mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-08-20 21:33:47 -07:00
Auth of des, 3des and aes working.
This commit is contained in:
Bjoern Kerler
parent
0c407504b3
commit
7aa27cfefb
5 changed files with 1132 additions and 56 deletions
|
|
@ -1,18 +0,0 @@
|
||||||
#ifndef __DESFIRE_CRYPTO_H
|
|
||||||
#define __DESFIRE_CRYPTO_H
|
|
||||||
|
|
||||||
#include "common.h"
|
|
||||||
#include "desfire.h"
|
|
||||||
|
|
||||||
void *mifare_cryto_preprocess_data(desfiretag_t tag, void *data, size_t *nbytes, size_t offset, int communication_settings);
|
|
||||||
void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes, int communication_settings);
|
|
||||||
void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, MifareCryptoDirection direction, MifareCryptoOperation operation, size_t block_size);
|
|
||||||
void mifare_cypher_blocks_chained(desfiretag_t tag, desfirekey_t key, uint8_t *ivect, uint8_t *data, size_t data_size, MifareCryptoDirection direction, MifareCryptoOperation operation);
|
|
||||||
size_t key_block_size(const desfirekey_t key);
|
|
||||||
size_t padded_data_length(const size_t nbytes, const size_t block_size);
|
|
||||||
size_t maced_data_length(const desfirekey_t key, const size_t nbytes);
|
|
||||||
size_t enciphered_data_length(const desfiretag_t tag, const size_t nbytes, int communication_settings);
|
|
||||||
void cmac_generate_subkeys(desfirekey_t key);
|
|
||||||
void cmac(const desfirekey_t key, uint8_t *ivect, const uint8_t *data, size_t len, uint8_t *cmac);
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
@ -19,6 +19,7 @@
|
||||||
#include "cmdhw.h"
|
#include "cmdhw.h"
|
||||||
#include "cmdhf14a.h"
|
#include "cmdhf14a.h"
|
||||||
#include "mbedtls/des.h"
|
#include "mbedtls/des.h"
|
||||||
|
#include "mbedtls/aes.h"
|
||||||
#include "crypto/libpcrypto.h"
|
#include "crypto/libpcrypto.h"
|
||||||
#include "protocols.h"
|
#include "protocols.h"
|
||||||
#include "mifare.h" // desfire raw command options
|
#include "mifare.h" // desfire raw command options
|
||||||
|
|
@ -28,6 +29,11 @@
|
||||||
#include "emv/emvcore.h" // APDU logging
|
#include "emv/emvcore.h" // APDU logging
|
||||||
#include "util_posix.h" // msleep
|
#include "util_posix.h" // msleep
|
||||||
#include "mifare/mifare4.h" // MIFARE Authenticate / MAC
|
#include "mifare/mifare4.h" // MIFARE Authenticate / MAC
|
||||||
|
#include "mifare/desfire_crypto.h"
|
||||||
|
#include "crapto1/crapto1.h"
|
||||||
|
|
||||||
|
struct desfire_key defaultkey = {0};
|
||||||
|
static desfirekey_t sessionkey = &defaultkey;
|
||||||
|
|
||||||
uint8_t key_zero_data[16] = { 0x00 };
|
uint8_t key_zero_data[16] = { 0x00 };
|
||||||
uint8_t key_ones_data[16] = { 0x01 };
|
uint8_t key_ones_data[16] = { 0x01 };
|
||||||
|
|
@ -331,6 +337,7 @@ static int send_desfire_cmd(sAPDU *apdu, bool select, uint8_t *dest, int *recv_l
|
||||||
int res = DESFIRESendApdu(select, true, *apdu, data, sizeof(data), &resplen, sw);
|
int res = DESFIRESendApdu(select, true, *apdu, data, sizeof(data), &resplen, sw);
|
||||||
if (res != PM3_SUCCESS) {
|
if (res != PM3_SUCCESS) {
|
||||||
PrintAndLogEx(DEBUG, "%s", GetErrorString(res, sw));
|
PrintAndLogEx(DEBUG, "%s", GetErrorString(res, sw));
|
||||||
|
DropField();
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
if (dest != NULL) {
|
if (dest != NULL) {
|
||||||
|
|
@ -340,11 +347,7 @@ static int send_desfire_cmd(sAPDU *apdu, bool select, uint8_t *dest, int *recv_l
|
||||||
pos += resplen;
|
pos += resplen;
|
||||||
if (!readalldata) {
|
if (!readalldata) {
|
||||||
if (*sw == status(MFDES_ADDITIONAL_FRAME)) {
|
if (*sw == status(MFDES_ADDITIONAL_FRAME)) {
|
||||||
apdu->INS = MFDES_ABORT_TRANSACTION;
|
*recv_len=pos;
|
||||||
apdu->Lc = 0;
|
|
||||||
apdu->P1 = 0;
|
|
||||||
apdu->P2 = 0;
|
|
||||||
res = DESFIRESendApdu(false, true, *apdu, data, sizeof(data), &resplen, sw);
|
|
||||||
return PM3_SUCCESS;
|
return PM3_SUCCESS;
|
||||||
}
|
}
|
||||||
return res;
|
return res;
|
||||||
|
|
@ -359,6 +362,7 @@ static int send_desfire_cmd(sAPDU *apdu, bool select, uint8_t *dest, int *recv_l
|
||||||
res = DESFIRESendApdu(false, true, *apdu, data, sizeof(data), &resplen, sw);
|
res = DESFIRESendApdu(false, true, *apdu, data, sizeof(data), &resplen, sw);
|
||||||
if (res != PM3_SUCCESS) {
|
if (res != PM3_SUCCESS) {
|
||||||
PrintAndLogEx(DEBUG, "%s", GetErrorString(res, sw));
|
PrintAndLogEx(DEBUG, "%s", GetErrorString(res, sw));
|
||||||
|
DropField();
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -397,13 +401,303 @@ static nxp_cardtype_t getCardType(uint8_t major, uint8_t minor) {
|
||||||
return UNKNOWN;
|
return UNKNOWN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int get_desfire_auth(mfdes_authinput_t* payload,mfdes_auth_res_t* rpayload)
|
||||||
|
{
|
||||||
|
// 3 different way to authenticate AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32)
|
||||||
|
// 4 different crypto arg1 DES, 3DES, 3K3DES, AES
|
||||||
|
// 3 different communication modes, PLAIN,MAC,CRYPTO
|
||||||
|
|
||||||
|
mbedtls_aes_context ctx;
|
||||||
|
|
||||||
|
uint8_t keybytes[24];
|
||||||
|
// Crypt constants
|
||||||
|
uint8_t IV[16] = {0x00};
|
||||||
|
uint8_t RndA[16] = {0x00};
|
||||||
|
uint8_t RndB[16] = {0x00};
|
||||||
|
uint8_t encRndB[16] = {0x00};
|
||||||
|
uint8_t rotRndB[16] = {0x00}; //RndB'
|
||||||
|
uint8_t both[32+1] = {0x00}; // ek/dk_keyNo(RndA+RndB')
|
||||||
|
|
||||||
|
// Generate Random Value
|
||||||
|
uint32_t ng=msclock();
|
||||||
|
uint32_t value = prng_successor(ng, 32);
|
||||||
|
num_to_bytes(value, 4, &RndA[0]);
|
||||||
|
value = prng_successor(ng, 32);
|
||||||
|
num_to_bytes(value, 4, &RndA[4]);
|
||||||
|
value = prng_successor(ng, 32);
|
||||||
|
num_to_bytes(value, 4, &RndA[8]);
|
||||||
|
value = prng_successor(ng, 32);
|
||||||
|
num_to_bytes(value, 4, &RndA[12]);
|
||||||
|
|
||||||
|
// Default Keys
|
||||||
|
uint8_t PICC_MASTER_KEY8[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
|
||||||
|
uint8_t PICC_MASTER_KEY16[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||||
|
uint8_t PICC_MASTER_KEY24[24] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||||
|
//uint8_t null_key_data16[16] = {0x00};
|
||||||
|
//uint8_t new_key_data8[8] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77};
|
||||||
|
//uint8_t new_key_data16[16] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF};
|
||||||
|
|
||||||
|
|
||||||
|
// Part 1
|
||||||
|
if (payload->key == NULL) {
|
||||||
|
if (payload->algo == MFDES_AUTH_DES) {
|
||||||
|
memcpy(keybytes, PICC_MASTER_KEY8, 8);
|
||||||
|
} else if (payload->algo == MFDES_ALGO_AES || payload->algo == MFDES_ALGO_3DES) {
|
||||||
|
memcpy(keybytes, PICC_MASTER_KEY16, 16);
|
||||||
|
} else if (payload->algo == MFDES_ALGO_3DES) {
|
||||||
|
memcpy(keybytes, PICC_MASTER_KEY24, 24);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
memcpy(keybytes, payload->key, payload->keylen);
|
||||||
|
}
|
||||||
|
|
||||||
|
struct desfire_key defaultkey = {0};
|
||||||
|
desfirekey_t key = &defaultkey;
|
||||||
|
|
||||||
|
if (payload->algo == MFDES_ALGO_AES) {
|
||||||
|
mbedtls_aes_init(&ctx);
|
||||||
|
Desfire_aes_key_new(keybytes, key);
|
||||||
|
} else if (payload->algo == MFDES_ALGO_3DES) {
|
||||||
|
Desfire_3des_key_new_with_version(keybytes, key);
|
||||||
|
