From 7aa27cfefb5ff7c3a5b827b3543313b5386b7604 Mon Sep 17 00:00:00 2001 From: Bjoern Kerler Date: Sun, 12 Apr 2020 17:10:27 +0200 Subject: [PATCH 1/9] Auth of des, 3des and aes working. --- armsrc/desfire_crypto_disabled.h | 18 - client/cmdhfmfdes.c | 394 ++++++++++- .../mifare/desfire_crypto.c | 632 +++++++++++++++++- client/mifare/desfire_crypto.h | 139 ++++ include/mifare.h | 5 +- 5 files changed, 1132 insertions(+), 56 deletions(-) delete mode 100644 armsrc/desfire_crypto_disabled.h rename armsrc/desfire_crypto_disabled.c => client/mifare/desfire_crypto.c (56%) create mode 100644 client/mifare/desfire_crypto.h diff --git a/armsrc/desfire_crypto_disabled.h b/armsrc/desfire_crypto_disabled.h deleted file mode 100644 index 23043b30d..000000000 --- a/armsrc/desfire_crypto_disabled.h +++ /dev/null @@ -1,18 +0,0 @@ -#ifndef __DESFIRE_CRYPTO_H -#define __DESFIRE_CRYPTO_H - -#include "common.h" -#include "desfire.h" - -void *mifare_cryto_preprocess_data(desfiretag_t tag, void *data, size_t *nbytes, size_t offset, int communication_settings); -void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes, int communication_settings); -void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, MifareCryptoDirection direction, MifareCryptoOperation operation, size_t block_size); -void mifare_cypher_blocks_chained(desfiretag_t tag, desfirekey_t key, uint8_t *ivect, uint8_t *data, size_t data_size, MifareCryptoDirection direction, MifareCryptoOperation operation); -size_t key_block_size(const desfirekey_t key); -size_t padded_data_length(const size_t nbytes, const size_t block_size); -size_t maced_data_length(const desfirekey_t key, const size_t nbytes); -size_t enciphered_data_length(const desfiretag_t tag, const size_t nbytes, int communication_settings); -void cmac_generate_subkeys(desfirekey_t key); -void cmac(const desfirekey_t key, uint8_t *ivect, const uint8_t *data, size_t len, uint8_t *cmac); - -#endif diff --git a/client/cmdhfmfdes.c b/client/cmdhfmfdes.c index 357d82e65..c10f97160 100644 --- a/client/cmdhfmfdes.c +++ b/client/cmdhfmfdes.c @@ -19,6 +19,7 @@ #include "cmdhw.h" #include "cmdhf14a.h" #include "mbedtls/des.h" +#include "mbedtls/aes.h" #include "crypto/libpcrypto.h" #include "protocols.h" #include "mifare.h" // desfire raw command options @@ -28,6 +29,11 @@ #include "emv/emvcore.h" // APDU logging #include "util_posix.h" // msleep #include "mifare/mifare4.h" // MIFARE Authenticate / MAC +#include "mifare/desfire_crypto.h" +#include "crapto1/crapto1.h" + +struct desfire_key defaultkey = {0}; +static desfirekey_t sessionkey = &defaultkey; uint8_t key_zero_data[16] = { 0x00 }; uint8_t key_ones_data[16] = { 0x01 }; @@ -331,6 +337,7 @@ static int send_desfire_cmd(sAPDU *apdu, bool select, uint8_t *dest, int *recv_l int res = DESFIRESendApdu(select, true, *apdu, data, sizeof(data), &resplen, sw); if (res != PM3_SUCCESS) { PrintAndLogEx(DEBUG, "%s", GetErrorString(res, sw)); + DropField(); return res; } if (dest != NULL) { @@ -340,11 +347,7 @@ static int send_desfire_cmd(sAPDU *apdu, bool select, uint8_t *dest, int *recv_l pos += resplen; if (!readalldata) { if (*sw == status(MFDES_ADDITIONAL_FRAME)) { - apdu->INS = MFDES_ABORT_TRANSACTION; - apdu->Lc = 0; - apdu->P1 = 0; - apdu->P2 = 0; - res = DESFIRESendApdu(false, true, *apdu, data, sizeof(data), &resplen, sw); + *recv_len=pos; return PM3_SUCCESS; } return res; @@ -359,6 +362,7 @@ static int send_desfire_cmd(sAPDU *apdu, bool select, uint8_t *dest, int *recv_l res = DESFIRESendApdu(false, true, *apdu, data, sizeof(data), &resplen, sw); if (res != PM3_SUCCESS) { PrintAndLogEx(DEBUG, "%s", GetErrorString(res, sw)); + DropField(); return res; } @@ -397,13 +401,303 @@ static nxp_cardtype_t getCardType(uint8_t major, uint8_t minor) { return UNKNOWN; } +int get_desfire_auth(mfdes_authinput_t* payload,mfdes_auth_res_t* rpayload) +{ + // 3 different way to authenticate AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32) + // 4 different crypto arg1 DES, 3DES, 3K3DES, AES + // 3 different communication modes, PLAIN,MAC,CRYPTO + + mbedtls_aes_context ctx; + + uint8_t keybytes[24]; + // Crypt constants + uint8_t IV[16] = {0x00}; + uint8_t RndA[16] = {0x00}; + uint8_t RndB[16] = {0x00}; + uint8_t encRndB[16] = {0x00}; + uint8_t rotRndB[16] = {0x00}; //RndB' + uint8_t both[32+1] = {0x00}; // ek/dk_keyNo(RndA+RndB') + + // Generate Random Value + uint32_t ng=msclock(); + uint32_t value = prng_successor(ng, 32); + num_to_bytes(value, 4, &RndA[0]); + value = prng_successor(ng, 32); + num_to_bytes(value, 4, &RndA[4]); + value = prng_successor(ng, 32); + num_to_bytes(value, 4, &RndA[8]); + value = prng_successor(ng, 32); + num_to_bytes(value, 4, &RndA[12]); + + // Default Keys + uint8_t PICC_MASTER_KEY8[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + uint8_t PICC_MASTER_KEY16[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + uint8_t PICC_MASTER_KEY24[24] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + //uint8_t null_key_data16[16] = {0x00}; + //uint8_t new_key_data8[8] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77}; + //uint8_t new_key_data16[16] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF}; + + + // Part 1 + if (payload->key == NULL) { + if (payload->algo == MFDES_AUTH_DES) { + memcpy(keybytes, PICC_MASTER_KEY8, 8); + } else if (payload->algo == MFDES_ALGO_AES || payload->algo == MFDES_ALGO_3DES) { + memcpy(keybytes, PICC_MASTER_KEY16, 16); + } else if (payload->algo == MFDES_ALGO_3DES) { + memcpy(keybytes, PICC_MASTER_KEY24, 24); + } + } else { + memcpy(keybytes, payload->key, payload->keylen); + } + + struct desfire_key defaultkey = {0}; + desfirekey_t key = &defaultkey; + + if (payload->algo == MFDES_ALGO_AES) { + mbedtls_aes_init(&ctx); + Desfire_aes_key_new(keybytes, key); + } else if (payload->algo == MFDES_ALGO_3DES) { + Desfire_3des_key_new_with_version(keybytes, key); + } else if (payload->algo == MFDES_ALGO_DES) { + Desfire_des_key_new(keybytes, key); + } else if (payload->algo == MFDES_ALGO_3K3DES) { + Desfire_3k3des_key_new_with_version(keybytes, key); + } + + uint8_t subcommand = MFDES_AUTHENTICATE; + + if (payload->mode == MFDES_AUTH_AES) + subcommand = MFDES_AUTHENTICATE_AES; + else if (payload->mode == MFDES_AUTH_ISO) + subcommand = MFDES_AUTHENTICATE_ISO; + + int recv_len = 0; + uint16_t sw = 0; + uint8_t recv_data[256]={0}; + + if (payload->mode != MFDES_AUTH_PICC) { + // Let's send our auth command + uint8_t data[] = {payload->keyno}; + sAPDU apdu = {0x90, subcommand, 0x00, 0x00, 0x01, data}; + int res = send_desfire_cmd(&apdu, false, recv_data, &recv_len, &sw, 0, false); + if (res != PM3_SUCCESS) { + PrintAndLogEx(SUCCESS, "Sending auth command %02X " _RED_("failed"),subcommand); + return PM3_ESOFT; + } + } else if (payload->mode == MFDES_AUTH_PICC) { + /*cmd[0] = AUTHENTICATE; + cmd[1] = payload->keyno; + len = DesfireAPDU(cmd, 2, resp); + */ + } + + if (!recv_len) { + PrintAndLogEx(ERR,"Authentication failed. Card timeout."); + return PM3_ESOFT; + } + + if (sw!=status(MFDES_ADDITIONAL_FRAME)) { + PrintAndLogEx(ERR,"Authentication failed. Invalid key number."); + return PM3_ESOFT; + } + + int expectedlen = 8; + if (payload->algo == MFDES_ALGO_AES || payload->algo == MFDES_ALGO_3K3DES) { + expectedlen = 16; + } + + if (recv_len != expectedlen) { + PrintAndLogEx(ERR,"Authentication failed. Length of answer %d doesn't match algo length %d.", recv_len, expectedlen); + return PM3_ESOFT; + } + int rndlen=recv_len; + + // Part 2 + if (payload->mode != MFDES_AUTH_PICC) { + memcpy(encRndB, recv_data, rndlen); + } else { + memcpy(encRndB, recv_data + 2, rndlen); + } + + + // Part 3 + if (payload->algo == MFDES_ALGO_AES) { + if (mbedtls_aes_setkey_dec(&ctx, key->data, 128) != 0) { + PrintAndLogEx(ERR,"mbedtls_aes_setkey_dec failed"); + return PM3_ESOFT; + } + mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, rndlen, IV, encRndB, RndB); + } + else if (payload->algo == MFDES_ALGO_DES) + des_dec(RndB, encRndB, key->data); + else if (payload->algo == MFDES_ALGO_3DES) + tdes_nxp_receive(encRndB, RndB, rndlen, key->data, IV,2); + else if (payload->algo == MFDES_ALGO_3K3DES) { + tdes_nxp_receive(encRndB, RndB, rndlen, key->data, IV,3); + } + + if (g_debugMode>1){ + PrintAndLogEx(INFO,"encRndB: %s",sprint_hex(encRndB,8)); + PrintAndLogEx(INFO,"RndB: %s",sprint_hex(RndB,8)); + } + + // - Rotate RndB by 8 bits + memcpy(rotRndB, RndB, rndlen); + rol(rotRndB, rndlen); + + uint8_t encRndA[16] = {0x00}; + + // - Encrypt our response + if (payload->mode == MFDES_AUTH_DES || payload->mode == MFDES_AUTH_PICC) { + des_dec(encRndA, RndA, key->data); + memcpy(both, encRndA, rndlen); + + for (int x = 0; x < rndlen; x++) { + rotRndB[x] = rotRndB[x] ^ encRndA[x]; + } + + des_dec(encRndB, rotRndB, key->data); + memcpy(both + rndlen, encRndB, rndlen); + } else if (payload->mode == MFDES_AUTH_ISO) { + if (payload->algo == MFDES_ALGO_3DES) { + uint8_t tmp[16] = {0x00}; + memcpy(tmp, RndA, rndlen); + memcpy(tmp + rndlen, rotRndB, rndlen); + if (g_debugMode>1) { + PrintAndLogEx(INFO, "rotRndB: %s", sprint_hex(rotRndB, rndlen)); + PrintAndLogEx(INFO, "Both: %s", sprint_hex(tmp, 16)); + } + tdes_nxp_send(tmp, both, 16, key->data, IV,2); + if (g_debugMode>1) { + PrintAndLogEx(INFO, "EncBoth: %s", sprint_hex(both, 16)); + } + } else if (payload->algo == MFDES_ALGO_3K3DES) { + uint8_t tmp[32] = {0x00}; + memcpy(tmp, RndA, rndlen); + memcpy(tmp + rndlen, rotRndB, rndlen); + if (g_debugMode>1) { + PrintAndLogEx(INFO, "rotRndB: %s", sprint_hex(rotRndB, rndlen)); + PrintAndLogEx(INFO, "Both3k3: %s", sprint_hex(tmp, 32)); + } + tdes_nxp_send(tmp, both, 32, key->data, IV,3); + if (g_debugMode>1) { + PrintAndLogEx(INFO, "EncBoth: %s", sprint_hex(both, 32)); + } + } + } else if (payload->mode == MFDES_AUTH_AES) { + uint8_t tmp[32] = {0x00}; + memcpy(tmp, RndA, rndlen); + memcpy(tmp + rndlen, rotRndB, rndlen); + if (g_debugMode>1) { + PrintAndLogEx(INFO, "rotRndB: %s", sprint_hex(rotRndB, rndlen)); + PrintAndLogEx(INFO, "Both3k3: %s", sprint_hex(tmp, 32)); + } + if (payload->algo == MFDES_ALGO_AES) { + if (mbedtls_aes_setkey_enc(&ctx, key->data, 128) != 0) { + PrintAndLogEx(ERR,"mbedtls_aes_setkey_enc failed"); + return PM3_ESOFT; + } + mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, 32, IV, tmp, both); + if (g_debugMode>1) { + PrintAndLogEx(INFO, "EncBoth: %s", sprint_hex(both, 32)); + } + } + } + + int bothlen = 16; + if (payload->algo == MFDES_ALGO_AES || payload->algo == MFDES_ALGO_3K3DES) { + bothlen = 32; + } + if (payload->mode != MFDES_AUTH_PICC) { + sAPDU apdu = {0x90, MFDES_ADDITIONAL_FRAME, 0x00, 0x00, bothlen, both}; + int res = send_desfire_cmd(&apdu, false, recv_data, &recv_len, &sw, 0, false); + if (res != PM3_SUCCESS) { + PrintAndLogEx(SUCCESS, "Sending auth command %02X " _RED_("failed"),subcommand); + return PM3_ESOFT; + } + } else { + /*cmd[0] = ADDITIONAL_FRAME; + memcpy(cmd + 1, both, 16); + len = DesfireAPDU(cmd, 1 + 16, resp); + + if (res != PM3_SUCCESS) { + PrintAndLogEx(SUCCESS, "Sending auth command %02X " _RED_("failed"),subcommand); + return PM3_ESOFT; + }*/ + } + + if (!recv_len) { + PrintAndLogEx(ERR,"Authentication failed. Card timeout."); + return PM3_ESOFT; + } + + if (payload->mode != MFDES_AUTH_PICC) { + if (sw!=status(MFDES_S_OPERATION_OK)) { + PrintAndLogEx(ERR,"Authentication failed."); + return PM3_ESOFT; + } + } else { + /*if (resp[1] != 0x00) { + PrintAndLogEx(ERR,"Authentication failed. Card timeout."); + return PM3_ESOFT; + }*/ + } + + // Part 4 + Desfire_session_key_new(RndA, RndB, key, sessionkey); + + if (payload->mode != MFDES_AUTH_PICC) { + memcpy(encRndA, recv_data, rndlen); + } else { + memcpy(encRndA, recv_data + 2, rndlen); + } + + if (payload->mode == MFDES_AUTH_DES || payload->mode == MFDES_AUTH_ISO || payload->mode == MFDES_AUTH_PICC) { + if (payload->algo == MFDES_ALGO_DES) + des_dec(encRndA, encRndA, key->data); + else if (payload->algo == MFDES_ALGO_3DES) + tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV,2); + else if (payload->algo == MFDES_ALGO_3K3DES) + tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV,3); + } else if (payload->mode == MFDES_AUTH_AES) { + if (mbedtls_aes_setkey_dec(&ctx, key->data, 128) != 0) { + PrintAndLogEx(ERR,"mbedtls_aes_setkey_dec failed"); + return PM3_ESOFT; + } + mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, rndlen, IV, encRndA, encRndA); + } + + rol(RndA, rndlen); + for (int x = 0; x < rndlen; x++) { + if (RndA[x] != encRndA[x]) { + PrintAndLogEx(ERR,"Authentication failed. Cannot verify Session Key."); + if (g_debugMode>1){ + PrintAndLogEx(INFO,"Expected_RndA : %s", sprint_hex(RndA, rndlen)); + PrintAndLogEx(INFO,"Generated_RndA : %s", sprint_hex(encRndA, rndlen)); + } + return PM3_ESOFT; + } + } + + rpayload->sessionkeylen = payload->keylen; + memcpy(rpayload->sessionkey, sessionkey->data, rpayload->sessionkeylen); + return PM3_SUCCESS; +} + // -- test if card supports 0x0A static int test_desfire_authenticate() { uint8_t data[] = {0x00}; sAPDU apdu = {0x90, MFDES_AUTHENTICATE, 0x00, 0x00, 0x01, data}; // 0x0A, KEY 0 int recv_len = 0; uint16_t sw = 0; - return send_desfire_cmd(&apdu, false, NULL, &recv_len, &sw, 0, false); + int res=send_desfire_cmd(&apdu, true, NULL, &recv_len, &sw, 0, false); + if (res==PM3_SUCCESS) + if (sw==status(MFDES_ADDITIONAL_FRAME)) { + DropField(); + return res; + } + return res; } // -- test if card supports 0x1A @@ -412,7 +706,13 @@ static int test_desfire_authenticate_iso() { sAPDU apdu = {0x90, MFDES_AUTHENTICATE_ISO, 0x00, 0x00, 0x01, data}; // 0x1A, KEY 0 int recv_len = 0; uint16_t sw = 0; - return send_desfire_cmd(&apdu, false, NULL, &recv_len, &sw, 0, false); + int res=send_desfire_cmd(&apdu, true, NULL, &recv_len, &sw, 0, false); + if (res==PM3_SUCCESS) + if (sw==status(MFDES_ADDITIONAL_FRAME)) { + DropField(); + return res; + } + return res; } // -- test if card supports 0xAA @@ -421,7 +721,13 @@ static int test_desfire_authenticate_aes() { sAPDU apdu = {0x90, MFDES_AUTHENTICATE_AES, 0x00, 0x00, 0x01, data}; // 0xAA, KEY 0 int recv_len = 0; uint16_t sw = 0; - return send_desfire_cmd(&apdu, false, NULL, &recv_len, &sw, 0, false); + int res=send_desfire_cmd(&apdu, true, NULL, &recv_len, &sw, 0, false); + if (res==PM3_SUCCESS) + if (sw==status(MFDES_ADDITIONAL_FRAME)) { + DropField(); + return res; + } + return res; } // --- GET FREE MEM @@ -1013,7 +1319,7 @@ static int CmdHF14ADesDeleteApp(const char *Cmd) { uint8_t aid[3] = {0}; CLIGetHexWithReturn(1, aid, &aidlength); CLIParserFree(); - + swap24(aid); if (aidlength < 3) { PrintAndLogEx(ERR, "AID must have 3 bytes length."); return PM3_EINVARG; @@ -1488,14 +1794,16 @@ static int CmdHF14ADesAuth(const char *Cmd) { CLIParserInit("hf mfdes auth", "Authenticates Mifare DESFire using Key", - "Usage:\n\t-m Auth type (1=normal, 2=iso, 3=aes)\n\t-t Crypt algo (1=DES, 2=3DES, 3=2K3DES, 4=3K3DES, 5=AES)\n\t-a aid (3 bytes)\n\t-n keyno\n\t-k key (8-24 bytes)\n\n" - "Example:\n\thf mfdes auth -m 3 -t 5 -a 838001 -n 0 -k 00000000000000000000000000000000\n" + "Usage:\n\t-m Auth type (1=normal, 2=iso, 3=aes)\n\t-t Crypt algo (1=DES, 2=3DES(2K2DES), 3=3K3DES, 5=AES)\n\t-a aid (3 bytes)\n\t-n keyno\n\t-k key (8-24 bytes)\n\n" + "Example:\n\thf mfdes auth -m 3 -t 4 -a 808301 -n 0 -k 00000000000000000000000000000000 (AES)" + "\n\thf mfdes auth -m 2 -t 2 -a 000000 -n 0 -k 00000000000000000000000000000000 (3DES)" + "\n\thf mfdes auth -m 1 -t 1 -a 000000 -n 0 -k 0000000000000000 (DES)" ); void *argtable[] = { arg_param_begin, arg_int0("mM", "type", "Auth type (1=normal, 2=iso, 3=aes, 4=picc)", NULL), - arg_int0("tT", "algo", "Crypt algo (1=DES, 2=3DES, 3=2K3DES, 4=3K3DES, 5=AES)", NULL), + arg_int0("tT", "algo", "Crypt algo (1=DES, 2=3DES(2K2DES), 4=3K3DES, 5=AES)", NULL), arg_strx0("aA", "aid", "", "AID used for authentification (HEX 3 bytes)"), arg_int0("nN", "keyno", "Key number used for authentification", NULL), arg_str0("kK", "key", "", "Key for checking (HEX 16 bytes)"), @@ -1536,7 +1844,7 @@ static int CmdHF14ADesAuth(const char *Cmd) { } break; case MFDES_AUTH_ISO: - if (cmdAuthAlgo != MFDES_ALGO_2K3DES && cmdAuthAlgo != MFDES_ALGO_3K3DES) { + if (cmdAuthAlgo != MFDES_ALGO_3DES && cmdAuthAlgo != MFDES_ALGO_3K3DES) { PrintAndLogEx(NORMAL, "Crypto algo not valid for the auth iso mode"); return PM3_EINVARG; } @@ -1559,13 +1867,9 @@ static int CmdHF14ADesAuth(const char *Cmd) { } switch (cmdAuthAlgo) { - case MFDES_ALGO_2K3DES: - keylength = 16; - PrintAndLogEx(NORMAL, "2 key 3DES selected"); - break; case MFDES_ALGO_3DES: keylength = 16; - PrintAndLogEx(NORMAL, "3DES selected"); + PrintAndLogEx(NORMAL, "2 key 3DES selected"); break; case MFDES_ALGO_3K3DES: keylength = 24; @@ -1605,7 +1909,7 @@ static int CmdHF14ADesAuth(const char *Cmd) { payload.mode = cmdAuthMode; payload.algo = cmdAuthAlgo; payload.keyno = cmdKeyNo; - SendCommandNG(CMD_HF_DESFIRE_AUTH1, (uint8_t *)&payload, sizeof(payload)); + /*SendCommandNG(CMD_HF_DESFIRE_AUTH1, (uint8_t *)&payload, sizeof(payload)); PacketResponseNG resp; @@ -1614,15 +1918,15 @@ static int CmdHF14ADesAuth(const char *Cmd) { DropField(); return PM3_ETIMEOUT; } - - uint8_t isOK = (resp.status == PM3_SUCCESS); - if (isOK) { - struct mfdes_auth_res *rpayload = (struct mfdes_auth_res *)&resp.data.asBytes; + */ + mfdes_auth_res_t rpayload; + if (get_desfire_auth(&payload,&rpayload)==PM3_SUCCESS) + { PrintAndLogEx(SUCCESS, " Key : " _GREEN_("%s"), sprint_hex(key, keylength)); - PrintAndLogEx(SUCCESS, " SESSION : " _GREEN_("%s"), sprint_hex(rpayload->sessionkey, keylength)); + PrintAndLogEx(SUCCESS, " SESSION : " _GREEN_("%s"), sprint_hex(rpayload.sessionkey, keylength)); PrintAndLogEx(INFO, "-------------------------------------------------------------"); } else { - PrintAndLogEx(WARNING, _RED_("Auth command failed, reason: %d."), resp.status); + return PM3_ESOFT; } PrintAndLogEx(INFO, "-------------------------------------------------------------"); return PM3_SUCCESS; @@ -1633,8 +1937,48 @@ static int CmdHF14ADesList(const char *Cmd) { return CmdTraceList("des"); } +static int CmdTest(const char *Cmd) { + (void)Cmd; // Cmd is not used so far + uint8_t IV[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + uint8_t key[16]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + + /*[=] encRndB: 1A BE 10 8D 09 E0 18 13 + [=] RndB: 57 9B 94 21 40 2C C6 D7 + [=] 3keyenc: 6E 6A EB 86 6E 6A EB 86 9B 94 21 40 2C C6 D7 00 + 6E 6A EB 86 6E 6A EB 86 9B 94 21 40 2C C6 D7 57 + [=] Both: 32 B2 E4 1A 14 CF 8B 34 B4 F9 30 43 5B 68 A3 FD + [=] RndA: 6E 6A EB 86 6E 6A EB 86 + */ + + uint8_t encRndB[8]={0x1A,0xBE,0x10,0x8D,0x09,0xE0,0x18,0x13}; + /* + * RndB_enc: DE 50 F9 23 10 CA F5 A5 + * RndB: 4C 64 7E 56 72 E2 A6 51 + * RndB_rot: 64 7E 56 72 E2 A6 51 4C + * RndA: C9 6C E3 5E 4D 60 87 F2 + * RndAB: C9 6C E3 5E 4D 60 87 F2 64 7E 56 72 E2 A6 51 4C + * RndAB_enc: E0 06 16 66 87 04 D5 54 9C 8D 6A 13 A0 F8 FC ED + */ + uint8_t RndB[8]={0}; + uint8_t RndA[8]={0x6E,0x6A,0xEB,0x86,0x6E,0x6A,0xEB,0x86}; + tdes_nxp_receive(encRndB, RndB, 8, key, IV,2); + uint8_t rotRndB[8]={0}; + memcpy(rotRndB, RndB, 8); + rol(rotRndB, 8); + uint8_t tmp[16] = {0x00}; + uint8_t both[16] = {0x00}; + memcpy(tmp, RndA, 8); + memcpy(tmp + 8, rotRndB, 8); + PrintAndLogEx(INFO,"3keyenc: %s",sprint_hex(tmp,16)); + PrintAndLogEx(SUCCESS, " Res : " _GREEN_("%s"), sprint_hex(IV,8)); + tdes_nxp_send(tmp, both, 16, key, IV,2); + PrintAndLogEx(SUCCESS, " Res : " _GREEN_("%s"), sprint_hex(both,16)); + return PM3_SUCCESS; +} + static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help"}, + {"test", CmdTest, AlwaysAvailable, "Test"}, {"info", CmdHF14ADesInfo, IfPm3Iso14443a, "Tag information"}, {"list", CmdHF14ADesList, AlwaysAvailable, "List DESFire (ISO 14443A) history"}, {"enum", CmdHF14ADesEnumApplications, IfPm3Iso14443a, "Tries enumerate all applications"}, diff --git a/armsrc/desfire_crypto_disabled.c b/client/mifare/desfire_crypto.c similarity index 56% rename from armsrc/desfire_crypto_disabled.c rename to client/mifare/desfire_crypto.c index 02896afa8..da0dc5d4b 100644 --- a/armsrc/desfire_crypto_disabled.c +++ b/client/mifare/desfire_crypto.c @@ -25,13 +25,625 @@ * Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication * May 2005 */ +#include "desfire_crypto.h" +#include +#include #include -#include "desfire_crypto_disabled.h" +#include "commonutil.h" #include "crc32.h" -#include "printf.h" -#include "desfire.h" -#include "iso14443a.h" #include "mbedtls/aes.h" +//#include "mbedtls/des.h" +#include "ui.h" +#include "crc.h" +#include "crc16.h" // crc16 ccitt + +const uint8_t sbox[256] = { + /* S-box 1 */ + 0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07, + 0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38, + 0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50, + 0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D, + /* S-box 2 */ + 0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A, + 0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5, + 0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F, + 0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9, + /* S-box 3 */ + 0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28, + 0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1, + 0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7, + 0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C, + /* S-box 4 */ + 0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F, + 0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9, + 0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84, + 0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E, + /* S-box 5 */ + 0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9, + 0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86, + 0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E, + 0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53, + /* S-box 6 */ + 0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B, + 0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38, + 0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6, + 0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D, + /* S-box 7 */ + 0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61, + 0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86, + 0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92, + 0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C, + /* S-box 8 */ + 0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7, + 0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92, + 0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58, + 0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B +}; + +const uint8_t e_permtab[] = { + 4, 6, /* 4 bytes in 6 bytes out*/ + 32, 1, 2, 3, 4, 5, + 4, 5, 6, 7, 8, 9, + 8, 9, 10, 11, 12, 13, + 12, 13, 14, 15, 16, 17, + 16, 17, 18, 19, 20, 21, + 20, 21, 22, 23, 24, 25, + 24, 25, 26, 27, 28, 29, + 28, 29, 30, 31, 32, 1 +}; + +const uint8_t p_permtab[] = { + 4, 4, /* 32 bit -> 32 bit */ + 16, 7, 20, 21, + 29, 12, 28, 17, + 1, 15, 23, 26, + 5, 18, 31, 10, + 2, 8, 24, 14, + 32, 27, 3, 9, + 