From a22e162ce9fcdd6a2e2fddf0fa4a32806081c2bf Mon Sep 17 00:00:00 2001
From: merlokk <807634+merlokk@users.noreply.github.com>
Date: Mon, 9 Aug 2021 20:23:07 +0300
Subject: [PATCH] remove old crypto file
---
client/CMakeLists.txt | 1 -
client/Makefile | 1 -
client/src/mifare/desfire_crypto.c | 930 -----------------------------
client/src/mifare/desfire_crypto.h | 144 -----
4 files changed, 1076 deletions(-)
delete mode 100644 client/src/mifare/desfire_crypto.c
delete mode 100644 client/src/mifare/desfire_crypto.h
diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt
index 64dd713a3..4eca55906 100644
--- a/client/CMakeLists.txt
+++ b/client/CMakeLists.txt
@@ -228,7 +228,6 @@ set (TARGET_SOURCES
${PM3_ROOT}/client/src/mifare/mifaredefault.c
${PM3_ROOT}/client/src/mifare/mifarehost.c
${PM3_ROOT}/client/src/nfc/ndef.c
- ${PM3_ROOT}/client/src/mifare/desfire_crypto.c
${PM3_ROOT}/client/src/mifare/desfirecrypto.c
${PM3_ROOT}/client/src/mifare/desfiresecurechan.c
${PM3_ROOT}/client/src/mifare/desfirecore.c
diff --git a/client/Makefile b/client/Makefile
index bcdfb7140..ef9913149 100644
--- a/client/Makefile
+++ b/client/Makefile
@@ -588,7 +588,6 @@ SRCS = mifare/aiddesfire.c \
loclass/cipherutils.c \
loclass/elite_crack.c \
loclass/ikeys.c \
- mifare/desfire_crypto.c \
mifare/desfirecrypto.c \
mifare/desfirecore.c \
mifare/desfiresecurechan.c \
diff --git a/client/src/mifare/desfire_crypto.c b/client/src/mifare/desfire_crypto.c
deleted file mode 100644
index 7ee2f542c..000000000
--- a/client/src/mifare/desfire_crypto.c
+++ /dev/null
@@ -1,930 +0,0 @@
-/*-
- * Copyright (C) 2010, Romain Tartiere.
- * Copyright (C) 2021 Merlok
- *
- * This program is free software: you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as published by the
- * Free Software Foundation, either version 3 of the License, or (at your
- * option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see
- *
- * $Id$
- */
-
-/*
- * This implementation was written based on information provided by the
- * following documents:
- *
- * NIST Special Publication 800-38B
- * Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication
- * May 2005
- */
-#include "desfire_crypto.h"
-#include
-#include
-#include
-#include "commonutil.h"
-#include "crypto/libpcrypto.h"
-#include "aes.h"
-#include "des.h"
-#include "ui.h"
-#include "crc.h"
-#include "crc16.h" // crc16 ccitt
-#include "crc32.h"
-
-#ifndef AddCrc14A
-# define AddCrc14A(data, len) compute_crc(CRC_14443_A, (data), (len), (data)+(len), (data)+(len)+1)
-#endif
-
-static inline void update_key_schedules(desfirekey_t key);
-
-static inline void update_key_schedules(desfirekey_t key) {
- // DES_set_key ((DES_cblock *)key->data, &(key->ks1));
- // DES_set_key ((DES_cblock *)(key->data + 8), &(key->ks2));
- // if (T_3K3DES == key->type) {
- // DES_set_key ((DES_cblock *)(key->data + 16), &(key->ks3));
- // }
-}
-
-/******************************************************************************/
-
-void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode) {
- if (length % 8)
- return;
-
- mbedtls_des3_context ctx3;
- if (keymode == 2)
- mbedtls_des3_set2key_dec(&ctx3, key);
- else
- mbedtls_des3_set3key_dec(&ctx3, key);
-
- uint8_t i;
- unsigned char temp[8];
- uint8_t *tin = (uint8_t *) in;
- uint8_t *tout = (uint8_t *) out;
-
- while (length > 0) {
- memcpy(temp, tin, 8);
-
- mbedtls_des3_crypt_ecb(&ctx3, tin, tout);
-
- for (i = 0; i < 8; i++) {
- tout[i] = (unsigned char)(tout[i] ^ iv[i]);
- }
-
- memcpy(iv, temp, 8);
-
- tin += 8;
- tout += 8;
- length -= 8;
- }
-}
-
-void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode) {
- if (length % 8)
- return;
-
- mbedtls_des3_context ctx3;
-
- if (keymode == 2)
- mbedtls_des3_set2key_enc(&ctx3, key);
- else