} else if (payload->algo == MFDES_ALGO_DES) {
|
||||||
|
Desfire_des_key_new(keybytes, key);
|
||||||
|
} else if (payload->algo == MFDES_ALGO_3K3DES) {
|
||||||
|
Desfire_3k3des_key_new_with_version(keybytes, key);
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t subcommand = MFDES_AUTHENTICATE;
|
||||||
|
|
||||||
|
if (payload->mode == MFDES_AUTH_AES)
|
||||||
|
subcommand = MFDES_AUTHENTICATE_AES;
|
||||||
|
else if (payload->mode == MFDES_AUTH_ISO)
|
||||||
|
subcommand = MFDES_AUTHENTICATE_ISO;
|
||||||
|
|
||||||
|
int recv_len = 0;
|
||||||
|
uint16_t sw = 0;
|
||||||
|
uint8_t recv_data[256]={0};
|
||||||
|
|
||||||
|
if (payload->mode != MFDES_AUTH_PICC) {
|
||||||
|
// Let's send our auth command
|
||||||
|
uint8_t data[] = {payload->keyno};
|
||||||
|
sAPDU apdu = {0x90, subcommand, 0x00, 0x00, 0x01, data};
|
||||||
|
int res = send_desfire_cmd(&apdu, false, recv_data, &recv_len, &sw, 0, false);
|
||||||
|
if (res != PM3_SUCCESS) {
|
||||||
|
PrintAndLogEx(SUCCESS, "Sending auth command %02X " _RED_("failed"),subcommand);
|
||||||
|
return PM3_ESOFT;
|
||||||
|
}
|
||||||
|
} else if (payload->mode == MFDES_AUTH_PICC) {
|
||||||
|
/*cmd[0] = AUTHENTICATE;
|
||||||
|
cmd[1] = payload->keyno;
|
||||||
|
len = DesfireAPDU(cmd, 2, resp);
|
||||||
|
*/
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!recv_len) {
|
||||||
|
PrintAndLogEx(ERR,"Authentication failed. Card timeout.");
|
||||||
|
return PM3_ESOFT;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sw!=status(MFDES_ADDITIONAL_FRAME)) {
|
||||||
|
PrintAndLogEx(ERR,"Authentication failed. Invalid key number.");
|
||||||
|
return PM3_ESOFT;
|
||||||
|
}
|
||||||
|
|
||||||
|
int expectedlen = 8;
|
||||||
|
if (payload->algo == MFDES_ALGO_AES || payload->algo == MFDES_ALGO_3K3DES) {
|
||||||
|
expectedlen = 16;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (recv_len != expectedlen) {
|
||||||
|
PrintAndLogEx(ERR,"Authentication failed. Length of answer %d doesn't match algo length %d.", recv_len, expectedlen);
|
||||||
|
return PM3_ESOFT;
|
||||||
|
}
|
||||||
|
int rndlen=recv_len;
|
||||||
|
|
||||||
|
// Part 2
|
||||||
|
if (payload->mode != MFDES_AUTH_PICC) {
|
||||||
|
memcpy(encRndB, recv_data, rndlen);
|
||||||
|
} else {
|
||||||
|
memcpy(encRndB, recv_data + 2, rndlen);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// Part 3
|
||||||
|
if (payload->algo == MFDES_ALGO_AES) {
|
||||||
|
if (mbedtls_aes_setkey_dec(&ctx, key->data, 128) != 0) {
|
||||||
|
PrintAndLogEx(ERR,"mbedtls_aes_setkey_dec failed");
|
||||||
|
return PM3_ESOFT;
|
||||||
|
}
|
||||||
|
mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, rndlen, IV, encRndB, RndB);
|
||||||
|
}
|
||||||
|
else if (payload->algo == MFDES_ALGO_DES)
|
||||||
|
des_dec(RndB, encRndB, key->data);
|
||||||
|
else if (payload->algo == MFDES_ALGO_3DES)
|
||||||
|
tdes_nxp_receive(encRndB, RndB, rndlen, key->data, IV,2);
|
||||||
|
else if (payload->algo == MFDES_ALGO_3K3DES) {
|
||||||
|
tdes_nxp_receive(encRndB, RndB, rndlen, key->data, IV,3);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (g_debugMode>1){
|
||||||
|
PrintAndLogEx(INFO,"encRndB: %s",sprint_hex(encRndB,8));
|
||||||
|
PrintAndLogEx(INFO,"RndB: %s",sprint_hex(RndB,8));
|
||||||
|
}
|
||||||
|
|
||||||
|
// - Rotate RndB by 8 bits
|
||||||
|
memcpy(rotRndB, RndB, rndlen);
|
||||||
|
rol(rotRndB, rndlen);
|
||||||
|
|
||||||
|
uint8_t encRndA[16] = {0x00};
|
||||||
|
|
||||||
|
// - Encrypt our response
|
||||||
|
if (payload->mode == MFDES_AUTH_DES || payload->mode == MFDES_AUTH_PICC) {
|
||||||
|
des_dec(encRndA, RndA, key->data);
|
||||||
|
memcpy(both, encRndA, rndlen);
|
||||||
|
|
||||||
|
for (int x = 0; x < rndlen; x++) {
|
||||||
|
rotRndB[x] = rotRndB[x] ^ encRndA[x];
|
||||||
|
}
|
||||||
|
|
||||||
|
des_dec(encRndB, rotRndB, key->data);
|
||||||
|
memcpy(both + rndlen, encRndB, rndlen);
|
||||||
|
} else if (payload->mode == MFDES_AUTH_ISO) {
|
||||||
|
if (payload->algo == MFDES_ALGO_3DES) {
|
||||||
|
uint8_t tmp[16] = {0x00};
|
||||||
|
memcpy(tmp, RndA, rndlen);
|
||||||
|
memcpy(tmp + rndlen, rotRndB, rndlen);
|
||||||
|
if (g_debugMode>1) {
|
||||||
|
PrintAndLogEx(INFO, "rotRndB: %s", sprint_hex(rotRndB, rndlen));
|
||||||
|
PrintAndLogEx(INFO, "Both: %s", sprint_hex(tmp, 16));
|
||||||
|
}
|
||||||
|
tdes_nxp_send(tmp, both, 16, key->data, IV,2);
|
||||||
|
if (g_debugMode>1) {
|
||||||
|
PrintAndLogEx(INFO, "EncBoth: %s", sprint_hex(both, 16));
|
||||||
|
}
|
||||||
|
} else if (payload->algo == MFDES_ALGO_3K3DES) {
|
||||||
|
uint8_t tmp[32] = {0x00};
|
||||||
|
memcpy(tmp, RndA, rndlen);
|
||||||
|
memcpy(tmp + rndlen, rotRndB, rndlen);
|
||||||
|
if (g_debugMode>1) {
|
||||||
|
PrintAndLogEx(INFO, "rotRndB: %s", sprint_hex(rotRndB, rndlen));
|
||||||
|
PrintAndLogEx(INFO, "Both3k3: %s", sprint_hex(tmp, 32));
|
||||||
|
}
|
||||||
|
tdes_nxp_send(tmp, both, 32, key->data, IV,3);
|
||||||
|
if (g_debugMode>1) {
|
||||||
|
PrintAndLogEx(INFO, "EncBoth: %s", sprint_hex(both, 32));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else if (payload->mode == MFDES_AUTH_AES) {
|
||||||
|
uint8_t tmp[32] = {0x00};
|
||||||
|
memcpy(tmp, RndA, rndlen);
|
||||||
|
memcpy(tmp + rndlen, rotRndB, rndlen);
|
||||||
|
if (g_debugMode>1) {
|
||||||
|
PrintAndLogEx(INFO, "rotRndB: %s", sprint_hex(rotRndB, rndlen));
|
||||||
|
PrintAndLogEx(INFO, "Both3k3: %s", sprint_hex(tmp, 32));
|
||||||
|
}
|
||||||
|
if (payload->algo == MFDES_ALGO_AES) {
|
||||||
|
if (mbedtls_aes_setkey_enc(&ctx, key->data, 128) != 0) {
|
||||||
|
PrintAndLogEx(ERR,"mbedtls_aes_setkey_enc failed");
|
||||||
|
return PM3_ESOFT;
|
||||||
|
}
|
||||||
|
mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, 32, IV, tmp, both);
|
||||||
|
if (g_debugMode>1) {
|
||||||
|
PrintAndLogEx(INFO, "EncBoth: %s", sprint_hex(both, 32));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int bothlen = 16;
|
||||||
|
if (payload->algo == MFDES_ALGO_AES || payload->algo == MFDES_ALGO_3K3DES) {
|
||||||
|
bothlen = 32;
|
||||||
|
}
|
||||||
|
if (payload->mode != MFDES_AUTH_PICC) {
|
||||||
|
sAPDU apdu = {0x90, MFDES_ADDITIONAL_FRAME, 0x00, 0x00, bothlen, both};
|
||||||
|
int res = send_desfire_cmd(&apdu, false, recv_data, &recv_len, &sw, 0, false);
|
||||||
|
if (res != PM3_SUCCESS) {
|
||||||
|
PrintAndLogEx(SUCCESS, "Sending auth command %02X " _RED_("failed"),subcommand);
|
||||||
|
return PM3_ESOFT;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/*cmd[0] = ADDITIONAL_FRAME;
|
||||||
|
memcpy(cmd + 1, both, 16);
|
||||||
|
len = DesfireAPDU(cmd, 1 + 16, resp);
|
||||||
|
|
||||||
|
if (res != PM3_SUCCESS) {
|
||||||
|
PrintAndLogEx(SUCCESS, "Sending auth command %02X " _RED_("failed"),subcommand);
|
||||||
|
return PM3_ESOFT;
|
||||||
|
}*/
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!recv_len) {
|
||||||
|
PrintAndLogEx(ERR,"Authentication failed. Card timeout.");
|
||||||
|
return PM3_ESOFT;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (payload->mode != MFDES_AUTH_PICC) {
|
||||||
|
if (sw!=status(MFDES_S_OPERATION_OK)) {
|
||||||
|
PrintAndLogEx(ERR,"Authentication failed.");
|
||||||
|
return PM3_ESOFT;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/*if (resp[1] != 0x00) {
|
||||||
|
PrintAndLogEx(ERR,"Authentication failed. Card timeout.");
|
||||||
|
return PM3_ESOFT;
|
||||||
|
}*/
|
