From 4cc9de1183cb2230863af7f608c5a782d62510a0 Mon Sep 17 00:00:00 2001
From: merlokk <807634+merlokk@users.noreply.github.com>
Date: Fri, 30 Jul 2021 15:26:32 +0300
Subject: [PATCH] tests for ev2 compute iv

---
 client/src/mifare/desfirecrypto.c     | 11 ++++----
 client/src/mifare/desfirecrypto.h     |  2 +-
 client/src/mifare/desfiresecurechan.c |  3 ++-
 client/src/mifare/desfiretest.c       | 37 +++++++++++++++++++++++++++
 4 files changed, 45 insertions(+), 8 deletions(-)

diff --git a/client/src/mifare/desfirecrypto.c b/client/src/mifare/desfirecrypto.c
index 0e65f5787..5bacaaf0d 100644
--- a/client/src/mifare/desfirecrypto.c
+++ b/client/src/mifare/desfirecrypto.c
@@ -219,10 +219,6 @@ void DesfireCryptoEncDecEx(DesfireContext *ctx, bool use_session_key, uint8_t *s
         memset(ctx->IV, 0, DESFIRE_MAX_CRYPTO_BLOCK_SIZE);
     }
     
-    if (ctx->secureChannel == DACEV2) {
-        DesfireEV2FillIV(ctx, dir_to_send, NULL);
-    }
-
     size_t block_size = desfire_get_key_block_length(ctx->keyType);
 
     if (iv == NULL)
@@ -420,10 +416,10 @@ void DesfireGenSessionKeyEV2(uint8_t *key, uint8_t *rndA, uint8_t *rndB, bool en
     memcpy(sessionkey, cmac, CRYPTO_AES_BLOCK_SIZE);
 }
 
-void DesfireEV2FillIV(DesfireContext *ctx, bool send, uint8_t *iv) {
+void DesfireEV2FillIV(DesfireContext *ctx, bool ivforcommand, uint8_t *iv) {
     uint8_t xiv[CRYPTO_AES_BLOCK_SIZE] = {0};
     
-    if (send) {
+    if (ivforcommand) {
         xiv[0] = 0xa5;
         xiv[1] = 0x5a;
     } else {
@@ -434,6 +430,9 @@ void DesfireEV2FillIV(DesfireContext *ctx, bool send, uint8_t *iv) {
     memcpy(xiv + 2, ctx->TI, 4);
     Uint2byteToMemLe(xiv + 2 + 4, ctx->cmdCntr);
     
+    if (aes_encode(NULL, ctx->sessionKeyEnc, xiv, xiv, CRYPTO_AES_BLOCK_SIZE))
+        return;
+    
     if (iv == NULL)
         memcpy(ctx->IV, xiv, CRYPTO_AES_BLOCK_SIZE);
     else
diff --git a/client/src/mifare/desfirecrypto.h b/client/src/mifare/desfirecrypto.h
index 4caff1fb9..950c5a83f 100644
--- a/client/src/mifare/desfirecrypto.h
+++ b/client/src/mifare/desfirecrypto.h
@@ -108,7 +108,7 @@ DesfireCommunicationMode DesfireFileCommModeToCommMode(uint8_t file_comm_mode);
 uint8_t DesfireCommModeToFileCommMode(DesfireCommunicationMode comm_mode);
 
 void DesfireGenSessionKeyEV2(uint8_t *key, uint8_t *rndA, uint8_t *rndB, bool enckey, uint8_t *sessionkey);
-void DesfireEV2FillIV(DesfireContext *ctx, bool send, uint8_t *iv);
+void DesfireEV2FillIV(DesfireContext *ctx, bool ivforcommand, uint8_t *iv);
 
 void desfire_crc32(const uint8_t *data, const size_t len, uint8_t *crc);
 void desfire_crc32_append(uint8_t *data, const size_t len);
diff --git a/client/src/mifare/desfiresecurechan.c b/client/src/mifare/desfiresecurechan.c
index 81efe69ac..586c95285 100644
--- a/client/src/mifare/desfiresecurechan.c
+++ b/client/src/mifare/desfiresecurechan.c
@@ -247,7 +247,6 @@ static void DesfireSecureChannelEncodeEV2(DesfireContext *ctx, uint8_t cmd, uint
     memcpy(dstdata, srcdata, srcdatalen);
     *dstdatalen = srcdatalen;
     