- mbedtls_des3_set3key_enc(&ctx3, key);
-
- uint8_t i;
- uint8_t *tin = (uint8_t *) in;
- uint8_t *tout = (uint8_t *) out;
-
- while (length > 0) {
- for (i = 0; i < 8; i++) {
- tin[i] = (unsigned char)(tin[i] ^ iv[i]);
- }
-
- mbedtls_des3_crypt_ecb(&ctx3, tin, tout);
-
- memcpy(iv, tout, 8);
-
- tin += 8;
- tout += 8;
- length -= 8;
- }
-}
-
-
-void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key) {
- uint8_t data[8];
- memcpy(data, value, 8);
- for (int n = 0; n < 8; n++) {
- data[n] &= 0xFE;
- }
- Desfire_des_key_new_with_version(data, key);
-}
-
-void Desfire_des_key_new_with_version(const uint8_t value[8], desfirekey_t key) {
- if (key != NULL) {
- key->type = T_DES;
- memcpy(key->data, value, 8);
- memcpy(key->data + 8, value, 8);
- update_key_schedules(key);
- }
-}
-
-void Desfire_3des_key_new(const uint8_t value[16], desfirekey_t key) {
- uint8_t data[16];
- memcpy(data, value, 16);
- for (int n = 0; n < 8; n++) {
- data[n] &= 0xFE;
- }
- for (int n = 8; n < 16; n++) {
- data[n] |= 0x01;
- }
- Desfire_3des_key_new_with_version(data, key);
-}
-
-void Desfire_3des_key_new_with_version(const uint8_t value[16], desfirekey_t key) {
- if (key != NULL) {
- key->type = T_3DES;
- memcpy(key->data, value, 16);
- update_key_schedules(key);
- }
-}
-
-void Desfire_3k3des_key_new(const uint8_t value[24], desfirekey_t key) {
- uint8_t data[24];
- memcpy(data, value, 24);
- for (int n = 0; n < 8; n++) {
- data[n] &= 0xFE;
- }
- Desfire_3k3des_key_new_with_version(data, key);
-}
-
-void Desfire_3k3des_key_new_with_version(const uint8_t value[24], desfirekey_t key) {
- if (key != NULL) {
- key->type = T_3K3DES;
- memcpy(key->data, value, 24);
- update_key_schedules(key);
- }
-}
-
-void Desfire_aes_key_new(const uint8_t value[16], desfirekey_t key) {
- Desfire_aes_key_new_with_version(value, 0, key);
-}
-
-void Desfire_aes_key_new_with_version(const uint8_t value[16], uint8_t version, desfirekey_t key) {
- if (key != NULL) {
- memcpy(key->data, value, 16);
- key->type = T_AES;
- key->aes_version = version;
- }
-}
-
-uint8_t Desfire_key_get_version(desfirekey_t key) {
- uint8_t version = 0;
-
- for (int n = 0; n < 8; n++) {
- version |= ((key->data[n] & 1) << (7 - n));
- }
- return version;
-}
-
-void Desfire_key_set_version(desfirekey_t key, uint8_t version) {
- for (int n = 0; n < 8; n++) {
- uint8_t version_bit = ((version & (1 << (7 - n))) >> (7 - n));
-
- key->data[n] &= 0xFE;
- key->data[n] |= version_bit;
-
- if (key->type == T_DES) {
- key->data[n + 8] = key->data[n];
- } else {
- // Write ~version to avoid turning a 3DES key into a DES key
- key->data[n + 8] &= 0xFE;
- key->data[n + 8] |= ~version_bit;
- }
- }
-}
-
-void Desfire_session_key_new(const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey, desfirekey_t key) {
-
- uint8_t buffer[24];
-
- switch (authkey->type) {
- case T_DES:
- memcpy(buffer, rnda, 4);
- memcpy(buffer + 4, rndb, 4);
- Desfire_des_key_new_with_version(buffer, key);
- break;
- case T_3DES:
- memcpy(buffer, rnda, 4);
- memcpy(buffer + 4, rndb, 4);
- memcpy(buffer + 8, rnda + 4, 4);
- memcpy(buffer + 12, rndb + 4, 4);
- Desfire_3des_key_new_with_version(buffer, key);
- break;
- case T_3K3DES:
- memcpy(buffer, rnda, 4);
- memcpy(buffer + 4, rndb, 4);
- memcpy(buffer + 8, rnda + 6, 4);
- memcpy(buffer + 12, rndb + 6, 4);
- memcpy(buffer + 16, rnda + 12, 4);
- memcpy(buffer + 20, rndb + 12, 4);
- Desfire_3k3des_key_new(buffer, key);
- break;
- case T_AES:
- memcpy(buffer, rnda, 4);
- memcpy(buffer + 4, rndb, 4);
- memcpy(buffer + 8, rnda + 12, 4);
- memcpy(buffer + 12, rndb + 12, 4);
- Desfire_aes_key_new(buffer, key);
- break;
- }
-}
-
-static size_t key_macing_length(desfirekey_t key);
-
-// iceman, see memxor inside string.c, dest/src swapped..