||||||
|
}
|
||||||
|
|
||||||
|
// Part 4
|
||||||
|
Desfire_session_key_new(RndA, RndB, key, sessionkey);
|
||||||
|
|
||||||
|
if (payload->mode != MFDES_AUTH_PICC) {
|
||||||
|
memcpy(encRndA, recv_data, rndlen);
|
||||||
|
} else {
|
||||||
|
memcpy(encRndA, recv_data + 2, rndlen);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (payload->mode == MFDES_AUTH_DES || payload->mode == MFDES_AUTH_ISO || payload->mode == MFDES_AUTH_PICC) {
|
||||||
|
if (payload->algo == MFDES_ALGO_DES)
|
||||||
|
des_dec(encRndA, encRndA, key->data);
|
||||||
|
else if (payload->algo == MFDES_ALGO_3DES)
|
||||||
|
tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV,2);
|
||||||
|
else if (payload->algo == MFDES_ALGO_3K3DES)
|
||||||
|
tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV,3);
|
||||||
|
} else if (payload->mode == MFDES_AUTH_AES) {
|
||||||
|
if (mbedtls_aes_setkey_dec(&ctx, key->data, 128) != 0) {
|
||||||
|
PrintAndLogEx(ERR,"mbedtls_aes_setkey_dec failed");
|
||||||
|
return PM3_ESOFT;
|
||||||
|
}
|
||||||
|
mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, rndlen, IV, encRndA, encRndA);
|
||||||
|
}
|
||||||
|
|
||||||
|
rol(RndA, rndlen);
|
||||||
|
for (int x = 0; x < rndlen; x++) {
|
||||||
|
if (RndA[x] != encRndA[x]) {
|
||||||
|
PrintAndLogEx(ERR,"Authentication failed. Cannot verify Session Key.");
|
||||||
|
if (g_debugMode>1){
|
||||||
|
PrintAndLogEx(INFO,"Expected_RndA : %s", sprint_hex(RndA, rndlen));
|
||||||
|
PrintAndLogEx(INFO,"Generated_RndA : %s", sprint_hex(encRndA, rndlen));
|
||||||
|
}
|
||||||
|
return PM3_ESOFT;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
rpayload->sessionkeylen = payload->keylen;
|
||||||
|
memcpy(rpayload->sessionkey, sessionkey->data, rpayload->sessionkeylen);
|
||||||
|
return PM3_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
// -- test if card supports 0x0A
|
// -- test if card supports 0x0A
|
||||||
static int test_desfire_authenticate() {
|
static int test_desfire_authenticate() {
|
||||||
uint8_t data[] = {0x00};
|
uint8_t data[] = {0x00};
|
||||||
sAPDU apdu = {0x90, MFDES_AUTHENTICATE, 0x00, 0x00, 0x01, data}; // 0x0A, KEY 0
|
sAPDU apdu = {0x90, MFDES_AUTHENTICATE, 0x00, 0x00, 0x01, data}; // 0x0A, KEY 0
|
||||||
int recv_len = 0;
|
int recv_len = 0;
|
||||||
uint16_t sw = 0;
|
uint16_t sw = 0;
|
||||||
return send_desfire_cmd(&apdu, false, NULL, &recv_len, &sw, 0, false);
|
int res=send_desfire_cmd(&apdu, true, NULL, &recv_len, &sw, 0, false);
|
||||||
|
if (res==PM3_SUCCESS)
|
||||||
|
if (sw==status(MFDES_ADDITIONAL_FRAME)) {
|
||||||
|
DropField();
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
// -- test if card supports 0x1A
|
// -- test if card supports 0x1A
|
||||||
|
|
@ -412,7 +706,13 @@ static int test_desfire_authenticate_iso() {
|
||||||
sAPDU apdu = {0x90, MFDES_AUTHENTICATE_ISO, 0x00, 0x00, 0x01, data}; // 0x1A, KEY 0
|
sAPDU apdu = {0x90, MFDES_AUTHENTICATE_ISO, 0x00, 0x00, 0x01, data}; // 0x1A, KEY 0
|
||||||
int recv_len = 0;
|
int recv_len = 0;
|
||||||
uint16_t sw = 0;
|
uint16_t sw = 0;
|
||||||
return send_desfire_cmd(&apdu, false, NULL, &recv_len, &sw, 0, false);
|
int res=send_desfire_cmd(&apdu, true, NULL, &recv_len, &sw, 0, false);
|
||||||
|
if (res==PM3_SUCCESS)
|
||||||
|
if (sw==status(MFDES_ADDITIONAL_FRAME)) {
|
||||||
|
DropField();
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
// -- test if card supports 0xAA
|
// -- test if card supports 0xAA
|
||||||
|
|
@ -421,7 +721,13 @@ static int test_desfire_authenticate_aes() {
|
||||||
sAPDU apdu = {0x90, MFDES_AUTHENTICATE_AES, 0x00, 0x00, 0x01, data}; // 0xAA, KEY 0
|
sAPDU apdu = {0x90, MFDES_AUTHENTICATE_AES, 0x00, 0x00, 0x01, data}; // 0xAA, KEY 0
|
||||||
int recv_len = 0;
|
int recv_len = 0;
|
||||||
uint16_t sw = 0;
|
uint16_t sw = 0;
|
||||||
return send_desfire_cmd(&apdu, false, NULL, &recv_len, &sw, 0, false);
|
int res=send_desfire_cmd(&apdu, true, NULL, &recv_len, &sw, 0, false);
|
||||||
|
if (res==PM3_SUCCESS)
|
||||||
|
if (sw==status(MFDES_ADDITIONAL_FRAME)) {
|
||||||
|
DropField();
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
// --- GET FREE MEM
|
// --- GET FREE MEM
|
||||||
|
|
@ -1013,7 +1319,7 @@ static int CmdHF14ADesDeleteApp(const char *Cmd) {
|
||||||
uint8_t aid[3] = {0};
|
uint8_t aid[3] = {0};
|
||||||
CLIGetHexWithReturn(1, aid, &aidlength);
|
CLIGetHexWithReturn(1, aid, &aidlength);
|
||||||
CLIParserFree();
|
CLIParserFree();
|
||||||
|
swap24(aid);
|
||||||
if (aidlength < 3) {
|
if (aidlength < 3) {
|
||||||
PrintAndLogEx(ERR, "AID must have 3 bytes length.");
|
PrintAndLogEx(ERR, "AID must have 3 bytes length.");
|
||||||
return PM3_EINVARG;
|
return PM3_EINVARG;
|
||||||
|
|
@ -1488,14 +1794,16 @@ static int CmdHF14ADesAuth(const char *Cmd) {
|
||||||
|
|
||||||
CLIParserInit("hf mfdes auth",
|
CLIParserInit("hf mfdes auth",
|
||||||
"Authenticates Mifare DESFire using Key",
|
"Authenticates Mifare DESFire using Key",
|
||||||
"Usage:\n\t-m Auth type (1=normal, 2=iso, 3=aes)\n\t-t Crypt algo (1=DES, 2=3DES, 3=2K3DES, 4=3K3DES, 5=AES)\n\t-a aid (3 bytes)\n\t-n keyno\n\t-k key (8-24 bytes)\n\n"
|
"Usage:\n\t-m Auth type (1=normal, 2=iso, 3=aes)\n\t-t Crypt algo (1=DES, 2=3DES(2K2DES), 3=3K3DES, 5=AES)\n\t-a aid (3 bytes)\n\t-n keyno\n\t-k key (8-24 bytes)\n\n"
|
||||||
"Example:\n\thf mfdes auth -m 3 -t 5 -a 838001 -n 0 -k 00000000000000000000000000000000\n"
|
"Example:\n\thf mfdes auth -m 3 -t 4 -a 808301 -n 0 -k 00000000000000000000000000000000 (AES)"
|
||||||
|
"\n\thf mfdes auth -m 2 -t 2 -a 000000 -n 0 -k 00000000000000000000000000000000 (3DES)"
|
||||||
|
"\n\thf mfdes auth -m 1 -t 1 -a 000000 -n 0 -k 0000000000000000 (DES)"
|
||||||
);
|
);
|
||||||
|
|
||||||
void *argtable[] = {
|
void *argtable[] = {
|
||||||
arg_param_begin,
|
arg_param_begin,
|
||||||
arg_int0("mM", "type", "Auth type (1=normal, 2=iso, 3=aes, 4=picc)", NULL),
|
arg_int0("mM", "type", "Auth type (1=normal, 2=iso, 3=aes, 4=picc)", NULL),
|
||||||
arg_int0("tT", "algo", "Crypt algo (1=DES, 2=3DES, 3=2K3DES, 4=3K3DES, 5=AES)", NULL),
|
arg_int0("tT", "algo", "Crypt algo (1=DES, 2=3DES(2K2DES), 4=3K3DES, 5=AES)", NULL),
|
||||||
arg_strx0("aA", "aid", "<aid>", "AID used for authentification (HEX 3 bytes)"),
|
arg_strx0("aA", "aid", "<aid>", "AID used for authentification (HEX 3 bytes)"),
|
||||||
arg_int0("nN", "keyno", "Key number used for authentification", NULL),
|
arg_int0("nN", "keyno", "Key number used for authentification", NULL),
|
||||||
arg_str0("kK", "key", "<Key>", "Key for checking (HEX 16 bytes)"),
|
arg_str0("kK", "key", "<Key>", "Key for checking (HEX 16 bytes)"),
|
||||||
|
|
@ -1536,7 +1844,7 @@ static int CmdHF14ADesAuth(const char *Cmd) {
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case MFDES_AUTH_ISO:
|
case MFDES_AUTH_ISO:
|
||||||
if (cmdAuthAlgo != MFDES_ALGO_2K3DES && cmdAuthAlgo != MFDES_ALGO_3K3DES) {
|
if (cmdAuthAlgo != MFDES_ALGO_3DES && cmdAuthAlgo != MFDES_ALGO_3K3DES) {
|
||||||
PrintAndLogEx(NORMAL, "Crypto algo not valid for the auth iso mode");
|
PrintAndLogEx(NORMAL, "Crypto algo not valid for the auth iso mode");
|
||||||
return PM3_EINVARG;
|
return PM3_EINVARG;
|
||||||
}
|
}
|
||||||
|
|
@ -1559,13 +1867,9 @@ static int CmdHF14ADesAuth(const char *Cmd) {
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (cmdAuthAlgo) {
|
switch (cmdAuthAlgo) {
