Merge pull request #190 from LedgerHQ/remove_des

Remove DES-based algorithms
LedgerHQ · Jun 30, 2023 · 9727500 · 9727500
2 parents 0302de8 + 23e4e21
commit 9727500
Show file tree

Hide file tree

Showing 19 changed files with 12 additions and 538 deletions.
diff --git a/Makefile.conf.cx b/Makefile.conf.cx
@@ -1,6 +1,5 @@
 ### crypto hardware conf ###
 DEFINES  += HAVE_NES_CRYPT
-DEFINES  += HAVE_ST_EDES_PLUS
 DEFINES  += HAVE_ST_AES
 
 DEFINES  += NATIVE_LITTLE_ENDIAN
@@ -23,7 +22,6 @@ DEFINES    += HAVE_HMAC
 
 DEFINES    += HAVE_PBKDF2
 
-DEFINES    += HAVE_DES
 DEFINES    += HAVE_AES
 
 DEFINES    += HAVE_MATH

diff --git a/include/cx_stubs.h b/include/cx_stubs.h
@@ -43,11 +43,6 @@
 #define _NR_cx_crc16_update                          0x27
 #define _NR_cx_crc32                                 0x28
 #define _NR_cx_decode_coord                          0x29
-#define _NR_cx_des_dec_block                         0x2a
-#define _NR_cx_des_enc_block                         0x2b
-#define _NR_cx_des_init_key_no_throw                 0x2c
-#define _NR_cx_des_iv_no_throw                       0x2d
-#define _NR_cx_des_no_throw                          0x2e
 #define _NR_cx_ecdh_no_throw                         0x2f
 #define _NR_cx_ecdsa_sign_no_throw                   0x30
 #define _NR_cx_ecdsa_verify_no_throw                 0x31

diff --git a/include/ox.h b/include/ox.h
@@ -30,7 +30,6 @@
 
 #include "decorators.h"
 #include "ox_aes.h"
-#include "ox_des.h"
 #include "ox_bn.h"
 #include "ox_bls.h"
 #include "ox_ec.h"

diff --git a/include/ox_aes.h b/include/ox_aes.h
@@ -43,7 +43,7 @@
  * implementation of elliptic curves.
  *
  * Here is a non-exhaustive list of supported algorithms:
- * - AES and DES in different modes
+ * - AES in various modes
  * - ECDSA with a random or deterministic nonce
  * - EDDSA
  * - ECDH

diff --git a/include/ox_des.h b/include/ox_des.h
diff --git a/include/syscalls.h b/include/syscalls.h
@@ -10,9 +10,6 @@
 #define SYSCALL_cx_aes_set_key_hw_ID                               0x020000b2
 #define SYSCALL_cx_aes_reset_hw_ID                                 0x000000b3
 #define SYSCALL_cx_aes_block_hw_ID                                 0x020000b4
-#define SYSCALL_cx_des_set_key_hw_ID                               0x020000af
-#define SYSCALL_cx_des_reset_hw_ID                                 0x000000b0
-#define SYSCALL_cx_des_block_hw_ID                                 0x020000b1
 #define SYSCALL_cx_bn_lock_ID                                      0x02000112
 #define SYSCALL_cx_bn_unlock_ID                                    0x000000b6
 #define SYSCALL_cx_bn_is_locked_ID                                 0x000000b7

diff --git a/lib_cxng/cx.export b/lib_cxng/cx.export
@@ -46,11 +46,6 @@ cx_crc16
 cx_crc16_update
 cx_crc32
 cx_decode_coord
-cx_des_dec_block
-cx_des_enc_block
-cx_des_init_key_no_throw
-cx_des_iv_no_throw
-cx_des_no_throw
 cx_ecdh_no_throw
 cx_ecdsa_sign_no_throw
 cx_ecdsa_verify_no_throw

diff --git a/lib_cxng/include/lcx_cipher.h b/lib_cxng/include/lcx_cipher.h
@@ -5,15 +5,14 @@
  * @brief   API for block ciphers.
  *
  * This file contains the functions which enable to use standard block ciphers
- * like AES, DES and 3-DES for encryption and decryption in a specific mode of
+ * like AES for encryption and decryption in a specific mode of
  * operation.
  */
 #pragma once
 #include "cx_errors.h"
 #include "lcx_wrappers.h"
 #include "lcx_common.h"
 #include "lcx_aes.h"
-#include "lcx_des.h"
 #include <stddef.h>
 
 /** Maximum length of the initialization vector in bytes */
@@ -39,9 +38,6 @@ typedef enum {
     CX_CIPHER_AES_128,     ///< AES with a 128-bit key
     CX_CIPHER_AES_192,     ///< AES with a 192-bit key
     CX_CIPHER_AES_256,     ///< AES with a 256-bit key
-    CX_CIPHER_DES_64,      ///< DES with a 64-bit key
-    CX_CIPHER_3DES_128,    ///< 3DES with two keys
-    CX_CIPHER_3DES_192,    ///< 3DES with three keys
 } cx_cipher_id_t ;
 
