crewID/libfreefare
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Properly handle edge cases in AN10922 key diversification

Browse source 
This commit fixes issue #91.

[AN10922][] specifies the key diversification algorithms used by the
MIFARE SAM AV3. Support for these algorithms was added to
`libfreefare` via pull-request #79.

However, while every attempt was made to write a faithful
implementation, the implemented code did not properly handle cases
where the diversification data was less than or equal to the block
size of the cipher: 16 bytes for AES, and 8 bytes for DES. This
bug was identified in issue #91.

This commit addresses this problem while providing a way to revert to
the previous behavior in cases where it is necessary to maintain
previous deployments. This was accomplished by introducing a new
`flags` parameter to the `mifare_key_deriver_new_an10922` method.

Normally, `flags` should simply be set to `AN10922_FLAG_DEFAULT`.
However, if the previous behavior is required, it should be set to
`AN10922_FLAG_EMULATE_ISSUE_91`.

[AN10922][] does not include any test vectors that might have helped to
identify this problem earlier. However, [AN10957][] (pages 13-14) was
found to have a suitable example usage of [AN10922][] with an
appropriately short value for *M* that we are using as a test vector
to verify correct behavior.

Note that the issue being addressed here is not a security issue:
using the `AN10922_FLAG_EMULATE_ISSUE_91` should not be any less
secure than using `AN10922_FLAG_DEFAULT`.

[AN10922]: https://www.nxp.com/docs/en/application-note/AN10922.pdf
[AN10957]: https://www.nxp.com/docs/en/application-note/AN10957.pdf
This commit is contained in:
Robert Quattlebaum 2019-10-28 23:22:49 -07:00
parent 262eacedca
commit ec91014ebf
8 changed files with 149 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
examples/mifare-ultralight-info.c
View file

@ -61,7 +61,7 @@ main(int argc, char *argv[])
res = mifare_ultralightc_authenticate(tag, key);
if (res != 0) {
MifareDESFireKey diversified_key = NULL;
MifareKeyDeriver deriver = mifare_key_deriver_new_an10922(key, MIFARE_KEY_2K3DES);
MifareKeyDeriver deriver = mifare_key_deriver_new_an10922(key, MIFARE_KEY_2K3DES, AN10922_FLAG_DEFAULT);
mifare_key_deriver_begin(deriver);
mifare_key_deriver_update_uid(deriver, tag);

2
examples/mifare-ultralightc-diversify.c
View file

@ -30,7 +30,7 @@ main(int argc, char *argv[])
uint8_t key1_3des_data[16] = { 0x49, 0x45, 0x4D, 0x4B, 0x41, 0x45, 0x52, 0x42, 0x21, 0x4E, 0x41, 0x43, 0x55, 0x4F, 0x59, 0x46 };
MifareDESFireKey master_key = mifare_desfire_3des_key_new(key1_3des_data);
MifareDESFireKey derived_key = NULL;
MifareKeyDeriver deriver = mifare_key_deriver_new_an10922(master_key, MIFARE_KEY_2K3DES);
MifareKeyDeriver deriver = mifare_key_deriver_new_an10922(master_key, MIFARE_KEY_2K3DES, AN10922_FLAG_DEFAULT);
bool undiversify = (argc == 2 && strcmp("--undiversify",argv[1]) == 0);
if (argc > 2 || (argc == 2 && strcmp("--undiversify",argv[1]) != 0)) {