|
||||||
case MFDES_ALGO_2K3DES:
|
|
||||||
keylength = 16;
|
|
||||||
PrintAndLogEx(NORMAL, "2 key 3DES selected");
|
|
||||||
break;
|
|
||||||
case MFDES_ALGO_3DES:
|
case MFDES_ALGO_3DES:
|
||||||
keylength = 16;
|
keylength = 16;
|
||||||
PrintAndLogEx(NORMAL, "3DES selected");
|
PrintAndLogEx(NORMAL, "2 key 3DES selected");
|
||||||
break;
|
break;
|
||||||
case MFDES_ALGO_3K3DES:
|
case MFDES_ALGO_3K3DES:
|
||||||
keylength = 24;
|
keylength = 24;
|
||||||
|
|
@ -1605,7 +1909,7 @@ static int CmdHF14ADesAuth(const char *Cmd) {
|
||||||
payload.mode = cmdAuthMode;
|
payload.mode = cmdAuthMode;
|
||||||
payload.algo = cmdAuthAlgo;
|
payload.algo = cmdAuthAlgo;
|
||||||
payload.keyno = cmdKeyNo;
|
payload.keyno = cmdKeyNo;
|
||||||
SendCommandNG(CMD_HF_DESFIRE_AUTH1, (uint8_t *)&payload, sizeof(payload));
|
/*SendCommandNG(CMD_HF_DESFIRE_AUTH1, (uint8_t *)&payload, sizeof(payload));
|
||||||
|
|
||||||
PacketResponseNG resp;
|
PacketResponseNG resp;
|
||||||
|
|
||||||
|
|
@ -1614,15 +1918,15 @@ static int CmdHF14ADesAuth(const char *Cmd) {
|
||||||
DropField();
|
DropField();
|
||||||
return PM3_ETIMEOUT;
|
return PM3_ETIMEOUT;
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
uint8_t isOK = (resp.status == PM3_SUCCESS);
|
mfdes_auth_res_t rpayload;
|
||||||
if (isOK) {
|
if (get_desfire_auth(&payload,&rpayload)==PM3_SUCCESS)
|
||||||
struct mfdes_auth_res *rpayload = (struct mfdes_auth_res *)&resp.data.asBytes;
|
{
|
||||||
PrintAndLogEx(SUCCESS, " Key : " _GREEN_("%s"), sprint_hex(key, keylength));
|
PrintAndLogEx(SUCCESS, " Key : " _GREEN_("%s"), sprint_hex(key, keylength));
|
||||||
PrintAndLogEx(SUCCESS, " SESSION : " _GREEN_("%s"), sprint_hex(rpayload->sessionkey, keylength));
|
PrintAndLogEx(SUCCESS, " SESSION : " _GREEN_("%s"), sprint_hex(rpayload.sessionkey, keylength));
|
||||||
PrintAndLogEx(INFO, "-------------------------------------------------------------");
|
PrintAndLogEx(INFO, "-------------------------------------------------------------");
|
||||||
} else {
|
} else {
|
||||||
PrintAndLogEx(WARNING, _RED_("Auth command failed, reason: %d."), resp.status);
|
return PM3_ESOFT;
|
||||||
}
|
}
|
||||||
PrintAndLogEx(INFO, "-------------------------------------------------------------");
|
PrintAndLogEx(INFO, "-------------------------------------------------------------");
|
||||||
return PM3_SUCCESS;
|
return PM3_SUCCESS;
|
||||||
|
|
@ -1633,8 +1937,48 @@ static int CmdHF14ADesList(const char *Cmd) {
|
||||||
return CmdTraceList("des");
|
return CmdTraceList("des");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int CmdTest(const char *Cmd) {
|
||||||
|
(void)Cmd; // Cmd is not used so far
|
||||||
|
uint8_t IV[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
|
||||||
|
uint8_t key[16]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
|
||||||
|
|
||||||
|
/*[=] encRndB: 1A BE 10 8D 09 E0 18 13
|
||||||
|
[=] RndB: 57 9B 94 21 40 2C C6 D7
|
||||||
|
[=] 3keyenc: 6E 6A EB 86 6E 6A EB 86 9B 94 21 40 2C C6 D7 00
|
||||||
|
6E 6A EB 86 6E 6A EB 86 9B 94 21 40 2C C6 D7 57
|
||||||
|
[=] Both: 32 B2 E4 1A 14 CF 8B 34 B4 F9 30 43 5B 68 A3 FD
|
||||||
|
[=] RndA: 6E 6A EB 86 6E 6A EB 86
|
||||||
|
*/
|
||||||
|
|
||||||
|
uint8_t encRndB[8]={0x1A,0xBE,0x10,0x8D,0x09,0xE0,0x18,0x13};
|
||||||
|
/*
|
||||||
|
* RndB_enc: DE 50 F9 23 10 CA F5 A5
|
||||||
|
* RndB: 4C 64 7E 56 72 E2 A6 51
|
||||||
|
* RndB_rot: 64 7E 56 72 E2 A6 51 4C
|
||||||
|
* RndA: C9 6C E3 5E 4D 60 87 F2
|
||||||
|
* RndAB: C9 6C E3 5E 4D 60 87 F2 64 7E 56 72 E2 A6 51 4C
|
||||||
|
* RndAB_enc: E0 06 16 66 87 04 D5 54 9C 8D 6A 13 A0 F8 FC ED
|
||||||
|
*/
|
||||||
|
uint8_t RndB[8]={0};
|
||||||
|
uint8_t RndA[8]={0x6E,0x6A,0xEB,0x86,0x6E,0x6A,0xEB,0x86};
|
||||||
|
tdes_nxp_receive(encRndB, RndB, 8, key, IV,2);
|
||||||
|
uint8_t rotRndB[8]={0};
|
||||||
|
memcpy(rotRndB, RndB, 8);
|
||||||
|
rol(rotRndB, 8);
|
||||||
|
uint8_t tmp[16] = {0x00};
|
||||||
|
uint8_t both[16] = {0x00};
|
||||||
|
memcpy(tmp, RndA, 8);
|
||||||
|
memcpy(tmp + 8, rotRndB, 8);
|
||||||
|
PrintAndLogEx(INFO,"3keyenc: %s",sprint_hex(tmp,16));
|
||||||
|
PrintAndLogEx(SUCCESS, " Res : " _GREEN_("%s"), sprint_hex(IV,8));
|
||||||
|
tdes_nxp_send(tmp, both, 16, key, IV,2);
|
||||||
|
PrintAndLogEx(SUCCESS, " Res : " _GREEN_("%s"), sprint_hex(both,16));
|
||||||
|
return PM3_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
static command_t CommandTable[] = {
|
static command_t CommandTable[] = {
|
||||||
{"help", CmdHelp, AlwaysAvailable, "This help"},
|
{"help", CmdHelp, AlwaysAvailable, "This help"},
|
||||||
|
{"test", CmdTest, AlwaysAvailable, "Test"},
|
||||||
{"info", CmdHF14ADesInfo, IfPm3Iso14443a, "Tag information"},
|
{"info", CmdHF14ADesInfo, IfPm3Iso14443a, "Tag information"},
|
||||||
{"list", CmdHF14ADesList, AlwaysAvailable, "List DESFire (ISO 14443A) history"},
|
{"list", CmdHF14ADesList, AlwaysAvailable, "List DESFire (ISO 14443A) history"},
|
||||||
{"enum", CmdHF14ADesEnumApplications, IfPm3Iso14443a, "Tries enumerate all applications"},
|
{"enum", CmdHF14ADesEnumApplications, IfPm3Iso14443a, "Tries enumerate all applications"},
|
||||||
|
|
|
||||||
|
|
@ -25,13 +25,625 @@
|
||||||
* Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication
|
* Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication
|
||||||
* May 2005
|
* May 2005
|
||||||
*/
|
*/
|
||||||
|
#include "desfire_crypto.h"
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <stdio.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include "desfire_crypto_disabled.h"
|
#include "commonutil.h"
|
||||||
#include "crc32.h"
|
#include "crc32.h"
|
||||||
#include "printf.h"
|
|
||||||
#include "desfire.h"
|
|
||||||
#include "iso14443a.h"
|
|
||||||
#include "mbedtls/aes.h"
|
#include "mbedtls/aes.h"
|
||||||
|
//#include "mbedtls/des.h"
|
||||||
|
#include "ui.h"
|
||||||
|
#include "crc.h"
|
||||||
|
#include "crc16.h" // crc16 ccitt
|
||||||
|
|
||||||
|
const uint8_t sbox[256] = {
|
||||||
|
/* S-box 1 */
|
||||||
|
0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07,
|
||||||
|
0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38,
|
||||||
|
0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50,
|
||||||
|
0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D,
|
||||||
|
/* S-box 2 */
|
||||||
|
0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A,
|
||||||
|
0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5,
|
||||||
|
0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F,
|
||||||
|
0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9,
|
||||||
|
/* S-box 3 */
|
||||||
|
0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28,
|
||||||
|
0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1,
|
||||||
|
0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7,
|
||||||
|
0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C,
|
||||||
|
/* S-box 4 */
|
||||||
|
0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F,
|
||||||
|
0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9,
|
||||||
|
0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84,
|
||||||
|
0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E,
|
||||||
|
/* S-box 5 */
|
||||||
|
0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9,
|
||||||
|
0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86,
|
||||||
|