19, 13, 30, 6, + 22, 11, 4, 25 +}; + +const uint8_t ip_permtab[] = { + 8, 8, /* 64 bit -> 64 bit */ + 58, 50, 42, 34, 26, 18, 10, 2, + 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, + 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, + 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, + 63, 55, 47, 39, 31, 23, 15, 7 +}; + +const uint8_t inv_ip_permtab[] = { + 8, 8, /* 64 bit -> 64 bit */ + 40, 8, 48, 16, 56, 24, 64, 32, + 39, 7, 47, 15, 55, 23, 63, 31, + 38, 6, 46, 14, 54, 22, 62, 30, + 37, 5, 45, 13, 53, 21, 61, 29, + 36, 4, 44, 12, 52, 20, 60, 28, + 35, 3, 43, 11, 51, 19, 59, 27, + 34, 2, 42, 10, 50, 18, 58, 26, + 33, 1, 41, 9, 49, 17, 57, 25 +}; + +const uint8_t pc1_permtab[] = { + 8, 7, /* 64 bit -> 56 bit*/ + 57, 49, 41, 33, 25, 17, 9, + 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, + 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, + 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, + 21, 13, 5, 28, 20, 12, 4 +}; + +const uint8_t pc2_permtab[] = { + 7, 6, /* 56 bit -> 48 bit */ + 14, 17, 11, 24, 1, 5, + 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, + 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, + 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, + 46, 42, 50, 36, 29, 32 +}; + +const uint8_t splitin6bitword_permtab[] = { + 8, 8, /* 64 bit -> 64 bit */ + 64, 64, 1, 6, 2, 3, 4, 5, + 64, 64, 7, 12, 8, 9, 10, 11, + 64, 64, 13, 18, 14, 15, 16, 17, + 64, 64, 19, 24, 20, 21, 22, 23, + 64, 64, 25, 30, 26, 27, 28, 29, + 64, 64, 31, 36, 32, 33, 34, 35, + 64, 64, 37, 42, 38, 39, 40, 41, + 64, 64, 43, 48, 44, 45, 46, 47 +}; + +const uint8_t shiftkey_permtab[] = { + 7, 7, /* 56 bit -> 56 bit */ + 2, 3, 4, 5, 6, 7, 8, 9, + 10, 11, 12, 13, 14, 15, 16, 17, + 18, 19, 20, 21, 22, 23, 24, 25, + 26, 27, 28, 1, + 30, 31, 32, 33, 34, 35, 36, 37, + 38, 39, 40, 41, 42, 43, 44, 45, + 46, 47, 48, 49, 50, 51, 52, 53, + 54, 55, 56, 29 +}; + +const uint8_t shiftkeyinv_permtab[] = { + 7, 7, + 28, 1, 2, 3, 4, 5, 6, 7, + 8, 9, 10, 11, 12, 13, 14, 15, + 16, 17, 18, 19, 20, 21, 22, 23, + 24, 25, 26, 27, + 56, 29, 30, 31, 32, 33, 34, 35, + 36, 37, 38, 39, 40, 41, 42, 43, + 44, 45, 46, 47, 48, 49, 50, 51, + 52, 53, 54, 55 +}; + +/* +1 0 +1 0 +2 1 +2 1 +2 1 +2 1 +2 1 +2 1 +---- +1 0 +2 1 +2 1 +2 1 +2 1 +2 1 +2 1 +1 0 +*/ +#define ROTTABLE 0x7EFC +#define ROTTABLE_INV 0x3F7E +/******************************************************************************/ + +void permute(const uint8_t *ptable, const uint8_t *in, uint8_t *out) { + uint8_t ob; /* in-bytes and out-bytes */ + uint8_t byte, bit; /* counter for bit and byte */ + ob = ptable[1]; + ptable = &(ptable[2]); + for (byte = 0; byte < ob; ++byte) { + uint8_t t = 0; + for (bit = 0; bit < 8; ++bit) { + uint8_t x = *ptable++ - 1; + t <<= 1; + if ((in[x / 8]) & (0x80 >> (x % 8))) { + t |= 0x01; + } + } + out[byte] = t; + } +} + +/******************************************************************************/ + +void changeendian32(uint32_t *a) { + *a = (*a & 0x000000FF) << 24 | + (*a & 0x0000FF00) << 8 | + (*a & 0x00FF0000) >> 8 | + (*a & 0xFF000000) >> 24; +} + +/******************************************************************************/ +static inline +void shiftkey(uint8_t *key) { + uint8_t k[7]; + memcpy(k, key, 7); + permute((uint8_t *)shiftkey_permtab, k, key); +} + +/******************************************************************************/ +static inline +void shiftkey_inv(uint8_t *key) { + uint8_t k[7]; + memcpy(k, key, 7); + permute((uint8_t *)shiftkeyinv_permtab, k, key); + +} + +/******************************************************************************/ +static inline +uint64_t splitin6bitwords(uint64_t a) { + uint64_t ret = 0; + a &= 0x0000ffffffffffffLL; + permute((uint8_t *)splitin6bitword_permtab, (uint8_t *)&a, (uint8_t *)&ret); + return ret; +} + +/******************************************************************************/ + +static inline +uint8_t substitute(uint8_t a, uint8_t *sbp) { + uint8_t x; + x = sbp[a >> 1]; + x = (a & 1) ? x & 0x0F : x >> 4; + return x; + +} + +/******************************************************************************/ + +uint32_t des_f(uint32_t r, uint8_t *kr) { + uint8_t i; + uint32_t t = 0, ret; + uint64_t data = 0; + uint8_t *sbp; /* sboxpointer */ + permute((uint8_t *)e_permtab, (uint8_t *)&r, (uint8_t *)&data); + for (i = 0; i < 6; ++i) + ((uint8_t *)&data)[i] ^= kr[i]; + + /* Sbox substitution */ + data = splitin6bitwords(data); + sbp = (uint8_t *)sbox; + for (i = 0; i < 8; ++i) { + uint8_t x; + x = substitute(((uint8_t *)&data)[i], sbp); + t <<= 4; + t |= x; + sbp += 32; + } + changeendian32(&t); + + permute((uint8_t *)p_permtab, (uint8_t *)&t, (uint8_t *)&ret); + + return ret; +} + +/******************************************************************************/ + +typedef struct { + union { + uint8_t v8[8]; + uint32_t v32[2]; + } d; +} des_data_t; +#define R (des_data.d.v32[1]) +#define L (des_data.d.v32[0]) + +void des_enc(void *out, const void *in, const void *key) { + + uint8_t kr[6], k[7]; + uint8_t i; + des_data_t des_data; + + permute((uint8_t *)ip_permtab, (uint8_t *)in, des_data.d.v8); + permute((uint8_t *)pc1_permtab, (const uint8_t *)key, k); + + for (i = 0; i < 8; ++i) { + shiftkey(k); + if (ROTTABLE & ((1 << ((i << 1) + 0)))) + shiftkey(k); + permute((uint8_t *)pc2_permtab, k, kr); + L ^= des_f(R, kr); + + shiftkey(k); + if (ROTTABLE & ((1 << ((i << 1) + 1)))) + shiftkey(k); + permute((uint8_t *)pc2_permtab, k, kr); + R ^= des_f(L, kr); + + } + /* L <-> R*/ + R ^= L; + L ^= R; + R ^= L; + + permute((uint8_t *)inv_ip_permtab, des_data.d.v8, (uint8_t *)out); +} + +/******************************************************************************/ + +void des_dec(void *out, const void *in, const void *key) { + + uint8_t kr[6], k[7]; + int8_t i; + des_data_t des_data; + + permute((uint8_t *)ip_permtab, (uint8_t *)in, des_data.d.v8); + permute((uint8_t *)pc1_permtab, (const uint8_t *)key, k); + for (i = 7; i >= 0; --i) { + + permute((uint8_t *)pc2_permtab, k, kr); + L ^= des_f(R, kr); + shiftkey_inv(k); + if (ROTTABLE & ((1 << ((i << 1) + 1)))) { + shiftkey_inv(k); + } + + permute((uint8_t *)pc2_permtab, k, kr); + R ^= des_f(L, kr); + shiftkey_inv(k); + if (ROTTABLE & ((1 << ((i << 1) + 0)))) { + shiftkey_inv(k); + } + + } + /* L <-> R*/ + R ^= L; + L ^= R; + R ^= L; + + permute((uint8_t *)inv_ip_permtab, des_data.d.v8, (uint8_t *)out); +} + +#undef R +#undef L +/******************************************************************************/ + +#ifndef AddCrc14A +# define AddCrc14A(data, len) compute_crc(CRC_14443_A, (data), (len), (data)+(len), (data)+(len)+1) +#endif + +#define htole32(x) (x) +#define CRC32_PRESET 0xFFFFFFFF + +static void crc32_byte(uint32_t *crc, const uint8_t value); + +static void crc32_byte(uint32_t *crc, const uint8_t value) { + /* x32 + x26 + x23 + x22 + x16 + x12 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x + 1 */ + const uint32_t poly = 0xEDB88320; + + *crc ^= value; + for (int current_bit = 7; current_bit >= 0; current_bit--) { + int bit_out = (*crc) & 0x00000001; + *crc >>= 1; + if (bit_out) + *crc ^= poly; + } +} + +void crc32_ex(const uint8_t *data, const size_t len, uint8_t *crc) { + uint32_t desfire_crc = CRC32_PRESET; + for (size_t i = 0; i < len; i++) { + crc32_byte(&desfire_crc, data[i]); + } + + *((uint32_t *)(crc)) = htole32(desfire_crc); +} + +void crc32_append(uint8_t *data, const size_t len) { + crc32_ex(data, len, data + len); +} + +static inline void update_key_schedules(desfirekey_t key); + +static inline void update_key_schedules(desfirekey_t key) { + // DES_set_key ((DES_cblock *)key->data, &(key->ks1)); + // DES_set_key ((DES_cblock *)(key->data + 8), &(key->ks2)); + // if (T_3K3DES == key->type) { + // DES_set_key ((DES_cblock *)(key->data + 16), &(key->ks3)); + // } +} + +/******************************************************************************/ + +/*void des_enc(void *out, const void *in, const void *key) { + mbedtls_des_context ctx; + mbedtls_des_setkey_enc(&ctx, key); + mbedtls_des_crypt_ecb(&ctx, in, out); + mbedtls_des_free(&ctx); +} + +void des_dec(void *out, const void *in, const void *key) { + mbedtls_des_context ctx; + mbedtls_des_setkey_dec(&ctx, key); + mbedtls_des_crypt_ecb(&ctx, in, out); + mbedtls_des_free(&ctx); +} +*/ + +void tdes_3key_enc(void *out, void *in, const void *key) { + des_enc(out, in, (uint8_t *)key + 0); + des_dec(out, out, (uint8_t *)key + 8); + des_enc(out, out, (uint8_t *)key + 16); +} + +void tdes_3key_dec(void *out, void *in, const uint8_t *key) { + des_dec(out, in, (uint8_t *)key + 16); + des_enc(out, out, (uint8_t *)key + 8); + des_dec(out, out, (uint8_t *)key + 0); +} + +void tdes_2key_enc(void *out, void *in, const void *key) { + des_enc(out, in, (uint8_t *)key + 0); + des_dec(out, out, (uint8_t *)key + 8); + des_enc(out, out, (uint8_t *)key + 0); +} + +void tdes_2key_dec(void *out, void *in, const uint8_t *key) { + des_dec(out, in, (uint8_t *)key + 0); + des_enc(out, out, (uint8_t *)key + 8); + des_dec(out, out, (uint8_t *)key + 0); +} + +void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode) { + + if (length % 8) return; + + uint8_t i; + unsigned char temp[8]; + uint8_t *tin = (uint8_t *) in; + uint8_t *tout = (uint8_t *) out; + + while (length > 0) { + memcpy(temp, tin, 8); + + if (keymode==2) tdes_2key_dec(tout,tin,key); + else if (keymode==3) tdes_3key_dec(tout,tin,key); + + for (i = 0; i < 8; i++) + tout[i] = (unsigned char)(tout[i] ^ iv[i]); + + memcpy(iv, temp, 8); + + tin += 8; + tout += 8; + length -= 8; + } +} + +void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode) { + + if (length % 8) return; + + uint8_t i; + uint8_t *tin = (uint8_t *) in; + uint8_t *tout = (uint8_t *) out; + + while (length > 0) { + for (i = 0; i < 8; i++) + tin[i] = (unsigned char)(tin[i] ^ iv[i]); + + if (keymode==2) tdes_2key_enc(tout,tin,key); + else if (keymode==3) tdes_3key_enc(tout,tin,key); + + memcpy(iv, tout, 8); + + tin += 8; + tout += 8; + length -= 8; + } +} + + + +void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key) { + uint8_t data[8]; + memcpy(data, value, 8); + for (int n = 0; n < 8; n++) + data[n] &= 0xfe; + Desfire_des_key_new_with_version(data, key); +} + +void Desfire_des_key_new_with_version(const uint8_t value[8], desfirekey_t key) { + if (key != NULL) { + key->type = T_DES; + memcpy(key->data, value, 8); + memcpy(key->data + 8, value, 8); + update_key_schedules(key); + } +} + +void Desfire_3des_key_new(const uint8_t value[16], desfirekey_t key) { + uint8_t data[16]; + memcpy(data, value, 16); + for (int n = 0; n < 8; n++) + data[n] &= 0xfe; + for (int n = 8; n < 16; n++) + data[n] |= 0x01; + Desfire_3des_key_new_with_version(data, key); +} + +void Desfire_3des_key_new_with_version(const uint8_t value[16], desfirekey_t key) { + if (key != NULL) { + key->type = T_3DES; + memcpy(key->data, value, 16); + update_key_schedules(key); + } +} + +void Desfire_3k3des_key_new(const uint8_t value[24], desfirekey_t key) { + uint8_t data[24]; + memcpy(data, value, 24); + for (int n = 0; n < 8; n++) + data[n] &= 0xfe; + Desfire_3k3des_key_new_with_version(data, key); +} + +void Desfire_3k3des_key_new_with_version(const uint8_t value[24], desfirekey_t key) { + if (key != NULL) { + key->type = T_3K3DES; + memcpy(key->data, value, 24); + update_key_schedules(key); + } +} + +void Desfire_aes_key_new(const uint8_t value[16], desfirekey_t key) { + Desfire_aes_key_new_with_version(value, 0, key); +} + +void Desfire_aes_key_new_with_version(const uint8_t value[16], uint8_t version, desfirekey_t key) { + + if (key != NULL) { + memcpy(key->data, value, 16); + key->type = T_AES; + key->aes_version = version; + } +} + +uint8_t Desfire_key_get_version(desfirekey_t key) { + uint8_t version = 0; + + for (int n = 0; n < 8; n++) { + version |= ((key->data[n] & 1) << (7 - n)); + } + return version; +} + +void Desfire_key_set_version(desfirekey_t key, uint8_t version) { + for (int n = 0; n < 8; n++) { + uint8_t version_bit = ((version & (1 << (7 - n))) >> (7 - n)); + key->data[n] &= 0xfe; + key->data[n] |= version_bit; + if (key->type == T_DES) { + key->data[n + 8] = key->data[n]; + } else { + // Write ~version to avoid turning a 3DES key into a DES key + key->data[n + 8] &= 0xfe; + key->data[n + 8] |= ~version_bit; + } + } +} + +void Desfire_session_key_new(const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey, desfirekey_t key) { + + uint8_t buffer[24]; + + switch (authkey->type) { + case T_DES: + memcpy(buffer, rnda, 4); + memcpy(buffer + 4, rndb, 4); + Desfire_des_key_new_with_version(buffer, key); + break; + case T_3DES: + memcpy(buffer, rnda, 4); + memcpy(buffer + 4, rndb, 4); + memcpy(buffer + 8, rnda + 4, 4); + memcpy(buffer + 12, rndb + 4, 4); + Desfire_3des_key_new_with_version(buffer, key); + break; + case T_3K3DES: + memcpy(buffer, rnda, 4); + memcpy(buffer + 4, rndb, 4); + memcpy(buffer + 8, rnda + 6, 4); + memcpy(buffer + 12, rndb + 6, 4); + memcpy(buffer + 16, rnda + 12, 4); + memcpy(buffer + 20, rndb + 12, 4); + Desfire_3k3des_key_new(buffer, key); + break; + case T_AES: + memcpy(buffer, rnda, 4); + memcpy(buffer + 4, rndb, 4); + memcpy(buffer + 8, rnda + 12, 4); + memcpy(buffer + 12, rndb + 12, 4); + Desfire_aes_key_new(buffer, key); + break; + } +} static void xor(const uint8_t *ivect, uint8_t *data, const size_t len); static size_t key_macing_length(desfirekey_t key); @@ -449,7 +1061,7 @@ void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes do { uint16_t crc_16 = 0x00; - uint32_t crc; + uint32_t crc=0x00; switch (DESFIRE(tag)->authentication_scheme) { case AS_LEGACY: AddCrc14A((uint8_t *)res, end_crc_pos); @@ -508,7 +1120,7 @@ void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes break; default: - Dbprintf("Unknown communication settings"); + PrintAndLogEx(ERR,"Unknown communication settings"); *nbytes = -1; res = NULL; break; @@ -548,26 +1160,26 @@ void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); - tdes_enc(edata, data, key->data); + tdes_2key_enc(edata, data, key->data); break; case MCO_DECYPHER: // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); - tdes_dec(data, edata, key->data); + tdes_2key_dec(data, edata, key->data); break; } break; case T_3K3DES: switch (operation) { case MCO_ENCYPHER: - tdes_enc(edata, data, key->data); + tdes_3key_enc(edata, data, key->data); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_ENCRYPT); break; case MCO_DECYPHER: - tdes_dec(data, edata, key->data); + tdes_3key_enc(data, edata, key->data); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); diff --git a/client/mifare/desfire_crypto.h b/client/mifare/desfire_crypto.h new file mode 100644 index 000000000..e1d37d1af --- /dev/null +++ b/client/mifare/desfire_crypto.h @@ -0,0 +1,139 @@ +#ifndef __DESFIRE_CRYPTO_H +#define __DESFIRE_CRYPTO_H + +#include "common.h" +#include "mifare.h" // structs +//#include "../../armsrc/printf.h" +//#include "../../armsrc/desfire.h" +//#include "../../armsrc/iso14443a.h" + + +#define MAX_CRYPTO_BLOCK_SIZE 16 +/* Mifare DESFire EV1 Application crypto operations */ +#define APPLICATION_CRYPTO_DES 0x00 +#define APPLICATION_CRYPTO_3K3DES 0x40 +#define APPLICATION_CRYPTO_AES 0x80 + +#define MAC_LENGTH 4 +#define CMAC_LENGTH 8 + +typedef enum { + MCD_SEND, + MCD_RECEIVE +} MifareCryptoDirection; + +typedef enum { + MCO_ENCYPHER, + MCO_DECYPHER +} MifareCryptoOperation; + +#define MDCM_MASK 0x000F + +#define CMAC_NONE 0 + +// Data send to the PICC is used to update the CMAC +#define CMAC_COMMAND 0x010 +// Data received from the PICC is used to update the CMAC +#define CMAC_VERIFY 0x020 + +// MAC the command (when MDCM_MACED) +#define MAC_COMMAND 0x100 +// The command returns a MAC to verify (when MDCM_MACED) +#define MAC_VERIFY 0x200 + +#define ENC_COMMAND 0x1000 +#define NO_CRC 0x2000 + +#define MAC_MASK 0x0F0 +#define CMAC_MACK 0xF00 + +/* Communication mode */ +#define MDCM_PLAIN 0x00 +#define MDCM_MACED 0x01 +#define MDCM_ENCIPHERED 0x03 + +/* Error code managed by the library */ +#define CRYPTO_ERROR 0x01 + +enum DESFIRE_CRYPTOALGO { + T_DES = 0x00, + T_3DES = 0x01, //aka 2K3DES + T_3K3DES = 0x02, + T_AES = 0x03 +}; + +enum DESFIRE_AUTH_SCHEME { + AS_LEGACY, + AS_NEW +}; + + + +#define DESFIRE_KEY(key) ((struct desfire_key *) key) +struct desfire_key { + enum DESFIRE_CRYPTOALGO type; + uint8_t data[24]; + uint8_t cmac_sk1[24]; + uint8_t cmac_sk2[24]; + uint8_t aes_version; +}; +typedef struct desfire_key *desfirekey_t; + +#define DESFIRE(tag) ((struct desfire_tag *) tag) +struct desfire_tag { + iso14a_card_select_t info; + int active; + uint8_t last_picc_error; + uint8_t last_internal_error; + uint8_t last_pcd_error; + desfirekey_t session_key; + enum DESFIRE_AUTH_SCHEME authentication_scheme; + uint8_t authenticated_key_no; + + uint8_t ivect[MAX_CRYPTO_BLOCK_SIZE]; + uint8_t cmac[16]; + uint8_t *crypto_buffer; + size_t crypto_buffer_size; + uint32_t selected_application; +}; +typedef struct desfire_tag *desfiretag_t; + +typedef unsigned long DES_KS[16][2]; /* Single-key DES key schedule */ +typedef unsigned long DES3_KS[48][2]; /* Triple-DES key schedule */ + +extern int Asmversion; /* 1 if we're linked with an asm version, 0 if C */ + +void crc32_ex(const uint8_t *data, const size_t len, uint8_t *crc); +void crc32_append(uint8_t *data, const size_t len); + +void des_enc(void *out, const void *in, const void *key); +void des_dec(void *out, const void *in, const void *key); +void tdes_enc(void *out, void *in, const void *key); +void tdes_dec(void *out, void *in, const uint8_t *key); +void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode); +void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode); +void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key); +void Desfire_3des_key_new(const uint8_t value[16], desfirekey_t key); +void Desfire_des_key_new_with_version(const uint8_t value[8], desfirekey_t key); +void Desfire_3des_key_new_with_version(const uint8_t value[16], desfirekey_t key); +void Desfire_3k3des_key_new(const uint8_t value[24], desfirekey_t key); +void Desfire_3k3des_key_new_with_version(const uint8_t value[24], desfirekey_t key); +void Desfire_2k3des_key_new_with_version(const uint8_t value[16], desfirekey_t key); +void Desfire_aes_key_new(const uint8_t value[16], desfirekey_t key); +void Desfire_aes_key_new_with_version(const uint8_t value[16], uint8_t version, desfirekey_t key); +uint8_t Desfire_key_get_version(desfirekey_t key); +void Desfire_key_set_version(desfirekey_t key, uint8_t version); +void Desfire_session_key_new(const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey, desfirekey_t key); + +void *mifare_cryto_preprocess_data(desfiretag_t tag, void *data, size_t *nbytes, size_t offset, int communication_settings); +void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes, int communication_settings); +void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, MifareCryptoDirection direction, MifareCryptoOperation operation, size_t block_size); +void mifare_cypher_blocks_chained(desfiretag_t tag, desfirekey_t key, uint8_t *ivect, uint8_t *data, size_t data_size, MifareCryptoDirection direction, MifareCryptoOperation operation); +size_t key_block_size(const desfirekey_t key); +size_t padded_data_length(const size_t nbytes, const size_t block_size); +size_t maced_data_length(const desfirekey_t key, const size_t nbytes); +size_t enciphered_data_length(const desfiretag_t tag, const size_t nbytes, int communication_settings); +void cmac_generate_subkeys(desfirekey_t key); +void cmac(const desfirekey_t key, uint8_t *ivect, const uint8_t *data, size_t len, uint8_t *cmac); + +#endif diff --git a/include/mifare.h b/include/mifare.h index 5cca91cbc..1066b2d2b 100644 --- a/include/mifare.h +++ b/include/mifare.h @@ -90,9 +90,8 @@ typedef enum { typedef enum { MFDES_ALGO_DES = 1, MFDES_ALGO_3DES = 2, - MFDES_ALGO_2K3DES = 3, - MFDES_ALGO_3K3DES = 4, - MFDES_ALGO_AES = 5 + MFDES_ALGO_3K3DES = 3, + MFDES_ALGO_AES = 4 } mifare_des_authalgo_t; From f76de40982762d99113d9c914cd7d22a234775fe Mon Sep 17 00:00:00 2001 From: Bjoern Kerler Date: Sun, 12 Apr 2020 17:39:11 +0200 Subject: [PATCH 2/9] Rework auth for client and device --- armsrc/Makefile | 4 +- armsrc/desfire_crypto.c | 1256 +++++++++++++++++++++++++++++++++++++++ armsrc/desfire_crypto.h | 139 +++++ armsrc/desfire_key.c | 172 ------ armsrc/desfire_key.h | 19 - armsrc/mifaredesfire.c | 123 ++-- client/Makefile | 1 + 7 files changed, 1454 insertions(+), 260 deletions(-) create mode 100644 armsrc/desfire_crypto.c create mode 100644 armsrc/desfire_crypto.h delete mode 100644 armsrc/desfire_key.c delete mode 100644 armsrc/desfire_key.h diff --git a/armsrc/Makefile b/armsrc/Makefile index 12819c3d0..747f4254b 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -26,10 +26,10 @@ APP_CFLAGS = $(PLATFORM_DEFS) \ SRC_LF = lfops.c lfsampling.c pcf7931.c lfdemod.c lfadc.c SRC_ISO15693 = iso15693.c iso15693tools.c SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c -#UNUSED: mifaresniff.c desfire_crypto.c +#UNUSED: mifaresniff.c SRC_ISO14443b = iso14443b.c SRC_FELICA = felica.c -SRC_CRAPTO1 = crypto1.c des.c desfire_key.c mifaredesfire.c aes.c platform_util.c +SRC_CRAPTO1 = crypto1.c des.c desfire_crypto.c mifaredesfire.c aes.c platform_util.c SRC_CRC = crc.c crc16.c crc32.c SRC_ICLASS = iclass.c optimized_cipher.c SRC_LEGIC = legicrf.c legicrfsim.c legic_prng.c diff --git a/armsrc/desfire_crypto.c b/armsrc/desfire_crypto.c new file mode 100644 index 000000000..da0dc5d4b --- /dev/null +++ b/armsrc/desfire_crypto.c @@ -0,0 +1,1256 @@ +/*- + * Copyright (C) 2010, Romain Tartiere. + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published by the + * Free Software Foundation, either version 3 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + * $Id$ + */ + +/* + * This implementation was written based on information provided by the + * following documents: + * + * NIST Special Publication 800-38B + * Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication + * May 2005 + */ +#include "desfire_crypto.h" +#include +#include +#include +#include "commonutil.h" +#include "crc32.h" +#include "mbedtls/aes.h" +//#include "mbedtls/des.h" +#include "ui.h" +#include "crc.h" +#include "crc16.h" // crc16 ccitt + +const uint8_t sbox[256] = { + /* S-box 1 */ + 0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07, + 0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38, + 0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50, + 0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D, + /* S-box 2 */ + 0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A, + 0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5, + 0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F, + 0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9, + /* S-box 3 */ + 0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28, + 0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1, + 0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7, + 