking routines.
+ *
+ * Module: library/net.c
+ *
+ * This module provides TCP/IP networking routines.
+ */
+#define POLARSSL_NET_C
+
+/**
+ * \def POLARSSL_OID_C
+ *
+ * Enable the OID database.
+ *
+ * Module: library/oid.c
+ * Caller: library/asn1write.c
+ * library/pkcs5.c
+ * library/pkparse.c
+ * library/pkwrite.c
+ * library/rsa.c
+ * library/x509.c
+ * library/x509_create.c
+ * library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
+ *
+ * This modules translates between OIDs and internal values.
+ */
+#define POLARSSL_OID_C
+
+/**
+ * \def POLARSSL_PADLOCK_C
+ *
+ * Enable VIA Padlock support on x86.
+ *
+ * Module: library/padlock.c
+ * Caller: library/aes.c
+ *
+ * Requires: POLARSSL_HAVE_ASM
+ *
+ * This modules adds support for the VIA PadLock on x86.
+ */
+//#define POLARSSL_PADLOCK_C
+
+/**
+ * \def POLARSSL_PBKDF2_C
+ *
+ * Enable PKCS#5 PBKDF2 key derivation function.
+ * DEPRECATED: Use POLARSSL_PKCS5_C instead
+ *
+ * Module: library/pbkdf2.c
+ *
+ * Requires: POLARSSL_PKCS5_C
+ *
+ * This module adds support for the PKCS#5 PBKDF2 key derivation function.
+ */
+#define POLARSSL_PBKDF2_C
+
+/**
+ * \def POLARSSL_PEM_PARSE_C
+ *
+ * Enable PEM decoding / parsing.
+ *
+ * Module: library/pem.c
+ * Caller: library/dhm.c
+ * library/pkparse.c
+ * library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
+ *
+ * Requires: POLARSSL_BASE64_C
+ *
+ * This modules adds support for decoding / parsing PEM files.
+ */
+#define POLARSSL_PEM_PARSE_C
+
+/**
+ * \def POLARSSL_PEM_WRITE_C
+ *
+ * Enable PEM encoding / writing.
+ *
+ * Module: library/pem.c
+ * Caller: library/pkwrite.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
+ *
+ * Requires: POLARSSL_BASE64_C
+ *
+ * This modules adds support for encoding / writing PEM files.
+ */
+#define POLARSSL_PEM_WRITE_C
+
+/**
+ * \def POLARSSL_PK_C
+ *
+ * Enable the generic public (asymetric) key layer.
+ *
+ * Module: library/pk.c
+ * Caller: library/ssl_tls.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C
+ *
+ * Uncomment to enable generic public key wrappers.
+ */
+#define POLARSSL_PK_C
+
+/**
+ * \def POLARSSL_PK_PARSE_C
+ *
+ * Enable the generic public (asymetric) key parser.
+ *
+ * Module: library/pkparse.c
+ * Caller: library/x509_crt.c
+ * library/x509_csr.c
+ *
+ * Requires: POLARSSL_PK_C
+ *
+ * Uncomment to enable generic public key parse functions.
+ */
+#define POLARSSL_PK_PARSE_C
+
+/**
+ * \def POLARSSL_PK_WRITE_C
+ *
+ * Enable the generic public (asymetric) key writer.
+ *
+ * Module: library/pkwrite.c
+ * Caller: library/x509write.c
+ *
+ * Requires: POLARSSL_PK_C
+ *
+ * Uncomment to enable generic public key write functions.
+ */
+#define POLARSSL_PK_WRITE_C
+
+/**
+ * \def POLARSSL_PKCS5_C
+ *
+ * Enable PKCS#5 functions.
+ *
+ * Module: library/pkcs5.c
+ *
+ * Requires: POLARSSL_MD_C
+ *
+ * This module adds support for the PKCS#5 functions.
+ */
+#define POLARSSL_PKCS5_C
+
+/**
+ * \def POLARSSL_PKCS11_C
+ *
+ * Enable wrapper for PKCS#11 smartcard support.
+ *
+ * Module: library/pkcs11.c
+ * Caller: library/pk.c
+ *
+ * Requires: POLARSSL_PK_C
+ *
+ * This module enables SSL/TLS PKCS #11 smartcard support.
+ * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
+ */
+//#define POLARSSL_PKCS11_C
+
+/**
+ * \def POLARSSL_PKCS12_C
+ *
+ * Enable PKCS#12 PBE functions.
+ * Adds algorithms for parsing PKCS#8 encrypted private keys
+ *
+ * Module: library/pkcs12.c
+ * Caller: library/pkparse.c
+ *
+ * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C
+ * Can use: POLARSSL_ARC4_C
+ *
+ * This module enables PKCS#12 functions.
+ */
+#define POLARSSL_PKCS12_C
+
+/**
+ * \def POLARSSL_PLATFORM_C
+ *
+ * Enable the platform abstraction layer that allows you to re-assign
+ * functions like malloc(), free(), printf(), fprintf()
+ *
+ * Module: library/platform.c
+ * Caller: Most other .c files
+ *
+ * This module enables abstraction of common (libc) functions.
+ */
+//#define POLARSSL_PLATFORM_C
+
+/**
+ * \def POLARSSL_RIPEMD160_C
+ *
+ * Enable the RIPEMD-160 hash algorithm.