0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E,
|
||||||
|
0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53,
|
||||||
|
/* S-box 6 */
|
||||||
|
0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B,
|
||||||
|
0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38,
|
||||||
|
0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6,
|
||||||
|
0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D,
|
||||||
|
/* S-box 7 */
|
||||||
|
0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61,
|
||||||
|
0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86,
|
||||||
|
0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92,
|
||||||
|
0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C,
|
||||||
|
/* S-box 8 */
|
||||||
|
0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7,
|
||||||
|
0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92,
|
||||||
|
0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58,
|
||||||
|
0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B
|
||||||
|
};
|
||||||
|
|
||||||
|
const uint8_t e_permtab[] = {
|
||||||
|
4, 6, /* 4 bytes in 6 bytes out*/
|
||||||
|
32, 1, 2, 3, 4, 5,
|
||||||
|
4, 5, 6, 7, 8, 9,
|
||||||
|
8, 9, 10, 11, 12, 13,
|
||||||
|
12, 13, 14, 15, 16, 17,
|
||||||
|
16, 17, 18, 19, 20, 21,
|
||||||
|
20, 21, 22, 23, 24, 25,
|
||||||
|
24, 25, 26, 27, 28, 29,
|
||||||
|
28, 29, 30, 31, 32, 1
|
||||||
|
};
|
||||||
|
|
||||||
|
const uint8_t p_permtab[] = {
|
||||||
|
4, 4, /* 32 bit -> 32 bit */
|
||||||
|
16, 7, 20, 21,
|
||||||
|
29, 12, 28, 17,
|
||||||
|
1, 15, 23, 26,
|
||||||
|
5, 18, 31, 10,
|
||||||
|
2, 8, 24, 14,
|
||||||
|
32, 27, 3, 9,
|
||||||
|
19, 13, 30, 6,
|
||||||
|
22, 11, 4, 25
|
||||||
|
};
|
||||||
|
|
||||||
|
const uint8_t ip_permtab[] = {
|
||||||
|
8, 8, /* 64 bit -> 64 bit */
|
||||||
|
58, 50, 42, 34, 26, 18, 10, 2,
|
||||||
|
60, 52, 44, 36, 28, 20, 12, 4,
|
||||||
|
62, 54, 46, 38, 30, 22, 14, 6,
|
||||||
|
64, 56, 48, 40, 32, 24, 16, 8,
|
||||||
|
57, 49, 41, 33, 25, 17, 9, 1,
|
||||||
|
59, 51, 43, 35, 27, 19, 11, 3,
|
||||||
|
61, 53, 45, 37, 29, 21, 13, 5,
|
||||||
|
63, 55, 47, 39, 31, 23, 15, 7
|
||||||
|
};
|
||||||
|
|
||||||
|
const uint8_t inv_ip_permtab[] = {
|
||||||
|
8, 8, /* 64 bit -> 64 bit */
|
||||||
|
40, 8, 48, 16, 56, 24, 64, 32,
|
||||||
|
39, 7, 47, 15, 55, 23, 63, 31,
|
||||||
|
38, 6, 46, 14, 54, 22, 62, 30,
|
||||||
|
37, 5, 45, 13, 53, 21, 61, 29,
|
||||||
|
36, 4, 44, 12, 52, 20, 60, 28,
|
||||||
|
35, 3, 43, 11, 51, 19, 59, 27,
|
||||||
|
34, 2, 42, 10, 50, 18, 58, 26,
|
||||||
|
33, 1, 41, 9, 49, 17, 57, 25
|
||||||
|
};
|
||||||
|
|
||||||
|
const uint8_t pc1_permtab[] = {
|
||||||
|
8, 7, /* 64 bit -> 56 bit*/
|
||||||
|
57, 49, 41, 33, 25, 17, 9,
|
||||||
|
1, 58, 50, 42, 34, 26, 18,
|
||||||
|
10, 2, 59, 51, 43, 35, 27,
|
||||||
|
19, 11, 3, 60, 52, 44, 36,
|
||||||
|
63, 55, 47, 39, 31, 23, 15,
|
||||||
|
7, 62, 54, 46, 38, 30, 22,
|
||||||
|
14, 6, 61, 53, 45, 37, 29,
|
||||||
|
21, 13, 5, 28, 20, 12, 4
|
||||||
|
};
|
||||||
|
|
||||||
|
const uint8_t pc2_permtab[] = {
|
||||||
|
7, 6, /* 56 bit -> 48 bit */
|
||||||
|
14, 17, 11, 24, 1, 5,
|
||||||
|
3, 28, 15, 6, 21, 10,
|
||||||
|
23, 19, 12, 4, 26, 8,
|
||||||
|
16, 7, 27, 20, 13, 2,
|
||||||
|
41, 52, 31, 37, 47, 55,
|
||||||
|
30, 40, 51, 45, 33, 48,
|
||||||
|
44, 49, 39, 56, 34, 53,
|
||||||
|
46, 42, 50, 36, 29, 32
|
||||||
|
};
|
||||||
|
|
||||||
|
const uint8_t splitin6bitword_permtab[] = {
|
||||||
|
8, 8, /* 64 bit -> 64 bit */
|
||||||
|
64, 64, 1, 6, 2, 3, 4, 5,
|
||||||
|
64, 64, 7, 12, 8, 9, 10, 11,
|
||||||
|
64, 64, 13, 18, 14, 15, 16, 17,
|
||||||
|
64, 64, 19, 24, 20, 21, 22, 23,
|
||||||
|
64, 64, 25, 30, 26, 27, 28, 29,
|
||||||
|
64, 64, 31, 36, 32, 33, 34, 35,
|
||||||
|
64, 64, 37, 42, 38, 39, 40, 41,
|
||||||
|
64, 64, 43, 48, 44, 45, 46, 47
|
||||||
|
};
|
||||||
|
|
||||||
|
const uint8_t shiftkey_permtab[] = {
|
||||||
|
7, 7, /* 56 bit -> 56 bit */
|
||||||
|
2, 3, 4, 5, 6, 7, 8, 9,
|
||||||
|
10, 11, 12, 13, 14, 15, 16, 17,
|
||||||
|
18, 19, 20, 21, 22, 23, 24, 25,
|
||||||
|
26, 27, 28, 1,
|
||||||
|
30, 31, 32, 33, 34, 35, 36, 37,
|
||||||
|
38, 39, 40, 41, 42, 43, 44, 45,
|
||||||
|
46, 47, 48, 49, 50, 51, 52, 53,
|
||||||
|
54, 55, 56, 29
|
||||||
|
};
|
||||||
|
|
||||||
|
const uint8_t shiftkeyinv_permtab[] = {
|
||||||
|
7, 7,
|
||||||
|
28, 1, 2, 3, 4, 5, 6, 7,
|
||||||
|
8, 9, 10, 11, 12, 13, 14, 15,
|
||||||
|
16, 17, 18, 19, 20, 21, 22, 23,
|
||||||
|
24, 25, 26, 27,
|
||||||
|
56, 29, 30, 31, 32, 33, 34, 35,
|
||||||
|
36, 37, 38, 39, 40, 41, 42, 43,
|
||||||
|
44, 45, 46, 47, 48, 49, 50, 51,
|
||||||
|
52, 53, 54, 55
|
||||||
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
1 0
|
||||||
|
1 0
|
||||||
|
2 1
|
||||||
|
2 1
|
||||||
|
2 1
|
||||||
|
2 1
|
||||||
|
2 1
|
||||||
|
2 1
|
||||||
|
----
|
||||||
|
1 0
|
||||||
|
2 1
|
||||||
|
2 1
|
||||||
|
2 1
|
||||||
|
2 1
|
||||||
|
2 1
|
||||||
|
2 1
|
||||||
|
1 0
|
||||||
|
*/
|
||||||
|
#define ROTTABLE 0x7EFC
|
||||||
|
#define ROTTABLE_INV 0x3F7E
|
||||||
|
/******************************************************************************/
|
||||||
|
|
||||||
|
void permute(const uint8_t *ptable, const uint8_t *in, uint8_t *out) {
|
||||||
|
uint8_t ob; /* in-bytes and out-bytes */
|
||||||
|
uint8_t byte, bit; /* counter for bit and byte */
|
||||||
|
ob = ptable[1];
|
||||||
|
ptable = &(ptable[2]);
|
||||||
|
for (byte = 0; byte < ob; ++byte) {
|
||||||
|
uint8_t t = 0;
|
||||||
|
for (bit = 0; bit < 8; ++bit) {
|
||||||
|
uint8_t x = *ptable++ - 1;
|
||||||
|
t <<= 1;
|
||||||
|
if ((in[x / 8]) & (0x80 >> (x % 8))) {
|
||||||
|
t |= 0x01;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
out[byte] = t;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
|
||||||
|
void changeendian32(uint32_t *a) {
|
||||||
|
*a = (*a & 0x000000FF) << 24 |
|
||||||
|
(*a & 0x0000FF00) << 8 |
|
||||||
|
(*a & 0x00FF0000) >> 8 |
|
||||||
|
(*a & 0xFF000000) >> 24;
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
static inline
|
||||||
|
void shiftkey(uint8_t *key) {
|
||||||
|
uint8_t k[7];
|
||||||
|
memcpy(k, key, 7);
|
||||||
|
permute((uint8_t *)shiftkey_permtab, k, key);
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
static inline
|
||||||
|
void shiftkey_inv(uint8_t *key) {
|
||||||
|
uint8_t k[7];
|
||||||
|
memcpy(k, key, 7);
|
||||||
|
permute((uint8_t *)shiftkeyinv_permtab, k, key);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
static inline
|
||||||
|
uint64_t splitin6bitwords(uint64_t a) {
|
||||||
|
uint64_t ret = 0;
|
||||||
|
a &= 0x0000ffffffffffffLL;
|
||||||
|
permute((uint8_t *)splitin6bitword_permtab, (uint8_t *)&a, (uint8_t *)&ret);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
|
||||||
|
static inline
|
||||||
|
uint8_t substitute(uint8_t a, uint8_t *sbp) {
|
||||||
|
uint8_t x;
|
||||||
|
x = sbp[a >> 1];
|
||||||
|
x = (a & 1) ? x & 0x0F : x >> 4;
|
||||||
|
return x;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
|
||||||
|
uint32_t des_f(uint32_t r, uint8_t *kr) {
|
||||||
|
uint8_t i;
|
||||||
|
uint32_t t = 0, ret;
|
||||||
|
uint64_t data = 0;
|
||||||
|
uint8_t *sbp; /* sboxpointer */
|
||||||
|
permute((uint8_t *)e_permtab, (uint8_t *)&r, (uint8_t *)&data);
|
||||||
|
for (i = 0; i < 6; ++i)
|
||||||
|
((uint8_t *)&data)[i] ^= kr[i];
|
