armsrc/desfire_crypto.h

   1 //-----------------------------------------------------------------------------
   2 // Borrowed initially from https://github.com/nfc-tools/libfreefare
   3 // Copyright (C) 2010, Romain Tartiere.
   4 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
   5 //
   6 // This program is free software: you can redistribute it and/or modify
   7 // it under the terms of the GNU General Public License as published by
   8 // the Free Software Foundation, either version 3 of the License, or
   9 // (at your option) any later version.
  10 //
  11 // This program is distributed in the hope that it will be useful,
  12 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 // GNU General Public License for more details.
  15 //
  16 // See LICENSE.txt for the text of the license.
  17 //-----------------------------------------------------------------------------
  18
  19 #ifndef __DESFIRE_CRYPTO_H
  20 #define __DESFIRE_CRYPTO_H
  21
  22 #include "common.h"
  23 #include "mifare.h"
  24 #include "desfire.h"
  25 #include "mbedtls/aes.h"
  26 #include "mbedtls/des.h"
  27
  28 /* Mifare DESFire EV1 Application crypto operations */
  29 //#define APPLICATION_CRYPTO_DES    0x00
  30 //#define APPLICATION_CRYPTO_3K3DES 0x40
  31 //#define APPLICATION_CRYPTO_AES    0x80
  32
  33 typedef enum {
  34     MCD_SEND,
  35     MCD_RECEIVE
  36 } MifareCryptoDirection;
  37
  38 typedef enum {
  39     MCO_ENCYPHER,
  40     MCO_DECYPHER
  41 } MifareCryptoOperation;
  42
  43 #define MDCM_MASK 0x000F
  44
  45 #define CMAC_NONE 0
  46
  47 // Data send to the PICC is used to update the CMAC
  48 #define CMAC_COMMAND 0x010
  49 // Data received from the PICC is used to update the CMAC
  50 #define CMAC_VERIFY  0x020
  51
  52 // MAC the command (when MDCM_MACED)
  53 #define MAC_COMMAND 0x100
  54 // The command returns a MAC to verify (when MDCM_MACED)
  55 #define MAC_VERIFY  0x200
  56
  57 #define ENC_COMMAND 0x1000
  58 #define NO_CRC      0x2000
  59
  60 #define MAC_MASK   0x0F0
  61 #define CMAC_MACK  0xF00
  62
  63 /* Communication mode */
  64 #define MDCM_PLAIN      0x00
  65 #define MDCM_MACED      0x01
  66 #define MDCM_ENCIPHERED 0x03
  67
  68 /* Error code managed by the library */
  69 #define CRYPTO_ERROR            0x01
  70
  71 typedef enum {
  72     AS_LEGACY,
  73     AS_NEW
  74 } DesfireAuthScheme;
  75
  76 /*
  77 typedef enum {
  78     MDFT_STANDARD_DATA_FILE             = 0x00,
  79     MDFT_BACKUP_DATA_FILE               = 0x01,
  80     MDFT_VALUE_FILE_WITH_BACKUP         = 0x02,
  81     MDFT_LINEAR_RECORD_FILE_WITH_BACKUP = 0x03,
  82     MDFT_CYCLIC_RECORD_FILE_WITH_BACKUP = 0x04
  83 } DesfireFileType;
  84
  85 typedef enum {
  86     OPERATION_OK                        = 0x00,
  87     NO_CHANGES                          = 0x0c,
  88     OUT_OF_EEPROM_ERROR                 = 0x0e,
  89     ILLEGAL_COMMAND_CODE                = 0x1c,
  90     INTEGRITY_ERROR                     = 0x1e,
  91     NO_SUCH_KEY                         = 0x40,
  92     LENGTH_ERROR                        = 0x7e,
  93     PERMISSION_DENIED                   = 0x9d,
  94     PARAMETER_ERROR                     = 0x9e,
  95     APPLICATION_NOT_FOUND               = 0xa0,
  96     APPL_INTEGRITY_ERROR                = 0xa1,
  97     AUTHENTICATION_ERROR                = 0xae,
  98     ADDITIONAL_FRAME                    = 0xaf,
  99     BOUNDARY_ERROR                      = 0xbe,
 100     PICC_INTEGRITY_ERROR                = 0xc1,
 101     COMMAND_ABORTED                     = 0xca,
 102     PICC_DISABLED_ERROR                 = 0xcd,
 103     COUNT_ERROR                         = 0xce,
 104     DUPLICATE_ERROR                     = 0xde,
 105     EEPROM_ERROR                        = 0xee,
 106     FILE_NOT_FOUND                      = 0xf0,
 107     FILE_INTEGRITY_ERROR                = 0xf1
 108 } DesfireStatus;
 109
 110 typedef enum {
 111     CREATE_APPLICATION                  = 0xca,
 112     DELETE_APPLICATION                  = 0xda,
 113     GET_APPLICATION_IDS                 = 0x6a,
 114     SELECT_APPLICATION                  = 0x5a,
 115     FORMAT_PICC                         = 0xfc,
 116     GET_VERSION                         = 0x60,
 117     READ_DATA                           = 0xbd,
 118     WRITE_DATA                          = 0x3d,
 119     GET_VALUE                           = 0x6c,
 120     CREDIT                              = 0x0c,
 121     DEBIT                               = 0xdc,
 122     LIMITED_CREDIT                      = 0x1c,
 123     WRITE_RECORD                        = 0x3b,
 124     READ_RECORDS                        = 0xbb,