+ *
+ * Module: library/ripemd160.c
+ * Caller: library/md.c
+ *
+ */
+#define POLARSSL_RIPEMD160_C
+
+/**
+ * \def POLARSSL_RSA_C
+ *
+ * Enable the RSA public-key cryptosystem.
+ *
+ * Module: library/rsa.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ * library/x509.c
+ *
+ * This module is used by the following key exchanges:
+ * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
+ *
+ * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
+ */
+#define POLARSSL_RSA_C
+
+/**
+ * \def POLARSSL_SHA1_C
+ *
+ * Enable the SHA1 cryptographic hash algorithm.
+ *
+ * Module: library/sha1.c
+ * Caller: library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ * library/x509write_crt.c
+ *
+ * This module is required for SSL/TLS and SHA1-signed certificates.
+ */
+#define POLARSSL_SHA1_C
+
+/**
+ * \def POLARSSL_SHA256_C
+ *
+ * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
+ * (Used to be POLARSSL_SHA2_C)
+ *
+ * Module: library/sha256.c
+ * Caller: library/entropy.c
+ * library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ *
+ * This module adds support for SHA-224 and SHA-256.
+ * This module is required for the SSL/TLS 1.2 PRF function.
+ */
+#define POLARSSL_SHA256_C
+
+/**
+ * \def POLARSSL_SHA512_C
+ *
+ * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
+ * (Used to be POLARSSL_SHA4_C)
+ *
+ * Module: library/sha512.c
+ * Caller: library/entropy.c
+ * library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This module adds support for SHA-384 and SHA-512.
+ */
+#define POLARSSL_SHA512_C
+
+/**
+ * \def POLARSSL_SSL_CACHE_C
+ *
+ * Enable simple SSL cache implementation.
+ *
+ * Module: library/ssl_cache.c
+ * Caller:
+ *
+ * Requires: POLARSSL_SSL_CACHE_C
+ */
+#define POLARSSL_SSL_CACHE_C
+
+/**
+ * \def POLARSSL_SSL_CLI_C
+ *
+ * Enable the SSL/TLS client code.
+ *
+ * Module: library/ssl_cli.c
+ * Caller:
+ *
+ * Requires: POLARSSL_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS client support.
+ */
+#define POLARSSL_SSL_CLI_C
+
+/**
+ * \def POLARSSL_SSL_SRV_C
+ *
+ * Enable the SSL/TLS server code.
+ *
+ * Module: library/ssl_srv.c
+ * Caller:
+ *
+ * Requires: POLARSSL_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS server support.
+ */
+#define POLARSSL_SSL_SRV_C
+
+/**
+ * \def POLARSSL_SSL_TLS_C
+ *
+ * Enable the generic SSL/TLS code.
+ *
+ * Module: library/ssl_tls.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C
+ * and at least one of the POLARSSL_SSL_PROTO_* defines
+ *
+ * This module is required for SSL/TLS.
+ */
+#define POLARSSL_SSL_TLS_C
+
+/**
+ * \def POLARSSL_THREADING_C
+ *
+ * Enable the threading abstraction layer.
+ * By default PolarSSL assumes it is used in a non-threaded environment or that
+ * contexts are not shared between threads. If you do intend to use contexts
+ * between threads, you will need to enable this layer to prevent race
+ * conditions.
+ *
+ * Module: library/threading.c
+ *
+ * This allows different threading implementations (self-implemented or
+ * provided).
+ *
+ * You will have to enable either POLARSSL_THREADING_ALT or
+ * POLARSSL_THREADING_PTHREAD.
+ *
+ * Enable this layer to allow use of mutexes within PolarSSL
+ */
+//#define POLARSSL_THREADING_C
+
+/**
+ * \def POLARSSL_TIMING_C
+ *
+ * Enable the portable timing interface.
+ *
+ * Module: library/timing.c
+ * Caller: library/havege.c
+ *
+ * This module is used by the HAVEGE random number generator.
+ */
+#define POLARSSL_TIMING_C
+
+/**
+ * \def POLARSSL_VERSION_C
+ *
+ * Enable run-time version information.
+ *
+ * Module: library/version.c
+ *
+ * This module provides run-time version information.
+ */
+#define POLARSSL_VERSION_C
+
+/**
+ * \def POLARSSL_X509_USE_C
+ *
+ * Enable X.509 core for using certificates.
+ *
+ * Module: library/x509.c
+ * Caller: library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
+ *
+ * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C,
+ * POLARSSL_PK_PARSE_C
+ *
+ * This module is required for the X.509 parsing modules.
+ */
+#define POLARSSL_X509_USE_C
+
+/**
+ * \def POLARSSL_X509_CRT_PARSE_C
+ *
+ * Enable X.509 certificate parsing.
+ *
+ * Module: library/x509_crt.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ *
+ * Requires: POLARSSL_X509_USE_C
+ *
+ * This module is required for X.509 certificate parsing.
+ */
+#define POLARSSL_X509_CRT_PARSE_C
+
+/**
+ * \def POLARSSL_X509_CRL_PARSE_C
+ *
+ * Enable X.509 CRL parsing.
+ *
+ * Module: library/x509_crl.c
+ * Caller: library/x509_crt.c
+ *
+ * Requires: POLARSSL_X509_USE_C
+ *
+ * This module is required for X.509 CRL parsing.
+ */
+#define POLARSSL_X509_CRL_PARSE_C
+
+/**
+ * \def POLARSSL_X509_CSR_PARSE_C
+ *
+ * Enable X.509 Certificate Signing Request (CSR) parsing.
