diff --git a/libfreefare/freefare_internal.h b/libfreefare/freefare_internal.h
index 3a0ca56..03a122d 100644
--- a/libfreefare/freefare_internal.h
+++ b/libfreefare/freefare_internal.h
@@ -228,6 +228,7 @@ struct mifare_desfire_tag {
uint8_t last_internal_error;
uint8_t last_pcd_error;
MifareDESFireKey session_key;
+ enum { AS_LEGACY, AS_NEW } authentication_scheme;
uint8_t authenticated_key_no;
uint8_t ivect[MAX_CRYPTO_BLOCK_SIZE];
uint8_t cmac[16];
diff --git a/libfreefare/mifare_desfire.c b/libfreefare/mifare_desfire.c
index 2169e5e..915adc0 100644
--- a/libfreefare/mifare_desfire.c
+++ b/libfreefare/mifare_desfire.c
@@ -334,6 +334,8 @@ authenticate (MifareTag tag, uint8_t cmd, uint8_t key_no, MifareDESFireKey key)
free (MIFARE_DESFIRE (tag)->session_key);
MIFARE_DESFIRE (tag)->session_key = NULL;
+ MIFARE_DESFIRE (tag)->authentication_scheme = (0x0A == cmd) ? AS_LEGACY : AS_NEW;
+
BUFFER_INIT (cmd1, 2);
BUFFER_INIT (res, 17);
@@ -395,12 +397,10 @@ authenticate (MifareTag tag, uint8_t cmd, uint8_t key_no, MifareDESFireKey key)
MIFARE_DESFIRE (tag)->session_key = mifare_desfire_session_key_new (PCD_RndA, PICC_RndB, key);
memset (MIFARE_DESFIRE (tag)->ivect, 0, MAX_CRYPTO_BLOCK_SIZE);
- switch (MIFARE_DESFIRE (tag)->session_key->type) {
- case T_DES:
- case T_3DES:
+ switch (MIFARE_DESFIRE (tag)->authentication_scheme) {
+ case AS_LEGACY:
break;
- case T_3K3DES:
- case T_AES:
+ case AS_NEW:
cmac_generate_subkeys (MIFARE_DESFIRE (tag)->session_key);
break;
}
@@ -536,16 +536,14 @@ mifare_desfire_change_key (MifareTag tag, uint8_t key_no, MifareDESFireKey new_k
cmd[__cmd_n++] = new_key->aes_version;
if ((MIFARE_DESFIRE (tag)->authenticated_key_no & 0x0f) != (key_no & 0x0f)) {
- switch (MIFARE_DESFIRE (tag)->session_key->type) {
- case T_DES:
- case T_3DES:
+ switch (MIFARE_DESFIRE (tag)->authentication_scheme) {
+ case AS_LEGACY:
iso14443a_crc_append (cmd + 2, __cmd_n - 2);
__cmd_n += 2;
iso14443a_crc (new_key->data, new_key_length, cmd + __cmd_n);
__cmd_n += 2;
break;
- case T_3K3DES:
- case T_AES:
+ case AS_NEW:
desfire_crc32_append (cmd, __cmd_n);
__cmd_n += 4;
@@ -554,14 +552,12 @@ mifare_desfire_change_key (MifareTag tag, uint8_t key_no, MifareDESFireKey new_k
break;
}
} else {
- switch (MIFARE_DESFIRE (tag)->session_key->type) {
- case T_DES:
- case T_3DES:
+ switch (MIFARE_DESFIRE (tag)->authentication_scheme) {
+ case AS_LEGACY:
iso14443a_crc_append (cmd + 2 , __cmd_n - 2);
__cmd_n += 2;
break;
- case T_3K3DES:
- case T_AES:
+ case AS_NEW:
desfire_crc32_append (cmd, __cmd_n);