-static void xor(const uint8_t *ivect, uint8_t *data, const size_t len) {
- for (size_t i = 0; i < len; i++) {
- data[i] ^= ivect[i];
- }
-}
-
-void cmac_generate_subkeys(desfirekey_t key, MifareCryptoDirection direction) {
- int kbs = key_block_size(key);
- const uint8_t R = (kbs == 8) ? 0x1B : 0x87;
-
- uint8_t l[kbs];
- memset(l, 0, kbs);
-
- uint8_t ivect[kbs];
- memset(ivect, 0, kbs);
-
- mifare_cypher_blocks_chained(NULL, key, ivect, l, kbs, direction, MCO_ENCYPHER);
-
- bool txor = false;
-
- // Used to compute CMAC on complete blocks
- memcpy(key->cmac_sk1, l, kbs);
- txor = l[0] & 0x80;
- lsl(key->cmac_sk1, kbs);
- if (txor) {
- key->cmac_sk1[kbs - 1] ^= R;
- }
-
- // Used to compute CMAC on the last block if non-complete
- memcpy(key->cmac_sk2, key->cmac_sk1, kbs);
- txor = key->cmac_sk1[0] & 0x80;
- lsl(key->cmac_sk2, kbs);
- if (txor) {
- key->cmac_sk2[kbs - 1] ^= R;
- }
-}
-
-void cmac(const desfirekey_t key, uint8_t *ivect, const uint8_t *data, size_t len, uint8_t *cmac) {
- int kbs = key_block_size(key);
- if (kbs == 0) {
- return;
- }
-
- uint8_t *buffer = calloc(padded_data_length(len, kbs), sizeof(uint8_t));
- if (buffer == NULL) {
- PrintAndLogEx(WARNING, "failed to allocate memory");
- return;
- }
-
- memcpy(buffer, data, len);
-
- if ((!len) || (len % kbs)) {
- buffer[len++] = 0x80;
- while (len % kbs) {
- buffer[len++] = 0x00;
- }
- xor(key->cmac_sk2, buffer + len - kbs, kbs);
- } else {
- xor(key->cmac_sk1, buffer + len - kbs, kbs);
- }
-
- mifare_cypher_blocks_chained(NULL, key, ivect, buffer, len, MCD_SEND, MCO_ENCYPHER);
-
- memcpy(cmac, ivect, kbs);
- free(buffer);
-}
-
-// This function is almot like cmac(...). but with some key differences.
-void mifare_kdf_an10922(const desfirekey_t key, const uint8_t *data, size_t len) {
- int kbs = key_block_size(key);
- if (key == NULL || kbs == 0 || data == NULL || len < 1 || len > 31) {
- return;
- }
-
- // AES uses 16 byte IV
- if (kbs < 16)
- kbs = 16;
- int kbs2 = kbs * 2;
-
- cmac_generate_subkeys(key, MCD_SEND);
-
- // reserv atleast 32bytes.
- uint8_t *buffer = calloc(len, sizeof(uint8_t));
- if (buffer == NULL) {
- PrintAndLogEx(WARNING, "failed to allocate memory");
- return;
- }
- uint8_t *ivect = calloc(kbs, sizeof(uint8_t));
- if (ivect == NULL) {
- PrintAndLogEx(WARNING, "failed to allocate memory");
- free(buffer);
- return;
- }
-
- buffer[0] = 0x01;
- memcpy(&buffer[1], data, len++);
-
- if (len != (kbs2)) {
- buffer[len++] = 0x80;
- while (len % kbs2) {
- buffer[len++] = 0x00;
- }
- xor(key->cmac_sk2, buffer + kbs, kbs);
- } else {
- xor(key->cmac_sk1, buffer + kbs, kbs);
- }
-
- mbedtls_aes_context actx;
- mbedtls_aes_init(&actx);
- mbedtls_aes_setkey_enc(&actx, key->data, kbs * 8);
- mbedtls_aes_crypt_cbc(&actx, MBEDTLS_AES_ENCRYPT, kbs2, ivect, buffer, buffer);
- mbedtls_aes_free(&actx);
-
- memcpy(key->data, buffer + kbs, kbs);
- free(ivect);
- free(buffer);
-}
-
-size_t key_block_size(const desfirekey_t key) {
- if (key == NULL) {
- return 0;
- }
- return desfire_get_key_block_length(key->type);
-}
-
-/*
- * Size of MACing produced with the key.
- */
-static size_t key_macing_length(const desfirekey_t key) {
- size_t mac_length = MAC_LENGTH;
- switch (key->type) {
- case T_DES:
- case T_3DES:
- mac_length = MAC_LENGTH;
- break;
- case T_3K3DES:
- case T_AES:
- mac_length = CMAC_LENGTH;
- break;
- }
- return mac_length;
-}
-
-/*
- * Buffer size required to MAC nbytes of data
- */
-size_t maced_data_length(const desfirekey_t key, const size_t nbytes) {
- return nbytes + key_macing_length(key);
-}
-/*
- * Buffer size required to encipher nbytes of data and a two bytes CRC.