||||||
|
|
||||||
|
/* Sbox substitution */
|
||||||
|
data = splitin6bitwords(data);
|
||||||
|
sbp = (uint8_t *)sbox;
|
||||||
|
for (i = 0; i < 8; ++i) {
|
||||||
|
uint8_t x;
|
||||||
|
x = substitute(((uint8_t *)&data)[i], sbp);
|
||||||
|
t <<= 4;
|
||||||
|
t |= x;
|
||||||
|
sbp += 32;
|
||||||
|
}
|
||||||
|
changeendian32(&t);
|
||||||
|
|
||||||
|
permute((uint8_t *)p_permtab, (uint8_t *)&t, (uint8_t *)&ret);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
union {
|
||||||
|
uint8_t v8[8];
|
||||||
|
uint32_t v32[2];
|
||||||
|
} d;
|
||||||
|
} des_data_t;
|
||||||
|
#define R (des_data.d.v32[1])
|
||||||
|
#define L (des_data.d.v32[0])
|
||||||
|
|
||||||
|
void des_enc(void *out, const void *in, const void *key) {
|
||||||
|
|
||||||
|
uint8_t kr[6], k[7];
|
||||||
|
uint8_t i;
|
||||||
|
des_data_t des_data;
|
||||||
|
|
||||||
|
permute((uint8_t *)ip_permtab, (uint8_t *)in, des_data.d.v8);
|
||||||
|
permute((uint8_t *)pc1_permtab, (const uint8_t *)key, k);
|
||||||
|
|
||||||
|
for (i = 0; i < 8; ++i) {
|
||||||
|
shiftkey(k);
|
||||||
|
if (ROTTABLE & ((1 << ((i << 1) + 0))))
|
||||||
|
shiftkey(k);
|
||||||
|
permute((uint8_t *)pc2_permtab, k, kr);
|
||||||
|
L ^= des_f(R, kr);
|
||||||
|
|
||||||
|
shiftkey(k);
|
||||||
|
if (ROTTABLE & ((1 << ((i << 1) + 1))))
|
||||||
|
shiftkey(k);
|
||||||
|
permute((uint8_t *)pc2_permtab, k, kr);
|
||||||
|
R ^= des_f(L, kr);
|
||||||
|
|
||||||
|
}
|
||||||
|
/* L <-> R*/
|
||||||
|
R ^= L;
|
||||||
|
L ^= R;
|
||||||
|
R ^= L;
|
||||||
|
|
||||||
|
permute((uint8_t *)inv_ip_permtab, des_data.d.v8, (uint8_t *)out);
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
|
||||||
|
void des_dec(void *out, const void *in, const void *key) {
|
||||||
|
|
||||||
|
uint8_t kr[6], k[7];
|
||||||
|
int8_t i;
|
||||||
|
des_data_t des_data;
|
||||||
|
|
||||||
|
permute((uint8_t *)ip_permtab, (uint8_t *)in, des_data.d.v8);
|
||||||
|
permute((uint8_t *)pc1_permtab, (const uint8_t *)key, k);
|
||||||
|
for (i = 7; i >= 0; --i) {
|
||||||
|
|
||||||
|
permute((uint8_t *)pc2_permtab, k, kr);
|
||||||
|
L ^= des_f(R, kr);
|
||||||
|
shiftkey_inv(k);
|
||||||
|
if (ROTTABLE & ((1 << ((i << 1) + 1)))) {
|
||||||
|
shiftkey_inv(k);
|
||||||
|
}
|
||||||
|
|
||||||
|
permute((uint8_t *)pc2_permtab, k, kr);
|
||||||
|
R ^= des_f(L, kr);
|
||||||
|
shiftkey_inv(k);
|
||||||
|
if (ROTTABLE & ((1 << ((i << 1) + 0)))) {
|
||||||
|
shiftkey_inv(k);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
/* L <-> R*/
|
||||||
|
R ^= L;
|
||||||
|
L ^= R;
|
||||||
|
R ^= L;
|
||||||
|
|
||||||
|
permute((uint8_t *)inv_ip_permtab, des_data.d.v8, (uint8_t *)out);
|
||||||
|
}
|
||||||
|
|
||||||
|
#undef R
|
||||||
|
#undef L
|
||||||
|
/******************************************************************************/
|
||||||
|
|
||||||
|
#ifndef AddCrc14A
|
||||||
|
# define AddCrc14A(data, len) compute_crc(CRC_14443_A, (data), (len), (data)+(len), (data)+(len)+1)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define htole32(x) (x)
|
||||||
|
#define CRC32_PRESET 0xFFFFFFFF
|
||||||
|
|
||||||
|
static void crc32_byte(uint32_t *crc, const uint8_t value);
|
||||||
|
|
||||||
|
static void crc32_byte(uint32_t *crc, const uint8_t value) {
|
||||||
|
/* x32 + x26 + x23 + x22 + x16 + x12 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x + 1 */
|
||||||
|
const uint32_t poly = 0xEDB88320;
|
||||||
|
|
||||||
|
*crc ^= value;
|
||||||
|
for (int current_bit = 7; current_bit >= 0; current_bit--) {
|
||||||
|
int bit_out = (*crc) & 0x00000001;
|
||||||
|
*crc >>= 1;
|
||||||
|
if (bit_out)
|
||||||
|
*crc ^= poly;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void crc32_ex(const uint8_t *data, const size_t len, uint8_t *crc) {
|
||||||
|
uint32_t desfire_crc = CRC32_PRESET;
|
||||||
|
for (size_t i = 0; i < len; i++) {
|
||||||
|
crc32_byte(&desfire_crc, data[i]);
|
||||||
|
}
|
||||||
|
|
||||||
|
*((uint32_t *)(crc)) = htole32(desfire_crc);
|
||||||
|
}
|
||||||
|
|
||||||
|
void crc32_append(uint8_t *data, const size_t len) {
|
||||||
|
crc32_ex(data, len, data + len);
|
||||||
|
}
|
||||||
|
|
||||||
|
static inline void update_key_schedules(desfirekey_t key);
|
||||||
|
|
||||||
|
static inline void update_key_schedules(desfirekey_t key) {
|
||||||
|
// DES_set_key ((DES_cblock *)key->data, &(key->ks1));
|
||||||
|
// DES_set_key ((DES_cblock *)(key->data + 8), &(key->ks2));
|
||||||
|
// if (T_3K3DES == key->type) {
|
||||||
|
// DES_set_key ((DES_cblock *)(key->data + 16), &(key->ks3));
|
||||||
|
// }
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
|
||||||
|
/*void des_enc(void *out, const void *in, const void *key) {
|
||||||
|
mbedtls_des_context ctx;
|
||||||
|
mbedtls_des_setkey_enc(&ctx, key);
|
||||||
|
mbedtls_des_crypt_ecb(&ctx, in, out);
|
||||||
|
mbedtls_des_free(&ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
void des_dec(void *out, const void *in, const void *key) {
|
||||||
|
mbedtls_des_context ctx;
|
||||||
|
mbedtls_des_setkey_dec(&ctx, key);
|
||||||
|
mbedtls_des_crypt_ecb(&ctx, in, out);
|
||||||
|
mbedtls_des_free(&ctx);
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
|
void tdes_3key_enc(void *out, void *in, const void *key) {
|
||||||
|
des_enc(out, in, (uint8_t *)key + 0);
|
||||||
|
des_dec(out, out, (uint8_t *)key + 8);
|
||||||
|
des_enc(out, out, (uint8_t *)key + 16);
|
||||||
|
}
|
||||||
|
|
||||||
|
void tdes_3key_dec(void *out, void *in, const uint8_t *key) {
|
||||||
|
des_dec(out, in, (uint8_t *)key + 16);
|
||||||
|
des_enc(out, out, (uint8_t *)key + 8);
|
||||||
|
des_dec(out, out, (uint8_t *)key + 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
void tdes_2key_enc(void *out, void *in, const void *key) {
|
||||||
|
des_enc(out, in, (uint8_t *)key + 0);
|
||||||
|
des_dec(out, out, (uint8_t *)key + 8);
|
||||||
|
des_enc(out, out, (uint8_t *)key + 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
void tdes_2key_dec(void *out, void *in, const uint8_t *key) {
|
||||||
|
des_dec(out, in, (uint8_t *)key + 0);
|
||||||
|
des_enc(out, out, (uint8_t *)key + 8);
|
||||||
|
des_dec(out, out, (uint8_t *)key + 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode) {
|
||||||
|
|
||||||
|
if (length % 8) return;
|
||||||
|
|
||||||
|
uint8_t i;
|
||||||
|
unsigned char temp[8];
|
||||||
|
uint8_t *tin = (uint8_t *) in;
|
||||||
|
uint8_t *tout = (uint8_t *) out;
|
||||||
|
|
||||||
|
while (length > 0) {
|
||||||
|
memcpy(temp, tin, 8);
|
||||||
|
|
||||||
|
if (keymode==2) tdes_2key_dec(tout,tin,key);
|
||||||
|
else if (keymode==3) tdes_3key_dec(tout,tin,key);
|
||||||
|
|
||||||
|
for (i = 0; i < 8; i++)
|
||||||
|
tout[i] = (unsigned char)(tout[i] ^ iv[i]);
|
||||||
|
|
||||||
|
memcpy(iv, temp, 8);
|
||||||
|
|
||||||
|
tin += 8;
|
||||||
|
tout += 8;
|
||||||
|
length -= 8;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode) {
|
||||||
|
|
||||||
|
if (length % 8) return;
|
||||||
|
|
||||||
|
uint8_t i;
|
||||||
|
uint8_t *tin = (uint8_t *) in;
|
||||||
|
uint8_t *tout = (uint8_t *) out;
|
||||||
|
|
||||||
|
while (length > 0) {
|
||||||
|
for (i = 0; i < 8; i++)
|
||||||
|
tin[i] = (unsigned char)(tin[i] ^ iv[i]);
|
||||||
|
|
||||||
|
if (keymode==2) tdes_2key_enc(tout,tin,key);
|
||||||
|
else if (keymode==3) tdes_3key_enc(tout,tin,key);
|
||||||
|
|
||||||
|
memcpy(iv, tout, 8);