+ *
+ * Module: library/x509_csr.c
+ * Caller: library/x509_crt_write.c
+ *
+ * Requires: POLARSSL_X509_USE_C
+ *
+ * This module is used for reading X.509 certificate request.
+ */
+#define POLARSSL_X509_CSR_PARSE_C
+
+/**
+ * \def POLARSSL_X509_CREATE_C
+ *
+ * Enable X.509 core for creating certificates.
+ *
+ * Module: library/x509_create.c
+ *
+ * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C
+ *
+ * This module is the basis for creating X.509 certificates and CSRs.
+ */
+#define POLARSSL_X509_CREATE_C
+
+/**
+ * \def POLARSSL_X509_CRT_WRITE_C
+ *
+ * Enable creating X.509 certificates.
+ *
+ * Module: library/x509_crt_write.c
+ *
+ * Requires: POLARSSL_CREATE_C
+ *
+ * This module is required for X.509 certificate creation.
+ */
+#define POLARSSL_X509_CRT_WRITE_C
+
+/**
+ * \def POLARSSL_X509_CSR_WRITE_C
+ *
+ * Enable creating X.509 Certificate Signing Requests (CSR).
+ *
+ * Module: library/x509_csr_write.c
+ *
+ * Requires: POLARSSL_CREATE_C
+ *
+ * This module is required for X.509 certificate request writing.
+ */
+#define POLARSSL_X509_CSR_WRITE_C
+
+/**
+ * \def POLARSSL_XTEA_C
+ *
+ * Enable the XTEA block cipher.
+ *
+ * Module: library/xtea.c
+ * Caller:
+ */
+#define POLARSSL_XTEA_C
+
+/* \} name SECTION: PolarSSL modules */
+
+/**
+ * \name SECTION: Module configuration options
+ *
+ * This section allows for the setting of module specific sizes and
+ * configuration options. The default values are already present in the
+ * relevant header files and should suffice for the regular use cases.
+ *
+ * Our advice is to enable options and change their values here
+ * only if you have a good reason and know the consequences.
+ *
+ * Please check the respective header file for documentation on these
+ * parameters (to prevent duplicate documentation).
+ * \{
+ */
+
+/* MPI / BIGNUM options */
+//#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
+//#define POLARSSL_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
+
+/* CTR_DRBG options */
+//#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+//#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
+//#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
+//#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
+//#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+
+/* HMAC_DRBG options */
+//#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
+//#define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
+//#define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
+//#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+
+/* ECP options */
+//#define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
+//#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
+//#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
+
+/* Entropy options */
+//#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
+//#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
+
+/* Memory buffer allocator options */
+//#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
+
+/* Platform options */
+//#define POLARSSL_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */
+//#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
+//#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
+//#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
+
+/* SSL Cache options */
+//#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
+//#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
+
+/* SSL options */
+//#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
+//#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
+//#define POLARSSL_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
+
+/**
+ * Complete list of ciphersuites to use, in order of preference.
+ *
+ * \warning No dependency checking is done on that field! This option can only
+ * be used to restrict the set of available ciphersuites. It is your
+ * responsibility to make sure the needed modules are active.
+ *