__cmd_n += 4;
break;
@@ -1219,12 +1215,10 @@ read_data (MifareTag tag, uint8_t command, uint8_t file_no, off_t offset, size_t
uint8_t ocs = cs;
if ((MIFARE_DESFIRE (tag)->session_key) && (cs | MDCM_MACED)) {
- switch (MIFARE_DESFIRE (tag)->session_key->type) {
- case T_DES:
- case T_3DES:
+ switch (MIFARE_DESFIRE (tag)->authentication_scheme) {
+ case AS_LEGACY:
break;
- case T_3K3DES:
- case T_AES:
+ case AS_NEW:
cs = MDCM_PLAIN;
break;
}
diff --git a/libfreefare/mifare_desfire_crypto.c b/libfreefare/mifare_desfire_crypto.c
index b5f86a1..9a11cad 100644
--- a/libfreefare/mifare_desfire_crypto.c
+++ b/libfreefare/mifare_desfire_crypto.c
@@ -264,13 +264,11 @@ enciphered_data_length (const MifareTag tag, const size_t nbytes, int communicat
{
size_t crc_length = 0;
if (!(communication_settings & NO_CRC)) {
- switch (MIFARE_DESFIRE (tag)->session_key->type) {
- case T_DES:
- case T_3DES:
+ switch (MIFARE_DESFIRE (tag)->authentication_scheme) {
+ case AS_LEGACY:
crc_length = 2;
break;
- case T_3K3DES:
- case T_AES:
+ case AS_NEW:
crc_length = 4;
break;
}
@@ -312,7 +310,7 @@ mifare_cryto_preprocess_data (MifareTag tag, void *data, size_t *nbytes, off_t o
switch (communication_settings & MDCM_MASK) {
case MDCM_PLAIN:
- if ((T_DES == key->type) || (T_3DES == key->type))
+ if (AS_LEGACY == MIFARE_DESFIRE (tag)->authentication_scheme)
break;
/*
@@ -329,9 +327,8 @@ mifare_cryto_preprocess_data (MifareTag tag, void *data, size_t *nbytes, off_t o
/* pass through */
case MDCM_MACED:
- switch (key->type) {
- case T_DES:
- case T_3DES:
+ switch (MIFARE_DESFIRE (tag)->authentication_scheme) {
+ case AS_LEGACY:
if (!(communication_settings & MAC_COMMAND))
break;
@@ -363,8 +360,7 @@ mifare_cryto_preprocess_data (MifareTag tag, void *data, size_t *nbytes, off_t o
*nbytes += 4;
break;
- case T_3K3DES:
- case T_AES:
+ case AS_NEW:
if (!(communication_settings & CMAC_COMMAND))
break;
cmac (key, MIFARE_DESFIRE (tag)->ivect, res, *nbytes, MIFARE_DESFIRE (tag)->cmac);
@@ -412,20 +408,15 @@ mifare_cryto_preprocess_data (MifareTag tag, void *data, size_t *nbytes, off_t o
memcpy (res, data, *nbytes);
if (!(communication_settings & NO_CRC)) {
// ... CRC ...
- switch (key->type) {
- case T_DES:
- case T_3DES:
+ switch (MIFARE_DESFIRE (tag)->authentication_scheme) {
+ case AS_LEGACY:
iso14443a_crc_append ((uint8_t *)res + offset, *nbytes - offset);
*nbytes += 2;
break;
- case T_3K3DES:
+ case AS_NEW:
desfire_crc32_append ((uint8_t *)res, *nbytes);
*nbytes += 4;
break;
- case T_AES:
- // Never reached.