|
||||||
|
|
||||||
|
tin += 8;
|
||||||
|
tout += 8;
|
||||||
|
length -= 8;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key) {
|
||||||
|
uint8_t data[8];
|
||||||
|
memcpy(data, value, 8);
|
||||||
|
for (int n = 0; n < 8; n++)
|
||||||
|
data[n] &= 0xfe;
|
||||||
|
Desfire_des_key_new_with_version(data, key);
|
||||||
|
}
|
||||||
|
|
||||||
|
void Desfire_des_key_new_with_version(const uint8_t value[8], desfirekey_t key) {
|
||||||
|
if (key != NULL) {
|
||||||
|
key->type = T_DES;
|
||||||
|
memcpy(key->data, value, 8);
|
||||||
|
memcpy(key->data + 8, value, 8);
|
||||||
|
update_key_schedules(key);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void Desfire_3des_key_new(const uint8_t value[16], desfirekey_t key) {
|
||||||
|
uint8_t data[16];
|
||||||
|
memcpy(data, value, 16);
|
||||||
|
for (int n = 0; n < 8; n++)
|
||||||
|
data[n] &= 0xfe;
|
||||||
|
for (int n = 8; n < 16; n++)
|
||||||
|
data[n] |= 0x01;
|
||||||
|
Desfire_3des_key_new_with_version(data, key);
|
||||||
|
}
|
||||||
|
|
||||||
|
void Desfire_3des_key_new_with_version(const uint8_t value[16], desfirekey_t key) {
|
||||||
|
if (key != NULL) {
|
||||||
|
key->type = T_3DES;
|
||||||
|
memcpy(key->data, value, 16);
|
||||||
|
update_key_schedules(key);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void Desfire_3k3des_key_new(const uint8_t value[24], desfirekey_t key) {
|
||||||
|
uint8_t data[24];
|
||||||
|
memcpy(data, value, 24);
|
||||||
|
for (int n = 0; n < 8; n++)
|
||||||
|
data[n] &= 0xfe;
|
||||||
|
Desfire_3k3des_key_new_with_version(data, key);
|
||||||
|
}
|
||||||
|
|
||||||
|
void Desfire_3k3des_key_new_with_version(const uint8_t value[24], desfirekey_t key) {
|
||||||
|
if (key != NULL) {
|
||||||
|
key->type = T_3K3DES;
|
||||||
|
memcpy(key->data, value, 24);
|
||||||
|
update_key_schedules(key);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void Desfire_aes_key_new(const uint8_t value[16], desfirekey_t key) {
|
||||||
|
Desfire_aes_key_new_with_version(value, 0, key);
|
||||||
|
}
|
||||||
|
|
||||||
|
void Desfire_aes_key_new_with_version(const uint8_t value[16], uint8_t version, desfirekey_t key) {
|
||||||
|
|
||||||
|
if (key != NULL) {
|
||||||
|
memcpy(key->data, value, 16);
|
||||||
|
key->type = T_AES;
|
||||||
|
key->aes_version = version;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t Desfire_key_get_version(desfirekey_t key) {
|
||||||
|
uint8_t version = 0;
|
||||||
|
|
||||||
|
for (int n = 0; n < 8; n++) {
|
||||||
|
version |= ((key->data[n] & 1) << (7 - n));
|
||||||
|
}
|
||||||
|
return version;
|
||||||
|
}
|
||||||
|
|
||||||
|
void Desfire_key_set_version(desfirekey_t key, uint8_t version) {
|
||||||
|
for (int n = 0; n < 8; n++) {
|
||||||
|
uint8_t version_bit = ((version & (1 << (7 - n))) >> (7 - n));
|
||||||
|
key->data[n] &= 0xfe;
|
||||||
|
key->data[n] |= version_bit;
|
||||||
|
if (key->type == T_DES) {
|
||||||
|
key->data[n + 8] = key->data[n];
|
||||||
|
} else {
|
||||||
|
// Write ~version to avoid turning a 3DES key into a DES key
|
||||||
|
key->data[n + 8] &= 0xfe;
|
||||||
|
key->data[n + 8] |= ~version_bit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void Desfire_session_key_new(const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey, desfirekey_t key) {
|
||||||
|
|
||||||
|
uint8_t buffer[24];
|
||||||
|
|
||||||
|
switch (authkey->type) {
|
||||||
|
case T_DES:
|
||||||
|
memcpy(buffer, rnda, 4);
|
||||||
|
memcpy(buffer + 4, rndb, 4);
|
||||||
|
Desfire_des_key_new_with_version(buffer, key);
|
||||||
|
break;
|
||||||
|
case T_3DES:
|
||||||
|
memcpy(buffer, rnda, 4);
|
||||||
|
memcpy(buffer + 4, rndb, 4);
|
||||||
|
memcpy(buffer + 8, rnda + 4, 4);
|
||||||
|
memcpy(buffer + 12, rndb + 4, 4);
|
||||||
|
Desfire_3des_key_new_with_version(buffer, key);
|
||||||
|
break;
|
||||||
|
case T_3K3DES:
|
||||||
|
memcpy(buffer, rnda, 4);
|
||||||
|
memcpy(buffer + 4, rndb, 4);
|
||||||
|
memcpy(buffer + 8, rnda + 6, 4);
|
||||||
|
memcpy(buffer + 12, rndb + 6, 4);
|
||||||
|
memcpy(buffer + 16, rnda + 12, 4);
|
||||||
|
memcpy(buffer + 20, rndb + 12, 4);
|
||||||
|
Desfire_3k3des_key_new(buffer, key);
|
||||||
|
break;
|
||||||
|
case T_AES:
|
||||||
|
memcpy(buffer, rnda, 4);
|
||||||
|
memcpy(buffer + 4, rndb, 4);
|
||||||
|
memcpy(buffer + 8, rnda + 12, 4);
|
||||||
|
memcpy(buffer + 12, rndb + 12, 4);
|
||||||
|
Desfire_aes_key_new(buffer, key);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static void xor(const uint8_t *ivect, uint8_t *data, const size_t len);
|
static void xor(const uint8_t *ivect, uint8_t *data, const size_t len);
|
||||||
static size_t key_macing_length(desfirekey_t key);
|
static size_t key_macing_length(desfirekey_t key);
|
||||||
|
|
@ -449,7 +1061,7 @@ void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes
|
||||||
|
|
||||||
do {
|
do {
|
||||||
uint16_t crc_16 = 0x00;
|
uint16_t crc_16 = 0x00;
|
||||||
uint32_t crc;
|
uint32_t crc=0x00;
|
||||||
switch (DESFIRE(tag)->authentication_scheme) {
|
switch (DESFIRE(tag)->authentication_scheme) {
|
||||||
case AS_LEGACY:
|
case AS_LEGACY:
|
||||||
AddCrc14A((uint8_t *)res, end_crc_pos);
|
AddCrc14A((uint8_t *)res, end_crc_pos);
|
||||||
|
|
@ -508,7 +1120,7 @@ void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes
|
||||||
|
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
Dbprintf("Unknown communication settings");
|
PrintAndLogEx(ERR,"Unknown communication settings");
|
||||||
*nbytes = -1;
|
*nbytes = -1;
|
||||||
res = NULL;
|
res = NULL;
|
||||||
break;
|
break;
|
||||||
|
|
@ -548,26 +1160,26 @@ void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect,
|
||||||
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT);
|
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT);
|
||||||
// DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT);
|
// DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT);
|
||||||
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT);
|
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT);
|
||||||
tdes_enc(edata, data, key->data);
|
tdes_2key_enc(edata, data, key->data);
|
||||||
break;
|
break;
|
||||||
case MCO_DECYPHER:
|
case MCO_DECYPHER:
|
||||||
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT);
|
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT);
|
||||||
// DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT);
|
// DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT);
|
||||||
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT);
|
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT);
|
||||||
tdes_dec(data, edata, key->data);
|
tdes_2key_dec(data, edata, key->data);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case T_3K3DES:
|
case T_3K3DES:
|
||||||
switch (operation) {
|
switch (operation) {
|
||||||
case MCO_ENCYPHER:
|
case MCO_ENCYPHER:
|
||||||
tdes_enc(edata, data, key->data);
|
tdes_3key_enc(edata, data, key->data);
|
||||||
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT);
|
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT);
|
||||||
// DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT);
|
// DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT);
|
||||||
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_ENCRYPT);
|
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_ENCRYPT);
|
||||||