0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C, + /* S-box 4 */ + 0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F, + 0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9, + 0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84, + 0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E, + /* S-box 5 */ + 0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9, + 0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86, + 0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E, + 0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53, + /* S-box 6 */ + 0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B, + 0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38, + 0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6, + 0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D, + /* S-box 7 */ + 0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61, + 0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86, + 0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92, + 0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C, + /* S-box 8 */ + 0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7, + 0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92, + 0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58, + 0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B +}; + +const uint8_t e_permtab[] = { + 4, 6, /* 4 bytes in 6 bytes out*/ + 32, 1, 2, 3, 4, 5, + 4, 5, 6, 7, 8, 9, + 8, 9, 10, 11, 12, 13, + 12, 13, 14, 15, 16, 17, + 16, 17, 18, 19, 20, 21, + 20, 21, 22, 23, 24, 25, + 24, 25, 26, 27, 28, 29, + 28, 29, 30, 31, 32, 1 +}; + +const uint8_t p_permtab[] = { + 4, 4, /* 32 bit -> 32 bit */ + 16, 7, 20, 21, + 29, 12, 28, 17, + 1, 15, 23, 26, + 5, 18, 31, 10, + 2, 8, 24, 14, + 32, 27, 3, 9, + 19, 13, 30, 6, + 22, 11, 4, 25 +}; + +const uint8_t ip_permtab[] = { + 8, 8, /* 64 bit -> 64 bit */ + 58, 50, 42, 34, 26, 18, 10, 2, + 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, + 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, + 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, + 63, 55, 47, 39, 31, 23, 15, 7 +}; + +const uint8_t inv_ip_permtab[] = { + 8, 8, /* 64 bit -> 64 bit */ + 40, 8, 48, 16, 56, 24, 64, 32, + 39, 7, 47, 15, 55, 23, 63, 31, + 38, 6, 46, 14, 54, 22, 62, 30, + 37, 5, 45, 13, 53, 21, 61, 29, + 36, 4, 44, 12, 52, 20, 60, 28, + 35, 3, 43, 11, 51, 19, 59, 27, + 34, 2, 42, 10, 50, 18, 58, 26, + 33, 1, 41, 9, 49, 17, 57, 25 +}; + +const uint8_t pc1_permtab[] = { + 8, 7, /* 64 bit -> 56 bit*/ + 57, 49, 41, 33, 25, 17, 9, + 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, + 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, + 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, + 21, 13, 5, 28, 20, 12, 4 +}; + +const uint8_t pc2_permtab[] = { + 7, 6, /* 56 bit -> 48 bit */ + 14, 17, 11, 24, 1, 5, + 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, + 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, + 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, + 46, 42, 50, 36, 29, 32 +}; + +const uint8_t splitin6bitword_permtab[] = { + 8, 8, /* 64 bit -> 64 bit */ + 64, 64, 1, 6, 2, 3, 4, 5, + 64, 64, 7, 12, 8, 9, 10, 11, + 64, 64, 13, 18, 14, 15, 16, 17, + 64, 64, 19, 24, 20, 21, 22, 23, + 64, 64, 25, 30, 26, 27, 28, 29, + 64, 64, 31, 36, 32, 33, 34, 35, + 64, 64, 37, 42, 38, 39, 40, 41, + 64, 64, 43, 48, 44, 45, 46, 47 +}; + +const uint8_t shiftkey_permtab[] = { + 7, 7, /* 56 bit -> 56 bit */ + 2, 3, 4, 5, 6, 7, 8, 9, + 10, 11, 12, 13, 14, 15, 16, 17, + 18, 19, 20, 21, 22, 23, 24, 25, + 26, 27, 28, 1, + 30, 31, 32, 33, 34, 35, 36, 37, + 38, 39, 40, 41, 42, 43, 44, 45, + 46, 47, 48, 49, 50, 51, 52, 53, + 54, 55, 56, 29 +}; + +const uint8_t shiftkeyinv_permtab[] = { + 7, 7, + 28, 1, 2, 3, 4, 5, 6, 7, + 8, 9, 10, 11, 12, 13, 14, 15, + 16, 17, 18, 19, 20, 21, 22, 23, + 24, 25, 26, 27, + 56, 29, 30, 31, 32, 33, 34, 35, + 36, 37, 38, 39, 40, 41, 42, 43, + 44, 45, 46, 47, 48, 49, 50, 51, + 52, 53, 54, 55 +}; + +/* +1 0 +1 0 +2 1 +2 1 +2 1 +2 1 +2 1 +2 1 +---- +1 0 +2 1 +2 1 +2 1 +2 1 +2 1 +2 1 +1 0 +*/ +#define ROTTABLE 0x7EFC +#define ROTTABLE_INV 0x3F7E +/******************************************************************************/ + +void permute(const uint8_t *ptable, const uint8_t *in, uint8_t *out) { + uint8_t ob; /* in-bytes and out-bytes */ + uint8_t byte, bit; /* counter for bit and byte */ + ob = ptable[1]; + ptable = &(ptable[2]); + for (byte = 0; byte < ob; ++byte) { + uint8_t t = 0; + for (bit = 0; bit < 8; ++bit) { + uint8_t x = *ptable++ - 1; + t <<= 1; + if ((in[x / 8]) & (0x80 >> (x % 8))) { + t |= 0x01; + } + } + out[byte] = t; + } +} + +/******************************************************************************/ + +void changeendian32(uint32_t *a) { + *a = (*a & 0x000000FF) << 24 | + (*a & 0x0000FF00) << 8 | + (*a & 0x00FF0000) >> 8 | + (*a & 0xFF000000) >> 24; +} + +/******************************************************************************/ +static inline +void shiftkey(uint8_t *key) { + uint8_t k[7]; + memcpy(k, key, 7); + permute((uint8_t *)shiftkey_permtab, k, key); +} + +/******************************************************************************/ +static inline +void shiftkey_inv(uint8_t *key) { + uint8_t k[7]; + memcpy(k, key, 7); + permute((uint8_t *)shiftkeyinv_permtab, k, key); + +} + +/******************************************************************************/ +static inline +uint64_t splitin6bitwords(uint64_t a) { + uint64_t ret = 0; + a &= 0x0000ffffffffffffLL; + permute((uint8_t *)splitin6bitword_permtab, (uint8_t *)&a, (uint8_t *)&ret); + return ret; +} + +/******************************************************************************/ + +static inline +uint8_t substitute(uint8_t a, uint8_t *sbp) { + uint8_t x; + x = sbp[a >> 1]; + x = (a & 1) ? x & 0x0F : x >> 4; + return x; + +} + +/******************************************************************************/ + +uint32_t des_f(uint32_t r, uint8_t *kr) { + uint8_t i; + uint32_t t = 0, ret; + uint64_t data = 0; + uint8_t *sbp; /* sboxpointer */ + permute((uint8_t *)e_permtab, (uint8_t *)&r, (uint8_t *)&data); + for (i = 0; i < 6; ++i) + ((uint8_t *)&data)[i] ^= kr[i]; + + /* Sbox substitution */ + data = splitin6bitwords(data); + sbp = (uint8_t *)sbox; + for (i = 0; i < 8; ++i) { + uint8_t x; + x = substitute(((uint8_t *)&data)[i], sbp); + t <<= 4; + t |= x; + sbp += 32; + } + changeendian32(&t); + + permute((uint8_t *)p_permtab, (uint8_t *)&t, (uint8_t *)&ret); + + return ret; +} + +/******************************************************************************/ + +typedef struct { + union { + uint8_t v8[8]; + uint32_t v32[2]; + } d; +} des_data_t; +#define R (des_data.d.v32[1]) +#define L (des_data.d.v32[0]) + +void des_enc(void *out, const void *in, const void *key) { + + uint8_t kr[6], k[7]; + uint8_t i; + des_data_t des_data; + + permute((uint8_t *)ip_permtab, (uint8_t *)in, des_data.d.v8); + permute((uint8_t *)pc1_permtab, (const uint8_t *)key, k); + + for (i = 0; i < 8; ++i) { + shiftkey(k); + if (ROTTABLE & ((1 << ((i << 1) + 0)))) + shiftkey(k); + permute((uint8_t *)pc2_permtab, k, kr); + L ^= des_f(R, kr); + + shiftkey(k); + if (ROTTABLE & ((1 << ((i << 1) + 1)))) + shiftkey(k); + permute((uint8_t *)pc2_permtab, k, kr); + R ^= des_f(L, kr); + + } + /* L <-> R*/ + R ^= L; + L ^= R; + R ^= L; + + permute((uint8_t *)inv_ip_permtab, des_data.d.v8, (uint8_t *)out); +} + +/******************************************************************************/ + +void des_dec(void *out, const void *in, const void *key) { + + uint8_t kr[6], k[7]; + int8_t i; + des_data_t des_data; + + permute((uint8_t *)ip_permtab, (uint8_t *)in, des_data.d.v8); + permute((uint8_t *)pc1_permtab, (const uint8_t *)key, k); + for (i = 7; i >= 0; --i) { + + permute((uint8_t *)pc2_permtab, k, kr); + L ^= des_f(R, kr); + shiftkey_inv(k); + if (ROTTABLE & ((1 << ((i << 1) + 1)))) { + shiftkey_inv(k); + } + + permute((uint8_t *)pc2_permtab, k, kr); + R ^= des_f(L, kr); + shiftkey_inv(k); + if (ROTTABLE & ((1 << ((i << 1) + 0)))) { + shiftkey_inv(k); + } + + } + /* L <-> R*/ + R ^= L; + L ^= R; + R ^= L; + + permute((uint8_t *)inv_ip_permtab, des_data.d.v8, (uint8_t *)out); +} + +#undef R +#undef L +/******************************************************************************/ + +#ifndef AddCrc14A +# define AddCrc14A(data, len) compute_crc(CRC_14443_A, (data), (len), (data)+(len), (data)+(len)+1) +#endif + +#define htole32(x) (x) +#define CRC32_PRESET 0xFFFFFFFF + +static void crc32_byte(uint32_t *crc, const uint8_t value); + +static void crc32_byte(uint32_t *crc, const uint8_t value) { + /* x32 + x26 + x23 + x22 + x16 + x12 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x + 1 */ + const uint32_t poly = 0xEDB88320; + + *crc ^= value; + for (int current_bit = 7; current_bit >= 0; current_bit--) { + int bit_out = (*crc) & 0x00000001; + *crc >>= 1; + if (bit_out) + *crc ^= poly; + } +} + +void crc32_ex(const uint8_t *data, const size_t len, uint8_t *crc) { + uint32_t desfire_crc = CRC32_PRESET; + for (size_t i = 0; i < len; i++) { + crc32_byte(&desfire_crc, data[i]); + } + + *((uint32_t *)(crc)) = htole32(desfire_crc); +} + +void crc32_append(uint8_t *data, const size_t len) { + crc32_ex(data, len, data + len); +} + +static inline void update_key_schedules(desfirekey_t key); + +static inline void update_key_schedules(desfirekey_t key) { + // DES_set_key ((DES_cblock *)key->data, &(key->ks1)); + // DES_set_key ((DES_cblock *)(key->data + 8), &(key->ks2)); + // if (T_3K3DES == key->type) { + // DES_set_key ((DES_cblock *)(key->data + 16), &(key->ks3)); + // } +} + +/******************************************************************************/ + +/*void des_enc(void *out, const void *in, const void *key) { + mbedtls_des_context ctx; + mbedtls_des_setkey_enc(&ctx, key); + mbedtls_des_crypt_ecb(&ctx, in, out); + mbedtls_des_free(&ctx); +} + +void des_dec(void *out, const void *in, const void *key) { + mbedtls_des_context ctx; + mbedtls_des_setkey_dec(&ctx, key); + mbedtls_des_crypt_ecb(&ctx, in, out); + mbedtls_des_free(&ctx); +} +*/ + +void tdes_3key_enc(void *out, void *in, const void *key) { + des_enc(out, in, (uint8_t *)key + 0); + des_dec(out, out, (uint8_t *)key + 8); + des_enc(out, out, (uint8_t *)key + 16); +} + +void tdes_3key_dec(void *out, void *in, const uint8_t *key) { + des_dec(out, in, (uint8_t *)key + 16); + des_enc(out, out, (uint8_t *)key + 8); + des_dec(out, out, (uint8_t *)key + 0); +} + +void tdes_2key_enc(void *out, void *in, const void *key) { + des_enc(out, in, (uint8_t *)key + 0); + des_dec(out, out, (uint8_t *)key + 8); + des_enc(out, out, (uint8_t *)key + 0); +} + +void tdes_2key_dec(void *out, void *in, const uint8_t *key) { + des_dec(out, in, (uint8_t *)key + 0); + des_enc(out, out, (uint8_t *)key + 8); + des_dec(out, out, (uint8_t *)key + 0); +} + +void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode) { + + if (length % 8) return; + + uint8_t i; + unsigned char temp[8]; + uint8_t *tin = (uint8_t *) in; + uint8_t *tout = (uint8_t *) out; + + while (length > 0) { + memcpy(temp, tin, 8); + + if (keymode==2) tdes_2key_dec(tout,tin,key); + else if (keymode==3) tdes_3key_dec(tout,tin,key); + + for (i = 0; i < 8; i++) + tout[i] = (unsigned char)(tout[i] ^ iv[i]); + + memcpy(iv, temp, 8); + + tin += 8; + tout += 8; + length -= 8; + } +} + +void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode) { + + if (length % 8) return; + + uint8_t i; + uint8_t *tin = (uint8_t *) in; + uint8_t *tout = (uint8_t *) out; + + while (length > 0) { + for (i = 0; i < 8; i++) + tin[i] = (unsigned char)(tin[i] ^ iv[i]); + + if (keymode==2) tdes_2key_enc(tout,tin,key); + else if (keymode==3) tdes_3key_enc(tout,tin,key); + + memcpy(iv, tout, 8); + + tin += 8; + tout += 8; + length -= 8; + } +} + + + +void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key) { + uint8_t data[8]; + memcpy(data, value, 8); + for (int n = 0; n < 8; n++) + data[n] &= 0xfe; + Desfire_des_key_new_with_version(data, key); +} + +void Desfire_des_key_new_with_version(const uint8_t value[8], desfirekey_t key) { + if (key != NULL) { + key->type = T_DES; + memcpy(key->data, value, 8); + memcpy(key->data + 8, value, 8); + update_key_schedules(key); + } +} + +void Desfire_3des_key_new(const uint8_t value[16], desfirekey_t key) { + uint8_t data[16]; + memcpy(data, value, 16); + for (int n = 0; n < 8; n++) + data[n] &= 0xfe; + for (int n = 8; n < 16; n++) + data[n] |= 0x01; + Desfire_3des_key_new_with_version(data, key); +} + +void Desfire_3des_key_new_with_version(const uint8_t value[16], desfirekey_t key) { + if (key != NULL) { + key->type = T_3DES; + memcpy(key->data, value, 16); + update_key_schedules(key); + } +} + +void Desfire_3k3des_key_new(const uint8_t value[24], desfirekey_t key) { + uint8_t data[24]; + memcpy(data, value, 24); + for (int n = 0; n < 8; n++) + data[n] &= 0xfe; + Desfire_3k3des_key_new_with_version(data, key); +} + +void Desfire_3k3des_key_new_with_version(const uint8_t value[24], desfirekey_t key) { + if (key != NULL) { + key->type = T_3K3DES; + memcpy(key->data, value, 24); + update_key_schedules(key); + } +} + +void Desfire_aes_key_new(const uint8_t value[16], desfirekey_t key) { + Desfire_aes_key_new_with_version(value, 0, key); +} + +void Desfire_aes_key_new_with_version(const uint8_t value[16], uint8_t version, desfirekey_t key) { + + if (key != NULL) { + memcpy(key->data, value, 16); + key->type = T_AES; + key->aes_version = version; + } +} + +uint8_t Desfire_key_get_version(desfirekey_t key) { + uint8_t version = 0; + + for (int n = 0; n < 8; n++) { + version |= ((key->data[n] & 1) << (7 - n)); + } + return version; +} + +void Desfire_key_set_version(desfirekey_t key, uint8_t version) { + for (int n = 0; n < 8; n++) { + uint8_t version_bit = ((version & (1 << (7 - n))) >> (7 - n)); + key->data[n] &= 0xfe; + key->data[n] |= version_bit; + if (key->type == T_DES) { + key->data[n + 8] = key->data[n]; + } else { + // Write ~version to avoid turning a 3DES key into a DES key + key->data[n + 8] &= 0xfe; + key->data[n + 8] |= ~version_bit; + } + } +} + +void Desfire_session_key_new(const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey, desfirekey_t key) { + + uint8_t buffer[24]; + + switch (authkey->type) { + case T_DES: + memcpy(buffer, rnda, 4); + memcpy(buffer + 4, rndb, 4); + Desfire_des_key_new_with_version(buffer, key); + break; + case T_3DES: + memcpy(buffer, rnda, 4); + memcpy(buffer + 4, rndb, 4); + memcpy(buffer + 8, rnda + 4, 4); + memcpy(buffer + 12, rndb + 4, 4); + Desfire_3des_key_new_with_version(buffer, key); + break; + case T_3K3DES: + memcpy(buffer, rnda, 4); + memcpy(buffer + 4, rndb, 4); + memcpy(buffer + 8, rnda + 6, 4); + memcpy(buffer + 12, rndb + 6, 4); + memcpy(buffer + 16, rnda + 12, 4); + memcpy(buffer + 20, rndb + 12, 4); + Desfire_3k3des_key_new(buffer, key); + break; + case T_AES: + memcpy(buffer, rnda, 4); + memcpy(buffer + 4, rndb, 4); + memcpy(buffer + 8, rnda + 12, 4); + memcpy(buffer + 12, rndb + 12, 4); + Desfire_aes_key_new(buffer, key); + break; + } +} + +static void xor(const uint8_t *ivect, uint8_t *data, const size_t len); +static size_t key_macing_length(desfirekey_t key); + +// iceman, see memxor inside string.c, dest/src swapped.. +static void xor(const uint8_t *ivect, uint8_t *data, const size_t len) { + for (size_t i = 0; i < len; i++) { + data[i] ^= ivect[i]; + } +} + +void cmac_generate_subkeys(desfirekey_t key) { + int kbs = key_block_size(key); + const uint8_t R = (kbs == 8) ? 0x1B : 0x87; + + uint8_t l[kbs]; + memset(l, 0, kbs); + + uint8_t ivect[kbs]; + memset(ivect, 0, kbs); + + mifare_cypher_blocks_chained(NULL, key, ivect, l, kbs, MCD_RECEIVE, MCO_ENCYPHER); + + bool xor = false; + + // Used to compute CMAC on complete blocks + memcpy(key->cmac_sk1, l, kbs); + xor = l[0] & 0x80; + lsl(key->cmac_sk1, kbs); + if (xor) + key->cmac_sk1[kbs - 1] ^= R; + + // Used to compute CMAC on the last block if non-complete + memcpy(key->cmac_sk2, key->cmac_sk1, kbs); + xor = key->cmac_sk1[0] & 0x80; + lsl(key->cmac_sk2, kbs); + if (xor) + key->cmac_sk2[kbs - 1] ^= R; +} + +void cmac(const desfirekey_t key, uint8_t *ivect, const uint8_t *data, size_t len, uint8_t *cmac) { + int kbs = key_block_size(key); + uint8_t *buffer = malloc(padded_data_length(len, kbs)); + + memcpy(buffer, data, len); + + if ((!len) || (len % kbs)) { + buffer[len++] = 0x80; + while (len % kbs) { + buffer[len++] = 0x00; + } + xor(key->cmac_sk2, buffer + len - kbs, kbs); + } else { + xor(key->cmac_sk1, buffer + len - kbs, kbs); + } + + mifare_cypher_blocks_chained(NULL, key, ivect, buffer, len, MCD_SEND, MCO_ENCYPHER); + + memcpy(cmac, ivect, kbs); + free(buffer); +} + +size_t key_block_size(const desfirekey_t key) { + if (key == NULL) + return 0; + size_t block_size = 8; + switch (key->type) { + case T_DES: + case T_3DES: + case T_3K3DES: + block_size = 8; + break; + case T_AES: + block_size = 16; + break; + } + return block_size; +} + +/* + * Size of MACing produced with the key. + */ +static size_t key_macing_length(const desfirekey_t key) { + size_t mac_length = MAC_LENGTH; + switch (key->type) { + case T_DES: + case T_3DES: + mac_length = MAC_LENGTH; + break; + case T_3K3DES: + case T_AES: + mac_length = CMAC_LENGTH; + break; + } + return mac_length; +} + +/* + * Size required to store nbytes of data in a buffer of size n*block_size. + */ +size_t padded_data_length(const size_t nbytes, const size_t block_size) { + if ((!nbytes) || (nbytes % block_size)) + return ((nbytes / block_size) + 1) * block_size; + else + return nbytes; +} + +/* + * Buffer size required to MAC nbytes of data + */ +size_t maced_data_length(const desfirekey_t key, const size_t nbytes) { + return nbytes + key_macing_length(key); +} +/* + * Buffer size required to encipher nbytes of data and a two bytes CRC. + */ +size_t enciphered_data_length(const desfiretag_t tag, const size_t nbytes, int communication_settings) { + size_t crc_length = 0; + if (!(communication_settings & NO_CRC)) { + switch (DESFIRE(tag)->authentication_scheme) { + case AS_LEGACY: + crc_length = 2; + break; + case AS_NEW: + crc_length = 4; + break; + } + } + + size_t block_size = DESFIRE(tag)->session_key ? key_block_size(DESFIRE(tag)->session_key) : 1; + + return padded_data_length(nbytes + crc_length, block_size); +} + +void *mifare_cryto_preprocess_data(desfiretag_t tag, void *data, size_t *nbytes, size_t offset, int communication_settings) { + uint8_t *res = data; + uint8_t mac[4]; + size_t edl; + bool append_mac = true; + desfirekey_t key = DESFIRE(tag)->session_key; + + if (!key) + return data; + + switch (communication_settings & MDCM_MASK) { + case MDCM_PLAIN: + if (AS_LEGACY == DESFIRE(tag)->authentication_scheme) + break; + + /* + * When using new authentication methods, PLAIN data transmission from + * the PICC to the PCD are CMACed, so we have to maintain the + * cryptographic initialisation vector up-to-date to check data + * integrity later. + * + * The only difference with CMACed data transmission is that the CMAC + * is not apended to the data send by the PCD to the PICC. + */ + + append_mac = false; + + /* pass through */ + case MDCM_MACED: + switch (DESFIRE(tag)->authentication_scheme) { + case AS_LEGACY: + if (!(communication_settings & MAC_COMMAND)) + break; + + /* pass through */ + edl = padded_data_length(*nbytes - offset, key_block_size(DESFIRE(tag)->session_key)) + offset; + + // Fill in the crypto buffer with data ... + memcpy(res, data, *nbytes); + // ... and 0 padding + memset(res + *nbytes, 0, edl - *nbytes); + + mifare_cypher_blocks_chained(tag, NULL, NULL, res + offset, edl - offset, MCD_SEND, MCO_ENCYPHER); + + memcpy(mac, res + edl - 8, 4); + + // Copy again provided data (was overwritten by mifare_cypher_blocks_chained) + memcpy(res, data, *nbytes); + + if (!(communication_settings & MAC_COMMAND)) + break; + // Append MAC + size_t bla = maced_data_length(DESFIRE(tag)->session_key, *nbytes - offset) + offset; + bla++; + + memcpy(res + *nbytes, mac, 4); + + *nbytes += 4; + break; + case AS_NEW: + if (!(communication_settings & CMAC_COMMAND)) + break; + cmac(key, DESFIRE(tag)->ivect, res, *nbytes, DESFIRE(tag)->cmac); + + if (append_mac) { + size_t len = maced_data_length(key, *nbytes); + ++len; + memcpy(res, data, *nbytes); + memcpy(res + *nbytes, DESFIRE(tag)->cmac, CMAC_LENGTH); + *nbytes += CMAC_LENGTH; + } + break; + } + + break; + case MDCM_ENCIPHERED: + /* |<-------------- data -------------->| + * |<--- offset -->| | + * +---------------+--------------------+-----+---------+ + * | CMD + HEADERS | DATA TO BE SECURED | CRC | PADDING | + * +---------------+--------------------+-----+---------+ ---------------- + * | |<~~~~v~~~~~~~~~~~~~>| ^ | | (DES / 3DES) + * | | `---- crc16() ----' | | + * | | | ^ | | ----- *or* ----- + * |<~~~~~~~~~~~~~~~~~~~~v~~~~~~~~~~~~~>| ^ | | (3K3DES / AES) + * | `---- crc32() ----' | | + * | | ---- *then* ---- + * |<---------------------------------->| + * encypher()/decypher() + */ + + if (!(communication_settings & ENC_COMMAND)) + break; + edl = enciphered_data_length(tag, *nbytes - offset, communication_settings) + offset; + + // Fill in the crypto buffer with data ... + memcpy(res, data, *nbytes); + if (!(communication_settings & NO_CRC)) { + // ... CRC ... + switch (DESFIRE(tag)->authentication_scheme) { + case AS_LEGACY: + AddCrc14A(res + offset, *nbytes - offset); + *nbytes += 2; + break; + case AS_NEW: + crc32_append(res, *nbytes); + *nbytes += 4; + break; + } + } + // ... and padding + memset(res + *nbytes, 0, edl - *nbytes); + + *nbytes = edl; + + mifare_cypher_blocks_chained(tag, NULL, NULL, res + offset, *nbytes - offset, MCD_SEND, (AS_NEW == DESFIRE(tag)->authentication_scheme) ? MCO_ENCYPHER : MCO_DECYPHER); + break; + default: + + *nbytes = -1; + res = NULL; + break; + } + + return res; + +} + +void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes, int communication_settings) { + void *res = data; + void *edata = NULL; + uint8_t first_cmac_byte = 0x00; + + desfirekey_t key = DESFIRE(tag)->session_key; + + if (!key) + return data; + + // Return directly if we just have a status code. + if (1 == *nbytes) + return res; + + switch (communication_settings & MDCM_MASK) { + case MDCM_PLAIN: + + if (AS_LEGACY == DESFIRE(tag)->authentication_scheme) + break; + + /* pass through */ + case MDCM_MACED: + switch (DESFIRE(tag)->authentication_scheme) { + case AS_LEGACY: + if (communication_settings & MAC_VERIFY) { + *nbytes -= key_macing_length(key); + if (*nbytes == 0) { + *nbytes = -1; + res = NULL; +#ifdef WITH_DEBUG + Dbprintf("No room for MAC!"); +#endif + break; + } + + size_t edl = enciphered_data_length(tag, *nbytes - 1, communication_settings); + edata = malloc(edl); + + memcpy(edata, data, *nbytes - 1); + memset((uint8_t *)edata + *nbytes - 1, 0, edl - *nbytes + 1); + + mifare_cypher_blocks_chained(tag, NULL, NULL, edata, edl, MCD_SEND, MCO_ENCYPHER); + + if (0 != memcmp((uint8_t *)data + *nbytes - 1, (uint8_t *)edata + edl - 8, 4)) { +#ifdef WITH_DEBUG + Dbprintf("MACing not verified"); + hexdump((uint8_t *)data + *nbytes - 1, key_macing_length(key), "Expect ", 0); + hexdump((uint8_t *)edata + edl - 8, key_macing_length(key), "Actual ", 0); +#endif + DESFIRE(tag)->last_pcd_error = CRYPTO_ERROR; + *nbytes = -1; + res = NULL; + } + } + break; + case AS_NEW: + if (!