- */
-size_t enciphered_data_length(const desfiretag_t tag, const size_t nbytes, int communication_settings) {
- size_t crc_length = 0;
- if (!(communication_settings & NO_CRC)) {
- switch (DESFIRE(tag)->authentication_scheme) {
- case AS_LEGACY:
- crc_length = 2;
- break;
- case AS_NEW:
- crc_length = 4;
- break;
- }
- }
-
- size_t block_size = DESFIRE(tag)->session_key ? key_block_size(DESFIRE(tag)->session_key) : 1;
-
- return padded_data_length(nbytes + crc_length, block_size);
-}
-
-void *mifare_cryto_preprocess_data(desfiretag_t tag, void *data, size_t *nbytes, size_t offset, int communication_settings) {
- uint8_t *res = data;
- uint8_t mac[4];
- size_t edl;
- bool append_mac = true;
- desfirekey_t key = DESFIRE(tag)->session_key;
-
- if (!key)
- return data;
-
- switch (communication_settings & MDCM_MASK) {
- case MDCM_PLAIN: {
- if (AS_LEGACY == DESFIRE(tag)->authentication_scheme)
- break;
-
- /*
- * When using new authentication methods, PLAIN data transmission from
- * the PICC to the PCD are CMACed, so we have to maintain the
- * cryptographic initialisation vector up-to-date to check data
- * integrity later.
- *
- * The only difference with CMACed data transmission is that the CMAC
- * is not apended to the data send by the PCD to the PICC.
- */
-
- append_mac = false;
- }
- /* pass through */
- case MDCM_MACED: {
- communication_settings |= NO_CRC;
-
- switch (DESFIRE(tag)->authentication_scheme) {
- case AS_LEGACY:
- if (!(communication_settings & MAC_COMMAND))
- break;
-
- /* pass through */
- edl = padded_data_length(*nbytes - offset, key_block_size(DESFIRE(tag)->session_key)) + offset;
-
- // Fill in the crypto buffer with data ...
- memcpy(res, data, *nbytes);
- // ... and 0 padding
- memset(res + *nbytes, 0, edl - *nbytes);
-
- mifare_cypher_blocks_chained(tag, NULL, NULL, res + offset, edl - offset, MCD_SEND, MCO_ENCYPHER);
-
- memcpy(mac, res + edl - 8, 4);
-
- // Copy again provided data (was overwritten by mifare_cypher_blocks_chained)
- memcpy(res, data, *nbytes);
-
- if (!(communication_settings & MAC_COMMAND))
- break;
- // Append MAC
- size_t bla = maced_data_length(DESFIRE(tag)->session_key, *nbytes - offset) + offset;
- bla++;
-
- memcpy(res + *nbytes, mac, 4);
-
- *nbytes += 4;
- break;
- case AS_NEW:
- if (!(communication_settings & CMAC_COMMAND))
- break;
- cmac(key, DESFIRE(tag)->ivect, res, *nbytes, DESFIRE(tag)->cmac);
-
- if (append_mac) {
- size_t len = maced_data_length(key, *nbytes);
- ++len;
- memcpy(res, data, *nbytes);
- memcpy(res + *nbytes, DESFIRE(tag)->cmac, CMAC_LENGTH);
- *nbytes += CMAC_LENGTH;
- }
- break;
- }
-
- break;
- }
- case MDCM_ENCIPHERED: {
- /* |<-------------- data -------------->|
- * |<--- offset -->| |
- * +---------------+--------------------+-----+---------+
- * | CMD + HEADERS | DATA TO BE SECURED | CRC | PADDING |
- * +---------------+--------------------+-----+---------+ ----------------
- * | |<~~~~v~~~~~~~~~~~~~>| ^ | | (DES / 3DES)
- * | | `---- crc16() ----' | |
- * | | | ^ | | ----- *or* -----
- * |<~~~~~~~~~~~~~~~~~~~~v~~~~~~~~~~~~~>| ^ | | (3K3DES / AES)
- * | `---- crc32() ----' | |
- * | | ---- *then* ----
- * |<---------------------------------->|
- * encypher()/decypher()
- */
-
- if (!(communication_settings & ENC_COMMAND))
- break;
-
- edl = enciphered_data_length(tag, *nbytes - offset, communication_settings) + offset;
-
- // Fill in the crypto buffer with data ...
- memcpy(res, data, *nbytes);
-
- if (!(communication_settings & NO_CRC)) {
- // ... CRC ...
- switch (DESFIRE(tag)->authentication_scheme) {
- case AS_LEGACY: {
- AddCrc14A(res + offset, *nbytes - offset);
- *nbytes += 2;
- break;
- }
- case AS_NEW: {
- crc32_append(res, *nbytes);
- *nbytes += 4;
- break;
- }
- }
- }
- // ... and padding
- memset(res + *nbytes, 0, edl - *nbytes);
-
- *nbytes = edl;
-
- mifare_cypher_blocks_chained(tag, NULL, NULL, res + offset, *nbytes - offset, MCD_SEND, (AS_NEW == DESFIRE(tag)->authentication_scheme) ? MCO_ENCYPHER : MCO_DECYPHER);
- break;
- }
- default: {
- *nbytes = -1;
- res = NULL;
- break;
- }
- }
-
- return res;
-
-}
-
-void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes, int communication_settings) {
- void *res = data;
- void *edata = NULL;
- tag->crypto_buffer_size = *nbytes * 2;
- tag->crypto_buffer = (uint8_t *)calloc(tag->crypto_buffer_size, sizeof(uint8_t));
-
- uint8_t first_cmac_byte = 0x00;
-
- desfirekey_t key = DESFIRE(tag)->session_key;
-
- if (!key)
- return data;
-
- // Return directly if we just have a status code.