+ * Use this to save a few hundred bytes of ROM (default ordering of all
+ * available ciphersuites) and a few to a few hundred bytes of RAM.
+ *
+ * The value below is only an example, not the default.
+ */
+//#define SSL_CIPHERSUITES TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+
+/* Debug options */
+//#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
+
+/* \} name SECTION: Module configuration options */
+
+
+#endif /* POLARSSL_CONFIG_H */
\r
\r
#define AT91C_EP_CONTROL 0\r
-#define AT91C_EP_IN_SIZE 0x40\r
#define AT91C_EP_OUT 1\r
-#define AT91C_EP_OUT_SIZE 0x40\r
#define AT91C_EP_IN 2\r
+#define AT91C_EP_NOTIFY 3\r
+#define AT91C_EP_OUT_SIZE 0x40\r
+#define AT91C_EP_IN_SIZE 0x40\r
+\r
+// Language must always be 0.\r
+#define STR_LANGUAGE_CODES 0x00\r
+#define STR_MANUFACTURER 0x01\r
+#define STR_PRODUCT 0x02\r
\r
static const char devDescriptor[] = {\r
/* Device descriptor */\r
0x12, // bLength\r
0x01, // bDescriptorType\r
0x00,0x02, // Complies with USB Spec. Release (0200h = release 2.0)\r
- 0x02, // bDeviceClass: CDC class code\r
- 0x00, // bDeviceSubclass: CDC class sub code\r
- 0x00, // bDeviceProtocol: CDC Device protocol\r
+ 0x02, // bDeviceClass: (Communication Device Class)\r
+ 0x00, // bDeviceSubclass: (unused at this time)\r
+ 0x00, // bDeviceProtocol: (unused at this time)\r
0x08, // bMaxPacketSize0\r
0xc4,0x9a, // Vendor ID (0x9ac4 = J. Westhues)\r
0x8f,0x4b, // Product ID (0x4b8f = Proxmark-3 RFID Instrument)\r
0x01,0x00, // Device release number (0001)\r
- 0x01, // iManufacturer\r
- 0x02, // iProduct\r
+ STR_MANUFACTURER, // iManufacturer\r
+ STR_PRODUCT, // iProduct\r
0x00, // iSerialNumber\r
0x01 // bNumConfigs\r
};\r
0xC0, // CbmAttributes 0xA0\r
0xFA, // CMaxPower\r
\r
- /* Communication Class Interface Descriptor Requirement */\r
+ /* Interface 0 Descriptor: Communication Class Interface */\r
0x09, // bLength\r
0x04, // bDescriptorType\r
0x00, // bInterfaceNumber\r
0x00, // bAlternateSetting\r
0x01, // bNumEndpoints\r
- 0x02, // bInterfaceClass\r
- 0x02, // bInterfaceSubclass\r
- 0x01, // bInterfaceProtocol\r
+ 0x02, // bInterfaceClass: Communication Interface Class\r
+ 0x02, // bInterfaceSubclass: Abstract Control Model\r
+ 0x01, // bInterfaceProtocol: Common AT Commands, V.25ter\r
0x00, // iInterface\r
\r
/* Header Functional Descriptor */\r
0x05, // bFunction Length\r
- 0x24, // bDescriptor type: CS_INTERFACE\r
- 0x00, // bDescriptor subtype: Header Func Desc\r
+ 0x24, // bDescriptor type: CS_INTERFACE\r
+ 0x00, // bDescriptor subtype: Header Functional Descriptor\r
0x10, // bcdCDC:1.1\r
0x01,\r
\r
/* ACM Functional Descriptor */\r
0x04, // bFunctionLength\r
- 0x24, // bDescriptor Type: CS_INTERFACE\r
- 0x02, // bDescriptor Subtype: ACM Func Desc\r
- 0x02, // bmCapabilities\r
+ 0x24, // bDescriptor Type: CS_INTERFACE\r
+ 0x02, // bDescriptor Subtype: Abstract Control Management Functional Descriptor\r
+ 0x02, // bmCapabilities: D1: Device supports the request combination of Set_Line_Coding, Set_Control_Line_State, Get_Line_Coding, and the notification Serial_State\r
\r
/* Union Functional Descriptor */\r
0x05, // bFunctionLength\r
- 0x24, // bDescriptorType: CS_INTERFACE\r
- 0x06, // bDescriptor Subtype: Union Func Desc\r
- 0x00, // bMasterInterface: Communication Class Interface\r
- 0x01, // bSlaveInterface0: Data Class Interface\r
+ 0x24, // bDescriptorType: CS_INTERFACE\r
+ 0x06, // bDescriptor Subtype: Union Functional Descriptor\r
+ 0x00, // bMasterInterface: Communication Class Interface\r
+ 0x01, // bSlaveInterface0: Data Class Interface\r
\r
/* Call Management Functional Descriptor */\r
0x05, // bFunctionLength\r
- 0x24, // bDescriptor Type: CS_INTERFACE\r
- 0x01, // bDescriptor Subtype: Call Management Func Desc\r
- 0x00, // bmCapabilities: D1 + D0\r
- 0x01, // bDataInterface: Data Class Interface 1\r
+ 0x24, // bDescriptor Type: CS_INTERFACE\r
+ 0x01, // bDescriptor Subtype: Call Management Functional Descriptor\r