-    ctx->cmdCntr++;
 }
 
 void DesfireSecureChannelEncode(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
@@ -374,6 +373,8 @@ static void DesfireSecureChannelDecodeEV1(DesfireContext *ctx, uint8_t *srcdata,
 }
 
 static void DesfireSecureChannelDecodeEV2(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
+    ctx->cmdCntr++;
+
     memcpy(dstdata, srcdata, srcdatalen);
     *dstdatalen = srcdatalen;
 }
diff --git a/client/src/mifare/desfiretest.c b/client/src/mifare/desfiretest.c
index 480f44462..5de1b312d 100644
--- a/client/src/mifare/desfiretest.c
+++ b/client/src/mifare/desfiretest.c
@@ -233,6 +233,42 @@ static bool TestEV2SessionKeys(void) {
     return res;
 }
 
+static bool TestEV2IVEncode(void) {
+    bool res = true;
+
+    uint8_t key[] = {0x66, 0xA8, 0xCB, 0x93, 0x26, 0x9D, 0xC9, 0xBC, 0x28, 0x85, 0xB7, 0xA9, 0x1B, 0x9C, 0x69, 0x7B};
+    uint8_t ti[] = {0xED, 0x56, 0xF6, 0xE6};
+    uint8_t ivres[] = {0xDA, 0x0F, 0x64, 0x4A, 0x49, 0x86, 0x27, 0x59, 0x57, 0xCF, 0x1E, 0xC3, 0xAF, 0x4C, 0xCE, 0x53};
+    
+    DesfireContext ctx = {0};
+    ctx.keyType = T_AES;
+    memcpy(ctx.sessionKeyEnc, key, 16);
+    memcpy(ctx.TI, ti, 4);
+    ctx.cmdCntr = 0;
+    
+    uint8_t iv[16] = {0};
+    DesfireEV2FillIV(&ctx, true, iv);
+    res = res && (memcmp(iv, ivres, sizeof(ivres)) == 0);
+    
+    uint8_t key2[] = {0x44, 0x5A, 0x86, 0x26, 0xB3, 0x33, 0x84, 0x59, 0x32, 0x12, 0x32, 0xfA, 0xDf, 0x6a, 0xDe, 0x2B};
+    uint8_t ti2[] = {0x11, 0x22, 0x33, 0x44};
+    uint8_t ivres2[] = {0x17, 0x74, 0x94, 0xFC, 0xC4, 0xF1, 0xDA, 0xB2, 0xAF, 0xBE, 0x8F, 0xAE, 0x20, 0x57, 0xA9, 0xD2};
+    memcpy(ctx.sessionKeyEnc, key2, 16);
+    memcpy(ctx.TI, ti2, 4);
+    ctx.cmdCntr = 5;
+
+    memset(iv, 0, 16);
+    DesfireEV2FillIV(&ctx, true, iv);
+    res = res && (memcmp(iv, ivres2, sizeof(ivres2)) == 0);
+
+    if (res)
+        PrintAndLogEx(INFO, "EV2 IV calc....... " _GREEN_("passed"));
+    else
+        PrintAndLogEx(ERR,  "EV2 IV calc....... " _RED_("fail"));
+
+    return res;
+}
+
 bool DesfireTest(bool verbose) {
     bool res = true;
 
@@ -244,6 +280,7 @@ bool DesfireTest(bool verbose) {
     res = res && TestCMAC2TDEA();
     res = res && TestCMACDES();
     res = res && TestEV2SessionKeys();
+    res = res && TestEV2IVEncode();
 
     PrintAndLogEx(INFO, "---------------------------");
     if (res)