- if (1 == *nbytes)
- return res;
-
- switch (communication_settings & MDCM_MASK) {
- case MDCM_PLAIN:
-
- if (AS_LEGACY == DESFIRE(tag)->authentication_scheme)
- break;
-
- /* pass through */
- case MDCM_MACED:
- communication_settings |= NO_CRC;
- switch (DESFIRE(tag)->authentication_scheme) {
- case AS_LEGACY:
- if (communication_settings & MAC_VERIFY) {
- *nbytes -= key_macing_length(key);
- if (*nbytes == 0) {
- *nbytes = -1;
- res = NULL;
-#ifdef WITH_DEBUG
- Dbprintf("No room for MAC!");
-#endif
- break;
- }
-
- size_t edl = enciphered_data_length(tag, *nbytes, communication_settings);
- edata = calloc(edl, sizeof(uint8_t));
-
- memcpy(edata, data, *nbytes);
- memset((uint8_t *)edata + *nbytes, 0, edl - *nbytes);
-
- mifare_cypher_blocks_chained(tag, NULL, NULL, edata, edl, MCD_SEND, MCO_ENCYPHER);
-
- if (0 != memcmp((uint8_t *)data + *nbytes, (uint8_t *)edata + edl - 8, 4)) {
-#ifdef WITH_DEBUG
- PrintAndLogEx(NORMAL, "Expected MAC %s", sprint_hex(data + *nbytes, key_macing_length(key)));
- PrintAndLogEx(NORMAL, "Actual MAC %s", sprint_hex(edata + edl - 8, key_macing_length(key)));
-#endif
-#ifdef WITH_DEBUG
- Dbprintf("MACing not verified");
- hexdump((uint8_t *)data + *nbytes, key_macing_length(key), "Expect ", 0);
- hexdump((uint8_t *)edata + edl - 8, key_macing_length(key), "Actual ", 0);
-#endif
- DESFIRE(tag)->last_pcd_error = CRYPTO_ERROR;
- *nbytes = -1;
- res = NULL;
- }
- }
- break;
- case AS_NEW:
- if (!(communication_settings & CMAC_COMMAND))
- break;
- if (communication_settings & CMAC_VERIFY) {
- if (*nbytes < 9) {
- *nbytes = -1;
- res = NULL;
- break;
- }
- first_cmac_byte = ((uint8_t *)data)[*nbytes - 9];
- ((uint8_t *)data)[*nbytes - 9] = ((uint8_t *)data)[*nbytes - 1];
- }
-
- int n = (communication_settings & CMAC_VERIFY) ? 8 : 0;
- cmac(key, DESFIRE(tag)->ivect, ((uint8_t *)data), *nbytes - n, DESFIRE(tag)->cmac);
-
- if (communication_settings & CMAC_VERIFY) {
- ((uint8_t *)data)[*nbytes - 9] = first_cmac_byte;
- if (0 != memcmp(DESFIRE(tag)->cmac, (uint8_t *)data + *nbytes - 9, 8)) {
-#ifdef WITH_DEBUG
- Dbprintf("CMAC NOT verified :-(");
- hexdump((uint8_t *)data + *nbytes - 9, 8, "Expect ", 0);
- hexdump(DESFIRE(tag)->cmac, 8, "Actual ", 0);
-#endif
- DESFIRE(tag)->last_pcd_error = CRYPTO_ERROR;
- *nbytes = -1;
- res = NULL;
- } else {
- *nbytes -= 8;
- }
- }
- break;
- }
-
- free(edata);
-
- break;
- case MDCM_ENCIPHERED: {
- bool verified = false;
- int crc_pos = 0x00;
- int end_crc_pos = 0x00;
- uint8_t x;
-
- /*
- * AS_LEGACY:
- * ,-----------------+-------------------------------+--------+
- * \ BLOCK n-1 | BLOCK n | STATUS |
- * / PAYLOAD | CRC0 | CRC1 | 0x80? | 0x000000000000 | 0x9100 |
- * `-----------------+-------------------------------+--------+
- *
- * <------------ DATA ------------>
- * FRAME = PAYLOAD + CRC(PAYLOAD) + PADDING
- *
- * AS_NEW:
- * ,-------------------------------+-----------------------------------------------+--------+
- * \ BLOCK n-1 | BLOCK n | STATUS |
- * / PAYLOAD | CRC0 | CRC1 | CRC2 | CRC3 | 0x80? | 0x0000000000000000000000000000 | 0x9100 |
- * `-------------------------------+-----------------------------------------------+--------+
- * <----------------------------------- DATA ------------------------------------->|
- *
- * <----------------- DATA ---------------->
- * FRAME = PAYLOAD + CRC(PAYLOAD + STATUS) + PADDING + STATUS
- * `------------------'
- */
-
- mifare_cypher_blocks_chained(tag, NULL, NULL, res, *nbytes, MCD_RECEIVE, MCO_DECYPHER);
-
- /*
- * Look for the CRC and ensure it is followed by NULL padding. We
- * can't start by the end because the CRC is supposed to be 0 when
- * verified, and accumulating 0's in it should not change it.
