armsrc/optimized_cipher.h

   1 //-----------------------------------------------------------------------------
   2 // Borrowed initially from https://github.com/holiman/loclass
   3 // Copyright (C) 2014 Martin Holst Swende
   4 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
   5 //
   6 // This program is free software: you can redistribute it and/or modify
   7 // it under the terms of the GNU General Public License as published by
   8 // the Free Software Foundation, either version 3 of the License, or
   9 // (at your option) any later version.
  10 //
  11 // This program is distributed in the hope that it will be useful,
  12 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 // GNU General Public License for more details.
  15 //
  16 // See LICENSE.txt for the text of the license.
  17 //-----------------------------------------------------------------------------
  18 // WARNING
  19 //
  20 // THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY.
  21 //
  22 // USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL
  23 // PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL,
  24 // AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES.
  25 //
  26 // THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS.
  27 //-----------------------------------------------------------------------------
  28 // It is a reconstruction of the cipher engine used in iClass, and RFID techology.
  29 //
  30 // The implementation is based on the work performed by
  31 // Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and
  32 // Milosch Meriac in the paper "Dismantling IClass".
  33 //-----------------------------------------------------------------------------
  34 #ifndef OPTIMIZED_CIPHER_H
  35 #define OPTIMIZED_CIPHER_H
  36
  37 #include "common.h"
  38 #include "string.h"
  39 /**
  40 * Definition 1 (Cipher state). A cipher state of iClass s is an element of F 40/2
  41 * consisting of the following four components:
  42 *   1. the left register l = (l 0 . . . l 7 ) ∈ F 8/2 ;
  43 *   2. the right register r = (r 0 . . . r 7 ) ∈ F 8/2 ;
  44 *   3. the top register t = (t 0 . . . t 15 ) ∈ F 16/2 .
  45 *   4. the bottom register b = (b 0 . . . b 7 ) ∈ F 8/2 .
  46 **/
  47 typedef struct {
  48     uint8_t l;
  49     uint8_t r;
  50     uint8_t b;
  51     uint16_t t;
  52 } State_t;
  53
  54 /** The reader MAC is MAC(key, CC * NR )
  55  **/
  56 void opt_doReaderMAC(uint8_t *cc_nr_p, uint8_t *div_key_p, uint8_t mac[4]);
  57
  58 void opt_doReaderMAC_2(State_t _init,  uint8_t *nr, uint8_t mac[4], const uint8_t *div_key_p);
  59
  60 /**
  61  * The tag MAC is MAC(key, CC * NR * 32x0))
  62  */
  63 void opt_doTagMAC(uint8_t *cc_p, const uint8_t *div_key_p, uint8_t mac[4]);
  64
  65 /**
  66  * The tag MAC can be divided (both can, but no point in dividing the reader mac) into
  67  * two functions, since the first 8 bytes are known, we can pre-calculate the state
  68  * reached after feeding CC to the cipher.
  69  * @param cc_p
  70  * @param div_key_p
  71  * @return the cipher state
  72  */
  73 State_t opt_doTagMAC_1(uint8_t *cc_p, const uint8_t *div_key_p);
  74 /**
  75  * The second part of the tag MAC calculation, since the CC is already calculated into the state,
  76  * this function is fed only the NR, and internally feeds the remaining 32 0-bits to generate the tag
  77  * MAC response.
  78  * @param _init - precalculated cipher state
  79  * @param nr - the reader challenge
  80  * @param mac - where to store the MAC
  81  * @param div_key_p - the key to use
  82  */
  83 void opt_doTagMAC_2(State_t _init, uint8_t *nr, uint8_t mac[4], const uint8_t *div_key_p);
  84
  85 void doMAC_N(uint8_t *in_p, uint8_t in_size, uint8_t *div_key_p, uint8_t mac[4]);
  86 void iclass_calc_div_key(uint8_t *csn, uint8_t *key, uint8_t *div_key, bool elite);
  87 #endif // OPTIMIZED_CIPHER_H