+ 0x00, // bmCapabilities: Device sends/receives call management information only over the Communication Class interface. Device does not handle call management itself\r
+ 0x01, // bDataInterface: Data Class Interface 1\r
\r
/* Endpoint 1 descriptor */\r
0x07, // bLength\r
0x05, // bDescriptorType\r
- 0x83, // bEndpointAddress, Endpoint 03 - IN\r
- 0x03, // bmAttributes INT\r
- 0x08, // wMaxPacketSize\r
+ 0x83, // bEndpointAddress: Endpoint 03 - IN\r
+ 0x03, // bmAttributes: INT\r
+ 0x08, // wMaxPacketSize: 8\r
0x00,\r
0xFF, // bInterval\r
\r
- /* Data Class Interface Descriptor Requirement */\r
+ /* Interface 1 Descriptor: Data Class Interface */\r
0x09, // bLength\r
0x04, // bDescriptorType\r
0x01, // bInterfaceNumber\r
0x00, // bAlternateSetting\r
0x02, // bNumEndpoints\r
- 0x0A, // bInterfaceClass\r
- 0x00, // bInterfaceSubclass\r
- 0x00, // bInterfaceProtocol\r
+ 0x0A, // bInterfaceClass: Data Interface Class\r
+ 0x00, // bInterfaceSubclass: not used\r
+ 0x00, // bInterfaceProtocol: No class specific protocol required)\r
0x00, // iInterface\r
\r
- /* First alternate setting */\r
/* Endpoint 1 descriptor */\r
0x07, // bLength\r
0x05, // bDescriptorType\r
- 0x01, // bEndpointAddress, Endpoint 01 - OUT\r
- 0x02, // bmAttributes BULK\r
- AT91C_EP_OUT_SIZE, // wMaxPacketSize\r
+ 0x01, // bEndpointAddress: Endpoint 01 - OUT\r
+ 0x02, // bmAttributes: BULK\r
+ AT91C_EP_OUT_SIZE, // wMaxPacketSize\r
0x00,\r
0x00, // bInterval\r
\r
/* Endpoint 2 descriptor */\r
0x07, // bLength\r
0x05, // bDescriptorType\r
- 0x82, // bEndpointAddress, Endpoint 02 - IN\r
- 0x02, // bmAttributes BULK\r
+ 0x82, // bEndpointAddress: Endpoint 02 - IN\r
+ 0x02, // bmAttributes: BULK\r
AT91C_EP_IN_SIZE, // wMaxPacketSize\r
0x00,\r
0x00 // bInterval\r
0x03, // Type is string\r
0x09, 0x04 // supported language Code 0 = 0x0409 (English)\r
};\r
- \r
+\r
+// Note: ModemManager (Linux) ignores Proxmark3 devices by matching the\r
+// manufacturer string "proxmark.org". Don't change this.\r
static const char StrDescManufacturer[] = {\r
26, // Length\r
0x03, // Type is string\r
'M', 0x00,\r
'3', 0x00\r
};\r
- \r
-static const char* const pStrings[] =\r
-{\r
- StrDescLanguageCodes,\r
- StrDescManufacturer,\r
- StrDescProduct\r
-};\r
\r
const char* getStringDescriptor(uint8_t idx)\r
{\r
- if(idx >= (sizeof(pStrings) / sizeof(pStrings[0]))) {\r
- return(NULL);\r
- } else {\r
- return(pStrings[idx]);\r
+ switch (idx) {\r
+ case STR_LANGUAGE_CODES:\r
+ return StrDescLanguageCodes;\r
+ case STR_MANUFACTURER:\r
+ return StrDescManufacturer;\r
+ case STR_PRODUCT:\r
+ return StrDescProduct;\r
+ default:\r
+ return NULL;\r
}\r
}\r
\r
0, // None Parity\r
8}; // 8 Data bits\r
\r
+\r
void AT91F_CDC_Enumerate();\r
\r
AT91PS_UDP pUdp = AT91C_BASE_UDP;\r
byte_t btConnection = 0;\r
byte_t btReceiveBank = AT91C_UDP_RX_DATA_BK0;\r
\r
+\r
//*----------------------------------------------------------------------------\r
//* \fn usb_disable\r
//* \brief This function deactivates the USB device\r
//*----------------------------------------------------------------------------\r
void usb_disable() {\r
- // Disconnect the USB device\r
- AT91C_BASE_PIOA->PIO_ODR = GPIO_USB_PU;\r
- \r
- // Clear all lingering interrupts\r
- if(pUdp->UDP_ISR & AT91C_UDP_ENDBUSRES) {\r
- pUdp->UDP_ICR = AT91C_UDP_ENDBUSRES;\r
- }\r
+ // Disconnect the USB device\r
+ AT91C_BASE_PIOA->PIO_ODR = GPIO_USB_PU;\r
+\r
+ // Clear all lingering interrupts\r
+ if(pUdp->UDP_ISR & AT91C_UDP_ENDBUSRES) {\r
+ pUdp->UDP_ICR = AT91C_UDP_ENDBUSRES;\r
+ }\r
}\r
\r
+\r
//*----------------------------------------------------------------------------\r
//* \fn usb_enable\r
//* \brief This function Activates the USB device\r
//*----------------------------------------------------------------------------\r
void usb_enable() {\r
- // Set the PLL USB Divider\r
- AT91C_BASE_CKGR->CKGR_PLLR |= AT91C_CKGR_USBDIV_1 ;\r
- \r
- // Specific Chip USB Initialisation\r