- */
- switch (DESFIRE(tag)->authentication_scheme) {
- case AS_LEGACY:
- crc_pos = *nbytes - 8 - 1; // The CRC can be over two blocks
- if (crc_pos < 0) {
- /* Single block */
- crc_pos = 0;
- }
- break;
- case AS_NEW:
- /* Move status between payload and CRC */
- res = DESFIRE(tag)->crypto_buffer;
- if (res != NULL) {
- memcpy(res, data, *nbytes);
-
- size_t padding_start_pos = *nbytes - 1;
- while (padding_start_pos > 0 && ((uint8_t *) res)[padding_start_pos] == 0x00) {
- padding_start_pos--;
- }
- //TODO: Add support for cases where there is no padding. Uncommon but possible.
- crc_pos = padding_start_pos - 4;
-
- memcpy((uint8_t *) res + crc_pos + 1, (uint8_t *) res + crc_pos, *nbytes - crc_pos);
- ((uint8_t *) res)[crc_pos] = 0x00;
- crc_pos++;
- *nbytes += 1;
- }
- break;
- }
-
- do {
- uint16_t crc_16 = 0x00;
- uint32_t crc = 0x00;
- switch (DESFIRE(tag)->authentication_scheme) {
- case AS_LEGACY:
- AddCrc14A((uint8_t *)res, end_crc_pos);
- end_crc_pos = crc_pos + 2;
- //
-
-
- crc = crc_16;
- break;
- case AS_NEW:
- end_crc_pos = crc_pos + 4;
- crc32_ex(res, end_crc_pos, (uint8_t *)&crc);
- break;
- }
- if (!crc) {
- verified = true;
- for (int n = end_crc_pos; n < *nbytes - 1; n++) {
- uint8_t byte = ((uint8_t *)res)[n];
- if (!((0x00 == byte) || ((0x80 == byte) && (n == end_crc_pos))))
- verified = false;
- }
- }
- if (verified) {
- *nbytes = crc_pos;
- switch (DESFIRE(tag)->authentication_scheme) {
- case AS_LEGACY:
- ((uint8_t *)data)[(*nbytes)++] = 0x00;
- break;
- case AS_NEW:
- *nbytes = crc_pos - 1;
- /* The status byte was already before the CRC */
- break;
- }
- } else {
- switch (DESFIRE(tag)->authentication_scheme) {
- case AS_LEGACY:
- break;
- case AS_NEW:
- x = ((uint8_t *)res)[crc_pos - 1];
- ((uint8_t *)res)[crc_pos - 1] = ((uint8_t *)res)[crc_pos];
- ((uint8_t *)res)[crc_pos] = x;
- break;
- }
- crc_pos++;
- }
- } while (!verified && (end_crc_pos < *nbytes));
-
- if (!verified) {
-#ifdef WITH_DEBUG
- /* FIXME In some configurations, the file is transmitted PLAIN */
- Dbprintf("CRC not verified in decyphered stream");
-#endif
- DESFIRE(tag)->last_pcd_error = CRYPTO_ERROR;
- *nbytes = -1;
- res = NULL;
- }
-
- break;
- }
- default:
- PrintAndLogEx(ERR, "Unknown communication settings");
- *nbytes = -1;
- res = NULL;
- break;
-
- }
- free(tag->crypto_buffer);
- tag->crypto_buffer_size = 0;
- tag->crypto_buffer = NULL;
- return res;
-}
-
-
-void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, MifareCryptoDirection direction, MifareCryptoOperation operation, size_t block_size) {
- uint8_t ovect[MAX_CRYPTO_BLOCK_SIZE];
- if (direction == MCD_SEND) {
- xor(ivect, data, block_size);
- } else {
- memcpy(ovect, data, block_size);
- }
-
- uint8_t edata[MAX_CRYPTO_BLOCK_SIZE];
-
- switch (key->type) {
- case T_DES:
- switch (operation) {
- case MCO_ENCYPHER:
- //DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT);
- des_encrypt(edata, data, key->data);
- break;
- case MCO_DECYPHER:
- //DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT);
- des_decrypt(edata, data, key->data);
- break;
- }
- break;
- case T_3DES:
- switch (operation) {
- case MCO_ENCYPHER: {
- mbedtls_des3_context ctx3;
- mbedtls_des3_set2key_enc(&ctx3, key->data);
- mbedtls_des3_crypt_ecb(&ctx3, data, edata);
- // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT);
- // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT);
- // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT);
- break;
- }
- case MCO_DECYPHER: {
- mbedtls_des3_context ctx3;
- mbedtls_des3_set2key_dec(&ctx3, key->data);
- mbedtls_des3_crypt_ecb(&ctx3, data, edata);
- // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT);
- // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT);
- // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT);
- break;
- }
- }
- break;
- case T_3K3DES:
- switch (operation) {
- case MCO_ENCYPHER: {
- mbedtls_des3_context ctx3;
- mbedtls_des3_set3key_enc(&ctx3, key->data);
- mbedtls_des3_crypt_ecb(&ctx3, data, edata);
- // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_ENCRYPT);
- // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_DECRYPT);
- // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_ENCRYPT);
- break;
- }
- case MCO_DECYPHER: {
- mbedtls_des3_context ctx3;
- mbedtls_des3_set3key_dec(&ctx3, key->data);
- mbedtls_des3_crypt_ecb(&ctx3, data, edata);
- // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks3), DES_DECRYPT);
- // DES_ecb_encrypt ((DES_cblock *) edata, (DES_cblock *) data, &(key->ks2), DES_ENCRYPT);
- // DES_ecb_encrypt ((DES_cblock *) data, (DES_cblock *) edata, &(key->ks1), DES_DECRYPT);
- break;
- }
- }
- break;
- case T_AES:
- switch (operation) {
- case MCO_ENCYPHER: {
- mbedtls_aes_context actx;
- mbedtls_aes_init(&actx);
- mbedtls_aes_setkey_enc(&actx, key->data, 128);
- mbedtls_aes_crypt_ecb(&actx, MBEDTLS_AES_ENCRYPT, data, edata);
- mbedtls_aes_free(&actx);
- break;
- }
- case MCO_DECYPHER: {
- mbedtls_aes_context actx;
- mbedtls_aes_init(&actx);
- mbedtls_aes_setkey_dec(&actx, key->data, 128);
- mbedtls_aes_crypt_ecb(&actx, MBEDTLS_AES_DECRYPT, data, edata);
- mbedtls_aes_free(&actx);
- break;
- }
- }
- break;
- }
-
- memcpy(data, edata, block_size);
-
- if (direction == MCD_SEND) {
- memcpy(ivect, data, block_size);
- } else {
- xor(ivect, data, block_size);
- memcpy(ivect, ovect, block_size);
- }
-}
-
-/*
- * This function performs all CBC cyphering / deciphering.
- *
- * The tag argument may be NULL, in which case both key and ivect shall be set.
- * When using the tag session_key and ivect for processing data, these
- * arguments should be set to NULL.
- *
- * Because the tag may contain additional data, one may need to call this
- * function with tag, key and ivect defined.
- */
-void mifare_cypher_blocks_chained(desfiretag_t tag, desfirekey_t key, uint8_t *ivect, uint8_t *data, size_t data_size, MifareCryptoDirection direction, MifareCryptoOperation operation) {
- if (tag) {
- if (key == NULL)
- key = DESFIRE(tag)->session_key;
- if (ivect == NULL)
- ivect = DESFIRE(tag)->ivect;
-
- switch (DESFIRE(tag)->authentication_scheme) {
- case AS_LEGACY:
- memset(ivect, 0, MAX_CRYPTO_BLOCK_SIZE);
- break;
- case AS_NEW:
- break;
- }
- }
-
- size_t block_size = key_block_size(key);
- size_t offset = 0;
- while (offset < data_size) {
- mifare_cypher_single_block(key, data + offset, ivect, direction, operation, block_size);
- offset += block_size;
- }
-}
diff --git a/client/src/mifare/desfire_crypto.h b/client/src/mifare/desfire_crypto.h
deleted file mode 100644
index 160af81bd..000000000
--- a/client/src/mifare/desfire_crypto.h
+++ /dev/null
@@ -1,144 +0,0 @@
-/*-
- * Copyright (C) 2010, Romain Tartiere.