- abort ();
- break;
}
}
// ... and 0 padding
@@ -433,7 +424,7 @@ mifare_cryto_preprocess_data (MifareTag tag, void *data, size_t *nbytes, off_t o
*nbytes = edl;
- mifare_cbc_des (tag, NULL, NULL, (uint8_t *) res + offset, *nbytes - offset, MCD_SEND, (key->type == T_3K3DES) ? MCO_ENCYPHER : MCO_DECYPHER);
+ mifare_cbc_des (tag, NULL, NULL, (uint8_t *) res + offset, *nbytes - offset, MCD_SEND, (AS_NEW == MIFARE_DESFIRE (tag)->authentication_scheme) ? MCO_ENCYPHER : MCO_DECYPHER);
break;
case T_AES:
@@ -492,14 +483,13 @@ mifare_cryto_postprocess_data (MifareTag tag, void *data, ssize_t *nbytes, int c
switch (communication_settings & MDCM_MASK) {
case MDCM_PLAIN:
- if ((T_DES == key->type) || (T_3DES == key->type))
+ if (AS_LEGACY == MIFARE_DESFIRE (tag)->authentication_scheme)
break;
/* pass through */
case MDCM_MACED:
- switch (key->type) {
- case T_DES:
- case T_3DES:
+ switch (MIFARE_DESFIRE (tag)->authentication_scheme) {
+ case AS_LEGACY:
if (communication_settings & MAC_VERIFY) {
*nbytes -= key_macing_length (key);
@@ -523,8 +513,7 @@ mifare_cryto_postprocess_data (MifareTag tag, void *data, ssize_t *nbytes, int c
}
}
break;
- case T_3K3DES:
- case T_AES:
+ case AS_NEW:
if (!(communication_settings & CMAC_COMMAND))
break;
if (communication_settings & CMAC_VERIFY) {
@@ -562,10 +551,9 @@ mifare_cryto_postprocess_data (MifareTag tag, void *data, ssize_t *nbytes, int c
break;
case MDCM_ENCIPHERED:
- switch (key->type) {
- case T_DES:
- case T_3DES:
- (*nbytes)--;
+ (*nbytes)--;
+ switch (MIFARE_DESFIRE (tag)->authentication_scheme) {
+ case AS_LEGACY:
mifare_cbc_des (tag, NULL, NULL, res, *nbytes, MCD_RECEIVE, MCO_DECYPHER);
/*
@@ -605,9 +593,7 @@ mifare_cryto_postprocess_data (MifareTag tag, void *data, ssize_t *nbytes, int c
}
break;
- case T_3K3DES:
- case T_AES:
- (*nbytes)--;
+ case AS_NEW:
mifare_cbc_des (tag, NULL, NULL, res, *nbytes, MCD_RECEIVE, MCO_DECYPHER);
uint8_t *p = ((uint8_t *)res) + *nbytes - 1;
while (!*p) {
@@ -747,6 +733,14 @@ mifare_cbc_des (MifareTag tag, MifareDESFireKey key, uint8_t *ivect, uint8_t *da
key = MIFARE_DESFIRE (tag)->session_key;
if (!ivect)
ivect = MIFARE_DESFIRE (tag)->ivect;
+
+ switch (MIFARE_DESFIRE (tag)->authentication_scheme) {
+ case AS_LEGACY:
+ memset (ivect, 0, MAX_CRYPTO_BLOCK_SIZE);
+ break;
+ case AS_NEW:
+ break;
+ }
}
if (!key || !ivect)
@@ -755,8 +749,6 @@ mifare_cbc_des (MifareTag tag, MifareDESFireKey key, uint8_t *ivect, uint8_t *da
switch (key->type) {
case T_DES:
case T_3DES:
- memset (ivect, 0, MAX_CRYPTO_BLOCK_SIZE);
- /* pass-through */
case T_3K3DES:
block_size = 8;
break;
diff --git a/test/Makefile.am b/test/Makefile.am
index 20b038f..912f635 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -63,6 +63,7 @@ test_mifare_desfire_des_la_SOURCES = test_mifare_desfire_des.c
test_mifare_desfire_des_la_LIBADD = $(top_builddir)/libfreefare/libfreefare.la
test_mifare_desfire_ev1_la_SOURCES = test_mifare_desfire_ev1.c \
+ test_mifare_desfire_ev1_3des.c \
test_mifare_desfire_ev1_3k3des.c \
test_mifare_desfire_ev1_aes.c \
mifare_desfire_ev1_fixture.c \
diff --git a/test/test_mifare_desfire_ev1_3des.c b/test/test_mifare_desfire_ev1_3des.c
new file mode 100644
index 0000000..f597246
--- /dev/null
+++ b/test/test_mifare_desfire_ev1_3des.c
@@ -0,0 +1,831 @@
+/*-
+ * Copyright (C) 2010, Romain Tartiere.
+ *
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see
+ *
+ * $Id$
+ */
+
+#include
+#include
+#include
+#include
+
+#include
+#include "freefare_internal.h"
+
+#include "mifare_desfire_ev1_fixture.h"
+#include "common/mifare_desfire_auto_authenticate.h"
+
+#define cut_assert_success(last_command) \
+ do { \
+ if ((res < 0) || (mifare_desfire_last_picc_error (tag) != OPERATION_OK)) { \
+ cut_fail ("%s returned %d, error: %s, errno: %s\n", last_command, res, mifare_desfire_error_lookup (mifare_desfire_last_picc_error (tag)), strerror (errno)); \
+ } \
+ } while (0)
+
+void
+test_mifare_desfire_ev1_3des (void)
+{
+ int res;
+
+ /* Select the master application */
+ res = mifare_desfire_select_application (tag, NULL);
+ cut_assert_success ("mifare_desfire_select_application()");
+
+ /* Get version information */
+ struct mifare_desfire_version_info version_info;
+ res = mifare_desfire_get_version (tag, &version_info);
+ cut_assert_success ("mifare_desfire_get_version()");
+
+ mifare_desfire_auto_authenticate (tag, 0);
+
+ /*
+ * This unit test change key settings to more restrictive ones, so reset
+ * them to factory defaults in case the previous run failed unexpectedly.
+ */
+ res = mifare_desfire_change_key_settings (tag, 0xF);
+ cut_assert_success ("mifare_desfire_change_key_settings()");
+ res = mifare_desfire_change_key_settings (tag, 0xF);
+ cut_assert_success ("mifare_desfire_change_key_settings()");
+
+ /* Change master key to AES */
+ MifareDESFireKey key = mifare_desfire_3des_key_new_with_version (key_data_3des);
+ mifare_desfire_change_key (tag, 0, key, NULL);
+ cut_assert_success ("mifare_desfire_change_key()");
+
+ res = mifare_desfire_authenticate_iso (tag, 0, key);
+ cut_assert_success ("mifare_desfire_authenticate_iso()");
+ mifare_desfire_key_free (key);
+
+ /* Wipeout the card */
+ res = mifare_desfire_format_picc (tag);
+ cut_assert_success ("mifare_desfire_format_picc()");
+
+
+ /* Create 3 applications */
+ res = mifare_desfire_select_application (tag, NULL);
+ cut_assert_success ("mifare_desfire_select_application()");
+
+ key = mifare_desfire_3des_key_new_with_version (key_data_3des);
+ res = mifare_desfire_authenticate_iso (tag, 0, key);
+ cut_assert_success ("mifare_desfire_authenticate_iso()");
+ mifare_desfire_key_free (key);
+
+ uint8_t key_version;
+ res = mifare_desfire_get_key_version (tag, 0, &key_version);
+ cut_assert_success ("mifare_desfire_get_key_version()");
+ cut_assert_equal_int (0x55, 0x55, cut_message ("Wrong key_version value."));
+
+ uint32_t size;
+ res = mifare_desfire_free_mem (tag, &size);
+ cut_assert_success ("mifare_desfire_free_mem()");
+
+ MifareDESFireAID aid_a = mifare_desfire_aid_new (0x00AAAAAA);
+ //cut_assert_not_null (aid_a, cut_message ("Cannot allocate AID"));
+ res = mifare_desfire_create_application (tag, aid_a, 0xFF, 0);
+ cut_assert_success ("mifare_desfire_create_application()");
+
+ MifareDESFireAID aid_b = mifare_desfire_aid_new (0x00BBBBBB);
+ cut_assert_not_null (aid_b, cut_message ("Cannot allocate AID"));
+ res = mifare_desfire_create_application (tag, aid_b, 0xEF, 6);
+ cut_assert_success ("mifare_desfire_create_application()");
+
+ MifareDESFireAID aid_c = mifare_desfire_aid_new (0x00CCCCCC);