 /** Generic key structure */
@@ -114,9 +110,6 @@ cx_err_t cx_cipher_init(cx_cipher_context_t *ctx);
  *                 - CX_CIPHER_AES_128
  *                 - CX_CIPHER_AES_192
  *                 - CX_CIPHER_AES_256
- *                 - CX_CIPHER_DES_64
- *                 - CX_CIPHER_3DES_128
- *                 - CX_CIPHER_3DES_192
  *
  * @param[in] mode Mode of operation:
  *                 - ECB

diff --git a/lib_cxng/include/lcx_common.h b/lib_cxng/include/lcx_common.h
@@ -78,22 +78,22 @@ typedef uint64_t uint64bits_t;
  * | 11:9           | 0000011000000000  | CX_RND_RFC6979                | Random from RFC6979                        |                       |
  * | 11:9           | 0000010000000000  | CX_RND_TRNG                   | Random from a PRNG                         |                       |
  * | 11:9           | 0000001000000000  | CX_RND_PRNG                   | Random from a TRNG                         |                       |
- * | 8:6            | 0000000100000000  | CX_CHAIN_OFB                  | Output feedback mode                       | AES/DES               |
- * | 8:6            | 0000000011000000  | CX_CHAIN_CFB                  | Cipher feedback mode                       | AES/DES               |
- * | 8:6            | 0000000010000000  | CX_CHAIN_CTR                  | Counter mode                               | AES/DES               |
- * | 8:6            | 0000000001000000  | CX_CHAIN_CBC                  | Cipher block chaining mode                 | AES/DES               |
+ * | 8:6            | 0000000100000000  | CX_CHAIN_OFB                  | Output feedback mode                       | AES                   |
+ * | 8:6            | 0000000011000000  | CX_CHAIN_CFB                  | Cipher feedback mode                       | AES                   |
+ * | 8:6            | 0000000010000000  | CX_CHAIN_CTR                  | Counter mode                               | AES                   |
+ * | 8:6            | 0000000001000000  | CX_CHAIN_CBC                  | Cipher block chaining mode                 | AES                   |
  * | 8:6            | 0000000001000000  | CX_NO_CANONICAL               | Do not compute a canonical signature       | ECDSA/EDDSA/ECSCHNORR |
- * | 8:6            | 0000000000000000  | CX_CHAIN_ECB                  | Electronic codebook mode                   | AES/DES               |
+ * | 8:6            | 0000000000000000  | CX_CHAIN_ECB                  | Electronic codebook mode                   | AES                   |
  * | 5:3            | 0000000010100000  | CX_PAD_PKCS1_OAEP             | PKCS1_OAEP padding                         |                       |
  * | 5:3            | 0000000010000000  | CX_PAD_PKCS1_PSS              | PKCS1_PSS padding                          |                       |
  * | 5:3            | 0000000001100000  | CX_PAD_PKCS1_1o5              | PKCS1-v1_5 padding                         |                       |
  * | 5:3            | 0000000001000000  | CX_PAD_ISO9797M2              | ISO9797 padding, method 2                  |                       |
  * | 5:3            | 0000000000100000  | CX_PAD_ISO9797M1              | ISO9797 padding, method 1                  |                       |
  * | 5:3            | 0000000000000000  | CX_PAD_NONE                   | No padding                                 |                       |
- * | 2:1            | 0000000000000110  | CX_SIGN                       | Signature                                  | AES/DES               |
- * | 2:1            | 0000000000000100  | CX_ENCRYPT                    | Encryption                                 | AES/DES               |
- * | 2:1            | 0000000000000010  | CX_VERIFY                     | Signature verification                     | AES/DES               |
- * | 2:1            | 0000000000000000  | CX_DECRYPT                    | Decryption                                 | AES/DES               |
+ * | 2:1            | 0000000000000110  | CX_SIGN                       | Signature                                  | AES                   |
+ * | 2:1            | 0000000000000100  | CX_ENCRYPT                    | Encryption                                 | AES                   |
+ * | 2:1            | 0000000000000010  | CX_VERIFY                     | Signature verification                     | AES                   |
+ * | 2:1            | 0000000000000000  | CX_DECRYPT                    | Decryption                                 | AES                   |
  * | 0              | 0000000000000001  | CX_LAST                       | Last block                                 |                       |
  */
 #define CX_FLAG
@@ -129,7 +129,7 @@ typedef uint64_t uint64bits_t;
 #define CX_PAD_PKCS1_OAEP (5 << 3)
 
 /**
- * Bit 8:6 DES/AES chaining
+ * Bit 8:6 AES chaining
  */
 #define CX_MASK_CHAIN (7 << 6)
 #define CX_CHAIN_ECB (0 << 6)