break;
|
break;
|
||||||
case MCO_DECYPHER:
|
case MCO_DECYPHER:
|
||||||
tdes_dec(data, edata, key->data);
|
tdes_3key_enc(data, edata, key->data);
|
||||||
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_DECRYPT);
|
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_DECRYPT);
|
||||||
// DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT);
|
// DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT);
|
||||||
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT);
|
// DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT);
|
||||||
139
client/mifare/desfire_crypto.h
Normal file
139
client/mifare/desfire_crypto.h
Normal file
|
|
@ -0,0 +1,139 @@
|
||||||
|
#ifndef __DESFIRE_CRYPTO_H
|
||||||
|
#define __DESFIRE_CRYPTO_H
|
||||||
|
|
||||||
|
#include "common.h"
|
||||||
|
#include "mifare.h" // structs
|
||||||
|
//#include "../../armsrc/printf.h"
|
||||||
|
//#include "../../armsrc/desfire.h"
|
||||||
|
//#include "../../armsrc/iso14443a.h"
|
||||||
|
|
||||||
|
|
||||||
|
#define MAX_CRYPTO_BLOCK_SIZE 16
|
||||||
|
/* Mifare DESFire EV1 Application crypto operations */
|
||||||
|
#define APPLICATION_CRYPTO_DES 0x00
|
||||||
|
#define APPLICATION_CRYPTO_3K3DES 0x40
|
||||||
|
#define APPLICATION_CRYPTO_AES 0x80
|
||||||
|
|
||||||
|
#define MAC_LENGTH 4
|
||||||
|
#define CMAC_LENGTH 8
|
||||||
|
|
||||||
|
typedef enum {
|
||||||
|
MCD_SEND,
|
||||||
|
MCD_RECEIVE
|
||||||
|
} MifareCryptoDirection;
|
||||||
|
|
||||||
|
typedef enum {
|
||||||
|
MCO_ENCYPHER,
|
||||||
|
MCO_DECYPHER
|
||||||
|
} MifareCryptoOperation;
|
||||||
|
|
||||||
|
#define MDCM_MASK 0x000F
|
||||||
|
|
||||||
|
#define CMAC_NONE 0
|
||||||
|
|
||||||
|
// Data send to the PICC is used to update the CMAC
|
||||||
|
#define CMAC_COMMAND 0x010
|
||||||
|
// Data received from the PICC is used to update the CMAC
|
||||||
|
#define CMAC_VERIFY 0x020
|
||||||
|
|
||||||
|
// MAC the command (when MDCM_MACED)
|
||||||
|
#define MAC_COMMAND 0x100
|
||||||
|
// The command returns a MAC to verify (when MDCM_MACED)
|
||||||
|
#define MAC_VERIFY 0x200
|
||||||
|
|
||||||
|
#define ENC_COMMAND 0x1000
|
||||||
|
#define NO_CRC 0x2000
|
||||||
|
|
||||||
|
#define MAC_MASK 0x0F0
|
||||||
|
#define CMAC_MACK 0xF00
|
||||||
|
|
||||||
|
/* Communication mode */
|
||||||
|
#define MDCM_PLAIN 0x00
|
||||||
|
#define MDCM_MACED 0x01
|
||||||
|
#define MDCM_ENCIPHERED 0x03
|
||||||
|
|
||||||
|
/* Error code managed by the library */
|
||||||
|
#define CRYPTO_ERROR 0x01
|
||||||
|
|
||||||
|
enum DESFIRE_CRYPTOALGO {
|
||||||
|
T_DES = 0x00,
|
||||||
|
T_3DES = 0x01, //aka 2K3DES
|
||||||
|
T_3K3DES = 0x02,
|
||||||
|
T_AES = 0x03
|
||||||
|
};
|
||||||
|
|
||||||
|
enum DESFIRE_AUTH_SCHEME {
|
||||||
|
AS_LEGACY,
|
||||||
|
AS_NEW
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#define DESFIRE_KEY(key) ((struct desfire_key *) key)
|
||||||
|
struct desfire_key {
|
||||||
|
enum DESFIRE_CRYPTOALGO type;
|
||||||
|
uint8_t data[24];
|
||||||
|
uint8_t cmac_sk1[24];
|
||||||
|
uint8_t cmac_sk2[24];
|
||||||
|
uint8_t aes_version;
|
||||||
|
};
|
||||||
|
typedef struct desfire_key *desfirekey_t;
|
||||||
|
|
||||||
|
#define DESFIRE(tag) ((struct desfire_tag *) tag)
|
||||||
|
struct desfire_tag {
|
||||||
|
iso14a_card_select_t info;
|
||||||
|
int active;
|
||||||
|
uint8_t last_picc_error;
|
||||||
|
uint8_t last_internal_error;
|
||||||
|
uint8_t last_pcd_error;
|
||||||
|
desfirekey_t session_key;
|
||||||
|
enum DESFIRE_AUTH_SCHEME authentication_scheme;
|
||||||
|
uint8_t authenticated_key_no;
|
||||||
|
|
||||||
|
uint8_t ivect[MAX_CRYPTO_BLOCK_SIZE];
|
||||||
|
uint8_t cmac[16];
|
||||||
|
uint8_t *crypto_buffer;
|
||||||
|
size_t crypto_buffer_size;
|
||||||
|
uint32_t selected_application;
|
||||||
|
};
|
||||||
|
typedef struct desfire_tag *desfiretag_t;
|
||||||
|
|
||||||
|
typedef unsigned long DES_KS[16][2]; /* Single-key DES key schedule */
|
||||||
|
typedef unsigned long DES3_KS[48][2]; /* Triple-DES key schedule */
|
||||||
|
|
||||||
|
extern int Asmversion; /* 1 if we're linked with an asm version, 0 if C */
|
||||||
|
|
||||||
|
void crc32_ex(const uint8_t *data, const size_t len, uint8_t *crc);
|
||||||
|
void crc32_append(uint8_t *data, const size_t len);
|
||||||
|
|
||||||
|
void des_enc(void *out, const void *in, const void *key);
|
||||||
|
void des_dec(void *out, const void *in, const void *key);
|
||||||
|
void tdes_enc(void *out, void *in, const void *key);
|
||||||
|
void tdes_dec(void *out, void *in, const uint8_t *key);
|
||||||
|
void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode);
|
||||||
|
void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode);
|
||||||
|
void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key);
|
||||||
|
void Desfire_3des_key_new(const uint8_t value[16], desfirekey_t key);
|
||||||
|
void Desfire_des_key_new_with_version(const uint8_t value[8], desfirekey_t key);
|
||||||
|
void Desfire_3des_key_new_with_version(const uint8_t value[16], desfirekey_t key);
|
||||||
|
void Desfire_3k3des_key_new(const uint8_t value[24], desfirekey_t key);
|
||||||
|
void Desfire_3k3des_key_new_with_version(const uint8_t value[24], desfirekey_t key);
|
||||||
|
void Desfire_2k3des_key_new_with_version(const uint8_t value[16], desfirekey_t key);
|
||||||
|
void Desfire_aes_key_new(const uint8_t value[16], desfirekey_t key);
|
||||||
|
void Desfire_aes_key_new_with_version(const uint8_t value[16], uint8_t version, desfirekey_t key);
|
||||||
|
uint8_t Desfire_key_get_version(desfirekey_t key);
|
||||||
|
void Desfire_key_set_version(desfirekey_t key, uint8_t version);
|
||||||
|
void Desfire_session_key_new(const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey, desfirekey_t key);
|
||||||
|
|
||||||
|
void *mifare_cryto_preprocess_data(desfiretag_t tag, void *data, size_t *nbytes, size_t offset, int communication_settings);
|
||||||
|
void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes, int communication_settings);
|
||||||
|
void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, MifareCryptoDirection direction, MifareCryptoOperation operation, size_t block_size);
|
||||||
|
void mifare_cypher_blocks_chained(desfiretag_t tag, desfirekey_t key, uint8_t *ivect, uint8_t *data, size_t data_size, MifareCryptoDirection direction, MifareCryptoOperation operation);
|
||||||
|
size_t key_block_size(const desfirekey_t key);
|
||||||
|
size_t padded_data_length(const size_t nbytes, const size_t block_size);
|
||||||
|
size_t maced_data_length(const desfirekey_t key, const size_t nbytes);
|
||||||
|
size_t enciphered_data_length(const desfiretag_t tag, const size_t nbytes, int communication_settings);
|
||||||
|
void cmac_generate_subkeys(desfirekey_t key);
|
||||||
|
void cmac(const desfirekey_t key, uint8_t *ivect, const uint8_t *data, size_t len, uint8_t *cmac);
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
@ -90,9 +90,8 @@ typedef enum {
|
||||||
typedef enum {
|
typedef enum {
|
||||||
MFDES_ALGO_DES = 1,
|
MFDES_ALGO_DES = 1,
|
||||||
MFDES_ALGO_3DES = 2,
|
MFDES_ALGO_3DES = 2,
|
||||||
MFDES_ALGO_2K3DES = 3,
|
MFDES_ALGO_3K3DES = 3,
|
||||||
MFDES_ALGO_3K3DES = 4,
|
MFDES_ALGO_AES = 4
|
||||||
MFDES_ALGO_AES = 5
|
|
||||||
} mifare_des_authalgo_t;
|
} mifare_des_authalgo_t;
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue