crewID/libfreefare
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add support for Mifare DESFire EV1 with AES encryption.

Browse source
This commit is contained in:
Romain Tartiere 2010-12-15 12:43:31 +00:00
parent 1070d9bfde
commit 42f9457d9f
19 changed files with 2238 additions and 268 deletions
Download patch file Download diff file Expand all files Collapse all files

16
libfreefare/freefare.c
View file

@ -254,3 +254,19 @@ freefare_free_tags (MifareTag *tags)
free (tags);
}
}
/*
* Low-level API
*/
void *
memdup (const void *p, const size_t n)
{
void *res;
if ((res = malloc (n))) {
memcpy (res, p, n);
}
return res;
}

4
libfreefare/freefare.h
View file

@ -304,6 +304,7 @@ int mifare_desfire_connect (MifareTag tag);
int mifare_desfire_disconnect (MifareTag tag);
int mifare_desfire_authenticate (MifareTag tag, uint8_t key_no, MifareDESFireKey key);
int mifare_desfire_authenticate_aes (MifareTag tag, uint8_t key_no, MifareDESFireKey key);
int mifare_desfire_change_key_settings (MifareTag tag, uint8_t settings);
int mifare_desfire_get_key_settings (MifareTag tag, uint8_t *settings, uint8_t *max_keys);
int mifare_desfire_change_key (MifareTag tag, uint8_t key_no, MifareDESFireKey new_key, MifareDESFireKey old_key);
@ -315,6 +316,7 @@ void mifare_desfire_free_application_ids (MifareDESFireAID aids[]);
int mifare_desfire_select_application (MifareTag tag, MifareDESFireAID aid);
int mifare_desfire_format_picc (MifareTag tag);
int mifare_desfire_get_version (MifareTag tag, struct mifare_desfire_version_info *version_info);
int mifare_desfire_free_mem (MifareTag tag, uint32_t *size);
int mifare_desfire_get_file_ids (MifareTag tag, uint8_t *files[], size_t *count);
int mifare_desfire_get_file_settings (MifareTag tag, uint8_t file_no, struct mifare_desfire_file_settings *settings);
int mifare_desfire_change_file_settings (MifareTag tag, uint8_t file_no, uint8_t communication_settings, uint16_t access_rights);
@ -349,6 +351,8 @@ MifareDESFireKey mifare_desfire_des_key_new (uint8_t value[8]);
MifareDESFireKey mifare_desfire_3des_key_new (uint8_t value[16]);
MifareDESFireKey mifare_desfire_des_key_new_with_version (uint8_t value[8]);
MifareDESFireKey mifare_desfire_3des_key_new_with_version (uint8_t value[16]);
MifareDESFireKey mifare_desfire_aes_key_new (uint8_t value[16]);
MifareDESFireKey mifare_desfire_aes_key_new_with_version (uint8_t value[16], uint8_t version);
uint8_t mifare_desfire_key_get_version (MifareDESFireKey key);
void mifare_desfire_key_set_version (MifareDESFireKey key, uint8_t version);
void mifare_desfire_key_free (MifareDESFireKey key);

42
libfreefare/freefare_internal.h
View file

@ -96,7 +96,10 @@
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#define MAX(a, b) (((a) > (b)) ? (a) : (b))
#define MAX_CRYPTO_BLOCK_SIZE 8
#define MAX_CRYPTO_BLOCK_SIZE 16
#define MAX_FRAME_SIZE 60
void *memdup (const void *p, const size_t n);
struct mad_sector_0x00;
struct mad_sector_0x10;
@ -118,11 +121,38 @@ typedef enum {
#define MDCM_MASK 0x000F
#define CMAC_NONE 0
// Data send to the PICC is used to update the CMAC
#define CMAC_COMMAND 0x010
// Data received from the PICC is used to update the CMAC
#define CMAC_VERIFY 0x020
// MAC the command (when MDCM_MACED)
#define MAC_COMMAND 0x100
// The command returns a MAC to verify (when MDCM_MACED)
#define MAC_VERIFY 0x200
#define ENC_COMMAND 0x1000
#define NO_CRC 0x2000
#define UNSPECIFIED_DATA_LENGTH 0x4000
#define MAC_MASK 0x0F0
#define CMAC_MACK 0xF00
void *mifare_cryto_preprocess_data (MifareTag tag, void *data, size_t *nbytes, off_t offset, int communication_settings);
void *mifare_cryto_postprocess_data (MifareTag tag, void *data, ssize_t *nbytes, int communication_settings);
void mifare_cbc_des (MifareDESFireKey key, uint8_t *ivect, uint8_t *data, size_t data_size, MifareDirection direction, int mac);
void rol (uint8_t *data, const size_t len);
void desfire_crc32 (const uint8_t *data, const size_t len, uint8_t *crc);
void desfire_crc32_append (uint8_t *data, const size_t len);
size_t key_block_size (const MifareDESFireKey key);
size_t padded_data_length (const size_t nbytes, const size_t block_size);
size_t maced_data_length (const MifareDESFireKey key, const size_t nbytes);
size_t enciphered_data_length (const MifareDESFireKey key, const size_t nbytes);
void cmac_generate_subkeys (MifareDESFireKey key);
void cmac (const MifareDESFireKey key, uint8_t *ivect, const uint8_t *data, size_t len, uint8_t *cmac);
void *assert_crypto_buffer_size (MifareTag tag, size_t nbytes);
#define MIFARE_ULTRALIGHT_PAGE_COUNT 16
@ -175,23 +205,29 @@ struct mifare_desfire_key {
uint8_t data[16];
enum {
T_DES,
T_3DES
T_3DES,
T_AES
} type;
DES_key_schedule ks1;
DES_key_schedule ks2;
uint8_t aes_sk1[16];
uint8_t aes_sk2[16];
uint8_t aes_version;
};
struct mifare_desfire_tag {
struct mifare_tag __tag;
uint8_t last_picc_error;
uint8_t last_internal_error;
uint8_t last_pcd_error;
MifareDESFireKey session_key;
uint8_t authenticated_key_no;
uint8_t ivect[MAX_CRYPTO_BLOCK_SIZE];
uint8_t cmac[16];
uint8_t *crypto_buffer;
size_t crypto_buffer_size;
uint8_t block_number;
uint32_t selected_application;
};
MifareDESFireKey mifare_desfire_session_key_new (uint8_t rnda[8], uint8_t rndb[8], MifareDESFireKey authentication_key);

636
libfreefare/mifare_desfire.c
View file

File diff suppressed because it is too large Load diff

430
libfreefare/mifare_desfire_authenticate.c
View file

@ -17,22 +17,63 @@
* $Id$
*/
/*
* This implementation was written based on information provided by the
* following documents:
*
* NIST Special Publication 800-38B
* Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication
* May 2005
*/
#include "config.h"
#if defined(HAVE_SYS_TYPES_H)
# include <sys/types.h>
#endif
#if defined(HAVE_SYS_ENDIAN_H)
# include <sys/endian.h>
#endif
#if defined(HAVE_ENDIAN_H)
# include <endian.h>
#endif
#if defined(HAVE_COREFOUNDATION_COREFOUNDATION_H)
# include <CoreFoundation/CoreFoundation.h>
#endif
#if defined(HAVE_BYTESWAP_H)
# include <byteswap.h>
#endif
#if defined(HAVE_SYS_TYPES_H)
# include <sys/types.h>
#endif
#include <openssl/aes.h>
#include <openssl/des.h>
#include <err.h>
#include <string.h>
#include <strings.h>
#ifdef WITH_DEBUG
# include <libutil.h>
#endif
#include <freefare.h>
#include "freefare_internal.h"
#define MAC_LENGTH 4
#define CMAC_LENGTH 8
static void xor (const uint8_t *ivect, uint8_t *data, const size_t len);
static void mifare_des (MifareDESFireKey key, uint8_t *data, uint8_t *ivect, MifareDirection direction, int mac, size_t block_size);
static size_t padded_data_length (size_t nbytes, const size_t block_size);
static size_t maced_data_length (const MifareDESFireKey key, size_t nbytes);
static size_t enciphered_data_length (const MifareDESFireKey key, size_t nbytes);
static void desfire_crc32_byte (uint32_t *crc, const uint8_t value);
static size_t key_macing_length (MifareDESFireKey key);
static void
xor (const uint8_t *ivect, uint8_t *data, const size_t len)
@ -43,7 +84,7 @@ xor (const uint8_t *ivect, uint8_t *data, const size_t len)
}
void
rol(uint8_t *data, const size_t len)
rol (uint8_t *data, const size_t len)
{
uint8_t first = data[0];
for (size_t i = 0; i < len-1; i++) {
@ -52,6 +93,104 @@ rol(uint8_t *data, const size_t len)
data[len-1] = first;
}
void
lsl (uint8_t *data, size_t len)
{
for (size_t n = 0; n < len - 1; n++) {
data[n] = (data[n] << 1) | (data[n+1] >> 7);
}
data[len - 1] <<= 1;
}
void
cmac_generate_subkeys (MifareDESFireKey key)
{
uint8_t l[16];
bzero (l, 16);
uint8_t ivect[16];
bzero (ivect, 16);
mifare_cbc_des (key, ivect, l, 16, MD_RECEIVE, 1);
bool xor = false;
// Used to compute CMAC on complete blocks
memcpy (key->aes_sk1, l, 16);
xor = l[0] & 0x80;
lsl (key->aes_sk1, 16);
if (xor)
key->aes_sk1[15] ^= 0x87;
// Used to compute CMAC on the last block if non-complete
memcpy (key->aes_sk2, key->aes_sk1, 16);
xor = key->aes_sk1[0] & 0x80;
lsl (key->aes_sk2, 16);
if (xor)
key->aes_sk2[15] ^= 0x87;
}
void
cmac (const MifareDESFireKey key, uint8_t *ivect, const uint8_t *data, size_t len, uint8_t *cmac)
{
uint8_t *buffer = malloc (padded_data_length (len, key_block_size (key)));
if (!buffer)
abort();
memcpy (buffer, data, len);
if ((!len) || (len % 16)) {
buffer[len++] = 0x80;
while (len % 16) {
buffer[len++] = 0x00;
}
xor (key->aes_sk2, buffer + len - 16, 16);
} else {
xor (key->aes_sk1, buffer + len - 16, 16);
}
mifare_cbc_des (key, ivect, buffer, len, MD_SEND, 1);
memcpy (cmac, ivect, 16);
free (buffer);
}
#define CRC32_PRESET 0xFFFFFFFF
static void
desfire_crc32_byte (uint32_t *crc, const uint8_t value)
{
/* x32 + x26 + x23 + x22 + x16 + x12 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x + 1 */
const uint32_t poly = 0xEDB88320;
*crc ^= value;
for (int current_bit = 7; current_bit >= 0; current_bit--) {
int bit_out = (*crc) & 0x00000001;
*crc >>= 1;
if (bit_out)
*crc ^= poly;
}
}
void
desfire_crc32 (const uint8_t *data, const size_t len, uint8_t *crc)
{
uint32_t desfire_crc = CRC32_PRESET;
for (size_t i = 0; i < len; i++) {
desfire_crc32_byte (&desfire_crc, data[i]);
}
*((uint32_t *)(crc)) = htole32 (desfire_crc);
}
void
desfire_crc32_append (uint8_t *data, const size_t len)
{
desfire_crc32 (data, len, data + len);
}
size_t
key_block_size (const MifareDESFireKey key)
{
@ -62,15 +201,39 @@ key_block_size (const MifareDESFireKey key)
case T_3DES:
block_size = 8;
break;
case T_AES:
block_size = 16;
break;
}
return block_size;
}
/*
* Size required to store nbytes of data in a buffer of size n*block_size.
* Size of MACing produced with the key.
*/
static size_t
key_macing_length (const MifareDESFireKey key)
{
size_t mac_length;
switch (key->type) {
case T_DES:
case T_3DES:
mac_length = MAC_LENGTH;
break;
case T_AES:
mac_length = CMAC_LENGTH;
break;
}
return mac_length;
}
/*
* Size required to store nbytes of data in a buffer of size n*block_size.
*/
size_t
padded_data_length (const size_t nbytes, const size_t block_size)
{
if (nbytes % block_size)
@ -82,22 +245,15 @@ padded_data_length (const size_t nbytes, const size_t block_size)
/*
* Buffer size required to MAC nbytes of data
*/
static size_t
size_t
maced_data_length (const MifareDESFireKey key, const size_t nbytes)
{
size_t mac_length;
switch (key->type) {
case T_DES:
case T_3DES:
mac_length = 4;
break;
}
return nbytes + mac_length;
return nbytes + key_macing_length (key);
}
/*
* Buffer size required to encipher nbytes of data and a two bytes CRC.
*/
static size_t
size_t
enciphered_data_length (const MifareDESFireKey key, const size_t nbytes)
{
size_t crc_length;
@ -106,6 +262,9 @@ enciphered_data_length (const MifareDESFireKey key, const size_t nbytes)
case T_3DES:
crc_length = 2;
break;
case T_AES:
crc_length = 4;
break;
}
size_t block_size = key_block_size (key);
@ -136,6 +295,7 @@ mifare_cryto_preprocess_data (MifareTag tag, void *data, size_t *nbytes, off_t o
void *res = data;
uint8_t mac[4];
size_t edl, mdl;
bool append_mac = true;
MifareDESFireKey key = MIFARE_DESFIRE (tag)->session_key;
if (!key)
@ -143,8 +303,28 @@ mifare_cryto_preprocess_data (MifareTag tag, void *data, size_t *nbytes, off_t o
switch (communication_settings & MDCM_MASK) {
case MDCM_PLAIN:
break;
if ((T_DES == key->type) || (T_3DES == key->type))
break;
/*
* When using new authentication methods, PLAIN data transmission from
* the PICC to the PCD are CMACed, so we have to maintain the
* cruptographic initialisation vector up-to-date to chaeck data
* integrity later.
*
* The only difference with CMACed data transmission is that the CMAC
* is not addpended to the data send byt the PCD to the PICC.
*/
append_mac = false;
/* pass through */
case MDCM_MACED:
switch (key->type) {
case T_DES:
case T_3DES:
if (!(communication_settings & MAC_COMMAND))
break;
edl = padded_data_length (*nbytes - offset, key_block_size (MIFARE_DESFIRE (tag)->session_key)) + offset;
if (!(res = assert_crypto_buffer_size (tag, edl)))
abort();
@ -158,25 +338,69 @@ mifare_cryto_preprocess_data (MifareTag tag, void *data, size_t *nbytes, off_t o
memcpy (mac, (uint8_t *)res + edl - 8, 4);
// Copy again provided data (was overwritten by mifare_cbc_des)
memcpy (res, data, *nbytes);
// Append MAC
mdl = maced_data_length (MIFARE_DESFIRE (tag)->session_key, *nbytes - offset) + offset;
if (!(res = assert_crypto_buffer_size (tag, mdl)))
abort();
memcpy (res, data, *nbytes);
memcpy ((uint8_t *)res + *nbytes, mac, 4);
*nbytes += 4;
break;
case T_AES:
if (!(communication_settings & CMAC_COMMAND))
break;
cmac (key, MIFARE_DESFIRE (tag)->ivect, res, *nbytes, MIFARE_DESFIRE (tag)->cmac);
if (append_mac) {
mdl = maced_data_length (key, *nbytes);
if (!(res = assert_crypto_buffer_size (tag, mdl)))
abort();
memcpy (res, data, *nbytes);
memcpy ((uint8_t *) res + *nbytes, MIFARE_DESFIRE (tag)->cmac, CMAC_LENGTH);
*nbytes += CMAC_LENGTH;
}
break;
}
break;
case MDCM_ENCIPHERED:
/* |<-------------- data -------------->|
* |<--- offset -->| |
* +-----+---------+--------------------+-----+---------+
* | CMD + HEADERS | DATA TO BE SECURED | CRC | PADDING |
* +-----+---------+--------------------+-----+---------+ ----------------
* | |<~~~~v~~~~~~~~~~~~~>| ^ | | (DES / 3DES)
* | | `---- crc16() ----' | |
* | | | ^ | | ----- *or* -----
* |<~~~~~~~~~~~~~~~~~~~~v~~~~~~~~~~~~~>| ^ | | (3K3DES / AES)
* | `---- crc32() ----' | |
* | | ---- *then* ----
* |<---------------------------------->|
* encypher()/decypher()
*/
switch (key->type) {
case T_DES:
case T_3DES:
if (!(communication_settings & ENC_COMMAND))
break;
edl = enciphered_data_length (MIFARE_DESFIRE (tag)->session_key, *nbytes - offset) + offset;
if (!(res = assert_crypto_buffer_size (tag, edl)))
abort();
// Fill in the crypto buffer with data ...
memcpy (res, data, *nbytes);
if (!(communication_settings & NO_CRC)) {
// ... CRC ...
iso14443a_crc_append ((uint8_t *)res + offset, *nbytes - offset);
} else {
bzero ((uint8_t *) res + *nbytes, 2);
}
// ... and 0 padding
memset ((uint8_t *)(res) + *nbytes + 2, 0, edl - *nbytes - 2);
@ -184,8 +408,40 @@ mifare_cryto_preprocess_data (MifareTag tag, void *data, size_t *nbytes, off_t o
mifare_cbc_des (MIFARE_DESFIRE (tag)->session_key, MIFARE_DESFIRE (tag)->ivect, (uint8_t *) res + offset, *nbytes - offset, MD_SEND, 0);
break;
case T_AES:
if (!(communication_settings & NO_CRC)) {
edl = enciphered_data_length (MIFARE_DESFIRE (tag)->session_key, *nbytes + 4 - offset) + offset;
} else {
edl = enciphered_data_length (MIFARE_DESFIRE (tag)->session_key, *nbytes - offset) + offset;
}
if (!(res = assert_crypto_buffer_size (tag, edl)))
abort();
// Fill in the crypto buffer with data ...
memcpy (res, data, *nbytes);
size_t pdl;
if (!(communication_settings & NO_CRC)) {
desfire_crc32_append (res, *nbytes);
pdl = padded_data_length (*nbytes - offset + 4, key_block_size (MIFARE_DESFIRE (tag)->session_key));
bzero ((uint8_t *)res + *nbytes + 4, (offset + pdl) - (*nbytes + 4));
} else {
pdl = padded_data_length (*nbytes - offset, key_block_size (MIFARE_DESFIRE (tag)->session_key));
bzero ((uint8_t *)res + *nbytes, (offset + pdl) - (*nbytes));
}
mifare_cbc_des (key, MIFARE_DESFIRE (tag)->ivect, (uint8_t *)res + offset, pdl, MD_SEND, 1);
*nbytes = offset + pdl;
break;
}
break;
default:
warnx ("Unknown communication settings");
#if WITH_DEBUG
abort ();
#endif
*nbytes = -1;
res = NULL;
break;
}
@ -198,7 +454,13 @@ mifare_cryto_postprocess_data (MifareTag tag, void *data, ssize_t *nbytes, int c
{
void *res = data;
size_t edl;
void *edata;
void *edata = NULL;
uint8_t first_cmac_byte;
MifareDESFireKey key = MIFARE_DESFIRE (tag)->session_key;
if (!key)
return data;
// Return directly if we just have a status code.
if (1 == *nbytes)
@ -206,35 +468,86 @@ mifare_cryto_postprocess_data (MifareTag tag, void *data, ssize_t *nbytes, int c
switch (communication_settings & MDCM_MASK) {
case MDCM_PLAIN:
break;
case MDCM_MACED:
*nbytes -= 4;
edl = enciphered_data_length (MIFARE_DESFIRE (tag)->session_key, *nbytes);
if ((T_DES == key->type) || (T_3DES == key->type))
break;
/* pass through */
case MDCM_MACED:
switch (key->type) {
case T_DES:
case T_3DES:
if (communication_settings & MAC_VERIFY) {
*nbytes -= key_macing_length (key);
edl = enciphered_data_length (MIFARE_DESFIRE (tag)->session_key, *nbytes - 1);
edata = malloc (edl);
memcpy (edata, data, *nbytes);
memset ((uint8_t *)edata + *nbytes, 0, edl - *nbytes);
memcpy (edata, data, *nbytes - 1);
memset ((uint8_t *)edata + *nbytes - 1, 0, edl - *nbytes + 1);
mifare_cbc_des (MIFARE_DESFIRE (tag)->session_key, MIFARE_DESFIRE (tag)->ivect, edata, edl, MD_SEND, 1);
/* ,^^^^^^^
* No! This is not a typo! --------------------------------------------------------------'
*/
if (0 != memcmp ((uint8_t *)data + *nbytes, (uint8_t *)edata + edl - 8, 4)) {
printf ("MACing not verified\n");
if (0 != memcmp ((uint8_t *)data + *nbytes - 1, (uint8_t *)edata + edl - 8, 4)) {
warnx ("MACing not verified");
#if WITH_DEBUG
hexdump ((uint8_t *)data + *nbytes - 1, 4, "Expect ", 0);
hexdump ((uint8_t *)edata + edl - 8, 4, "Actual ", 0);
abort ();
#endif
*nbytes = -1;
res = NULL;
}
}
break;
case T_AES:
if (!(communication_settings & CMAC_COMMAND))
break;
if (communication_settings & CMAC_VERIFY) {
if (*nbytes < 9) {
// XXX: Can't we avoid abort() -ing?
warnx ("No room for CMAC!");
abort ();
}
first_cmac_byte = ((uint8_t *)data)[*nbytes - 9];
((uint8_t *)data)[*nbytes - 9] = ((uint8_t *)data)[*nbytes-1];
}
int n = (communication_settings & CMAC_VERIFY) ? 8 : 0;
cmac (key, MIFARE_DESFIRE (tag)->ivect, ((uint8_t *)data), *nbytes - n, MIFARE_DESFIRE (tag)->cmac);
if (communication_settings & CMAC_VERIFY) {
((uint8_t *)data)[*nbytes - 9] = first_cmac_byte;
if (0 != memcmp (MIFARE_DESFIRE (tag)->cmac, (uint8_t *)data + *nbytes - 9, 8)) {
#if WITH_DEBUG
warnx ("CMAC NOT verified :-(");
hexdump ((uint8_t *)data + *nbytes - 9, 8, "Expect ", 0);
hexdump (MIFARE_DESFIRE (tag)->cmac, 8, "Actual ", 0);
abort ();
#endif
*nbytes = -1;
res = NULL;
} else {
*nbytes -= 8;
}
}
break;
}
free (edata);
break;
case MDCM_ENCIPHERED:
switch (key->type) {
case T_DES:
case T_3DES:
mifare_cbc_des (MIFARE_DESFIRE (tag)->session_key, MIFARE_DESFIRE (tag)->ivect, res, *nbytes, MD_RECEIVE, 0);
/*
* Look for the CRC and ensure it is following by NULL padding. We
* Look for the CRC and ensure it is followed by NULL padding. We
* can't start by the end because the CRC is supposed to be 0 when
* verified, and accumulating 0's in it should not change it.
*/
@ -246,7 +559,7 @@ mifare_cryto_postprocess_data (MifareTag tag, void *data, ssize_t *nbytes, int c
iso14443a_crc (res, end_crc_pos, (uint8_t *)&crc);
if (!crc) {
verified = true;
for (int n = end_crc_pos; n < *nbytes; n++) {
for (int n = end_crc_pos; n < *nbytes - 1; n++) {
uint8_t byte = ((uint8_t *)res)[n];
if (!( (0x00 == byte) || ((0x80 == byte) && (n == end_crc_pos)) ))
verified = false;
@ -254,20 +567,59 @@ mifare_cryto_postprocess_data (MifareTag tag, void *data, ssize_t *nbytes, int c
}
if (verified) {
*nbytes = end_crc_pos - 2;
((uint8_t *)data)[(*nbytes)++] = 0x00;
} else {
end_crc_pos++;
}
} while (!verified && (end_crc_pos < *nbytes));
} while (!verified && (end_crc_pos < *nbytes - 1));
if (!verified) {
printf ("(3)DES not verified\n");
warnx ("(3)DES not verified");
#if WITH_DEBUG
abort ();
#endif
*nbytes = -1;
res = NULL;
}
break;
case T_AES:
(*nbytes)--;
mifare_cbc_des (MIFARE_DESFIRE (tag)->session_key, MIFARE_DESFIRE (tag)->ivect, res, *nbytes, MD_RECEIVE, 0);
uint8_t *p = ((uint8_t *)res) + *nbytes - 1;
while (!*p) {
p--;
}
if (UNSPECIFIED_DATA_LENGTH && (*p == 0x80)) {
p--;
}
p -= 3;
uint8_t crc_ref[4];
memcpy (crc_ref, p, 4);
*p++ = ((uint8_t *)res)[*nbytes];
uint8_t crc[4];
desfire_crc32 (res, p - (uint8_t *)res, crc);
if (memcmp (crc, crc_ref, 4)) {
warnx ("AES CRC32 not verified in AES stream");
#if WITH_DEBUG
hexdump (crc_ref, 4, "Expect ", 0);
hexdump (crc, 4, "Actual ", 0);
abort ();
#endif
*nbytes = -1;
res = NULL;
}
*nbytes = p - (uint8_t *)res;
}
break;
default:
printf ("Unknown communication settings\n");
warnx ("Unknown communication settings");
#if WITH_DEBUG
abort ();
#endif
*nbytes = -1;
res = NULL;
break;
@ -308,6 +660,17 @@ mifare_des (MifareDESFireKey key, uint8_t *data, uint8_t *ivect, MifareDirection
DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT);
}
break;
case T_AES:
if (mac) {
AES_KEY k;
AES_set_encrypt_key (key->data, 8*16, &k);
AES_encrypt (data, edata, &k);
} else {
AES_KEY k;
AES_set_decrypt_key (key->data, 8*16, &k);
AES_decrypt (data, edata, &k);
}
break;
}
memcpy (data, edata, block_size);
@ -331,6 +694,9 @@ mifare_cbc_des (MifareDESFireKey key, uint8_t *ivect, uint8_t *data, size_t data
memset (ivect, 0, MAX_CRYPTO_BLOCK_SIZE);
block_size = 8;
break;
case T_AES:
block_size = 16;
break;
}
size_t offset = 0;

26
libfreefare/mifare_desfire_key.c
View file

@ -83,6 +83,25 @@ mifare_desfire_3des_key_new_with_version (uint8_t value[16])
return key;
}
MifareDESFireKey
mifare_desfire_aes_key_new (uint8_t value[16])
{
return mifare_desfire_aes_key_new_with_version (value, 0);
}
MifareDESFireKey
mifare_desfire_aes_key_new_with_version (uint8_t value[16], uint8_t version)
{
MifareDESFireKey key;
if ((key = malloc (sizeof (struct mifare_desfire_key)))) {
memcpy (key->data, value, 16);
key->type = T_AES;
key->aes_version = version;
}
return key;
}
uint8_t
mifare_desfire_key_get_version (MifareDESFireKey key)
{
@ -132,6 +151,13 @@ mifare_desfire_session_key_new (uint8_t rnda[8], uint8_t rndb[8], MifareDESFireK
memcpy (buffer+12, rndb+4, 4);
key = mifare_desfire_3des_key_new_with_version (buffer);
break;
case T_AES:
memcpy (buffer, rnda, 4);
memcpy (buffer+4, rndb, 4);
memcpy (buffer+8, rnda+12, 4);
memcpy (buffer+12, rndb+12, 4);
key = mifare_desfire_aes_key_new (buffer);
break;
}
return key;