 125     CLEAR_RECORD_FILE                   = 0xeb,
 126     COMMIT_TRANSACTION                  = 0xc7,
 127     ABORT_TRANSACTION                   = 0xa7,
 128     GET_FREE_MEMORY                     = 0x6e,
 129     GET_FILE_IDS                        = 0x6f,
 130     GET_FILE_SETTINGS                   = 0xf5,
 131     GET_DF_NAMES                        = 0x6d,
 132     CHANGE_FILE_SETTINGS                = 0x5f,
 133     CREATE_STD_DATA_FILE                = 0xcd,
 134     CREATE_BACKUP_DATA_FILE             = 0xcb,
 135     CREATE_VALUE_FILE                   = 0xcc,
 136     CREATE_LINEAR_RECORD_FILE           = 0xc1,
 137     CREATE_CYCLIC_RECORD_FILE           = 0xc0,
 138     DELETE_FILE                         = 0xdf,
 139     AUTHENTICATE                        = 0x0a,  // AUTHENTICATE_NATIVE
 140     AUTHENTICATE_ISO                    = 0x1a,  // AUTHENTICATE_STANDARD
 141     AUTHENTICATE_AES                    = 0xaa,
 142     CHANGE_KEY_SETTINGS                 = 0x54,
 143     GET_KEY_SETTINGS                    = 0x45,
 144     CHANGE_KEY                          = 0xc4,
 145     GET_KEY_VERSION                     = 0x64,
 146     AUTHENTICATION_FRAME                = 0xAF
 147 } DesfireCmd;
 148 */
 149
 150 #define DESFIRE_KEY(key) ((struct desfire_key *) key)
 151 struct desfire_key {
 152     DesfireCryptoAlgorithm type;
 153     uint8_t data[24];
 154     uint8_t cmac_sk1[24];
 155     uint8_t cmac_sk2[24];
 156     uint8_t aes_version;
 157 };
 158 typedef struct desfire_key *desfirekey_t;
 159
 160 #define DESFIRE(tag) ((struct desfire_tag *) tag)
 161 struct desfire_tag {
 162     iso14a_card_select_t info;
 163     int active;
 164     uint8_t last_picc_error;
 165     uint8_t last_internal_error;
 166     uint8_t last_pcd_error;
 167     desfirekey_t session_key;
 168     DesfireAuthScheme authentication_scheme;
 169     uint8_t authenticated_key_no;
 170
 171     uint8_t ivect[DESFIRE_MAX_CRYPTO_BLOCK_SIZE];
 172     uint8_t cmac[16];
 173     uint8_t *crypto_buffer;
 174     size_t crypto_buffer_size;
 175     uint32_t selected_application;
 176 };
 177 typedef struct desfire_tag *desfiretag_t;
 178 void des_encrypt(void *out, const void *in, const void *key);
 179 void des_decrypt(void *out, const void *in, const void *key);
 180 void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, uint8_t *iv, int keymode);
 181 void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, uint8_t *iv, int keymode);
 182
 183 void aes128_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[16]);
 184 void aes128_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[16]);
 185
 186 void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key);
 187 void Desfire_3des_key_new(const uint8_t value[16], desfirekey_t key);
 188 void Desfire_des_key_new_with_version(const uint8_t value[8], desfirekey_t key);
 189 void Desfire_3des_key_new_with_version(const uint8_t value[16], desfirekey_t key);
 190 void Desfire_3k3des_key_new(const uint8_t value[24], desfirekey_t key);
 191 void Desfire_3k3des_key_new_with_version(const uint8_t value[24], desfirekey_t key);
 192 void Desfire_2k3des_key_new_with_version(const uint8_t value[16], desfirekey_t key);
 193 void Desfire_aes_key_new(const uint8_t value[16], desfirekey_t key);
 194 void Desfire_aes_key_new_with_version(const uint8_t value[16], uint8_t version, desfirekey_t key);
 195 uint8_t Desfire_key_get_version(desfirekey_t key);
 196 void Desfire_key_set_version(desfirekey_t key, uint8_t version);
 197 void Desfire_session_key_new(const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey, desfirekey_t key);
 198
 199 void *mifare_cryto_preprocess_data(desfiretag_t tag, void *data, size_t *nbytes, size_t offset, int communication_settings);
 200 void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes, int communication_settings);
 201 void mifare_cypher_single_block(desfirekey_t  key, uint8_t *data, uint8_t *ivect, MifareCryptoDirection direction, MifareCryptoOperation operation, size_t block_size);
 202 void mifare_cypher_blocks_chained(desfiretag_t tag, desfirekey_t key, uint8_t *ivect, uint8_t *data, size_t data_size, MifareCryptoDirection direction, MifareCryptoOperation operation);
 203 size_t key_block_size(const desfirekey_t  key);
 204 size_t padded_data_length(const size_t nbytes, const size_t block_size);
 205 size_t maced_data_length(const desfirekey_t  key, const size_t nbytes);
 206 size_t enciphered_data_length(const desfiretag_t tag, const size_t nbytes, int communication_settings);
 207 void cmac_generate_subkeys(desfirekey_t key);
 208 void cmac(const desfirekey_t  key, uint8_t *ivect, const uint8_t *data, size_t len, uint8_t *cmac);
 209
 210 #endif