- // Enables the 48MHz USB clock UDPCK and System Peripheral USB Clock\r
- AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_UDP;\r
- AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_UDP);\r
- \r
- // Enable UDP PullUp (USB_DP_PUP) : enable & Clear of the corresponding PIO\r
- // Set in PIO mode and Configure in Output\r
- AT91C_BASE_PIOA->PIO_PER = GPIO_USB_PU; // Set in PIO mode\r
+ // Set the PLL USB Divider\r
+ AT91C_BASE_CKGR->CKGR_PLLR |= AT91C_CKGR_USBDIV_1 ;\r
+\r
+ // Specific Chip USB Initialisation\r
+ // Enables the 48MHz USB clock UDPCK and System Peripheral USB Clock\r
+ AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_UDP;\r
+ AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_UDP);\r
+\r
+ // Enable UDP PullUp (USB_DP_PUP) : enable & Clear of the corresponding PIO\r
+ // Set in PIO mode and Configure in Output\r
+ AT91C_BASE_PIOA->PIO_PER = GPIO_USB_PU; // Set in PIO mode\r
AT91C_BASE_PIOA->PIO_OER = GPIO_USB_PU; // Configure as Output\r
- \r
- // Clear for set the Pullup resistor\r
+\r
+ // Clear for set the Pullup resistor\r
AT91C_BASE_PIOA->PIO_CODR = GPIO_USB_PU;\r
- \r
- // Disconnect and reconnect USB controller for 100ms\r
- usb_disable();\r
- \r
- // Wait for a short while\r
- for (volatile size_t i=0; i<0x100000; i++);\r
\r
- // Reconnect USB reconnect\r
- AT91C_BASE_PIOA->PIO_SODR = GPIO_USB_PU;\r
- AT91C_BASE_PIOA->PIO_OER = GPIO_USB_PU;\r
+ // Disconnect and reconnect USB controller for 100ms\r
+ usb_disable();\r
+\r
+ // Wait for a short while\r
+ for (volatile size_t i=0; i<0x100000; i++);\r
+\r
+ // Reconnect USB reconnect\r
+ AT91C_BASE_PIOA->PIO_SODR = GPIO_USB_PU;\r
+ AT91C_BASE_PIOA->PIO_OER = GPIO_USB_PU;\r
}\r
\r
+\r
//*----------------------------------------------------------------------------\r
//* \fn usb_check\r
//* \brief Test if the device is configured and handle enumeration\r
pUdp->UDP_FADDR = AT91C_UDP_FEN;\r
// Configure endpoint 0\r
pUdp->UDP_CSR[AT91C_EP_CONTROL] = (AT91C_UDP_EPEDS | AT91C_UDP_EPTYPE_CTRL);\r
- }\r
- else if (isr & AT91C_UDP_EPINT0) {\r
+ } else if (isr & AT91C_UDP_EPINT0) {\r
pUdp->UDP_ICR = AT91C_UDP_EPINT0;\r
AT91F_CDC_Enumerate();\r
}\r
\r
bool usb_poll()\r
{\r
- if (!usb_check()) return false;\r
- return (pUdp->UDP_CSR[AT91C_EP_OUT] & btReceiveBank);\r
+ if (!usb_check()) return false;\r
+ return (pUdp->UDP_CSR[AT91C_EP_OUT] & btReceiveBank);\r
}\r
\r
+\r
/**\r
In github PR #129, some users appears to get a false positive from\r
usb_poll, which returns true, but the usb_read operation\r
**/\r
bool usb_poll_validate_length()\r
{\r
-\r
if (!usb_check()) return false;\r
if (!(pUdp->UDP_CSR[AT91C_EP_OUT] & btReceiveBank)) return false;\r
return (pUdp->UDP_CSR[AT91C_EP_OUT] >> 16) > 0;\r
return nbBytesRcv;\r
}\r
\r
+\r
//*----------------------------------------------------------------------------\r
//* \fn usb_write\r
//* \brief Send through endpoint 2\r
//*----------------------------------------------------------------------------\r
uint32_t usb_write(const byte_t* data, const size_t len) {\r
- size_t length = len;\r
+ size_t length = len;\r
uint32_t cpt = 0;\r
\r
- if (!length) return 0;\r
- if (!usb_check()) return 0;\r
- \r
+ if (!length) return 0;\r
+ if (!usb_check()) return 0;\r
+\r
// Send the first packet\r
- cpt = MIN(length, AT91C_EP_IN_SIZE-1);\r
+ cpt = MIN(length, AT91C_EP_IN_SIZE);\r
length -= cpt;\r
- while (cpt--) pUdp->UDP_FDR[AT91C_EP_IN] = *data++;\r
+ while (cpt--) {\r
+ pUdp->UDP_FDR[AT91C_EP_IN] = *data++;\r
+ }\r
UDP_SET_EP_FLAGS(AT91C_EP_IN, AT91C_UDP_TXPKTRDY);\r
\r
while (length) {\r
- // Fill the second bank\r
- cpt = MIN(length, AT91C_EP_IN_SIZE-1);\r
+ // Fill the next bank\r
+ cpt = MIN(length, AT91C_EP_IN_SIZE);\r
length -= cpt;\r
- while (cpt--) pUdp->UDP_FDR[AT91C_EP_IN] = *data++;\r
- // Wait for the first bank to be sent\r
+ while (cpt--) {\r
+ pUdp->UDP_FDR[AT91C_EP_IN] = *data++;\r
+ }\r
+ // Wait for the previous bank to be sent\r