(communication_settings & CMAC_COMMAND)) + break; + if (communication_settings & CMAC_VERIFY) { + if (*nbytes < 9) { + *nbytes = -1; + res = NULL; + break; + } + first_cmac_byte = ((uint8_t *)data)[*nbytes - 9]; + ((uint8_t *)data)[*nbytes - 9] = ((uint8_t *)data)[*nbytes - 1]; + } + + int n = (communication_settings & CMAC_VERIFY) ? 8 : 0; + cmac(key, DESFIRE(tag)->ivect, ((uint8_t *)data), *nbytes - n, DESFIRE(tag)->cmac); + + if (communication_settings & CMAC_VERIFY) { + ((uint8_t *)data)[*nbytes - 9] = first_cmac_byte; + if (0 != memcmp(DESFIRE(tag)->cmac, (uint8_t *)data + *nbytes - 9, 8)) { +#ifdef WITH_DEBUG + Dbprintf("CMAC NOT verified :-("); + hexdump((uint8_t *)data + *nbytes - 9, 8, "Expect ", 0); + hexdump(DESFIRE(tag)->cmac, 8, "Actual ", 0); +#endif + DESFIRE(tag)->last_pcd_error = CRYPTO_ERROR; + *nbytes = -1; + res = NULL; + } else { + *nbytes -= 8; + } + } + break; + } + + free(edata); + + break; + case MDCM_ENCIPHERED: + (*nbytes)--; + bool verified = false; + int crc_pos = 0x00; + int end_crc_pos = 0x00; + uint8_t x; + + /* + * AS_LEGACY: + * ,-----------------+-------------------------------+--------+ + * \ BLOCK n-1 | BLOCK n | STATUS | + * / PAYLOAD | CRC0 | CRC1 | 0x80? | 0x000000000000 | 0x9100 | + * `-----------------+-------------------------------+--------+ + * + * <------------ DATA ------------> + * FRAME = PAYLOAD + CRC(PAYLOAD) + PADDING + * + * AS_NEW: + * ,-------------------------------+-----------------------------------------------+--------+ + * \ BLOCK n-1 | BLOCK n | STATUS | + * / PAYLOAD | CRC0 | CRC1 | CRC2 | CRC3 | 0x80? | 0x0000000000000000000000000000 | 0x9100 | + * `-------------------------------+-----------------------------------------------+--------+ + * <----------------------------------- DATA ------------------------------------->| + * + * <----------------- DATA ----------------> + * FRAME = PAYLOAD + CRC(PAYLOAD + STATUS) + PADDING + STATUS + * `------------------' + */ + + mifare_cypher_blocks_chained(tag, NULL, NULL, res, *nbytes, MCD_RECEIVE, MCO_DECYPHER); + + /* + * Look for the CRC and ensure it is followed by NULL padding. We + * can't start by the end because the CRC is supposed to be 0 when + * verified, and accumulating 0's in it should not change it. + */ + switch (DESFIRE(tag)->authentication_scheme) { + case AS_LEGACY: + crc_pos = *nbytes - 8 - 1; // The CRC can be over two blocks + if (crc_pos < 0) { + /* Single block */ + crc_pos = 0; + } + break; + case AS_NEW: + /* Move status between payload and CRC */ + res = DESFIRE(tag)->crypto_buffer; + memcpy(res, data, *nbytes); + + crc_pos = (*nbytes) - 16 - 3; + if (crc_pos < 0) { + /* Single block */ + crc_pos = 0; + } + memcpy((uint8_t *)res + crc_pos + 1, (uint8_t *)res + crc_pos, *nbytes - crc_pos); + ((uint8_t *)res)[crc_pos] = 0x00; + crc_pos++; + *nbytes += 1; + break; + } + + do { + uint16_t crc_16 = 0x00; + uint32_t crc=0x00; + switch (DESFIRE(tag)->authentication_scheme) { + case AS_LEGACY: + AddCrc14A((uint8_t *)res, end_crc_pos); + end_crc_pos = crc_pos + 2; + // + + + crc = crc_16; + break; + case AS_NEW: + end_crc_pos = crc_pos + 4; + crc32_ex(res, end_crc_pos, (uint8_t *)&crc); + break; + } + if (!crc) { + verified = true; + for (int n = end_crc_pos; n < *nbytes - 1; n++) { + uint8_t byte = ((uint8_t *)res)[n]; + if (!((0x00 == byte) || ((0x80 == byte) && (n == end_crc_pos)))) + verified = false; + } + } + if (verified) { + *nbytes = crc_pos; + switch (DESFIRE(tag)->authentication_scheme) { + case AS_LEGACY: + ((uint8_t *)data)[(*nbytes)++] = 0x00; + break; + case AS_NEW: + /* The status byte was already before the CRC */ + break; + } + } else { + switch (DESFIRE(tag)->authentication_scheme) { + case AS_LEGACY: + break; + case AS_NEW: + x = ((uint8_t *)res)[crc_pos - 1]; + ((uint8_t *)res)[crc_pos - 1] = ((uint8_t *)res)[crc_pos]; + ((uint8_t *)res)[crc_pos] = x; + break; + } + crc_pos++; + } + } while (!verified && (end_crc_pos < *nbytes)); + + if (!verified) { +#ifdef WITH_DEBUG + /* FIXME In some configurations, the file is transmitted PLAIN */ + Dbprintf("CRC not verified in decyphered stream"); +#endif + DESFIRE(tag)->last_pcd_error = CRYPTO_ERROR; + *nbytes = -1; + res = NULL; + } + + break; + default: + PrintAndLogEx(ERR,"Unknown communication settings"); + *nbytes = -1; + res = NULL; + break; + + } + return res; +} + + +void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, MifareCryptoDirection direction, MifareCryptoOperation operation, size_t block_size) { + uint8_t ovect[MAX_CRYPTO_BLOCK_SIZE]; + + if (direction == MCD_SEND) { + xor(ivect, data, block_size); + } else { + memcpy(ovect, data, block_size); + } + + uint8_t edata[MAX_CRYPTO_BLOCK_SIZE]; + + switch (key->type) { + case T_DES: + switch (operation) { + case MCO_ENCYPHER: + //DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); + des_enc(edata, data, key->data); + break; + case MCO_DECYPHER: + //DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); + des_dec(edata, data, key->data); + break; + } + break; + case T_3DES: + switch (operation) { + case MCO_ENCYPHER: + // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); + // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT); + // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); + tdes_2key_enc(edata, data, key->data); + break; + case MCO_DECYPHER: + // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); + // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT); + // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); + tdes_2key_dec(data, edata, key->data); + break; + } + break; + case T_3K3DES: + switch (operation) { + case MCO_ENCYPHER: + tdes_3key_enc(edata, data, key->data); + // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); + // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT); + // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_ENCRYPT); + break; + case MCO_DECYPHER: + tdes_3key_enc(data, edata, key->data); + // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_DECRYPT); + // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT); + // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); + break; + } + break; + case T_AES: + switch (operation) { + case MCO_ENCYPHER: { + mbedtls_aes_context ctx; + mbedtls_aes_init(&ctx); + mbedtls_aes_setkey_enc(&ctx, key->data, 128); + mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, sizeof(edata), ivect, data, edata); + mbedtls_aes_free(&ctx); + break; + } + case MCO_DECYPHER: { + mbedtls_aes_context ctx; + mbedtls_aes_init(&ctx); + mbedtls_aes_setkey_dec(&ctx, key->data, 128); + mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, sizeof(edata), ivect, edata, data); + mbedtls_aes_free(&ctx); + break; + } + } + break; + } + + memcpy(data, edata, block_size); + + if (direction == MCD_SEND) { + memcpy(ivect, data, block_size); + } else { + xor(ivect, data, block_size); + memcpy(ivect, ovect, block_size); + } +} + +/* + * This function performs all CBC cyphering / deciphering. + * + * The tag argument may be NULL, in which case both key and ivect shall be set. + * When using the tag session_key and ivect for processing data, these + * arguments should be set to NULL. + * + * Because the tag may contain additional data, one may need to call this + * function with tag, key and ivect defined. + */ +void mifare_cypher_blocks_chained(desfiretag_t tag, desfirekey_t key, uint8_t *ivect, uint8_t *data, size_t data_size, MifareCryptoDirection direction, MifareCryptoOperation operation) { + size_t block_size; + + if (tag) { + if (!key) + key = DESFIRE(tag)->session_key; + if (!ivect) + ivect = DESFIRE(tag)->ivect; + + switch (DESFIRE(tag)->authentication_scheme) { + case AS_LEGACY: + memset(ivect, 0, MAX_CRYPTO_BLOCK_SIZE); + break; + case AS_NEW: + break; + } + } + + block_size = key_block_size(key); + + size_t offset = 0; + while (offset < data_size) { + mifare_cypher_single_block(key, data + offset, ivect, direction, operation, block_size); + offset += block_size; + } +} diff --git a/armsrc/desfire_crypto.h b/armsrc/desfire_crypto.h new file mode 100644 index 000000000..e1d37d1af --- /dev/null +++ b/armsrc/desfire_crypto.h @@ -0,0 +1,139 @@ +#ifndef __DESFIRE_CRYPTO_H +#define __DESFIRE_CRYPTO_H + +#include "common.h" +#include "mifare.h" // structs +//#include "../../armsrc/printf.h" +//#include "../../armsrc/desfire.h" +//#include "../../armsrc/iso14443a.h" + + +#define MAX_CRYPTO_BLOCK_SIZE 16 +/* Mifare DESFire EV1 Application crypto operations */ +#define APPLICATION_CRYPTO_DES 0x00 +#define APPLICATION_CRYPTO_3K3DES 0x40 +#define APPLICATION_CRYPTO_AES 0x80 + +#define MAC_LENGTH 4 +#define CMAC_LENGTH 8 + +typedef enum { + MCD_SEND, + MCD_RECEIVE +} MifareCryptoDirection; + +typedef enum { + MCO_ENCYPHER, + MCO_DECYPHER +} MifareCryptoOperation; + +#define MDCM_MASK 0x000F + +#define CMAC_NONE 0 + +// Data send to the PICC is used to update the CMAC +#define CMAC_COMMAND 0x010 +// Data received from the PICC is used to update the CMAC +#define CMAC_VERIFY 0x020 + +// MAC the command (when MDCM_MACED) +#define MAC_COMMAND 0x100 +// The command returns a MAC to verify (when MDCM_MACED) +#define MAC_VERIFY 0x200 + +#define ENC_COMMAND 0x1000 +#define NO_CRC 0x2000 + +#define MAC_MASK 0x0F0 +#define CMAC_MACK 0xF00 + +/* Communication mode */ +#define MDCM_PLAIN 0x00 +#define MDCM_MACED 0x01 +#define MDCM_ENCIPHERED 0x03 + +/* Error code managed by the library */ +#define CRYPTO_ERROR 0x01 + +enum DESFIRE_CRYPTOALGO { + T_DES = 0x00, + T_3DES = 0x01, //aka 2K3DES + T_3K3DES = 0x02, + T_AES = 0x03 +}; + +enum DESFIRE_AUTH_SCHEME { + AS_LEGACY, + AS_NEW +}; + + + +#define DESFIRE_KEY(key) ((struct desfire_key *) key) +struct desfire_key { + enum DESFIRE_CRYPTOALGO type; + uint8_t data[24]; + uint8_t cmac_sk1[24]; + uint8_t cmac_sk2[24]; + uint8_t aes_version; +}; +typedef struct desfire_key *desfirekey_t; + +#define DESFIRE(tag) ((struct desfire_tag *) tag) +struct desfire_tag { + iso14a_card_select_t info; + int active; + uint8_t last_picc_error; + uint8_t last_internal_error; + uint8_t last_pcd_error; + desfirekey_t session_key; + enum DESFIRE_AUTH_SCHEME authentication_scheme; + uint8_t authenticated_key_no; + + uint8_t ivect[MAX_CRYPTO_BLOCK_SIZE]; + uint8_t cmac[16]; + uint8_t *crypto_buffer; + size_t crypto_buffer_size; + uint32_t selected_application; +}; +typedef struct desfire_tag *desfiretag_t; + +typedef unsigned long DES_KS[16][2]; /* Single-key DES key schedule */ +typedef unsigned long DES3_KS[48][2]; /* Triple-DES key schedule */ + +extern int Asmversion; /* 1 if we're linked with an asm version, 0 if C */ + +void crc32_ex(const uint8_t *data, const size_t len, uint8_t *crc); +void crc32_append(uint8_t *data, const size_t len); + +void des_enc(void *out, const void *in, const void *key); +void des_dec(void *out, const void *in, const void *key); +void tdes_enc(void *out, void *in, const void *key); +void tdes_dec(void *out, void *in, const uint8_t *key); +void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode); +void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode); +void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key); +void Desfire_3des_key_new(const uint8_t value[16], desfirekey_t key); +void Desfire_des_key_new_with_version(const uint8_t value[8], desfirekey_t key); +void Desfire_3des_key_new_with_version(const uint8_t value[16], desfirekey_t key); +void Desfire_3k3des_key_new(const uint8_t value[24], desfirekey_t key); +void Desfire_3k3des_key_new_with_version(const uint8_t value[24], desfirekey_t key); +void Desfire_2k3des_key_new_with_version(const uint8_t value[16], desfirekey_t key); +void Desfire_aes_key_new(const uint8_t value[16], desfirekey_t key); +void Desfire_aes_key_new_with_version(const uint8_t value[16], uint8_t version, desfirekey_t key); +uint8_t Desfire_key_get_version(desfirekey_t key); +void Desfire_key_set_version(desfirekey_t key, uint8_t version); +void Desfire_session_key_new(const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey, desfirekey_t key); + +void *mifare_cryto_preprocess_data(desfiretag_t tag, void *data, size_t *nbytes, size_t offset, int communication_settings); +void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes, int communication_settings); +void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, MifareCryptoDirection direction, MifareCryptoOperation operation, size_t block_size); +void mifare_cypher_blocks_chained(desfiretag_t tag, desfirekey_t key, uint8_t *ivect, uint8_t *data, size_t data_size, MifareCryptoDirection direction, MifareCryptoOperation operation); +size_t key_block_size(const desfirekey_t key); +size_t padded_data_length(const size_t nbytes, const size_t block_size); +size_t maced_data_length(const desfirekey_t key, const size_t nbytes); +size_t enciphered_data_length(const desfiretag_t tag, const size_t nbytes, int communication_settings); +void cmac_generate_subkeys(desfirekey_t key); +void cmac(const desfirekey_t key, uint8_t *ivect, const uint8_t *data, size_t len, uint8_t *cmac); + +#endif diff --git a/armsrc/desfire_key.c b/armsrc/desfire_key.c deleted file mode 100644 index 60219260a..000000000 --- a/armsrc/desfire_key.c +++ /dev/null @@ -1,172 +0,0 @@ -/*- - * Copyright (C) 2010, Romain Tartiere. - * - * This program is free software: you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as published by the - * Free Software Foundation, either version 3 of the License, or (at your - * option) any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - * $Id$ - */ - -#include "desfire_key.h" -#include "string.h" -#include "dbprint.h" - -static inline void update_key_schedules(desfirekey_t key); - -static inline void update_key_schedules(desfirekey_t key) { - // DES_set_key ((DES_cblock *)key->data, &(key->ks1)); - // DES_set_key ((DES_cblock *)(key->data + 8), &(key->ks2)); - // if (T_3K3DES == key->type) { - // DES_set_key ((DES_cblock *)(key->data + 16), &(key->ks3)); - // } -} - -void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key) { - uint8_t data[8]; - memcpy(data, value, 8); - for (int n = 0; n < 8; n++) - data[n] &= 0xfe; - Desfire_des_key_new_with_version(data, key); -} - -void Desfire_des_key_new_with_version(const uint8_t value[8], desfirekey_t key) { - if (key != NULL) { - key->type = T_DES; - memcpy(key->data, value, 8); - memcpy(key->data + 8, value, 8); - update_key_schedules(key); - } -} - -void Desfire_3des_key_new(const uint8_t value[16], desfirekey_t key) { - uint8_t data[16]; - memcpy(data, value, 16); - for (int n = 0; n < 8; n++) - data[n] &= 0xfe; - for (int n = 8; n < 16; n++) - data[n] |= 0x01; - Desfire_3des_key_new_with_version(data, key); -} - -void Desfire_3des_key_new_with_version(const uint8_t value[16], desfirekey_t key) { - if (key != NULL) { - key->type = T_3DES; - memcpy(key->data, value, 16); - memcpy(key->data + 16, value, 8); - update_key_schedules(key); - } -} - -void Desfire_3k3des_key_new(const uint8_t value[24], desfirekey_t key) { - uint8_t data[24]; - memcpy(data, value, 24); - for (int n = 0; n < 8; n++) - data[n] &= 0xfe; - Desfire_3k3des_key_new_with_version(data, key); -} - -void Desfire_2k3des_key_new_with_version(const uint8_t value[16], desfirekey_t key) { - if (key != NULL) { - key->type = T_2K3DES; - memcpy(key->data, value, 16); - update_key_schedules(key); - } -} - -void Desfire_3k3des_key_new_with_version(const uint8_t value[24], desfirekey_t key) { - if (key != NULL) { - key->type = T_3K3DES; - memcpy(key->data, value, 24); - update_key_schedules(key); - } -} - -void Desfire_aes_key_new(const uint8_t value[16], desfirekey_t key) { - Desfire_aes_key_new_with_version(value, 0, key); -} - -void Desfire_aes_key_new_with_version(const uint8_t value[16], uint8_t version, desfirekey_t key) { - - if (key != NULL) { - memcpy(key->data, value, 16); - key->type = T_AES; - key->aes_version = version; - } -} - -uint8_t Desfire_key_get_version(desfirekey_t key) { - uint8_t version = 0; - - for (int n = 0; n < 8; n++) { - version |= ((key->data[n] & 1) << (7 - n)); - } - return version; -} - -void Desfire_key_set_version(desfirekey_t key, uint8_t version) { - for (int n = 0; n < 8; n++) { - uint8_t version_bit = ((version & (1 << (7 - n))) >> (7 - n)); - key->data[n] &= 0xfe; - key->data[n] |= version_bit; - if (key->type == T_DES) { - key->data[n + 8] = key->data[n]; - } else { - // Write ~version to avoid turning a 3DES key into a DES key - key->data[n + 8] &= 0xfe; - key->data[n + 8] |= ~version_bit; - } - } -} - -void Desfire_session_key_new(const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey, desfirekey_t key) { - - uint8_t buffer[24]; - - switch (authkey->type) { - case T_DES: - memcpy(buffer, rnda, 4); - memcpy(buffer + 4, rndb, 4); - Desfire_des_key_new_with_version(buffer, key); - break; - case T_3DES: - memcpy(buffer, rnda, 4); - memcpy(buffer + 4, rndb, 4); - memcpy(buffer + 8, rnda + 4, 4); - memcpy(buffer + 12, rndb + 4, 4); - Desfire_3des_key_new_with_version(buffer, key); - break; - case T_2K3DES: - memcpy(buffer, rnda, 4); - memcpy(buffer + 4, rndb, 4); - memcpy(buffer + 8, rnda + 4, 4); - memcpy(buffer + 12, rndb + 4, 4); - Desfire_2k3des_key_new_with_version(buffer, key); - break; - case T_3K3DES: - memcpy(buffer, rnda, 4); - memcpy(buffer + 4, rndb, 4); - memcpy(buffer + 8, rnda + 6, 4); - memcpy(buffer + 12, rndb + 6, 4); - memcpy(buffer + 16, rnda + 12, 4); - memcpy(buffer + 20, rndb + 12, 4); - Desfire_3k3des_key_new(buffer, key); - break; - case T_AES: - memcpy(buffer, rnda, 4); - memcpy(buffer + 4, rndb, 4); - memcpy(buffer + 8, rnda + 12, 4); - memcpy(buffer + 12, rndb + 12, 4); - Desfire_aes_key_new(buffer, key); - break; - } -} diff --git a/armsrc/desfire_key.h b/armsrc/desfire_key.h deleted file mode 100644 index 286d47178..000000000 --- a/armsrc/desfire_key.h +++ /dev/null @@ -1,19 +0,0 @@ -#ifndef __DESFIRE_KEY_INCLUDED -#define __DESFIRE_KEY_INCLUDED - -#include "common.h" -#include "desfire.h" -void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key); -void Desfire_3des_key_new(const uint8_t value[16], desfirekey_t key); -void Desfire_des_key_new_with_version(const uint8_t value[8], desfirekey_t key); -void Desfire_3des_key_new_with_version(const uint8_t value[16], desfirekey_t key); -void Desfire_3k3des_key_new(const uint8_t value[24], desfirekey_t key); -void Desfire_3k3des_key_new_with_version(const uint8_t value[24], desfirekey_t key); -void Desfire_2k3des_key_new_with_version(const uint8_t value[16], desfirekey_t key); -void Desfire_aes_key_new(const uint8_t value[16], desfirekey_t key); -void Desfire_aes_key_new_with_version(const uint8_t value[16], uint8_t version, desfirekey_t key); -uint8_t Desfire_key_get_version(desfirekey_t key); -void Desfire_key_set_version(desfirekey_t key, uint8_t version); -void Desfire_session_key_new(const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey, desfirekey_t key); - -#endif diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c index 10a7a3204..83e6ae39b 100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@ -4,9 +4,8 @@ #include "proxmark3_arm.h" #include "string.h" #include "BigBuf.h" -#include "desfire_key.h" #include "mifareutil.h" -#include "des.h" +#include "desfire_crypto.h" #include "cmd.h" #include "dbprint.h" #include "fpgaloader.h" @@ -34,6 +33,8 @@ static uint8_t deselect_cmd[] = {0xc2, 0xe0, 0xb4}; /* PCB CID CMD PAYLOAD */ //static uint8_t __res[MAX_FRAME_SIZE]; +struct desfire_key defaultkey = {0}; +static desfirekey_t sessionkey = &defaultkey; bool InitDesfireCard() { @@ -250,9 +251,11 @@ void MifareDES_Auth1(uint8_t *datain) { num_to_bytes(value, 4, &RndA[12]); // Default Keys - uint8_t PICC_MASTER_KEY8[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; - uint8_t PICC_MASTER_KEY16[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - uint8_t PICC_MASTER_KEY24[24] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + uint8_t PICC_MASTER_KEY8[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + uint8_t PICC_MASTER_KEY16[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00}; + uint8_t PICC_MASTER_KEY24[24] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; //uint8_t null_key_data16[16] = {0x00}; //uint8_t new_key_data8[8] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77}; //uint8_t new_key_data16[16] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF}; @@ -266,9 +269,10 @@ void MifareDES_Auth1(uint8_t *datain) { LED_C_OFF(); if (payload->key == NULL) { - if (payload->algo == MFDES_AUTH_DES) { + if (payload->algo == MFDES_AUTH_DES) { memcpy(keybytes, PICC_MASTER_KEY8, 8); - } else if (payload->algo == MFDES_ALGO_AES || payload->algo == MFDES_ALGO_3DES || payload->algo == MFDES_ALGO_2K3DES) { + } else if (payload->algo == MFDES_ALGO_AES || payload->algo == MFDES_ALGO_3DES || + payload->algo == MFDES_ALGO_2K3DES) { memcpy(keybytes, PICC_MASTER_KEY16, 16); } else if (payload->algo == MFDES_ALGO_3DES) { memcpy(keybytes, PICC_MASTER_KEY24, 24); @@ -287,8 +291,6 @@ void MifareDES_Auth1(uint8_t *datain) { Desfire_3des_key_new_with_version(keybytes, key); } else if (payload->algo == MFDES_ALGO_DES) { Desfire_des_key_new(keybytes, key); - } else if (payload->algo == MFDES_ALGO_2K3DES) { - Desfire_2k3des_key_new_with_version(keybytes, key); } else if (payload->algo == MFDES_ALGO_3K3DES) { Desfire_3k3des_key_new_with_version(keybytes, key); } @@ -324,7 +326,7 @@ void MifareDES_Auth1(uint8_t *datain) { return; } - if (resp[2] == (uint8_t)0xaf) { + if (resp[2] == (uint8_t)MFDES_ADDITIONAL_FRAME) { DbpString("Authentication failed. Invalid key number."); OnErrorNG(CMD_HF_DESFIRE_AUTH1, 3); return; @@ -335,6 +337,8 @@ void MifareDES_Auth1(uint8_t *datain) { expectedlen = 1 + 16 + 2 + 2; } + int rndlen = recv_len - 1 - 2 - 2; + if (len != expectedlen) { if (DBGLEVEL >= DBG_ERROR) { DbpString("Authentication failed. Length of answer doesn't match algo."); @@ -346,9 +350,9 @@ void MifareDES_Auth1(uint8_t *datain) { // Part 2 if (payload->mode != MFDES_AUTH_PICC) { - memcpy(encRndB, resp + 1, payload->keylen); + memcpy(encRndB, resp + 1, rndlen); } else { - memcpy(encRndB, resp + 2, payload->keylen); + memcpy(encRndB, resp + 2, rndlen); } // Part 3 @@ -361,60 +365,47 @@ void MifareDES_Auth1(uint8_t *datain) { return; } mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, 16, IV, encRndB, RndB); - } else if (payload->algo == MFDES_ALGO_3DES) - tdes_dec(RndB, encRndB, key->data); - else if (payload->algo == MFDES_ALGO_DES) + } else if (payload->algo == MFDES_ALGO_DES) des_dec(RndB, encRndB, key->data); - else if (payload->algo == MFDES_ALGO_2K3DES) - tdes_2key_dec(RndB, encRndB, 8, key->data, IV); + else if (payload->algo == MFDES_ALGO_3DES) + tdes_nxp_receive(encRndB, RndB, rndlen, key->data, IV, 2); else if (payload->algo == MFDES_ALGO_3K3DES) - tdes_3key_dec(RndB, encRndB, 16, key->data, IV); + tdes_nxp_receive(encRndB, RndB, rndlen, key->data, IV, 3); // - Rotate RndB by 8 bits - memcpy(rotRndB, RndB, payload->keylen); - rol(rotRndB, payload->keylen); + memcpy(rotRndB, RndB, rndlen); + rol(rotRndB, rndlen); uint8_t encRndA[16] = {0x00}; // - Encrypt our response - if (payload->mode == MFDES_AUTH_DES || payload->mode == MFDES_AUTH_ISO || payload->mode == MFDES_AUTH_PICC) { - if (payload->algo == MFDES_ALGO_3DES) { - tdes_dec(encRndA, RndA, key->data); - memcpy(both, encRndA, 8); - } else if (payload->algo == MFDES_ALGO_DES) { - des_dec(encRndA, RndA, key->data); - memcpy(both, encRndA, 8); - } else if (payload->algo == MFDES_ALGO_2K3DES) { - tdes_2key_dec(encRndA, RndA, 8, key->data, IV); - memcpy(both, encRndA, 8); - } else if (payload->algo == MFDES_ALGO_3K3DES) { - tdes_3key_dec(encRndA, RndA, 16, key->data, IV); - memcpy(both, encRndA, 16); - } + if (payload->mode == MFDES_AUTH_DES || payload->mode == MFDES_AUTH_PICC) { + des_dec(encRndA, RndA, key->data); + memcpy(both, encRndA, rndlen); - - for (int x = 0; x < 8; x++) { + for (int x = 0; x < rndlen; x++) { rotRndB[x] = rotRndB[x] ^ encRndA[x]; } + des_dec(encRndB, rotRndB, key->data); + memcpy(both + 8, encRndB, rndlen); + } + else if (payload->mode == MFDES_AUTH_ISO) { if (payload->algo == MFDES_ALGO_3DES) { - tdes_dec(encRndB, rotRndB, key->data); - memcpy(both + 8, encRndB, 8); - } else if (payload->algo == MFDES_ALGO_DES) { - des_dec(encRndB, rotRndB, key->data); - memcpy(both + 8, encRndB, 8); - } else if (payload->algo == MFDES_ALGO_2K3DES) { - tdes_2key_dec(encRndB, rotRndB, 8, key->data, IV); - memcpy(both + 8, encRndB, 8); + uint8_t tmp[16] = {0x00}; + memcpy(tmp, RndA, rndlen); + memcpy(tmp + rndlen, rotRndB, rndlen); + tdes_nxp_send(tmp, both, 16, key->data, IV,2); } else if (payload->algo == MFDES_ALGO_3K3DES) { - tdes_3key_dec(encRndB, rotRndB, 16, key->data, IV); - memcpy(both + 16, encRndB, 16); + uint8_t tmp[32] = {0x00}; + memcpy(tmp, RndA, rndlen); + memcpy(tmp + rndlen, rotRndB, rndlen); + tdes_nxp_send(tmp, both, 32, key->data, IV,3); } - } else if (payload->mode == MFDES_AUTH_AES) { uint8_t tmp[32] = {0x00}; - memcpy(tmp, RndA, 16); - memcpy(tmp + 16, rotRndB, 16); + memcpy(tmp, RndA, rndlen); + memcpy(tmp + 16, rotRndB, rndlen); if (payload->algo == MFDES_ALGO_AES) { if (mbedtls_aes_setkey_enc(&ctx, key->data, 128) != 0) { if (DBGLEVEL >= DBG_EXTENDED) { @@ -442,8 +433,8 @@ void MifareDES_Auth1(uint8_t *datain) { len = DesfireAPDU(cmd, 5 + bothlen + 1, resp); } else { cmd[0] = ADDITIONAL_FRAME; - memcpy(cmd + 1, both, 16); - len = DesfireAPDU(cmd, 1 + 16, resp); + memcpy(cmd + 1, both, bothlen); + len = DesfireAPDU(cmd, 1 + bothlen, resp); } if (!len) { @@ -469,27 +460,25 @@ void MifareDES_Auth1(uint8_t *datain) { } // Part 4 - struct desfire_key sessionKey = {0}; - desfirekey_t skey = &sessionKey; - Desfire_session_key_new(RndA, RndB, key, skey); + + Desfire_session_key_new(RndA, RndB, key, sessionkey); + if (DBGLEVEL >= DBG_EXTENDED) print_result("SESSIONKEY : ", sessionKey.data, payload->keylen); if (payload->mode != MFDES_AUTH_PICC) { - memcpy(encRndA, resp + 1, payload->keylen); + memcpy(encRndA, resp + 1, rndlen); } else { - memcpy(encRndA, resp + 2, payload->keylen); + memcpy(encRndA, resp + 2, rndlen); } if (payload->mode == MFDES_AUTH_DES || payload->mode == MFDES_AUTH_PICC) { - if (payload->algo == MFDES_ALGO_3DES) - tdes_dec(encRndA, encRndA, key->data); - else if (payload->algo == MFDES_ALGO_DES) + if (payload->algo == MFDES_ALGO_DES) des_dec(encRndA, encRndA, key->data); - else if (payload->algo == MFDES_ALGO_2K3DES) - tdes_2key_dec(encRndA, encRndA, 8, key->data, IV); + else if (payload->algo == MFDES_ALGO_3DES) + tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV,2); else if (payload->algo == MFDES_ALGO_3K3DES) - tdes_3key_dec(encRndA, encRndA, 16, key->data, IV); + tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV,3); } else if (payload->mode == MFDES_AUTH_AES) { if (mbedtls_aes_setkey_dec(&ctx, key->data, 128) != 0) { if (DBGLEVEL >= DBG_EXTENDED) { @@ -501,13 +490,13 @@ void MifareDES_Auth1(uint8_t *datain) { mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, 16, IV, encRndA, encRndA); } - rol(RndA, payload->keylen); + rol(RndA, rndlen); if (DBGLEVEL >= DBG_EXTENDED) { - print_result("RndA : ", RndA, payload->keylen); - print_result("RndB: ", RndB, payload->keylen); - print_result("encRndA : ", encRndA, payload->keylen); + print_result("RndA : ", RndA, rndlen); + print_result("RndB: ", RndB, rndlen); + print_result("encRndA : ", encRndA, rndlen); } - for (int x = 0; x < payload->keylen; x++) { + for (int x = 0; x < rndlen; x++) { if (RndA[x] != encRndA[x]) { DbpString("Authentication failed. Cannot verify Session Key."); OnErrorNG(CMD_HF_DESFIRE_AUTH1, 4); diff --git a/client/Makefile b/client/Makefile index e46e51eb2..79c0a101b 100644 --- a/client/Makefile +++ b/client/Makefile @@ -185,6 +185,7 @@ CMDSRCS = crapto1/crapto1.c \ mifare/mifare4.c \ mifare/mad.c \ mifare/ndef.c \ + mifare/desfire_crypto.c \ cmdanalyse.c \ cmdhf.c \ cmdhflist.c \ From 44e9d13d1a7a29f7a728609ddb088a09576eb412 Mon Sep 17 00:00:00 2001 From: Bjoern Kerler Date: Sun, 12 Apr 2020 17:41:36 +0200 Subject: [PATCH 3/9] Make style --- armsrc/desfire_crypto.c | 254 ++++++++++++++++----------------- armsrc/mifaredesfire.c | 17 +-- client/mifare/desfire_crypto.c | 254 ++++++++++++++++----------------- 3 files changed, 263 insertions(+), 262 deletions(-) diff --git a/armsrc/desfire_crypto.c b/armsrc/desfire_crypto.c index da0dc5d4b..5b194d16d 100644 --- a/armsrc/desfire_crypto.c +++ b/armsrc/desfire_crypto.c @@ -38,154 +38,154 @@ #include "crc16.h" // crc16 ccitt const uint8_t sbox[256] = { - /* S-box 1 */ - 0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07, - 0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38, - 0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50, - 0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D, - /* S-box 2 */ - 0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A, - 0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5, - 0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F, - 0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9, - /* S-box 3 */ - 0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28, - 0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1, - 0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7, - 0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C, - /* S-box 4 */ - 0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F, - 0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9, - 0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84, - 0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E, - /* S-box 5 */ - 0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9, - 0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86, - 0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E, - 0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53, - /* S-box 6 */ - 0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B, - 0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38, - 0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6, - 0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D, - /* S-box 7 */ - 0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61, - 0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86, - 0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92, - 0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C, - /* S-box 8 */ - 0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7, - 0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92, - 0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58, - 0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B + /* S-box 1 */ + 0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07, + 0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38, + 0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50, + 0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D, + /* S-box 2 */ + 0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A, + 0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5, + 0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F, + 0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9, + /* S-box 3 */ + 0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28, + 0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1, + 0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7, + 0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C, + /* S-box 4 */ + 0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F, + 0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9, + 0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84, + 0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E, + /* S-box 5 */ + 0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9, + 0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86, + 0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E, + 0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53, + /* S-box 6 */ + 0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B, + 0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38, + 0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6, + 0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D, + /* S-box 7 */ + 0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61, + 0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86, + 0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92, + 0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C, + /* S-box 8 */ + 0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7, + 0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92, + 0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58, + 0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B }; const uint8_t e_permtab[] = { - 4, 6, /* 4 bytes in 6 bytes out*/ - 32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1 + 4, 6, /* 4 bytes in 6 bytes out*/ + 32, 1, 2, 3, 4, 5, + 4, 5, 6, 7, 8, 9, + 8, 9, 10, 11, 12, 13, + 12, 13, 14, 15, 16, 17, + 16, 17, 18, 19, 20, 21, + 20, 21, 22, 23, 24, 25, + 24, 25, 26, 27, 28, 29, + 28, 29, 30, 31, 32, 1 }; const uint8_t p_permtab[] = { - 4, 4, /* 32 bit -> 32 bit */ - 16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25 + 4, 4, /* 32 bit -> 32 bit */ + 16, 7, 20, 21, + 29, 12, 28, 17, + 1, 15, 23, 26, + 5, 18, 31, 10, + 2, 8, 24, 14, + 32, 27, 3, 9, + 19, 13, 30, 6, + 22, 11, 4, 25 }; const uint8_t ip_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7 + 8, 8, /* 64 bit -> 64 bit */ + 58, 50, 42, 34, 26, 18, 10, 2, + 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, + 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, + 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, + 63, 55, 47, 39, 31, 23, 15, 7 }; const uint8_t inv_ip_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25 + 8, 8, /* 64 bit -> 64 bit */ + 40, 8, 48, 16, 56, 24, 64, 32, + 39, 7, 47, 15, 55, 23, 63, 31, + 38, 6, 46, 14, 54, 22, 62, 30, + 37, 5, 45, 13, 53, 21, 61, 29, + 36, 4, 44, 12, 52, 20, 60, 28, + 35, 3, 43, 11, 51, 19, 59, 27, + 34, 2, 42, 10, 50, 18, 58, 26, + 33, 1, 41, 9, 49, 17, 57, 25 }; const uint8_t pc1_permtab[] = { - 8, 7, /* 64 bit -> 56 bit*/ - 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 + 8, 7, /* 64 bit -> 56 bit*/ + 57, 49, 41, 33, 25, 17, 9, + 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, + 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, + 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, + 21, 13, 5, 28, 20, 12, 4 }; const uint8_t pc2_permtab[] = { - 7, 6, /* 56 bit -> 48 bit */ - 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 + 7, 6, /* 56 bit -> 48 bit */ + 14, 17, 11, 24, 1, 5, + 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, + 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, + 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, + 46, 42, 50, 36, 29, 32 }; const uint8_t splitin6bitword_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 64, 64, 1, 6, 2, 3, 4, 5, - 64, 64, 7, 12, 8, 9, 10, 11, - 64, 64, 13, 18, 14, 15, 16, 17, - 64, 64, 19, 24, 20, 21, 22, 23, - 64, 64, 25, 30, 26, 27, 28, 29, - 64, 64, 31, 36, 32, 33, 34, 35, - 64, 64, 37, 42, 38, 39, 40, 41, - 64, 64, 43, 48, 44, 45, 46, 47 + 8, 8, /* 64 bit -> 64 bit */ + 64, 64, 1, 6, 2, 3, 4, 5, + 64, 64, 7, 12, 8, 9, 10, 11, + 64, 64, 13, 18, 14, 15, 16, 17, + 64, 64, 19, 24, 20, 21, 22, 23, + 64, 64, 25, 30, 26, 27, 28, 29, + 64, 64, 31, 36, 32, 33, 34, 35, + 64, 64, 37, 42, 38, 39, 40, 41, + 64, 64, 43, 48, 44, 45, 46, 47 }; const uint8_t shiftkey_permtab[] = { - 7, 7, /* 56 bit -> 56 bit */ - 2, 3, 4, 5, 6, 7, 8, 9, - 10, 11, 12, 13, 14, 15, 16, 17, - 18, 19, 20, 21, 22, 23, 24, 25, - 26, 27, 28, 1, - 30, 31, 32, 33, 34, 35, 36, 37, - 38, 39, 40, 41, 42, 43, 44, 45, - 46, 47, 48, 49, 50, 51, 52, 53, - 54, 55, 56, 29 + 7, 7, /* 56 bit -> 56 bit */ + 2, 3, 4, 5, 6, 7, 8, 9, + 10, 11, 12, 13, 14, 15, 16, 17, + 18, 19, 20, 21, 22, 23, 24, 25, + 26, 27, 28, 1, + 30, 31, 32, 33, 34, 35, 36, 37, + 38, 39, 40, 41, 42, 43, 44, 45, + 46, 47, 48, 49, 50, 51, 52, 53, + 54, 55, 56, 29 }; const uint8_t shiftkeyinv_permtab[] = { - 7, 7, - 28, 1, 2, 3, 4, 5, 6, 7, - 8, 9, 10, 11, 12, 13, 14, 15, - 16, 17, 18, 19, 20, 21, 22, 23, - 24, 25, 26, 27, - 56, 29, 30, 31, 32, 33, 34, 35, - 36, 37, 38, 39, 40, 41, 42, 43, - 44, 45, 46, 47, 48, 49, 50, 51, - 52, 53, 54, 55 + 7, 7, + 28, 1, 2, 3, 4, 5, 6, 7, + 8, 9, 10, 11, 12, 13, 14, 15, + 16, 17, 18, 19, 20, 21, 22, 23, + 24, 25, 26, 27, + 56, 29, 30, 31, 32, 33, 34, 35, + 36, 37, 38, 39, 40, 41, 42, 43, + 44, 45, 46, 47, 48, 49, 50, 51, + 52, 53, 54, 55 }; /* @@ -482,8 +482,8 @@ void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, while (length > 0) { memcpy(temp, tin, 8); - if (keymode==2) tdes_2key_dec(tout,tin,key); - else if (keymode==3) tdes_3key_dec(tout,tin,key); + if (keymode == 2) tdes_2key_dec(tout, tin, key); + else if (keymode == 3) tdes_3key_dec(tout, tin, key); for (i = 0; i < 8; i++) tout[i] = (unsigned char)(tout[i] ^ iv[i]); @@ -508,8 +508,8 @@ void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, un for (i = 0; i < 8; i++) tin[i] = (unsigned char)(tin[i] ^ iv[i]); - if (keymode==2) tdes_2key_enc(tout,tin,key); - else if (keymode==3) tdes_3key_enc(tout,tin,key); + if (keymode == 2) tdes_2key_enc(tout, tin, key); + else if (keymode == 3) tdes_3key_enc(tout, tin, key); memcpy(iv, tout, 8); @@ -1061,7 +1061,7 @@ void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes do { uint16_t crc_16 = 0x00; - uint32_t crc=0x00; + uint32_t crc = 0x00; switch (DESFIRE(tag)->authentication_scheme) { case AS_LEGACY: AddCrc14A((uint8_t *)res, end_crc_pos); @@ -1120,7 +1120,7 @@ void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes break; default: - PrintAndLogEx(ERR,"Unknown communication settings"); + PrintAndLogEx(ERR, "Unknown communication settings"); *nbytes = -1; res = NULL; break; diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c index 83e6ae39b..c6d8c0c7c 100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@ -253,9 +253,11 @@ void MifareDES_Auth1(uint8_t *datain) { // Default Keys uint8_t PICC_MASTER_KEY8[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; uint8_t PICC_MASTER_KEY16[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00}; + 0x00, 0x00 + }; uint8_t PICC_MASTER_KEY24[24] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; //uint8_t null_key_data16[16] = {0x00}; //uint8_t new_key_data8[8] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77}; //uint8_t new_key_data16[16] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF}; @@ -389,18 +391,17 @@ void MifareDES_Auth1(uint8_t *datain) { des_dec(encRndB, rotRndB, key->data); memcpy(both + 8, encRndB, rndlen); - } - else if (payload->mode == MFDES_AUTH_ISO) { + } else if (payload->mode == MFDES_AUTH_ISO) { if (payload->algo == MFDES_ALGO_3DES) { uint8_t tmp[16] = {0x00}; memcpy(tmp, RndA, rndlen); memcpy(tmp + rndlen, rotRndB, rndlen); - tdes_nxp_send(tmp, both, 16, key->data, IV,2); + tdes_nxp_send(tmp, both, 16, key->data, IV, 2); } else if (payload->algo == MFDES_ALGO_3K3DES) { uint8_t tmp[32] = {0x00}; memcpy(tmp, RndA, rndlen); memcpy(tmp + rndlen, rotRndB, rndlen); - tdes_nxp_send(tmp, both, 32, key->data, IV,3); + tdes_nxp_send(tmp, both, 32, key->data, IV, 3); } } else if (payload->mode == MFDES_AUTH_AES) { uint8_t tmp[32] = {0x00}; @@ -476,9 +477,9 @@ void MifareDES_Auth1(uint8_t *datain) { if (payload->algo == MFDES_ALGO_DES) des_dec(encRndA, encRndA, key->data); else if (payload->algo == MFDES_ALGO_3DES) - tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV,2); + tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV, 2); else if (payload->algo == MFDES_ALGO_3K3DES) - tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV,3); + tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV, 3); } else if (payload->mode == MFDES_AUTH_AES) { if (mbedtls_aes_setkey_dec(&ctx, key->data, 128) != 0) { if (DBGLEVEL >= DBG_EXTENDED) { diff --git a/client/mifare/desfire_crypto.c b/client/mifare/desfire_crypto.c index da0dc5d4b..5b194d16d 100644 --- a/client/mifare/desfire_crypto.c +++ b/client/mifare/desfire_crypto.c @@ -38,154 +38,154 @@ #include "crc16.h" // crc16 ccitt const uint8_t sbox[256] = { - /* S-box 1 */ - 0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07, - 0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38, - 0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50, - 0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D, - /* S-box 2 */ - 0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A, - 0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5, - 0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F, - 0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9, - /* S-box 3 */ - 0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28, - 0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1, - 0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7, - 0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C, - /* S-box 4 */ - 0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F, - 0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9, - 0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84, - 0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E, - /* S-box 5 */ - 0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9, - 0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86, - 0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E, - 0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53, - /* S-box 6 */ - 0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B, - 0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38, - 0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6, - 0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D, - /* S-box 7 */ - 0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61, - 0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86, - 0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92, - 0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C, - /* S-box 8 */ - 0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7, - 0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92, - 0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58, - 0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B + /* S-box 1 */ + 0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07, + 0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38, + 0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50, + 0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D, + /* S-box 2 */ + 0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A, + 0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5, + 0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F, + 0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9, + /* S-box 3 */ + 0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28, + 0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1, + 0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7, + 0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C, + /* S-box 4 */ + 0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F, + 0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9, + 0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84, + 0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E, + /* S-box 5 */ + 0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9, + 0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86, + 0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E, + 0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53, + /* S-box 6 */ + 0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B, + 0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38, + 0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6, + 0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D, + /* S-box 7 */ + 0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61, + 0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86, + 0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92, + 0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C, + /* S-box 8 */ + 0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7, + 0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92, + 0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58, + 0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B }; const uint8_t e_permtab[] = { - 4, 6, /* 4 bytes in 6 bytes out*/ - 32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1 + 4, 6, /* 4 bytes in 6 bytes out*/ + 32, 1, 2, 3, 4, 5, + 4, 5, 6, 7, 8, 9, + 8, 9, 10, 11, 12, 13, + 12, 13, 14, 15, 16, 17, + 16, 17, 18, 19, 20, 21, + 20, 21, 22, 23, 24, 25, + 24, 25, 26, 27, 28, 29, + 28, 29, 30, 31, 32, 1 }; const uint8_t p_permtab[] = { - 4, 4, /* 32 bit -> 32 bit */ - 16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25 + 4, 4, /* 32 bit -> 32 bit */ + 16, 7, 20, 21, + 29, 12, 28, 17, + 1, 15, 23, 26, + 5, 18, 31, 10, + 2, 8, 24, 14, + 32, 27, 3, 9, + 19, 13, 30, 6, + 22, 11, 4, 25 }; const uint8_t ip_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7 + 8, 8, /* 64 bit -> 64 bit */ + 58, 50, 42, 34, 26, 18, 10, 2, + 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, + 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, + 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, + 63, 55, 47, 39, 31, 23, 15, 7 }; const uint8_t inv_ip_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25 + 8, 8, /* 64 bit -> 64 bit */ + 40, 8, 48, 16, 56, 24, 64, 32, + 39, 7, 47, 15, 55, 23, 63, 31, + 38, 6, 46, 14, 54, 22, 62, 30, + 37, 5, 45, 13, 53, 21, 61, 29, + 36, 4, 44, 12, 52, 20, 60, 28, + 35, 3, 43, 11, 51, 19, 59, 27, + 34, 2, 42, 10, 50, 18, 58, 26, + 33, 1, 41, 9, 49, 17, 57, 25 }; const uint8_t pc1_permtab[] = { - 8, 7, /* 64 bit -> 56 bit*/ - 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 + 8, 7, /* 64 bit -> 56 bit*/ + 57, 49, 41, 33, 25, 17, 9, + 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, + 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, + 