diff --git a/client/Makefile b/client/Makefile index 2f5478b39..c0f87e0a7 100644 --- a/client/Makefile +++ b/client/Makefile @@ -558,6 +558,7 @@ SRCS = aiddesfire.c \ fido/cbortools.c \ fido/fidocore.c \ cipurse/cipursecore.c \ + cipurse/cipursecrypto.c \ fileutils.c \ flash.c \ generator.c \ diff --git a/client/src/cipurse/cipursecrypto.c b/client/src/cipurse/cipursecrypto.c index 0f928ea1e..e020676c6 100644 --- a/client/src/cipurse/cipursecrypto.c +++ b/client/src/cipurse/cipursecrypto.c @@ -8,7 +8,7 @@ // CIPURSE crypto primitives //----------------------------------------------------------------------------- -#include "cipursecore.h" +#include "cipursecrypto.h" #include "commonutil.h" // ARRAYLEN #include "comms.h" // DropField @@ -20,4 +20,46 @@ #include "ui.h" #include "util.h" +void CipurseClearContext(CipurseContext *ctx) { + if (ctx == NULL) + return; + + memset(ctx, 0, sizeof(CipurseContext)); +} +void CipurseSetKey(CipurseContext *ctx, uint8_t keyId, uint8_t *key) { + if (ctx == NULL) + return; + + CipurseClearContext(ctx); + + ctx->keyId = keyId; + memcpy(ctx->key, key, member_size(CipurseContext, key)); +} + +void CipurseSetRandomFromPICC(CipurseContext *ctx, uint8_t *random) { + if (ctx == NULL) + return; + + memcpy(ctx->RP, random, member_size(CipurseContext, RP)); + memcpy(ctx->rP, random + member_size(CipurseContext, RP), member_size(CipurseContext, rP)); +} + +void CipurseSetRandomHost(CipurseContext *ctx) { + memset(ctx->RT, 0x10, member_size(CipurseContext, RT)); + memset(ctx->rT, 0x20, member_size(CipurseContext, rT)); +} + +void CipurseAuthenticateHost(CipurseContext *ctx) { + if (ctx == NULL) + return; + +/* RT = Random.nextBytes(16) + rT = Random.nextBytes(6) + + val cP = generateK0AndGetCp(key, RP, rP, RT, rT) ?: return Pair(null, null) + + return Pair(cP + RT + rT, generateCT(RT))*/ + + +} diff --git a/client/src/cipurse/cipursecrypto.h b/client/src/cipurse/cipursecrypto.h index f2e0dbfa2..07019f6ca 100644 --- a/client/src/cipurse/cipursecrypto.h +++ b/client/src/cipurse/cipursecrypto.h @@ -13,28 +13,37 @@ #include "common.h" +#define member_size(type, member) sizeof(((type *)0)->member) + enum CipurseChannelSecurityLevel { CPSNone, CPSPlain, CPSMACed, CPSEncrypted -} +}; -struct CipurseSession { - uint8_t keyId, - uint8_t[16] key, +typedef struct CipurseContextS { + uint8_t keyId; + uint8_t key[16]; - uint8_t[16] RP, - uint8_t[6] rP, - uint8_t[16] RT, - uint8_t[6] rT, + uint8_t RP[16]; + uint8_t rP[6]; + uint8_t RT[16]; + uint8_t rT[6]; - uint8_t[16] k0, - uint8_t[16] cP, + uint8_t frameKey0[16]; + uint8_t cP[16]; - uint8_t[16] frameKey, - uint8_t[16] frameKey1 -} + uint8_t frameKey[16]; + uint8_t frameKeyNext[16]; +} CipurseContext; + +void CipurseClearContext(CipurseContext *ctx); +void CipurseSetKey(CipurseContext *ctx, uint8_t keyId, uint8_t *key); +void CipurseSetRandomFromPICC(CipurseContext *ctx, uint8_t *random); +void CipurseSetRandomHost(CipurseContext *ctx); + +void CipurseAuthenticateHost(CipurseContext *ctx); diff --git a/client/src/cmdhfcipurse.c b/client/src/cmdhfcipurse.c index a1e9176b1..1806e4be4 100644 --- a/client/src/cmdhfcipurse.c +++ b/client/src/cmdhfcipurse.c @@ -24,6 +24,7 @@ #include "cliparser.h" #include "cmdhfcipurse.h" #include "cipurse/cipursecore.h" +#include "cipurse/cipursecrypto.h" #include "ui.h" #include "cmdhf14a.h" #include "cmdtrace.h" @@ -93,6 +94,10 @@ static int CmdHFCipurseAuth(const char *Cmd) { DropField(); return PM3_ESOFT; } + + uint8_t key[] = {0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73}; + CipurseContext ctx = {0}; + CipurseSetKey(&ctx, 1, key); res = CIPURSEChallenge(buf, sizeof(buf), &len, &sw); if (res != 0 || len != 0x16) { @@ -100,6 +105,9 @@ static int CmdHFCipurseAuth(const char *Cmd) { DropField(); return PM3_ESOFT; } + CipurseSetRandomFromPICC(&ctx, buf); + + DropField();