- * Copyright (C) 2021 Merlok
- *
- * This program is free software: you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as published by the
- * Free Software Foundation, either version 3 of the License, or (at your
- * option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see
- *
- * $Id$
- */
-
-#ifndef __DESFIRE_CRYPTO_H
-#define __DESFIRE_CRYPTO_H
-
-#include "common.h"
-#include "mifare.h" // structs
-#include "crc32.h"
-#include "crypto/libpcrypto.h"
-#include "mifare/desfirecrypto.h"
-
-
-/* Mifare DESFire EV1 Application crypto operations */
-#define APPLICATION_CRYPTO_DES 0x00
-#define APPLICATION_CRYPTO_3K3DES 0x40
-#define APPLICATION_CRYPTO_AES 0x80
-
-#define MAC_LENGTH 4
-#define CMAC_LENGTH 8
-
-typedef enum {
- MCD_SEND,
- MCD_RECEIVE
-} MifareCryptoDirection;
-
-typedef enum {
- MCO_ENCYPHER,
- MCO_DECYPHER
-} MifareCryptoOperation;
-
-#define MDCM_MASK 0x000F
-
-#define CMAC_NONE 0
-
-// Data send to the PICC is used to update the CMAC
-#define CMAC_COMMAND 0x010
-// Data received from the PICC is used to update the CMAC
-#define CMAC_VERIFY 0x020
-
-// MAC the command (when MDCM_MACED)
-#define MAC_COMMAND 0x100
-// The command returns a MAC to verify (when MDCM_MACED)
-#define MAC_VERIFY 0x200
-
-#define ENC_COMMAND 0x1000
-#define NO_CRC 0x2000
-
-#define MAC_MASK 0x0F0
-#define CMAC_MACK 0xF00
-
-/* Communication mode */
-#define MDCM_PLAIN 0x00
-#define MDCM_MACED 0x01
-#define MDCM_ENCIPHERED 0x03
-
-/* Error code managed by the library */
-#define CRYPTO_ERROR 0x01
-
-enum DESFIRE_AUTH_SCHEME {
- AS_LEGACY,
- AS_NEW
-};
-
-#define DESFIRE_KEY(key) ((struct desfire_key *) key)
-struct desfire_key {
- enum DESFIRE_CRYPTOALGO type;
- uint8_t data[24];
- uint8_t cmac_sk1[24];
- uint8_t cmac_sk2[24];
- uint8_t aes_version;
-};
-typedef struct desfire_key *desfirekey_t;
-
-#define DESFIRE(tag) ((struct desfire_tag *) tag)
-struct desfire_tag {
- iso14a_card_select_t info;
- int active;
- uint8_t last_picc_error;
- uint8_t last_internal_error;
- uint8_t last_pcd_error;
- desfirekey_t session_key;
- enum DESFIRE_AUTH_SCHEME authentication_scheme;
- uint8_t authenticated_key_no;
-
- uint8_t ivect[MAX_CRYPTO_BLOCK_SIZE];
- uint8_t cmac[16];
- uint8_t *crypto_buffer;
- size_t crypto_buffer_size;
- uint32_t selected_application;
- bool rf_field_on;
-};
-typedef struct desfire_tag *desfiretag_t;
-
-typedef unsigned long DES_KS[16][2]; /* Single-key DES key schedule */
-typedef unsigned long DES3_KS[48][2]; /* Triple-DES key schedule */
-
-extern int Asmversion; /* 1 if we're linked with an asm version, 0 if C */
-
-void tdes_nxp_receive(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode);
-void tdes_nxp_send(const void *in, void *out, size_t length, const void *key, unsigned char iv[8], int keymode);
-void Desfire_des_key_new(const uint8_t value[8], desfirekey_t key);
-void Desfire_3des_key_new(const uint8_t value[16], desfirekey_t key);
-void Desfire_des_key_new_with_version(const uint8_t value[8], desfirekey_t key);
-void Desfire_3des_key_new_with_version(const uint8_t value[16], desfirekey_t key);
-void Desfire_3k3des_key_new(const uint8_t value[24], desfirekey_t key);
-void Desfire_3k3des_key_new_with_version(const uint8_t value[24], desfirekey_t key);
-void Desfire_2k3des_key_new_with_version(const uint8_t value[16], desfirekey_t key);
-void Desfire_aes_key_new(const uint8_t value[16], desfirekey_t key);
-void Desfire_aes_key_new_with_version(const uint8_t value[16], uint8_t version, desfirekey_t key);
-uint8_t Desfire_key_get_version(desfirekey_t key);
-void Desfire_key_set_version(desfirekey_t key, uint8_t version);
-void Desfire_session_key_new(const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey, desfirekey_t key);
-
-void *mifare_cryto_preprocess_data(desfiretag_t tag, void *data, size_t *nbytes, size_t offset, int communication_settings);
-void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes, int communication_settings);
-void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, MifareCryptoDirection direction, MifareCryptoOperation operation, size_t block_size);
-void mifare_cypher_blocks_chained(desfiretag_t tag, desfirekey_t key, uint8_t *ivect, uint8_t *data, size_t data_size, MifareCryptoDirection direction, MifareCryptoOperation operation);
-size_t key_block_size(const desfirekey_t key);
-size_t maced_data_length(const desfirekey_t key, const size_t nbytes);
-size_t enciphered_data_length(const desfiretag_t tag, const size_t nbytes, int communication_settings);
-void cmac_generate_subkeys(desfirekey_t key, MifareCryptoDirection direction);
-void cmac(const desfirekey_t key, uint8_t *ivect, const uint8_t *data, size_t len, uint8_t *cmac);
-
-void mifare_kdf_an10922(const desfirekey_t key, const uint8_t *data, size_t len);
-
-#endif