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, + 21, 13, 5, 28, 20, 12, 4 }; const uint8_t pc2_permtab[] = { - 7, 6, /* 56 bit -> 48 bit */ - 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 + 7, 6, /* 56 bit -> 48 bit */ + 14, 17, 11, 24, 1, 5, + 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, + 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, + 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, + 46, 42, 50, 36, 29, 32 }; const uint8_t splitin6bitword_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 64, 64, 1, 6, 2, 3, 4, 5, - 64, 64, 7, 12, 8, 9, 10, 11, - 64, 64, 13, 18, 14, 15, 16, 17, - 64, 64, 19, 24, 20, 21, 22, 23, - 64, 64, 25, 30, 26, 27, 28, 29, - 64, 64, 31, 36, 32, 33, 34, 35, - 64, 64, 37, 42, 38, 39, 40, 41, - 64, 64, 43, 48, 44, 45, 46, 47 + 8, 8, /* 64 bit -> 64 bit */ + 64, 64, 1, 6, 2, 3, 4, 5, + 64, 64, 7, 12, 8, 9, 10, 11, + 64, 64, 13, 18, 14, 15, 16, 17, + 64, 64, 19, 24, 20, 21, 22, 23, + 64, 64, 25, 30, 26, 27, 28, 29, + 64, 64, 31, 36, 32, 33, 34, 35, + 64, 64, 37, 42, 38, 39, 40, 41, + 64, 64, 43, 48, 44, 45, 46, 47 }; const uint8_t shiftkey_permtab[] = { - 7, 7, /* 56 bit -> 56 bit */ - 2, 3, 4, 5, 6, 7, 8, 9, - 10, 11, 12, 13, 14, 15, 16, 17, - 18, 19, 20, 21, 22, 23, 24, 25, - 26, 27, 28, 1, - 30, 31, 32, 33, 34, 35, 36, 37, - 38, 39, 40, 41, 42, 43, 44, 45, - 46, 47, 48, 49, 50, 51, 52, 53, - 54, 55, 56, 29 + 7, 7, /* 56 bit -> 56 bit */ + 2, 3, 4, 5, 6, 7, 8, 9, + 10, 11, 12, 13, 14, 15, 16, 17, + 18, 19, 20, 21, 22, 23, 24, 25, + 26, 27, 28, 1, + 30, 31, 32, 33, 34, 35, 36, 37, + 38, 39, 40, 41, 42, 43, 44, 45, + 46, 47, 48, 49, 50, 51, 52, 53, + 54, 55, 56, 29 }; const uint8_t shiftkeyinv_permtab[] = { - 7, 7, - 28, 1, 2, 3, 4, 5, 6, 7, - 8, 9, 10, 11, 12, 13, 14, 15, - 16, 17, 18, 19, 20, 21, 22, 23, - 24, 25, 26, 27, - 56, 29, 30, 31, 32, 33, 34, 35, - 36, 37, 38, 39, 40, 41, 42, 43, - 44, 45, 46, 47, 48, 49, 50, 51, - 52, 53, 54, 55 + 7, 7, + 28, 1, 2, 3, 4, 5, 6, 7, + 8, 9, 10, 11, 12, 13, 14, 15, + 16, 17, 18, 19, 20, 21, 22, 23, + 24, 25, 26, 27, + 56, 29, 30, 31, 32, 33, 34, 35, + 36, 37, 38, 39, 40, 41, 42, 43, + 44, 45, 46, 47, 48, 49, 50, 51, + 52, 53, 54, 55 }; /* @@ -482,8 +482,8 @@ void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, while (length > 0) { memcpy(temp, tin, 8); - if (keymode==2) tdes_2key_dec(tout,tin,key); - else if (keymode==3) tdes_3key_dec(tout,tin,key); + if (keymode == 2) tdes_2key_dec(tout, tin, key); + else if (keymode == 3) tdes_3key_dec(tout, tin, key); for (i = 0; i < 8; i++) tout[i] = (unsigned char)(tout[i] ^ iv[i]); @@ -508,8 +508,8 @@ void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, un for (i = 0; i < 8; i++) tin[i] = (unsigned char)(tin[i] ^ iv[i]); - if (keymode==2) tdes_2key_enc(tout,tin,key); - else if (keymode==3) tdes_3key_enc(tout,tin,key); + if (keymode == 2) tdes_2key_enc(tout, tin, key); + else if (keymode == 3) tdes_3key_enc(tout, tin, key); memcpy(iv, tout, 8); @@ -1061,7 +1061,7 @@ void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes do { uint16_t crc_16 = 0x00; - uint32_t crc=0x00; + uint32_t crc = 0x00; switch (DESFIRE(tag)->authentication_scheme) { case AS_LEGACY: AddCrc14A((uint8_t *)res, end_crc_pos); @@ -1120,7 +1120,7 @@ void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes break; default: - PrintAndLogEx(ERR,"Unknown communication settings"); + PrintAndLogEx(ERR, "Unknown communication settings"); *nbytes = -1; res = NULL; break; From 309ec0d9421c332229f5ab79ea9a7267ca875a7e Mon Sep 17 00:00:00 2001 From: Bjoern Kerler Date: Sun, 12 Apr 2020 17:59:46 +0200 Subject: [PATCH 4/9] Fixes --- armsrc/desfire_crypto.c | 355 +--------------------------------------- armsrc/desfire_crypto.h | 9 - armsrc/mifaredesfire.c | 33 ++-- 3 files changed, 22 insertions(+), 375 deletions(-) diff --git a/armsrc/desfire_crypto.c b/armsrc/desfire_crypto.c index 5b194d16d..5c97e253c 100644 --- a/armsrc/desfire_crypto.c +++ b/armsrc/desfire_crypto.c @@ -32,357 +32,12 @@ #include "commonutil.h" #include "crc32.h" #include "mbedtls/aes.h" -//#include "mbedtls/des.h" -#include "ui.h" #include "crc.h" #include "crc16.h" // crc16 ccitt - -const uint8_t sbox[256] = { - /* S-box 1 */ - 0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07, - 0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38, - 0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50, - 0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D, - /* S-box 2 */ - 0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A, - 0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5, - 0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F, - 0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9, - /* S-box 3 */ - 0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28, - 0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1, - 0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7, - 0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C, - /* S-box 4 */ - 0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F, - 0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9, - 0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84, - 0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E, - /* S-box 5 */ - 0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9, - 0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86, - 0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E, - 0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53, - /* S-box 6 */ - 0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B, - 0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38, - 0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6, - 0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D, - /* S-box 7 */ - 0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61, - 0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86, - 0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92, - 0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C, - /* S-box 8 */ - 0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7, - 0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92, - 0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58, - 0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B -}; - -const uint8_t e_permtab[] = { - 4, 6, /* 4 bytes in 6 bytes out*/ - 32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1 -}; - -const uint8_t p_permtab[] = { - 4, 4, /* 32 bit -> 32 bit */ - 16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25 -}; - -const uint8_t ip_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7 -}; - -const uint8_t inv_ip_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25 -}; - -const uint8_t pc1_permtab[] = { - 8, 7, /* 64 bit -> 56 bit*/ - 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 -}; - -const uint8_t pc2_permtab[] = { - 7, 6, /* 56 bit -> 48 bit */ - 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 -}; - -const uint8_t splitin6bitword_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 64, 64, 1, 6, 2, 3, 4, 5, - 64, 64, 7, 12, 8, 9, 10, 11, - 64, 64, 13, 18, 14, 15, 16, 17, - 64, 64, 19, 24, 20, 21, 22, 23, - 64, 64, 25, 30, 26, 27, 28, 29, - 64, 64, 31, 36, 32, 33, 34, 35, - 64, 64, 37, 42, 38, 39, 40, 41, - 64, 64, 43, 48, 44, 45, 46, 47 -}; - -const uint8_t shiftkey_permtab[] = { - 7, 7, /* 56 bit -> 56 bit */ - 2, 3, 4, 5, 6, 7, 8, 9, - 10, 11, 12, 13, 14, 15, 16, 17, - 18, 19, 20, 21, 22, 23, 24, 25, - 26, 27, 28, 1, - 30, 31, 32, 33, 34, 35, 36, 37, - 38, 39, 40, 41, 42, 43, 44, 45, - 46, 47, 48, 49, 50, 51, 52, 53, - 54, 55, 56, 29 -}; - -const uint8_t shiftkeyinv_permtab[] = { - 7, 7, - 28, 1, 2, 3, 4, 5, 6, 7, - 8, 9, 10, 11, 12, 13, 14, 15, - 16, 17, 18, 19, 20, 21, 22, 23, - 24, 25, 26, 27, - 56, 29, 30, 31, 32, 33, 34, 35, - 36, 37, 38, 39, 40, 41, 42, 43, - 44, 45, 46, 47, 48, 49, 50, 51, - 52, 53, 54, 55 -}; - -/* -1 0 -1 0 -2 1 -2 1 -2 1 -2 1 -2 1 -2 1 ----- -1 0 -2 1 -2 1 -2 1 -2 1 -2 1 -2 1 -1 0 -*/ -#define ROTTABLE 0x7EFC -#define ROTTABLE_INV 0x3F7E -/******************************************************************************/ - -void permute(const uint8_t *ptable, const uint8_t *in, uint8_t *out) { - uint8_t ob; /* in-bytes and out-bytes */ - uint8_t byte, bit; /* counter for bit and byte */ - ob = ptable[1]; - ptable = &(ptable[2]); - for (byte = 0; byte < ob; ++byte) { - uint8_t t = 0; - for (bit = 0; bit < 8; ++bit) { - uint8_t x = *ptable++ - 1; - t <<= 1; - if ((in[x / 8]) & (0x80 >> (x % 8))) { - t |= 0x01; - } - } - out[byte] = t; - } -} - -/******************************************************************************/ - -void changeendian32(uint32_t *a) { - *a = (*a & 0x000000FF) << 24 | - (*a & 0x0000FF00) << 8 | - (*a & 0x00FF0000) >> 8 | - (*a & 0xFF000000) >> 24; -} - -/******************************************************************************/ -static inline -void shiftkey(uint8_t *key) { - uint8_t k[7]; - memcpy(k, key, 7); - permute((uint8_t *)shiftkey_permtab, k, key); -} - -/******************************************************************************/ -static inline -void shiftkey_inv(uint8_t *key) { - uint8_t k[7]; - memcpy(k, key, 7); - permute((uint8_t *)shiftkeyinv_permtab, k, key); - -} - -/******************************************************************************/ -static inline -uint64_t splitin6bitwords(uint64_t a) { - uint64_t ret = 0; - a &= 0x0000ffffffffffffLL; - permute((uint8_t *)splitin6bitword_permtab, (uint8_t *)&a, (uint8_t *)&ret); - return ret; -} - -/******************************************************************************/ - -static inline -uint8_t substitute(uint8_t a, uint8_t *sbp) { - uint8_t x; - x = sbp[a >> 1]; - x = (a & 1) ? x & 0x0F : x >> 4; - return x; - -} - -/******************************************************************************/ - -uint32_t des_f(uint32_t r, uint8_t *kr) { - uint8_t i; - uint32_t t = 0, ret; - uint64_t data = 0; - uint8_t *sbp; /* sboxpointer */ - permute((uint8_t *)e_permtab, (uint8_t *)&r, (uint8_t *)&data); - for (i = 0; i < 6; ++i) - ((uint8_t *)&data)[i] ^= kr[i]; - - /* Sbox substitution */ - data = splitin6bitwords(data); - sbp = (uint8_t *)sbox; - for (i = 0; i < 8; ++i) { - uint8_t x; - x = substitute(((uint8_t *)&data)[i], sbp); - t <<= 4; - t |= x; - sbp += 32; - } - changeendian32(&t); - - permute((uint8_t *)p_permtab, (uint8_t *)&t, (uint8_t *)&ret); - - return ret; -} - -/******************************************************************************/ - -typedef struct { - union { - uint8_t v8[8]; - uint32_t v32[2]; - } d; -} des_data_t; -#define R (des_data.d.v32[1]) -#define L (des_data.d.v32[0]) - -void des_enc(void *out, const void *in, const void *key) { - - uint8_t kr[6], k[7]; - uint8_t i; - des_data_t des_data; - - permute((uint8_t *)ip_permtab, (uint8_t *)in, des_data.d.v8); - permute((uint8_t *)pc1_permtab, (const uint8_t *)key, k); - - for (i = 0; i < 8; ++i) { - shiftkey(k); - if (ROTTABLE & ((1 << ((i << 1) + 0)))) - shiftkey(k); - permute((uint8_t *)pc2_permtab, k, kr); - L ^= des_f(R, kr); - - shiftkey(k); - if (ROTTABLE & ((1 << ((i << 1) + 1)))) - shiftkey(k); - permute((uint8_t *)pc2_permtab, k, kr); - R ^= des_f(L, kr); - - } - /* L <-> R*/ - R ^= L; - L ^= R; - R ^= L; - - permute((uint8_t *)inv_ip_permtab, des_data.d.v8, (uint8_t *)out); -} - -/******************************************************************************/ - -void des_dec(void *out, const void *in, const void *key) { - - uint8_t kr[6], k[7]; - int8_t i; - des_data_t des_data; - - permute((uint8_t *)ip_permtab, (uint8_t *)in, des_data.d.v8); - permute((uint8_t *)pc1_permtab, (const uint8_t *)key, k); - for (i = 7; i >= 0; --i) { - - permute((uint8_t *)pc2_permtab, k, kr); - L ^= des_f(R, kr); - shiftkey_inv(k); - if (ROTTABLE & ((1 << ((i << 1) + 1)))) { - shiftkey_inv(k); - } - - permute((uint8_t *)pc2_permtab, k, kr); - R ^= des_f(L, kr); - shiftkey_inv(k); - if (ROTTABLE & ((1 << ((i << 1) + 0)))) { - shiftkey_inv(k); - } - - } - /* L <-> R*/ - R ^= L; - L ^= R; - R ^= L; - - permute((uint8_t *)inv_ip_permtab, des_data.d.v8, (uint8_t *)out); -} - -#undef R -#undef L -/******************************************************************************/ +#include "printf.h" +#include "iso14443a.h" +#include "dbprint.h" +#include "des.h" #ifndef AddCrc14A # define AddCrc14A(data, len) compute_crc(CRC_14443_A, (data), (len), (data)+(len), (data)+(len)+1) @@ -1120,7 +775,7 @@ void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes break; default: - PrintAndLogEx(ERR, "Unknown communication settings"); + Dbprintf("Unknown communication settings"); *nbytes = -1; res = NULL; break; diff --git a/armsrc/desfire_crypto.h b/armsrc/desfire_crypto.h index e1d37d1af..73dc2ab07 100644 --- a/armsrc/desfire_crypto.h +++ b/armsrc/desfire_crypto.h @@ -98,18 +98,9 @@ struct desfire_tag { }; typedef struct desfire_tag *desfiretag_t; -typedef unsigned long DES_KS[16][2]; /* Single-key DES key schedule */ -typedef unsigned long DES3_KS[48][2]; /* Triple-DES key schedule */ - -extern int Asmversion; /* 1 if we're linked with an asm version, 0 if C */ - void crc32_ex(const uint8_t *data, const size_t len, uint8_t *crc); void crc32_append(uint8_t *data, const size_t len); -void des_enc(void *out, const void *in, const void *key); -void des_dec(void *out, const void *in, const void *key); -void tdes_enc(void *out, void *in, const void *key); -void tdes_dec(void *out, void *in, const uint8_t *key); void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode); void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode); void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key); diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c index c6d8c0c7c..0ffa535b7 100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@ -16,6 +16,7 @@ #include "util.h" #include "mifare.h" #include "ticks.h" +#include "protocols.h" #define MAX_APPLICATION_COUNT 28 #define MAX_FILE_COUNT 16 @@ -33,8 +34,8 @@ static uint8_t deselect_cmd[] = {0xc2, 0xe0, 0xb4}; /* PCB CID CMD PAYLOAD */ //static uint8_t __res[MAX_FRAME_SIZE]; -struct desfire_key defaultkey = {0}; -static desfirekey_t sessionkey = &defaultkey; +struct desfire_key skey = {0}; +static desfirekey_t sessionkey = &skey; bool InitDesfireCard() { @@ -159,7 +160,7 @@ void MifareDesfireGetInformation() { memcpy(payload.uid, card.uid, sizeof(payload.uid)); LED_A_ON(); - uint8_t cmd[] = {0x90, GET_VERSION, 0x00, 0x00, 0x00}; + uint8_t cmd[] = {0x90, MFDES_GET_VERSION, 0x00, 0x00, 0x00}; size_t cmd_len = sizeof(cmd); len = DesfireAPDU(cmd, cmd_len, resp); @@ -174,7 +175,7 @@ void MifareDesfireGetInformation() { memcpy(payload.versionHW, resp + 1, sizeof(payload.versionHW)); // ADDITION_FRAME 1 - cmd[1] = ADDITIONAL_FRAME; + cmd[1] = MFDES_ADDITIONAL_FRAME; len = DesfireAPDU(cmd, cmd_len, resp); if (!len) { print_result("ERROR <--: ", resp, len); @@ -271,10 +272,9 @@ void MifareDES_Auth1(uint8_t *datain) { LED_C_OFF(); if (payload->key == NULL) { - if (payload->algo == MFDES_AUTH_DES) { + if (payload->algo == MFDES_AUTH_DES) { memcpy(keybytes, PICC_MASTER_KEY8, 8); - } else if (payload->algo == MFDES_ALGO_AES || payload->algo == MFDES_ALGO_3DES || - payload->algo == MFDES_ALGO_2K3DES) { + } else if (payload->algo == MFDES_ALGO_AES || payload->algo == MFDES_ALGO_3DES) { memcpy(keybytes, PICC_MASTER_KEY16, 16); } else if (payload->algo == MFDES_ALGO_3DES) { memcpy(keybytes, PICC_MASTER_KEY24, 24); @@ -283,6 +283,7 @@ void MifareDES_Auth1(uint8_t *datain) { memcpy(keybytes, payload->key, payload->keylen); } + struct desfire_key defaultkey = {0}; desfirekey_t key = &defaultkey; @@ -297,12 +298,12 @@ void MifareDES_Auth1(uint8_t *datain) { Desfire_3k3des_key_new_with_version(keybytes, key); } - uint8_t subcommand = AUTHENTICATE; + uint8_t subcommand = MFDES_AUTHENTICATE; if (payload->mode == MFDES_AUTH_AES) - subcommand = AUTHENTICATE_AES; + subcommand = MFDES_AUTHENTICATE_AES; else if (payload->mode == MFDES_AUTH_ISO) - subcommand = AUTHENTICATE_ISO; + subcommand = MFDES_AUTHENTICATE_ISO; if (payload->mode != MFDES_AUTH_PICC) { // Let's send our auth command @@ -315,7 +316,7 @@ void MifareDES_Auth1(uint8_t *datain) { cmd[6] = 0x0; len = DesfireAPDU(cmd, 7, resp); } else { - cmd[0] = AUTHENTICATE; + cmd[0] = MFDES_AUTHENTICATE; cmd[1] = payload->keyno; len = DesfireAPDU(cmd, 2, resp); } @@ -339,7 +340,7 @@ void MifareDES_Auth1(uint8_t *datain) { expectedlen = 1 + 16 + 2 + 2; } - int rndlen = recv_len - 1 - 2 - 2; + int rndlen = len - 1 - 2 - 2; if (len != expectedlen) { if (DBGLEVEL >= DBG_ERROR) { @@ -425,7 +426,7 @@ void MifareDES_Auth1(uint8_t *datain) { } if (payload->mode != MFDES_AUTH_PICC) { cmd[0] = 0x90; - cmd[1] = ADDITIONAL_FRAME; + cmd[1] = MFDES_ADDITIONAL_FRAME; cmd[2] = 0x00; cmd[3] = 0x00; cmd[4] = bothlen; @@ -433,7 +434,7 @@ void MifareDES_Auth1(uint8_t *datain) { cmd[bothlen + 5] = 0x0; len = DesfireAPDU(cmd, 5 + bothlen + 1, resp); } else { - cmd[0] = ADDITIONAL_FRAME; + cmd[0] = MFDES_ADDITIONAL_FRAME; memcpy(cmd + 1, both, bothlen); len = DesfireAPDU(cmd, 1 + bothlen, resp); } @@ -465,7 +466,7 @@ void MifareDES_Auth1(uint8_t *datain) { Desfire_session_key_new(RndA, RndB, key, sessionkey); if (DBGLEVEL >= DBG_EXTENDED) - print_result("SESSIONKEY : ", sessionKey.data, payload->keylen); + print_result("SESSIONKEY : ", sessionkey->data, payload->keylen); if (payload->mode != MFDES_AUTH_PICC) { memcpy(encRndA, resp + 1, rndlen); @@ -603,7 +604,7 @@ void MifareDES_Auth1(uint8_t *datain) { LED_B_ON(); authres_t rpayload; rpayload.sessionkeylen = payload->keylen; - memcpy(rpayload.sessionkey, sessionKey.data, rpayload.sessionkeylen); + memcpy(rpayload.sessionkey, sessionkey->data, rpayload.sessionkeylen); reply_ng(CMD_HF_DESFIRE_AUTH1, PM3_SUCCESS, (uint8_t *)&rpayload, sizeof(rpayload)); LED_B_OFF(); } From c06864dcc76f0a9586cef3544e1e26725a769599 Mon Sep 17 00:00:00 2001 From: Bjoern Kerler Date: Sun, 12 Apr 2020 18:09:14 +0200 Subject: [PATCH 5/9] Rename due to name conflict --- armsrc/desfire_crypto.c | 55 ++++++++-------------------------- armsrc/mifaredesfire.c | 1 + client/mifare/desfire_crypto.c | 24 +++++++-------- 3 files changed, 25 insertions(+), 55 deletions(-) diff --git a/armsrc/desfire_crypto.c b/armsrc/desfire_crypto.c index 5c97e253c..d9acdfa81 100644 --- a/armsrc/desfire_crypto.c +++ b/armsrc/desfire_crypto.c @@ -43,37 +43,6 @@ # define AddCrc14A(data, len) compute_crc(CRC_14443_A, (data), (len), (data)+(len), (data)+(len)+1) #endif -#define htole32(x) (x) -#define CRC32_PRESET 0xFFFFFFFF - -static void crc32_byte(uint32_t *crc, const uint8_t value); - -static void crc32_byte(uint32_t *crc, const uint8_t value) { - /* x32 + x26 + x23 + x22 + x16 + x12 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x + 1 */ - const uint32_t poly = 0xEDB88320; - - *crc ^= value; - for (int current_bit = 7; current_bit >= 0; current_bit--) { - int bit_out = (*crc) & 0x00000001; - *crc >>= 1; - if (bit_out) - *crc ^= poly; - } -} - -void crc32_ex(const uint8_t *data, const size_t len, uint8_t *crc) { - uint32_t desfire_crc = CRC32_PRESET; - for (size_t i = 0; i < len; i++) { - crc32_byte(&desfire_crc, data[i]); - } - - *((uint32_t *)(crc)) = htole32(desfire_crc); -} - -void crc32_append(uint8_t *data, const size_t len) { - crc32_ex(data, len, data + len); -} - static inline void update_key_schedules(desfirekey_t key); static inline void update_key_schedules(desfirekey_t key) { @@ -101,25 +70,25 @@ void des_dec(void *out, const void *in, const void *key) { } */ -void tdes_3key_enc(void *out, void *in, const void *key) { +void des3_3key_enc(void *out, void *in, const void *key) { des_enc(out, in, (uint8_t *)key + 0); des_dec(out, out, (uint8_t *)key + 8); des_enc(out, out, (uint8_t *)key + 16); } -void tdes_3key_dec(void *out, void *in, const uint8_t *key) { +void des3_3key_dec(void *out, void *in, const uint8_t *key) { des_dec(out, in, (uint8_t *)key + 16); des_enc(out, out, (uint8_t *)key + 8); des_dec(out, out, (uint8_t *)key + 0); } -void tdes_2key_enc(void *out, void *in, const void *key) { +void des3_2key_enc(void *out, void *in, const void *key) { des_enc(out, in, (uint8_t *)key + 0); des_dec(out, out, (uint8_t *)key + 8); des_enc(out, out, (uint8_t *)key + 0); } -void tdes_2key_dec(void *out, void *in, const uint8_t *key) { +void des3_2key_dec(void *out, void *in, const uint8_t *key) { des_dec(out, in, (uint8_t *)key + 0); des_enc(out, out, (uint8_t *)key + 8); des_dec(out, out, (uint8_t *)key + 0); @@ -137,8 +106,8 @@ void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, while (length > 0) { memcpy(temp, tin, 8); - if (keymode == 2) tdes_2key_dec(tout, tin, key); - else if (keymode == 3) tdes_3key_dec(tout, tin, key); + if (keymode == 2) des3_2key_dec(tout, tin, key); + else if (keymode == 3) des3_3key_dec(tout, tin, key); for (i = 0; i < 8; i++) tout[i] = (unsigned char)(tout[i] ^ iv[i]); @@ -163,8 +132,8 @@ void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, un for (i = 0; i < 8; i++) tin[i] = (unsigned char)(tin[i] ^ iv[i]); - if (keymode == 2) tdes_2key_enc(tout, tin, key); - else if (keymode == 3) tdes_3key_enc(tout, tin, key); + if (keymode == 2) des3_2key_enc(tout, tin, key); + else if (keymode == 3) des3_3key_enc(tout, tin, key); memcpy(iv, tout, 8); @@ -815,26 +784,26 @@ void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); - tdes_2key_enc(edata, data, key->data); + des3_2key_enc(edata, data, key->data); break; case MCO_DECYPHER: // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); - tdes_2key_dec(data, edata, key->data); + des3_2key_dec(data, edata, key->data); break; } break; case T_3K3DES: switch (operation) { case MCO_ENCYPHER: - tdes_3key_enc(edata, data, key->data); + des3_3key_enc(edata, data, key->data); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_ENCRYPT); break; case MCO_DECYPHER: - tdes_3key_enc(data, edata, key->data); + des3_3key_enc(data, edata, key->data); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c index 0ffa535b7..8da8eb94a 100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@ -13,6 +13,7 @@ #include "crc16.h" #include "mbedtls/aes.h" #include "commonutil.h" +#include "des.h" #include "util.h" #include "mifare.h" #include "ticks.h" diff --git a/client/mifare/desfire_crypto.c b/client/mifare/desfire_crypto.c index 5b194d16d..dffab4f38 100644 --- a/client/mifare/desfire_crypto.c +++ b/client/mifare/desfire_crypto.c @@ -446,25 +446,25 @@ void des_dec(void *out, const void *in, const void *key) { } */ -void tdes_3key_enc(void *out, void *in, const void *key) { +void des3_3key_enc(void *out, void *in, const void *key) { des_enc(out, in, (uint8_t *)key + 0); des_dec(out, out, (uint8_t *)key + 8); des_enc(out, out, (uint8_t *)key + 16); } -void tdes_3key_dec(void *out, void *in, const uint8_t *key) { +void des3_3key_dec(void *out, void *in, const uint8_t *key) { des_dec(out, in, (uint8_t *)key + 16); des_enc(out, out, (uint8_t *)key + 8); des_dec(out, out, (uint8_t *)key + 0); } -void tdes_2key_enc(void *out, void *in, const void *key) { +void des3_2key_enc(void *out, void *in, const void *key) { des_enc(out, in, (uint8_t *)key + 0); des_dec(out, out, (uint8_t *)key + 8); des_enc(out, out, (uint8_t *)key + 0); } -void tdes_2key_dec(void *out, void *in, const uint8_t *key) { +void des3_2key_dec(void *out, void *in, const uint8_t *key) { des_dec(out, in, (uint8_t *)key + 0); des_enc(out, out, (uint8_t *)key + 8); des_dec(out, out, (uint8_t *)key + 0); @@ -482,8 +482,8 @@ void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, while (length > 0) { memcpy(temp, tin, 8); - if (keymode == 2) tdes_2key_dec(tout, tin, key); - else if (keymode == 3) tdes_3key_dec(tout, tin, key); + if (keymode == 2) des3_2key_dec(tout, tin, key); + else if (keymode == 3) des3_3key_dec(tout, tin, key); for (i = 0; i < 8; i++) tout[i] = (unsigned char)(tout[i] ^ iv[i]); @@ -508,8 +508,8 @@ void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, un for (i = 0; i < 8; i++) tin[i] = (unsigned char)(tin[i] ^ iv[i]); - if (keymode == 2) tdes_2key_enc(tout, tin, key); - else if (keymode == 3) tdes_3key_enc(tout, tin, key); + if (keymode == 2) des3_2key_enc(tout, tin, key); + else if (keymode == 3) des3_3key_enc(tout, tin, key); memcpy(iv, tout, 8); @@ -1160,26 +1160,26 @@ void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); - tdes_2key_enc(edata, data, key->data); + des3_2key_enc(edata, data, key->data); break; case MCO_DECYPHER: // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); - tdes_2key_dec(data, edata, key->data); + des3_2key_dec(data, edata, key->data); break; } break; case T_3K3DES: switch (operation) { case MCO_ENCYPHER: - tdes_3key_enc(edata, data, key->data); + des3_3key_enc(edata, data, key->data); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_ENCRYPT); break; case MCO_DECYPHER: - tdes_3key_enc(data, edata, key->data); + des3_3key_enc(data, edata, key->data); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); From 45018057099a7fa072ba6a636eeca8a07a17c202 Mon Sep 17 00:00:00 2001 From: Bjoern Kerler Date: Sun, 12 Apr 2020 20:58:41 +0200 Subject: [PATCH 6/9] Port des on device to mbedtls_des --- armsrc/des.c | 497 ---------------------------------------- armsrc/des.h | 116 ---------- armsrc/desfire_crypto.c | 85 +++---- armsrc/desfire_crypto.h | 8 +- armsrc/mifaredesfire.c | 10 +- armsrc/mifareutil.c | 8 +- 6 files changed, 41 insertions(+), 683 deletions(-) delete mode 100644 armsrc/des.c delete mode 100644 armsrc/des.h diff --git a/armsrc/des.c b/armsrc/des.c deleted file mode 100644 index af10423f3..000000000 --- a/armsrc/des.c +++ /dev/null @@ -1,497 +0,0 @@ -/* des.c */ -/* - This file is part of the ARM-Crypto-Lib. - Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file des.c - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2007-06-16 - * \brief DES and EDE-DES implementation - * \license GPLv3 or later - * - */ - -#include "des.h" -#include "string.h" - -const uint8_t sbox[256] = { - /* S-box 1 */ - 0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07, - 0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38, - 0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50, - 0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D, - /* S-box 2 */ - 0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A, - 0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5, - 0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F, - 0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9, - /* S-box 3 */ - 0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28, - 0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1, - 0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7, - 0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C, - /* S-box 4 */ - 0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F, - 0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9, - 0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84, - 0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E, - /* S-box 5 */ - 0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9, - 0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86, - 0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E, - 0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53, - /* S-box 6 */ - 0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B, - 0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38, - 0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6, - 0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D, - /* S-box 7 */ - 0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61, - 0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86, - 0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92, - 0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C, - /* S-box 8 */ - 0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7, - 0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92, - 0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58, - 0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B -}; - -const uint8_t e_permtab[] = { - 4, 6, /* 4 bytes in 6 bytes out*/ - 32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1 -}; - -const uint8_t p_permtab[] = { - 4, 4, /* 32 bit -> 32 bit */ - 16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25 -}; - -const uint8_t ip_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7 -}; - -const uint8_t inv_ip_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25 -}; - -const uint8_t pc1_permtab[] = { - 8, 7, /* 64 bit -> 56 bit*/ - 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 -}; - -const uint8_t pc2_permtab[] = { - 7, 6, /* 56 bit -> 48 bit */ - 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 -}; - -const uint8_t splitin6bitword_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 64, 64, 1, 6, 2, 3, 4, 5, - 64, 64, 7, 12, 8, 9, 10, 11, - 64, 64, 13, 18, 14, 15, 16, 17, - 64, 64, 19, 24, 20, 21, 22, 23, - 64, 64, 25, 30, 26, 27, 28, 29, - 64, 64, 31, 36, 32, 33, 34, 35, - 64, 64, 37, 42, 38, 39, 40, 41, - 64, 64, 43, 48, 44, 45, 46, 47 -}; - -const uint8_t shiftkey_permtab[] = { - 7, 7, /* 56 bit -> 56 bit */ - 2, 3, 4, 5, 6, 7, 8, 9, - 10, 11, 12, 13, 14, 15, 16, 17, - 18, 19, 20, 21, 22, 23, 24, 25, - 26, 27, 28, 1, - 30, 31, 32, 33, 34, 35, 36, 37, - 38, 39, 40, 41, 42, 43, 44, 45, - 46, 47, 48, 49, 50, 51, 52, 53, - 54, 55, 56, 29 -}; - -const uint8_t shiftkeyinv_permtab[] = { - 7, 7, - 28, 1, 2, 3, 4, 5, 6, 7, - 8, 9, 10, 11, 12, 13, 14, 15, - 16, 17, 18, 19, 20, 21, 22, 23, - 24, 25, 26, 27, - 56, 29, 30, 31, 32, 33, 34, 35, - 36, 37, 38, 39, 40, 41, 42, 43, - 44, 45, 46, 47, 48, 49, 50, 51, - 52, 53, 54, 55 -}; - -/* -1 0 -1 0 -2 1 -2 1 -2 1 -2 1 -2 1 -2 1 ----- -1 0 -2 1 -2 1 -2 1 -2 1 -2 1 -2 1 -1 0 -*/ -#define ROTTABLE 0x7EFC -#define ROTTABLE_INV 0x3F7E -/******************************************************************************/ - -void permute(const uint8_t *ptable, const uint8_t *in, uint8_t *out) { - uint8_t ob; /* in-bytes and out-bytes */ - uint8_t byte, bit; /* counter for bit and byte */ - ob = ptable[1]; - ptable = &(ptable[2]); - for (byte = 0; byte < ob; ++byte) { - uint8_t t = 0; - for (bit = 0; bit < 8; ++bit) { - uint8_t x = *ptable++ - 1; - t <<= 1; - if ((in[x / 8]) & (0x80 >> (x % 8))) { - t |= 0x01; - } - } - out[byte] = t; - } -} - -/******************************************************************************/ - -void changeendian32(uint32_t *a) { - *a = (*a & 0x000000FF) << 24 | - (*a & 0x0000FF00) << 8 | - (*a & 0x00FF0000) >> 8 | - (*a & 0xFF000000) >> 24; -} - -/******************************************************************************/ -static inline -void shiftkey(uint8_t *key) { - uint8_t k[7]; - memcpy(k, key, 7); - permute((uint8_t *)shiftkey_permtab, k, key); -} - -/******************************************************************************/ -static inline -void shiftkey_inv(uint8_t *key) { - uint8_t k[7]; - memcpy(k, key, 7); - permute((uint8_t *)shiftkeyinv_permtab, k, key); - -} - -/******************************************************************************/ -static inline -uint64_t splitin6bitwords(uint64_t a) { - uint64_t ret = 0; - a &= 0x0000ffffffffffffLL; - permute((uint8_t *)splitin6bitword_permtab, (uint8_t *)&a, (uint8_t *)&ret); - return ret; -} - -/******************************************************************************/ - -static inline -uint8_t substitute(uint8_t a, uint8_t *sbp) { - uint8_t x; - x = sbp[a >> 1]; - x = (a & 1) ? x & 0x0F : x >> 4; - return x; - -} - -/******************************************************************************/ - -uint32_t des_f(uint32_t r, uint8_t *kr) { - uint8_t i; - uint32_t t = 0, ret; - uint64_t data = 0; - uint8_t *sbp; /* sboxpointer */ - permute((uint8_t *)e_permtab, (uint8_t *)&r, (uint8_t *)&data); - for (i = 0; i < 6; ++i) - ((uint8_t *)&data)[i] ^= kr[i]; - - /* Sbox substitution */ - data = splitin6bitwords(data); - sbp = (uint8_t *)sbox; - for (i = 0; i < 8; ++i) { - uint8_t x; - x = substitute(((uint8_t *)&data)[i], sbp); - t <<= 4; - t |= x; - sbp += 32; - } - changeendian32(&t); - - permute((uint8_t *)p_permtab, (uint8_t *)&t, (uint8_t *)&ret); - - return ret; -} - -/******************************************************************************/ - -typedef struct { - union { - uint8_t v8[8]; - uint32_t v32[2]; - } d; -} data_t; -#define R (data.d.v32[1]) -#define L (data.d.v32[0]) - -void des_enc(void *out, const void *in, const void *key) { - - uint8_t kr[6], k[7]; - uint8_t i; - data_t data; - - permute((uint8_t *)ip_permtab, (uint8_t *)in, data.d.v8); - permute((uint8_t *)pc1_permtab, (const uint8_t *)key, k); - - for (i = 0; i < 8; ++i) { - shiftkey(k); - if (ROTTABLE & ((1 << ((i << 1) + 0)))) - shiftkey(k); - permute((uint8_t *)pc2_permtab, k, kr); - L ^= des_f(R, kr); - - shiftkey(k); - if (ROTTABLE & ((1 << ((i << 1) + 1)))) - shiftkey(k); - permute((uint8_t *)pc2_permtab, k, kr); - R ^= des_f(L, kr); - - } - /* L <-> R*/ - R ^= L; - L ^= R; - R ^= L; - - permute((uint8_t *)inv_ip_permtab, data.d.v8, (uint8_t *)out); -} - -/******************************************************************************/ - -void des_dec(void *out, const void *in, const uint8_t *key) { - - uint8_t kr[6], k[7]; - int8_t i; - data_t data; - - permute((uint8_t *)ip_permtab, (uint8_t *)in, data.d.v8); - permute((uint8_t *)pc1_permtab, (const uint8_t *)key, k); - for (i = 7; i >= 0; --i) { - - permute((uint8_t *)pc2_permtab, k, kr); - L ^= des_f(R, kr); - shiftkey_inv(k); - if (ROTTABLE & ((1 << ((i << 1) + 1)))) { - shiftkey_inv(k); - } - - permute((uint8_t *)pc2_permtab, k, kr); - R ^= des_f(L, kr); - shiftkey_inv(k); - if (ROTTABLE & ((1 << ((i << 1) + 0)))) { - shiftkey_inv(k); - } - - } - /* L <-> R*/ - R ^= L; - L ^= R; - R ^= L; - - permute((uint8_t *)inv_ip_permtab, data.d.v8, (uint8_t *)out); -} - -/******************************************************************************/ - -void tdes_enc(void *out, void *in, const void *key) { - des_enc(out, in, (uint8_t *)key + 0); - des_dec(out, out, (uint8_t *)key + 8); - des_enc(out, out, (uint8_t *)key + 16); -} - -/******************************************************************************/ - -void tdes_dec(void *out, void *in, const uint8_t *key) { - des_dec(out, in, (uint8_t *)key + 16); - des_enc(out, out, (uint8_t *)key + 8); - des_dec(out, out, (uint8_t *)key + 0); -} - -void tdes_2key_dec(void *out, const void *in, size_t length, const void *key, unsigned char iv[8]) { - - if (length % 8) return; - - uint8_t i; - unsigned char temp[8]; - uint8_t *tin = (uint8_t *) in; - uint8_t *tout = (uint8_t *) out; - - while (length > 0) { - memcpy(temp, tin, 8); - - des_dec(tout, tin, (uint8_t *)key + 0); - des_enc(tout, tout, (uint8_t *)key + 8); - des_dec(tout, tout, (uint8_t *)key + 0); - - for (i = 0; i < 8; i++) - tout[i] = (unsigned char)(tout[i] ^ iv[i]); - - memcpy(iv, temp, 8); - - tin += 8; - tout += 8; - length -= 8; - } -} - -void tdes_2key_enc(void *out, const void *in, size_t length, const void *key, unsigned char iv[8]) { - - if (length % 8) return; - - uint8_t i; - uint8_t *tin = (uint8_t *) in; - uint8_t *tout = (uint8_t *) out; - - while (length > 0) { - for (i = 0; i < 8; i++) - tout[i] = (unsigned char)(tin[i] ^ iv[i]); - - des_enc(tout, tin, (uint8_t *)key + 0); - des_dec(tout, tout, (uint8_t *)key + 8); - des_enc(tout, tout, (uint8_t *)key + 0); - - memcpy(iv, tout, 8); - - tin += 8; - tout += 8; - length -= 8; - } -} - -void tdes_3key_enc(void *out, const void *in, size_t length, const void *key, unsigned char iv[8]) { - - if (length % 8) return; - - uint8_t i; - uint8_t *tin = (uint8_t *) in; - uint8_t *tout = (uint8_t *) out; - - while (length > 0) { - for (i = 0; i < 8; i++) - tout[i] = (unsigned char)(tin[i] ^ iv[i]); - - des_enc(tout, tin, (uint8_t *)key + 0); - des_dec(tout, tout, (uint8_t *)key + 8); - des_enc(tout, tout, (uint8_t *)key + 16); - - memcpy(iv, tout, 8); - - tin += 8; - tout += 8; - length -= 8; - } -} - -void tdes_3key_dec(void *out, const void *in, size_t length, const void *key, unsigned char iv[8]) { - - if (length % 8) return; - - uint8_t i; - unsigned char temp[8]; - uint8_t *tin = (uint8_t *) in; - uint8_t *tout = (uint8_t *) out; - - while (length > 0) { - memcpy(temp, tin, 8); - - des_dec(tout, tin, (uint8_t *)key + 0); - des_enc(tout, tout, (uint8_t *)key + 8); - des_dec(tout, tout, (uint8_t *)key + 16); - - for (i = 0; i < 8; i++) - tout[i] = (unsigned char)(tout[i] ^ iv[i]); - - memcpy(iv, temp, 8); - - tin += 8; - tout += 8; - length -= 8; - } -} - - - -/******************************************************************************/ - - diff --git a/armsrc/des.h b/armsrc/des.h deleted file mode 100644 index 1a0549606..000000000 --- a/armsrc/des.h +++ /dev/null @@ -1,116 +0,0 @@ -/* des.h */ -/* - This file is part of the ARM-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file des.h - * \author Daniel Otte - * \date 2007-06-16 - * \brief des and tdes declarations - * \license GPLv3 or later - * - */ -#ifndef __DES_H_ -#define __DES_H_ - -#include "common.h" - -/* the FIPS 46-3 (1999-10-25) name for triple DES is triple data encryption algorithm so TDEA. - * Also we only implement the three key mode */ - -/** \def tdea_enc - * \brief defining an alias for void tdes_enc(void* out, const void* in, const void* key) - */ - -/** \def tdea_dec - * \brief defining an alias for void tdes_dec(void* out, const void* in, const void* key) - */ - -#define tdea_enc tdes_enc -#define tdea_dec tdes_dec - -/** \fn void des_enc(void* out, const void* in, const void* key) - * \brief encrypt a block with DES - * - * This function encrypts a block of 64 bits (8 bytes) with the DES algorithm. - * Key expansion is done automatically. The key is 64 bits long, but note that - * only 56 bits are used (the LSB of each byte is dropped). The input and output - * blocks may overlap. - * - * \param out pointer to the block (64 bit = 8 byte) where the ciphertext is written to - * \param in pointer to the block (64 bit = 8 byte) where the plaintext is read from - * \param key pointer to the key (64 bit = 8 byte) - */ -void des_enc(void *out, const void *in, const void *key); - -/** \fn void des_dec(void* out, const void* in, const void* key) - * \brief decrypt a block with DES - * - * This function decrypts a block of 64 bits (8 bytes) with the DES algorithm. - * Key expansion is done automatically. The key is 64 bits long, but note that - * only 56 bits are used (the LSB of each byte is dropped). The input and output - * blocks may overlap. - * - * \param out pointer to the block (64 bit = 8 byte) where the plaintext is written to - * \param in pointer to the block (64 bit = 8 byte) where the ciphertext is read from - * \param key pointer to the key (64 bit = 8 byte) - */ -//void des_dec(void* out, const void* in, const void* key); -void des_dec(void *out, const void *in, const uint8_t *key); - -/** \fn void tdes_enc(void* out, const void* in, const void* key) - * \brief encrypt a block with Tripple-DES - * - * This function encrypts a block of 64 bits (8 bytes) with the Tripple-DES (EDE) - * algorithm. Key expansion is done automatically. The key is 192 bits long, but - * note that only 178 bits are used (the LSB of each byte is dropped). The input - * and output blocks may overlap. - * - * \param out pointer to the block (64 bit = 8 byte) where the ciphertext is written to - * \param in pointer to the block (64 bit = 8 byte) where the plaintext is read from - * \param key pointer to the key (192 bit = 24 byte) - */ -//void tdes_enc(void* out, const void* in, const void* key); -void tdes_enc(void *out, void *in, const void *key); - -/** \fn void tdes_dec(void* out, const void* in, const void* key) - * \brief decrypt a block with Tripple-DES - * - * This function decrypts a block of 64 bits (8 bytes) with the Tripple-DES (EDE) - * algorithm. Key expansion is done automatically. The key is 192 bits long, but - * note that only 178 bits are used (the LSB of each byte is dropped). The input - * and output blocks may overlap. - * - * \param out pointer to the block (64 bit = 8 byte) where the plaintext is written to - * \param in pointer to the block (64 bit = 8 byte) where the ciphertext is read from - * \param key pointer to the key (192 bit = 24 byte) - */ -//void tdes_dec(void* out, const void* in, const void* key); -void tdes_dec(void *out, void *in, const uint8_t *key); - -void tdes_2key_enc(void *out, const void *in, size_t length, const void *key, unsigned char iv[8]); -void tdes_2key_dec(void *out, const void *in, size_t length, const void *key, unsigned char iv[8]); -void tdes_3key_enc(void *out, const void *in, size_t length, const void *key, unsigned char iv[8]); -void tdes_3key_dec(void *out, const void *in, size_t length, const void *key, unsigned char iv[8]); - -// Copied from des.h in desfire imp. -typedef unsigned long DES_KS[16][2]; /* Single-key DES key schedule */ -typedef unsigned long DES3_KS[48][2]; /* Triple-DES key schedule */ - -extern int Asmversion; /* 1 if we're linked with an asm version, 0 if C */ - -#endif /*DES_H_*/ diff --git a/armsrc/desfire_crypto.c b/armsrc/desfire_crypto.c index d9acdfa81..99bb54743 100644 --- a/armsrc/desfire_crypto.c +++ b/armsrc/desfire_crypto.c @@ -31,18 +31,20 @@ #include #include "commonutil.h" #include "crc32.h" -#include "mbedtls/aes.h" #include "crc.h" #include "crc16.h" // crc16 ccitt #include "printf.h" #include "iso14443a.h" #include "dbprint.h" -#include "des.h" #ifndef AddCrc14A # define AddCrc14A(data, len) compute_crc(CRC_14443_A, (data), (len), (data)+(len), (data)+(len)+1) #endif +static mbedtls_des_context ctx; +static mbedtls_des3_context ctx3; +static mbedtls_aes_context actx; + static inline void update_key_schedules(desfirekey_t key); static inline void update_key_schedules(desfirekey_t key) { @@ -54,49 +56,20 @@ static inline void update_key_schedules(desfirekey_t key) { } /******************************************************************************/ - -/*void des_enc(void *out, const void *in, const void *key) { - mbedtls_des_context ctx; +void des_encrypt(void *out, const void *in, const void *key) { mbedtls_des_setkey_enc(&ctx, key); mbedtls_des_crypt_ecb(&ctx, in, out); - mbedtls_des_free(&ctx); } -void des_dec(void *out, const void *in, const void *key) { - mbedtls_des_context ctx; +void des_decrypt(void *out, const void *in, const void *key) { mbedtls_des_setkey_dec(&ctx, key); mbedtls_des_crypt_ecb(&ctx, in, out); - mbedtls_des_free(&ctx); -} -*/ - -void des3_3key_enc(void *out, void *in, const void *key) { - des_enc(out, in, (uint8_t *)key + 0); - des_dec(out, out, (uint8_t *)key + 8); - des_enc(out, out, (uint8_t *)key + 16); -} - -void des3_3key_dec(void *out, void *in, const uint8_t *key) { - des_dec(out, in, (uint8_t *)key + 16); - des_enc(out, out, (uint8_t *)key + 8); - des_dec(out, out, (uint8_t *)key + 0); -} - -void des3_2key_enc(void *out, void *in, const void *key) { - des_enc(out, in, (uint8_t *)key + 0); - des_dec(out, out, (uint8_t *)key + 8); - des_enc(out, out, (uint8_t *)key + 0); -} - -void des3_2key_dec(void *out, void *in, const uint8_t *key) { - des_dec(out, in, (uint8_t *)key + 0); - des_enc(out, out, (uint8_t *)key + 8); - des_dec(out, out, (uint8_t *)key + 0); } void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode) { - if (length % 8) return; + if (keymode == 2) mbedtls_des3_set2key_dec(&ctx3, key); + else mbedtls_des3_set3key_dec(&ctx3, key); uint8_t i; unsigned char temp[8]; @@ -106,8 +79,7 @@ void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, while (length > 0) { memcpy(temp, tin, 8); - if (keymode == 2) des3_2key_dec(tout, tin, key); - else if (keymode == 3) des3_3key_dec(tout, tin, key); + mbedtls_des3_crypt_ecb(&ctx3, tin, tout); for (i = 0; i < 8; i++) tout[i] = (unsigned char)(tout[i] ^ iv[i]); @@ -121,8 +93,9 @@ void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, } void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode) { - if (length % 8) return; + if (keymode == 2) mbedtls_des3_set2key_enc(&ctx3, key); + else mbedtls_des3_set3key_enc(&ctx3, key); uint8_t i; uint8_t *tin = (uint8_t *) in; @@ -132,8 +105,7 @@ void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, un for (i = 0; i < 8; i++) tin[i] = (unsigned char)(tin[i] ^ iv[i]); - if (keymode == 2) des3_2key_enc(tout, tin, key); - else if (keymode == 3) des3_3key_enc(tout, tin, key); + mbedtls_des3_crypt_ecb(&ctx3, tin, tout); memcpy(iv, tout, 8); @@ -756,7 +728,6 @@ void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, MifareCryptoDirection direction, MifareCryptoOperation operation, size_t block_size) { uint8_t ovect[MAX_CRYPTO_BLOCK_SIZE]; - if (direction == MCD_SEND) { xor(ivect, data, block_size); } else { @@ -770,40 +741,44 @@ void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, switch (operation) { case MCO_ENCYPHER: //DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); - des_enc(edata, data, key->data); + des_encrypt(edata, data, key->data); break; case MCO_DECYPHER: //DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); - des_dec(edata, data, key->data); + des_decrypt(edata, data, key->data); break; } break; case T_3DES: switch (operation) { case MCO_ENCYPHER: + mbedtls_des3_set2key_enc(&ctx3, key->data); + mbedtls_des3_crypt_ecb(&ctx3, data, edata); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); - des3_2key_enc(edata, data, key->data); break; case MCO_DECYPHER: + mbedtls_des3_set2key_dec(&ctx3, key->data); + mbedtls_des3_crypt_ecb(&ctx3, data, edata); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); - des3_2key_dec(data, edata, key->data); break; } break; case T_3K3DES: switch (operation) { case MCO_ENCYPHER: - des3_3key_enc(edata, data, key->data); + mbedtls_des3_set3key_enc(&ctx3, key->data); + mbedtls_des3_crypt_ecb(&ctx3, data, edata); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_ENCRYPT); break; case MCO_DECYPHER: - des3_3key_enc(data, edata, key->data); + mbedtls_des3_set3key_dec(&ctx3, key->data); + mbedtls_des3_crypt_ecb(&ctx3, data, edata); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); @@ -813,19 +788,15 @@ void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, case T_AES: switch (operation) { case MCO_ENCYPHER: { - mbedtls_aes_context ctx; - mbedtls_aes_init(&ctx); - mbedtls_aes_setkey_enc(&ctx, key->data, 128); - mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, sizeof(edata), ivect, data, edata); - mbedtls_aes_free(&ctx); + mbedtls_aes_init(&actx); + mbedtls_aes_setkey_enc(&actx, key->data, 128); + mbedtls_aes_crypt_cbc(&actx, MBEDTLS_AES_ENCRYPT, sizeof(edata), ivect, data, edata); break; } case MCO_DECYPHER: { - mbedtls_aes_context ctx; - mbedtls_aes_init(&ctx); - mbedtls_aes_setkey_dec(&ctx, key->data, 128); - mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, sizeof(edata), ivect, edata, data); - mbedtls_aes_free(&ctx); + mbedtls_aes_init(&actx); + mbedtls_aes_setkey_dec(&actx, key->data, 128); + mbedtls_aes_crypt_cbc(&actx, MBEDTLS_AES_DECRYPT, sizeof(edata), ivect, edata, data); break; } } diff --git a/armsrc/desfire_crypto.h b/armsrc/desfire_crypto.h index 73dc2ab07..58588cd0d 100644 --- a/armsrc/desfire_crypto.h +++ b/armsrc/desfire_crypto.h @@ -2,7 +2,9 @@ #define __DESFIRE_CRYPTO_H #include "common.h" -#include "mifare.h" // structs +#include "mifare.h" +#include "mbedtls/aes.h" +#include "mbedtls/des.h" //#include "../../armsrc/printf.h" //#include "../../armsrc/desfire.h" //#include "../../armsrc/iso14443a.h" @@ -97,10 +99,10 @@ struct desfire_tag { uint32_t selected_application; }; typedef struct desfire_tag *desfiretag_t; - void crc32_ex(const uint8_t *data, const size_t len, uint8_t *crc); void crc32_append(uint8_t *data, const size_t len); - +void des_encrypt(void *out, const void *in, const void *key); +void des_decrypt(void *out, const void *in, const void *key); void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode); void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode); void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key); diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c index 8da8eb94a..d0cb34193 100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@ -11,9 +11,7 @@ #include "fpgaloader.h" #include "iso14443a.h" #include "crc16.h" -#include "mbedtls/aes.h" #include "commonutil.h" -#include "des.h" #include "util.h" #include "mifare.h" #include "ticks.h" @@ -370,7 +368,7 @@ void MifareDES_Auth1(uint8_t *datain) { } mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, 16, IV, encRndB, RndB); } else if (payload->algo == MFDES_ALGO_DES) - des_dec(RndB, encRndB, key->data); + des_decrypt(RndB, encRndB, key->data); else if (payload->algo == MFDES_ALGO_3DES) tdes_nxp_receive(encRndB, RndB, rndlen, key->data, IV, 2); else if (payload->algo == MFDES_ALGO_3K3DES) @@ -384,14 +382,14 @@ void MifareDES_Auth1(uint8_t *datain) { // - Encrypt our response if (payload->mode == MFDES_AUTH_DES || payload->mode == MFDES_AUTH_PICC) { - des_dec(encRndA, RndA, key->data); + des_decrypt(encRndA, RndA, key->data); memcpy(both, encRndA, rndlen); for (int x = 0; x < rndlen; x++) { rotRndB[x] = rotRndB[x] ^ encRndA[x]; } - des_dec(encRndB, rotRndB, key->data); + des_decrypt(encRndB, rotRndB, key->data); memcpy(both + 8, encRndB, rndlen); } else if (payload->mode == MFDES_AUTH_ISO) { if (payload->algo == MFDES_ALGO_3DES) { @@ -477,7 +475,7 @@ void MifareDES_Auth1(uint8_t *datain) { if (payload->mode == MFDES_AUTH_DES || payload->mode == MFDES_AUTH_PICC) { if (payload->algo == MFDES_ALGO_DES) - des_dec(encRndA, encRndA, key->data); + des_decrypt(encRndA, encRndA, key->data); else if (payload->algo == MFDES_ALGO_3DES) tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV, 2); else if (payload->algo == MFDES_ALGO_3K3DES) diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index 6d269e38e..31231be37 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -18,7 +18,7 @@ #include "commonutil.h" #include "crc16.h" #include "protocols.h" -#include "des.h" +#include "desfire_crypto.h" int DBGLEVEL = DBG_ERROR; @@ -296,7 +296,7 @@ int mifare_ultra_auth(uint8_t *keybytes) { memcpy(enc_random_b, resp + 1, 8); // decrypt nonce. - tdes_2key_dec((void *)random_b, (void *)enc_random_b, sizeof(random_b), (const void *)key, IV); + tdes_nxp_receive((void *)enc_random_b, (void *)random_b, sizeof(random_b), (const void *)key, IV,2); rol(random_b, 8); memcpy(rnd_ab, random_a, 8); memcpy(rnd_ab + 8, random_b, 8); @@ -316,7 +316,7 @@ int mifare_ultra_auth(uint8_t *keybytes) { } // encrypt out, in, length, key, iv - tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b); + tdes_nxp_send(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b,2); len = mifare_sendcmd(MIFARE_ULC_AUTH_2, rnd_ab, sizeof(rnd_ab), resp, respPar, NULL); if (len != 11) { @@ -329,7 +329,7 @@ int mifare_ultra_auth(uint8_t *keybytes) { memcpy(enc_resp, resp + 1, 8); // decrypt out, in, length, key, iv - tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b); + tdes_nxp_receive(enc_resp, resp_random_a, 8, key, enc_random_b,2); if (memcmp(resp_random_a, random_a, 8) != 0) { if (DBGLEVEL >= DBG_ERROR) Dbprintf("failed authentication"); return 0; From f234c34d1c0b7b8500a128f966a562b130da24ef Mon Sep 17 00:00:00 2001 From: Bjoern Kerler Date: Sun, 12 Apr 2020 20:59:27 +0200 Subject: [PATCH 7/9] Update --- client/cmdhfmfdes.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/cmdhfmfdes.c b/client/cmdhfmfdes.c index c10f97160..9bfad62d9 100644 --- a/client/cmdhfmfdes.c +++ b/client/cmdhfmfdes.c @@ -530,7 +530,7 @@ int get_desfire_auth(mfdes_authinput_t* payload,mfdes_auth_res_t* rpayload) mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, rndlen, IV, encRndB, RndB); } else if (payload->algo == MFDES_ALGO_DES) - des_dec(RndB, encRndB, key->data); + des_decrypt(RndB, encRndB, key->data); else if (payload->algo == MFDES_ALGO_3DES) tdes_nxp_receive(encRndB, RndB, rndlen, key->data, IV,2); else if (payload->algo == MFDES_ALGO_3K3DES) { @@ -550,14 +550,14 @@ int get_desfire_auth(mfdes_authinput_t* payload,mfdes_auth_res_t* rpayload) // - Encrypt our response if (payload->mode == MFDES_AUTH_DES || payload->mode == MFDES_AUTH_PICC) { - des_dec(encRndA, RndA, key->data); + des_decrypt(encRndA, RndA, key->data); memcpy(both, encRndA, rndlen); for (int x = 0; x < rndlen; x++) { rotRndB[x] = rotRndB[x] ^ encRndA[x]; } - des_dec(encRndB, rotRndB, key->data); + des_decrypt(encRndB, rotRndB, key->data); memcpy(both + rndlen, encRndB, rndlen); } else if (payload->mode == MFDES_AUTH_ISO) { if (payload->algo == MFDES_ALGO_3DES) { @@ -655,7 +655,7 @@ int get_desfire_auth(mfdes_authinput_t* payload,mfdes_auth_res_t* rpayload) if (payload->mode == MFDES_AUTH_DES || payload->mode == MFDES_AUTH_ISO || payload->mode == MFDES_AUTH_PICC) { if (payload->algo == MFDES_ALGO_DES) - des_dec(encRndA, encRndA, key->data); + des_decrypt(encRndA, encRndA, key->data); else if (payload->algo == MFDES_ALGO_3DES) tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV,2); else if (payload->algo == MFDES_ALGO_3K3DES) From b90539f2f0be54b581c09401dfd4a566a8998d77 Mon Sep 17 00:00:00 2001 From: Bjoern Kerler Date: Sun, 12 Apr 2020 21:02:15 +0200 Subject: [PATCH 8/9] Port des on client to mbedtls_des --- client/mifare/desfire_crypto.c | 432 +++------------------------------ client/mifare/desfire_crypto.h | 6 +- 2 files changed, 32 insertions(+), 406 deletions(-) diff --git a/client/mifare/desfire_crypto.c b/client/mifare/desfire_crypto.c index dffab4f38..42542c948 100644 --- a/client/mifare/desfire_crypto.c +++ b/client/mifare/desfire_crypto.c @@ -32,357 +32,14 @@ #include "commonutil.h" #include "crc32.h" #include "mbedtls/aes.h" -//#include "mbedtls/des.h" +#include "mbedtls/des.h" #include "ui.h" #include "crc.h" #include "crc16.h" // crc16 ccitt -const uint8_t sbox[256] = { - /* S-box 1 */ - 0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07, - 0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38, - 0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50, - 0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D, - /* S-box 2 */ - 0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A, - 0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5, - 0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F, - 0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9, - /* S-box 3 */ - 0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28, - 0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1, - 0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7, - 0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C, - /* S-box 4 */ - 0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F, - 0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9, - 0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84, - 0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E, - /* S-box 5 */ - 0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9, - 0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86, - 0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E, - 0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53, - /* S-box 6 */ - 0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B, - 0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38, - 0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6, - 0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D, - /* S-box 7 */ - 0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61, - 0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86, - 0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92, - 0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C, - /* S-box 8 */ - 0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7, - 0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92, - 0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58, - 0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B -}; - -const uint8_t e_permtab[] = { - 4, 6, /* 4 bytes in 6 bytes out*/ - 32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1 -}; - -const uint8_t p_permtab[] = { - 4, 4, /* 32 bit -> 32 bit */ - 16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25 -}; - -const uint8_t ip_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7 -}; - -const uint8_t inv_ip_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25 -}; - -const uint8_t pc1_permtab[] = { - 8, 7, /* 64 bit -> 56 bit*/ - 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 -}; - -const uint8_t pc2_permtab[] = { - 7, 6, /* 56 bit -> 48 bit */ - 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 -}; - -const uint8_t splitin6bitword_permtab[] = { - 8, 8, /* 64 bit -> 64 bit */ - 64, 64, 1, 6, 2, 3, 4, 5, - 64, 64, 7, 12, 8, 9, 10, 11, - 64, 64, 13, 18, 14, 15, 16, 17, - 64, 64, 19, 24, 20, 21, 22, 23, - 64, 64, 25, 30, 26, 27, 28, 29, - 64, 64, 31, 36, 32, 33, 34, 35, - 64, 64, 37, 42, 38, 39, 40, 41, - 64, 64, 43, 48, 44, 45, 46, 47 -}; - -const uint8_t shiftkey_permtab[] = { - 7, 7, /* 56 bit -> 56 bit */ - 2, 3, 4, 5, 6, 7, 8, 9, - 10, 11, 12, 13, 14, 15, 16, 17, - 18, 19, 20, 21, 22, 23, 24, 25, - 26, 27, 28, 1, - 30, 31, 32, 33, 34, 35, 36, 37, - 38, 39, 40, 41, 42, 43, 44, 45, - 46, 47, 48, 49, 50, 51, 52, 53, - 54, 55, 56, 29 -}; - -const uint8_t shiftkeyinv_permtab[] = { - 7, 7, - 28, 1, 2, 3, 4, 5, 6, 7, - 8, 9, 10, 11, 12, 13, 14, 15, - 16, 17, 18, 19, 20, 21, 22, 23, - 24, 25, 26, 27, - 56, 29, 30, 31, 32, 33, 34, 35, - 36, 37, 38, 39, 40, 41, 42, 43, - 44, 45, 46, 47, 48, 49, 50, 51, - 52, 53, 54, 55 -}; - -/* -1 0 -1 0 -2 1 -2 1 -2 1 -2 1 -2 1 -2 1 ----- -1 0 -2 1 -2 1 -2 1 -2 1 -2 1 -2 1 -1 0 -*/ -#define ROTTABLE 0x7EFC -#define ROTTABLE_INV 0x3F7E -/******************************************************************************/ - -void permute(const uint8_t *ptable, const uint8_t *in, uint8_t *out) { - uint8_t ob; /* in-bytes and out-bytes */ - uint8_t byte, bit; /* counter for bit and byte */ - ob = ptable[1]; - ptable = &(ptable[2]); - for (byte = 0; byte < ob; ++byte) { - uint8_t t = 0; - for (bit = 0; bit < 8; ++bit) { - uint8_t x = *ptable++ - 1; - t <<= 1; - if ((in[x / 8]) & (0x80 >> (x % 8))) { - t |= 0x01; - } - } - out[byte] = t; - } -} - -/******************************************************************************/ - -void changeendian32(uint32_t *a) { - *a = (*a & 0x000000FF) << 24 | - (*a & 0x0000FF00) << 8 | - (*a & 0x00FF0000) >> 8 | - (*a & 0xFF000000) >> 24; -} - -/******************************************************************************/ -static inline -void shiftkey(uint8_t *key) { - uint8_t k[7]; - memcpy(k, key, 7); - permute((uint8_t *)shiftkey_permtab, k, key); -} - -/******************************************************************************/ -static inline -void shiftkey_inv(uint8_t *key) { - uint8_t k[7]; - memcpy(k, key, 7); - permute((uint8_t *)shiftkeyinv_permtab, k, key); - -} - -/******************************************************************************/ -static inline -uint64_t splitin6bitwords(uint64_t a) { - uint64_t ret = 0; - a &= 0x0000ffffffffffffLL; - permute((uint8_t *)splitin6bitword_permtab, (uint8_t *)&a, (uint8_t *)&ret); - return ret; -} - -/******************************************************************************/ - -static inline -uint8_t substitute(uint8_t a, uint8_t *sbp) { - uint8_t x; - x = sbp[a >> 1]; - x = (a & 1) ? x & 0x0F : x >> 4; - return x; - -} - -/******************************************************************************/ - -uint32_t des_f(uint32_t r, uint8_t *kr) { - uint8_t i; - uint32_t t = 0, ret; - uint64_t data = 0; - uint8_t *sbp; /* sboxpointer */ - permute((uint8_t *)e_permtab, (uint8_t *)&r, (uint8_t *)&data); - for (i = 0; i < 6; ++i) - ((uint8_t *)&data)[i] ^= kr[i]; - - /* Sbox substitution */ - data = splitin6bitwords(data); - sbp = (uint8_t *)sbox; - for (i = 0; i < 8; ++i) { - uint8_t x; - x = substitute(((uint8_t *)&data)[i], sbp); - t <<= 4; - t |= x; - sbp += 32; - } - changeendian32(&t); - - permute((uint8_t *)p_permtab, (uint8_t *)&t, (uint8_t *)&ret); - - return ret; -} - -/******************************************************************************/ - -typedef struct { - union { - uint8_t v8[8]; - uint32_t v32[2]; - } d; -} des_data_t; -#define R (des_data.d.v32[1]) -#define L (des_data.d.v32[0]) - -void des_enc(void *out, const void *in, const void *key) { - - uint8_t kr[6], k[7]; - uint8_t i; - des_data_t des_data; - - permute((uint8_t *)ip_permtab, (uint8_t *)in, des_data.d.v8); - permute((uint8_t *)pc1_permtab, (const uint8_t *)key, k); - - for (i = 0; i < 8; ++i) { - shiftkey(k); - if (ROTTABLE & ((1 << ((i << 1) + 0)))) - shiftkey(k); - permute((uint8_t *)pc2_permtab, k, kr); - L ^= des_f(R, kr); - - shiftkey(k); - if (ROTTABLE & ((1 << ((i << 1) + 1)))) - shiftkey(k); - permute((uint8_t *)pc2_permtab, k, kr); - R ^= des_f(L, kr); - - } - /* L <-> R*/ - R ^= L; - L ^= R; - R ^= L; - - permute((uint8_t *)inv_ip_permtab, des_data.d.v8, (uint8_t *)out); -} - -/******************************************************************************/ - -void des_dec(void *out, const void *in, const void *key) { - - uint8_t kr[6], k[7]; - int8_t i; - des_data_t des_data; - - permute((uint8_t *)ip_permtab, (uint8_t *)in, des_data.d.v8); - permute((uint8_t *)pc1_permtab, (const uint8_t *)key, k); - for (i = 7; i >= 0; --i) { - - permute((uint8_t *)pc2_permtab, k, kr); - L ^= des_f(R, kr); - shiftkey_inv(k); - if (ROTTABLE & ((1 << ((i << 1) + 1)))) { - shiftkey_inv(k); - } - - permute((uint8_t *)pc2_permtab, k, kr); - R ^= des_f(L, kr); - shiftkey_inv(k); - if (ROTTABLE & ((1 << ((i << 1) + 0)))) { - shiftkey_inv(k); - } - - } - /* L <-> R*/ - R ^= L; - L ^= R; - R ^= L; - - permute((uint8_t *)inv_ip_permtab, des_data.d.v8, (uint8_t *)out); -} - -#undef R -#undef L -/******************************************************************************/ +mbedtls_des_context ctx; +mbedtls_des3_context ctx3; +mbedtls_aes_context actx; #ifndef AddCrc14A # define AddCrc14A(data, len) compute_crc(CRC_14443_A, (data), (len), (data)+(len), (data)+(len)+1) @@ -431,48 +88,20 @@ static inline void update_key_schedules(desfirekey_t key) { /******************************************************************************/ -/*void des_enc(void *out, const void *in, const void *key) { - mbedtls_des_context ctx; +void des_encrypt(void *out, const void *in, const void *key) { mbedtls_des_setkey_enc(&ctx, key); mbedtls_des_crypt_ecb(&ctx, in, out); - mbedtls_des_free(&ctx); } -void des_dec(void *out, const void *in, const void *key) { - mbedtls_des_context ctx; +void des_decrypt(void *out, const void *in, const void *key) { mbedtls_des_setkey_dec(&ctx, key); mbedtls_des_crypt_ecb(&ctx, in, out); - mbedtls_des_free(&ctx); -} -*/ - -void des3_3key_enc(void *out, void *in, const void *key) { - des_enc(out, in, (uint8_t *)key + 0); - des_dec(out, out, (uint8_t *)key + 8); - des_enc(out, out, (uint8_t *)key + 16); -} - -void des3_3key_dec(void *out, void *in, const uint8_t *key) { - des_dec(out, in, (uint8_t *)key + 16); - des_enc(out, out, (uint8_t *)key + 8); - des_dec(out, out, (uint8_t *)key + 0); -} - -void des3_2key_enc(void *out, void *in, const void *key) { - des_enc(out, in, (uint8_t *)key + 0); - des_dec(out, out, (uint8_t *)key + 8); - des_enc(out, out, (uint8_t *)key + 0); -} - -void des3_2key_dec(void *out, void *in, const uint8_t *key) { - des_dec(out, in, (uint8_t *)key + 0); - des_enc(out, out, (uint8_t *)key + 8); - des_dec(out, out, (uint8_t *)key + 0); } void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode) { - if (length % 8) return; + if (keymode == 2) mbedtls_des3_set2key_dec(&ctx3, key); + else mbedtls_des3_set3key_dec(&ctx3, key); uint8_t i; unsigned char temp[8]; @@ -482,8 +111,7 @@ void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, while (length > 0) { memcpy(temp, tin, 8); - if (keymode == 2) des3_2key_dec(tout, tin, key); - else if (keymode == 3) des3_3key_dec(tout, tin, key); + mbedtls_des3_crypt_ecb(&ctx3, tin, tout); for (i = 0; i < 8; i++) tout[i] = (unsigned char)(tout[i] ^ iv[i]); @@ -497,8 +125,9 @@ void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, } void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode) { - if (length % 8) return; + if (keymode == 2) mbedtls_des3_set2key_enc(&ctx3, key); + else mbedtls_des3_set3key_enc(&ctx3, key); uint8_t i; uint8_t *tin = (uint8_t *) in; @@ -508,8 +137,7 @@ void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, un for (i = 0; i < 8; i++) tin[i] = (unsigned char)(tin[i] ^ iv[i]); - if (keymode == 2) des3_2key_enc(tout, tin, key); - else if (keymode == 3) des3_3key_enc(tout, tin, key); + mbedtls_des3_crypt_ecb(&ctx3, tin, tout); memcpy(iv, tout, 8); @@ -520,7 +148,6 @@ void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, un } - void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key) { uint8_t data[8]; memcpy(data, value, 8); @@ -1132,7 +759,6 @@ void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, MifareCryptoDirection direction, MifareCryptoOperation operation, size_t block_size) { uint8_t ovect[MAX_CRYPTO_BLOCK_SIZE]; - if (direction == MCD_SEND) { xor(ivect, data, block_size); } else { @@ -1146,40 +772,44 @@ void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, switch (operation) { case MCO_ENCYPHER: //DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); - des_enc(edata, data, key->data); + des_encrypt(edata, data, key->data); break; case MCO_DECYPHER: //DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); - des_dec(edata, data, key->data); + des_decrypt(edata, data, key->data); break; } break; case T_3DES: switch (operation) { case MCO_ENCYPHER: + mbedtls_des3_set2key_enc(&ctx3, key->data); + mbedtls_des3_crypt_ecb(&ctx3, data, edata); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); - des3_2key_enc(edata, data, key->data); break; case MCO_DECYPHER: + mbedtls_des3_set2key_dec(&ctx3, key->data); + mbedtls_des3_crypt_ecb(&ctx3, data, edata); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); - des3_2key_dec(data, edata, key->data); break; } break; case T_3K3DES: switch (operation) { case MCO_ENCYPHER: - des3_3key_enc(edata, data, key->data); + mbedtls_des3_set3key_enc(&ctx3, key->data); + mbedtls_des3_crypt_ecb(&ctx3, data, edata); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_ENCRYPT); break; case MCO_DECYPHER: - des3_3key_enc(data, edata, key->data); + mbedtls_des3_set3key_dec(&ctx3, key->data); + mbedtls_des3_crypt_ecb(&ctx3, data, edata); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_DECRYPT); // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT); // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT); @@ -1189,19 +819,17 @@ void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, case T_AES: switch (operation) { case MCO_ENCYPHER: { - mbedtls_aes_context ctx; - mbedtls_aes_init(&ctx); - mbedtls_aes_setkey_enc(&ctx, key->data, 128); - mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, sizeof(edata), ivect, data, edata); - mbedtls_aes_free(&ctx); + mbedtls_aes_init(&actx); + mbedtls_aes_setkey_enc(&actx, key->data, 128); + mbedtls_aes_crypt_cbc(&actx, MBEDTLS_AES_ENCRYPT, sizeof(edata), ivect, data, edata); + mbedtls_aes_free(&actx); break; } case MCO_DECYPHER: { - mbedtls_aes_context ctx; - mbedtls_aes_init(&ctx); - mbedtls_aes_setkey_dec(&ctx, key->data, 128); - mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, sizeof(edata), ivect, edata, data); - mbedtls_aes_free(&ctx); + mbedtls_aes_init(&actx); + mbedtls_aes_setkey_dec(&actx, key->data, 128); + mbedtls_aes_crypt_cbc(&actx, MBEDTLS_AES_DECRYPT, sizeof(edata), ivect, edata, data); + mbedtls_aes_free(&actx); break; } } diff --git a/client/mifare/desfire_crypto.h b/client/mifare/desfire_crypto.h index e1d37d1af..ff2334b5d 100644 --- a/client/mifare/desfire_crypto.h +++ b/client/mifare/desfire_crypto.h @@ -106,10 +106,8 @@ extern int Asmversion; /* 1 if we're linked with an asm version, 0 if C */ void crc32_ex(const uint8_t *data, const size_t len, uint8_t *crc); void crc32_append(uint8_t *data, const size_t len); -void des_enc(void *out, const void *in, const void *key); -void des_dec(void *out, const void *in, const void *key); -void tdes_enc(void *out, void *in, const void *key); -void tdes_dec(void *out, void *in, const uint8_t *key); +void des_encrypt(void *out, const void *in, const void *key); +void des_decrypt(void *out, const void *in, const void *key); void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode); void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode); void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key); From d309a1218a36d642136ab0e1d40d5c7fa552c8fc Mon Sep 17 00:00:00 2001 From: Bjoern Kerler Date: Sun, 12 Apr 2020 21:44:59 +0200 Subject: [PATCH 9/9] Changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 66fa27ac6..94115ba27 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Rework des/3des/3k3des/aes auth. Port to mbedtls crypto library on device (@bkerler) - Port 'hf mfdes' Authentification to CommandNG structure, fix auth session key (@bkerler) - Updates `hf mfdes` functions, improved logging and added new commands (@bkerler) - Updated 'legic.lua' and 'legic_clone.lua' script - works with current command set (@Pizza_4u)