+ cut_assert_not_null (aid_c, cut_message ("Cannot allocate AID"));
+ res = mifare_desfire_create_application (tag, aid_c, 0xC2, 14);
+ cut_assert_success ("mifare_desfire_create_application()");
+
+ // Ensure we can find the created applications
+ MifareDESFireAID *aids = NULL;
+ size_t aid_count;
+ res = mifare_desfire_get_application_ids (tag, &aids, &aid_count);
+ cut_assert_success ("mifare_desfire_get_application_ids()");
+ cut_assert_equal_int (3, aid_count, cut_message ("Wrong application count"));
+ mifare_desfire_free_application_ids (aids);
+
+ // Create files in the application A
+ res = mifare_desfire_select_application (tag, aid_a);
+ cut_assert_success ("mifare_desfire_select_application()");
+
+ uint8_t std_data_file_id = 15;
+
+ res = mifare_desfire_create_std_data_file (tag, std_data_file_id, MDCM_PLAIN, 0xEEEE, 100);
+ cut_assert_success ("mifare_desfire_create_std_data_file()");
+
+ res = mifare_desfire_create_backup_data_file (tag, 5, MDCM_PLAIN, 0xEEEE, 64);
+ cut_assert_success ("mifare_desfire_create_backup_data_file()");
+
+ res = mifare_desfire_create_value_file (tag, 4, MDCM_PLAIN, 0xEEEE, 0, 1000, 0, 0);
+ cut_assert_success ("mifare_desfire_create_value_file()");
+
+ res = mifare_desfire_create_cyclic_record_file (tag, 0, MDCM_PLAIN, 0xEEEE, 4, 10);
+ cut_assert_success ("mifare_desfire_create_cyclic_record_file()");
+
+ // Write some data in the standard data file
+ res = mifare_desfire_write_data (tag, std_data_file_id, 0, 30, (uint8_t *)"Some data to write to the card");
+ cut_assert_success ("mifare_desfire_write_data()");
+ cut_assert_equal_int (30, res, cut_message ("Wrong number of bytes writen"));
+
+ res = mifare_desfire_write_data (tag, std_data_file_id, 34, 22, (uint8_t *)"Another block of data.");
+ cut_assert_success ("mifare_desfire_write_data()");
+ cut_assert_equal_int (22, res, cut_message ("Wrong number of bytes writen"));
+
+ // Make the file read-only
+ res = mifare_desfire_change_file_settings (tag, std_data_file_id, MDCM_PLAIN, 0xEFFF);
+ cut_assert_success ("mifare_desfire_change_file_settings()");
+
+ // Read a part of the file
+ uint8_t buffer[120];
+ res = mifare_desfire_read_data (tag, std_data_file_id, 10, 50, &buffer);
+ cut_assert_success ("mifare_desfire_read_data()");
+ cut_assert_equal_int (50, res, cut_message ("Wrong number of bytes read"));
+ cut_assert_equal_memory ("to write to the card\0\0\0\0Another block of data.\0\0\0\0", 50, buffer, 50, cut_message ("Wrong data"));
+
+ // Read all the file at once
+ res = mifare_desfire_read_data (tag, std_data_file_id, 0, 0, &buffer);
+ cut_assert_success ("mifare_desfire_read_data()");
+ cut_assert_equal_int (100, res, cut_message ("Wrong number of bytes read"));
+ cut_assert_equal_memory ("Some data to write to the"
+ " card\0\0\0\0Another block of"
+ " data.\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 100, buffer, 100, cut_message ("Wrong data"));
+
+ // Try to overwrute the file
+ res = mifare_desfire_write_data (tag, std_data_file_id, 20, 5, (char *)"Test!");
+ cut_assert_equal_int (-1, res, cut_message ("Wrong return value"));
+ cut_assert_equal_int (PERMISSION_ERROR, mifare_desfire_last_picc_error (tag), cut_message ("Wrong PICC error"));