while (!(pUdp->UDP_CSR[AT91C_EP_IN] & AT91C_UDP_TXCOMP)) {\r
if (!usb_check()) return length;\r
- }\r
+ }\r
UDP_CLEAR_EP_FLAGS(AT91C_EP_IN, AT91C_UDP_TXCOMP);\r
while (pUdp->UDP_CSR[AT91C_EP_IN] & AT91C_UDP_TXCOMP);\r
UDP_SET_EP_FLAGS(AT91C_EP_IN, AT91C_UDP_TXPKTRDY);\r
}\r
- \r
+\r
// Wait for the end of transfer\r
while (!(pUdp->UDP_CSR[AT91C_EP_IN] & AT91C_UDP_TXCOMP)) {\r
if (!usb_check()) return length;\r
- }\r
- \r
+ }\r
+\r
UDP_CLEAR_EP_FLAGS(AT91C_EP_IN, AT91C_UDP_TXCOMP);\r
while (pUdp->UDP_CSR[AT91C_EP_IN] & AT91C_UDP_TXCOMP);\r
\r
return length;\r
}\r
\r
+\r
//*----------------------------------------------------------------------------\r
//* \fn AT91F_USB_SendData\r
//* \brief Send Data through the control endpoint\r
}\r
}\r
\r
+\r
//*----------------------------------------------------------------------------\r
//* \fn AT91F_USB_SendZlp\r
//* \brief Send zero length packet through the control endpoint\r
while (pUdp->UDP_CSR[AT91C_EP_CONTROL] & AT91C_UDP_TXCOMP);\r
}\r
\r
+\r
//*----------------------------------------------------------------------------\r
//* \fn AT91F_USB_SendStall\r
//* \brief Stall the control endpoint\r
while (pUdp->UDP_CSR[AT91C_EP_CONTROL] & (AT91C_UDP_FORCESTALL | AT91C_UDP_ISOERROR));\r
}\r
\r
+\r
//*----------------------------------------------------------------------------\r
//* \fn AT91F_CDC_Enumerate\r
//* \brief This function is a callback invoked when a SETUP packet is received\r
if ( !(pUdp->UDP_CSR[AT91C_EP_CONTROL] & AT91C_UDP_RXSETUP) )\r
return;\r
\r
- bmRequestType = pUdp->UDP_FDR[0];\r
- bRequest = pUdp->UDP_FDR[0];\r
- wValue = (pUdp->UDP_FDR[0] & 0xFF);\r
- wValue |= (pUdp->UDP_FDR[0] << 8);\r
- wIndex = (pUdp->UDP_FDR[0] & 0xFF);\r
- wIndex |= (pUdp->UDP_FDR[0] << 8);\r
- wLength = (pUdp->UDP_FDR[0] & 0xFF);\r
- wLength |= (pUdp->UDP_FDR[0] << 8);\r
+ bmRequestType = pUdp->UDP_FDR[AT91C_EP_CONTROL];\r
+ bRequest = pUdp->UDP_FDR[AT91C_EP_CONTROL];\r
+ wValue = (pUdp->UDP_FDR[AT91C_EP_CONTROL] & 0xFF);\r
+ wValue |= (pUdp->UDP_FDR[AT91C_EP_CONTROL] << 8);\r
+ wIndex = (pUdp->UDP_FDR[AT91C_EP_CONTROL] & 0xFF);\r
+ wIndex |= (pUdp->UDP_FDR[AT91C_EP_CONTROL] << 8);\r
+ wLength = (pUdp->UDP_FDR[AT91C_EP_CONTROL] & 0xFF);\r
+ wLength |= (pUdp->UDP_FDR[AT91C_EP_CONTROL] << 8);\r
\r
- if (bmRequestType & 0x80) {\r
+ if (bmRequestType & 0x80) { // Data Phase Transfer Direction Device to Host\r
UDP_SET_EP_FLAGS(AT91C_EP_CONTROL, AT91C_UDP_DIR);\r
while ( !(pUdp->UDP_CSR[AT91C_EP_CONTROL] & AT91C_UDP_DIR) );\r
}\r
btConfiguration = wValue;\r
AT91F_USB_SendZlp(pUdp);\r
pUdp->UDP_GLBSTATE = (wValue) ? AT91C_UDP_CONFG : AT91C_UDP_FADDEN;\r
- pUdp->UDP_CSR[1] = (wValue) ? (AT91C_UDP_EPEDS | AT91C_UDP_EPTYPE_BULK_OUT) : 0;\r
- pUdp->UDP_CSR[2] = (wValue) ? (AT91C_UDP_EPEDS | AT91C_UDP_EPTYPE_BULK_IN) : 0;\r
- pUdp->UDP_CSR[3] = (wValue) ? (AT91C_UDP_EPEDS | AT91C_UDP_EPTYPE_INT_IN) : 0;\r
+ pUdp->UDP_CSR[AT91C_EP_OUT] = (wValue) ? (AT91C_UDP_EPEDS | AT91C_UDP_EPTYPE_BULK_OUT) : 0;\r
+ pUdp->UDP_CSR[AT91C_EP_IN] = (wValue) ? (AT91C_UDP_EPEDS | AT91C_UDP_EPTYPE_BULK_IN) : 0;\r
+ pUdp->UDP_CSR[AT91C_EP_NOTIFY] = (wValue) ? (AT91C_UDP_EPEDS | AT91C_UDP_EPTYPE_INT_IN) : 0;\r
break;\r
case STD_GET_CONFIGURATION:\r
AT91F_USB_SendData(pUdp, (char *) &(btConfiguration), sizeof(btConfiguration));\r
break;\r
case STD_GET_STATUS_ZERO:\r
- wStatus = 0;\r
+ wStatus = 0; // Device is Bus powered, remote wakeup disabled\r
AT91F_USB_SendData(pUdp, (char *) &wStatus, sizeof(wStatus));\r
break;\r
case STD_GET_STATUS_INTERFACE:\r
- wStatus = 0;\r
+ wStatus = 0; // reserved for future use\r
AT91F_USB_SendData(pUdp, (char *) &wStatus, sizeof(wStatus));\r
break;\r
case STD_GET_STATUS_ENDPOINT:\r
wStatus = 0;\r
wIndex &= 0x0F;\r
- if ((pUdp->UDP_GLBSTATE & AT91C_UDP_CONFG) && (wIndex <= 3)) {\r
+ if ((pUdp->UDP_GLBSTATE & AT91C_UDP_CONFG) && (wIndex <= AT91C_EP_NOTIFY)) {\r
wStatus = (pUdp->UDP_CSR[wIndex] & AT91C_UDP_EPEDS) ? 0 : 1;\r
AT91F_USB_SendData(pUdp, (char *) &wStatus, sizeof(wStatus));\r
}\r
- else if ((pUdp->UDP_GLBSTATE & AT91C_UDP_FADDEN) && (wIndex == 0)) {\r
+ else if ((pUdp->UDP_GLBSTATE & AT91C_UDP_FADDEN) && (wIndex == AT91C_EP_CONTROL)) {\r
wStatus = (pUdp->UDP_CSR[wIndex] & AT91C_UDP_EPEDS) ? 0 : 1;\r
AT91F_USB_SendData(pUdp, (char *) &wStatus, sizeof(wStatus));\r
}\r
break;\r
case STD_SET_FEATURE_ENDPOINT:\r
wIndex &= 0x0F;\r
- if ((wValue == 0) && wIndex && (wIndex <= 3)) {\r
+ if ((wValue == 0) && (wIndex >= AT91C_EP_OUT) && (wIndex <= AT91C_EP_NOTIFY)) {\r
pUdp->UDP_CSR[wIndex] = 0;\r
AT91F_USB_SendZlp(pUdp);\r
}\r
break;\r
case STD_CLEAR_FEATURE_ENDPOINT:\r
wIndex &= 0x0F;\r
- if ((wValue == 0) && wIndex && (wIndex <= 3)) {\r
- if (wIndex == 1)\r
- pUdp->UDP_CSR[1] = (AT91C_UDP_EPEDS | AT91C_UDP_EPTYPE_BULK_OUT);\r
- else if (wIndex == 2)\r
- pUdp->UDP_CSR[2] = (AT91C_UDP_EPEDS | AT91C_UDP_EPTYPE_BULK_IN);\r
- else if (wIndex == 3)\r
- pUdp->UDP_CSR[3] = (AT91C_UDP_EPEDS | AT91C_UDP_EPTYPE_ISO_IN);\r
+ if ((wValue == 0) && (wIndex >= AT91C_EP_OUT) && (wIndex <= AT91C_EP_NOTIFY)) {\r
+ if (wIndex == AT91C_EP_OUT)\r
+ pUdp->UDP_CSR[AT91C_EP_OUT] = (AT91C_UDP_EPEDS | AT91C_UDP_EPTYPE_BULK_OUT);\r
+ else if (wIndex == AT91C_EP_IN)\r
+ pUdp->UDP_CSR[AT91C_EP_IN] = (AT91C_UDP_EPEDS | AT91C_UDP_EPTYPE_BULK_IN);\r
+ else if (wIndex == AT91C_EP_NOTIFY)\r
+ pUdp->UDP_CSR[AT91C_EP_NOTIFY] = (AT91C_UDP_EPEDS | AT91C_UDP_EPTYPE_INT_IN);\r
AT91F_USB_SendZlp(pUdp);\r
}\r
else\r
ISO14A_APPEND_CRC = (1 << 5),
ISO14A_SET_TIMEOUT = (1 << 6),
ISO14A_NO_SELECT = (1 << 7),
- ISO14A_TOPAZMODE = (1 << 8)
+ ISO14A_TOPAZMODE = (1 << 8),
+ ISO14A_NO_RATS = (1 << 9)
} iso14a_command_t;
typedef struct {
#define CMD_MIFARE_CSETBLOCK 0x0605
#define CMD_MIFARE_CGETBLOCK 0x0606
#define CMD_MIFARE_CIDENT 0x0607
+#define CMD_MIFARE_CWIPE 0x0608
#define CMD_SIMULATE_MIFARE_CARD 0x0610
--- /dev/null
+## General OpenOCD configuration
+# Ports
+telnet_port 4444
+gdb_port 3333
+
+## Interface configuration section
+# Interface
+
+# you can use
+#source [find interface/ftdi/dp_busblaster.cfg]
+# or
+
+interface ftdi
+ftdi_device_desc "Dual RS232-HS"
+ftdi_vid_pid 0x0403 0x6010
+
+ftdi_layout_init 0x0c08 0x0f1b
+ftdi_layout_signal nTRST -data 0x0100 -noe 0x0400
+ftdi_layout_signal nSRST -data 0x0200 -noe 0x0800
+
+adapter_khz 1000
+
+## Chipset configuration section
+# use combined on interfaces or targets that can't set TRST/SRST separately
+reset_config srst_only srst_pulls_trst
+
+jtag newtap sam7x cpu -irlen 4 -ircapture 0x1 -irmask 0xf -expected-id 0x3f0f0f0f
+
+target create sam7x.cpu arm7tdmi -endian little -chain-position sam7x.cpu
+
+sam7x.cpu configure -event reset-init {
+ soft_reset_halt
+ mww 0xfffffd00 0xa5000004 # RSTC_CR: Reset peripherals
+ mww 0xfffffd44 0x00008000 # WDT_MR: disable watchdog
+ mww 0xfffffd08 0xa5000001 # RSTC_MR enable user reset
+ mww 0xfffffc20 0x00005001 # CKGR_MOR : enable the main oscillator
+ sleep 10
+ mww 0xfffffc2c 0x000b1c02 # CKGR_PLLR: 16MHz * 12/2 = 96MHz
+ sleep 10
+ mww 0xfffffc30 0x00000007 # PMC_MCKR : MCK = PLL / 2 = 48 MHz
+ sleep 10
+ mww 0xffffff60 0x00480100 # MC_FMR: flash mode (FWS=1,FMCN=72)
+ sleep 100
+
+}
+
+# GDB can also flash my flash!
+gdb_memory_map enable
+gdb_breakpoint_override hard
+#armv4_5 core_state arm
+
+sam7x.cpu configure -work-area-virt 0 -work-area-phys 0x00200000 -work-area-size 0x10000 -work-area-backup 0
+flash bank sam7x512.flash.0 at91sam7 0 0 0 0 sam7x.cpu 0 0 0 0 0 0 0 18432
+flash bank sam7x512.flash.1 at91sam7 0 0 0 0 sam7x.cpu 1 0 0 0 0 0 0 18432
VPATH = ../../common ../../common/crapto1 ../../client
CC = gcc
LD = gcc
-CFLAGS = -std=c99 -D_ISOC99_SOURCE -I../../include -I../../common -I../../client -Wall -O3
-LDFLAGS =
+CFLAGS += -std=c99 -D_ISOC99_SOURCE -I../../include -I../../common -I../../client -Wall -O3
+LDFLAGS +=
OBJS = crypto1.o crapto1.o parity.o util_posix.o mfkey.o
EXES = mfkey32 mfkey64
projects / proxmark3-svn / commitdiff