+
+ int32_t expected_value = 0;
+ for (int transaction = 0; transaction < 15; transaction++) {
+
+ char data_buffer[3];
+
+ sprintf (data_buffer, "%02d", transaction);
+
+ // Write to the backup file
+ res = mifare_desfire_write_data (tag, 5, 3*transaction, 3, data_buffer);
+ cut_assert_success ("mifare_desfire_write_data()");
+
+ // Manipulate the value file
+ res = mifare_desfire_credit (tag, 4, 100);
+ cut_assert_success ("mifare_desfire_credit()");
+
+ res = mifare_desfire_debit (tag, 4, 97);
+ cut_assert_success ("mifare_desfire_debit()");
+
+ // Write to the cyclic record file
+ res = mifare_desfire_write_record (tag, 0, 2, 2, data_buffer);
+ cut_assert_success ("mifare_desfire_write_record()");
+
+ // Overwrite the cyclic record file
+ res = mifare_desfire_write_record (tag, 0, 0, 2, (char *)"r.");
+ cut_assert_success("mifare_desfire_write_record()");
+
+ // Ensure that no content was changed yet
+ char ref_buffer[64];
+ bzero (ref_buffer, sizeof (ref_buffer));
+ for (int n = 0; n < transaction; n++) {
+ sprintf (ref_buffer + 3 * n, "%02d", n);
+ }
+
+ res = mifare_desfire_read_data (tag, 5, 0, 0, buffer);
+ cut_assert_success ("mifare_desfire_read_data()");
+ cut_assert_equal_int (64, res, cut_message ("Wrong number of bytes read"));
+ cut_assert_equal_memory (buffer, 64, ref_buffer, 64, cut_message ("Wrong data"));
+
+ int32_t value;
+ res = mifare_desfire_get_value (tag, 4, &value);
+ cut_assert_success ("mifare_desfire_get_value()");
+ cut_assert_equal_int (expected_value, value, cut_message ("Wrong value"));
+
+ // Reading records from an empty file would abort the transaction
+ if (0 != transaction) {
+ // Get the latest record
+ res = mifare_desfire_read_records (tag, 0, 0, 1, buffer);
+ cut_assert_success ("mifare_desfire_read_records()");
+ sprintf (ref_buffer, "r.%02d", transaction);
+ cut_assert_not_equal_memory (ref_buffer, 4, buffer, res, cut_message ("Wrong data"));
+ }
+
+ // Commit !
+ res = mifare_desfire_commit_transaction (tag);
+ cut_assert_success ("mifare_desfire_commit_transaction()");
+
+
+ res = mifare_desfire_read_data (tag, 5, 3*transaction, 3, buffer);
+ cut_assert_success ("mifare_desfire_read_data()");
+ cut_assert_equal_memory (data_buffer, 3, buffer, res, cut_message ("Wrong data"));
+
+ expected_value += 3;
+
+ res = mifare_desfire_get_value (tag, 4, &value);
+ cut_assert_success ("mifare_desfire_get_value()");
+ cut_assert_equal_int (expected_value, value, cut_message ("Wrong value"));
+
+ res = mifare_desfire_read_records (tag, 0, 0, 1, buffer);
+ cut_assert_success ("mifare_desfire_read_records()");
+ sprintf (ref_buffer, "r.%02d", transaction);
+ cut_assert_equal_memory (ref_buffer, 4, buffer, res, cut_message ("Wrong data"));
+ }
+
+ // Ensure limited credit is disabled
+ res = mifare_desfire_limited_credit (tag, 4, 20);
+ cut_assert_equal_int (-1, res, cut_message ("mifare_desfire_limited_credit() should fail"));
+
+ // Get all files
+ uint8_t *files;
+ size_t file_count;
+ res = mifare_desfire_get_file_ids (tag, &files, &file_count);
+ cut_assert_success ("mifare_desfire_get_file_ids()");
+ cut_assert_equal_int (4, file_count, cut_message ("Wrong number of files"));
+
+ for (size_t i=0; i