RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-21 15:56:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

LRPEvalLRP ok

Browse source
This commit is contained in:
merlokk 2021-08-14 09:27:03 +03:00
parent 5df6732a1b
commit c8813a0123
3 changed files with 73 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
client/src/mifare/desfiretest.c
View file

@ -530,6 +530,62 @@ static bool TestLRPUpdatedKeys(void) {
return res;
}
// https://www.nxp.com/docs/en/application-note/AN12304.pdf
// 3.2 LRP Eval, page 13
static bool TestLRPEval(void) {
bool res = true;
LRPContext ctx = {0};
uint8_t y[CRYPTO_AES128_KEY_SIZE] = {0};
uint8_t key[] = {0x56, 0x78, 0x26, 0xB8, 0xDA, 0x8E, 0x76, 0x84, 0x32, 0xA9, 0x54, 0x8D, 0xBE, 0x4A, 0xA3, 0xA0};
uint8_t iv[] = {0x13, 0x59};
LRPSetKey(&ctx, key, 2, false);
LRPEvalLRP(&ctx, iv, sizeof(iv) * 2, true, y);
uint8_t y1[] = {0x1B, 0xA2, 0xC0, 0xC5, 0x78, 0x99, 0x6B, 0xC4, 0x97, 0xDD, 0x18, 0x1C, 0x68, 0x85, 0xA9, 0xDD};
res = res && (memcmp(y, y1, sizeof(y1)) == 0);
uint8_t key2[] = {0xB6, 0x55, 0x57, 0xCE, 0x0E, 0x9B, 0x4C, 0x58, 0x86, 0xF2, 0x32, 0x20, 0x01, 0x13, 0x56, 0x2B};
uint8_t iv2[] = {0xBB, 0x4F, 0xCF, 0x27, 0xC9, 0x40, 0x76, 0xF7, 0x56, 0xAB, 0x03, 0x0D};
LRPSetKey(&ctx, key2, 1, false);
LRPEvalLRP(&ctx, iv2, sizeof(iv2) * 2, false, y);
uint8_t y2[] = {0x6F, 0xDF, 0xA8, 0xD2, 0xA6, 0xAA, 0x84, 0x76, 0xBF, 0x94, 0xE7, 0x1F, 0x25, 0x63, 0x7F, 0x96};
res = res && (memcmp(y, y2, sizeof(y2)) == 0);
uint8_t key3[] = {0xC4, 0x8A, 0x8E, 0x8B, 0x16, 0x57, 0x16, 0x45, 0xA1, 0x55, 0x78, 0x25, 0xAA, 0x66, 0xAC, 0x91};
uint8_t iv3[] = {0x1F, 0x0B, 0x7C, 0x0D, 0xB1, 0x28, 0x89, 0xCA, 0x43, 0x6C, 0xAB, 0xB7, 0x8B, 0xE4, 0x2F, 0x90};
LRPSetKey(&ctx, key3, 3, false);
LRPEvalLRP(&ctx, iv3, sizeof(iv3) * 2 - 1, true, y);
uint8_t y3[] = {0x51, 0x29, 0x6B, 0x5E, 0x6D, 0x3B, 0x8D, 0xB8, 0xA1, 0xA7, 0x39, 0x97, 0x60, 0xA1, 0x91, 0x89};
res = res && (memcmp(y, y3, sizeof(y3)) == 0);
uint8_t key4[] = {0x54, 0x9C, 0x67, 0xEC, 0xD6, 0x0E, 0x84, 0x8F, 0x77, 0x39, 0x90, 0x99, 0x0C, 0xAC, 0x68, 0x1E};
uint8_t iv4[] = {0x47, 0x5B, 0xB4, 0x18, 0x78, 0xEB, 0x17, 0x46, 0x8F, 0x7A, 0x68, 0x84, 0x7D, 0xDD, 0x3B, 0xAC};
LRPSetKey(&ctx, key4, 3, false);
LRPEvalLRP(&ctx, iv4, sizeof(iv4) * 2, true, y);
uint8_t y4[] = {0xC3, 0xB5, 0xEE, 0x74, 0xA7, 0x22, 0xE7, 0x84, 0x88, 0x7C, 0x4C, 0x9F, 0xDB, 0x49, 0x78, 0x55};
res = res && (memcmp(y, y4, sizeof(y4)) == 0);
uint8_t key5[] = {0x80, 0x6A, 0x50, 0x53, 0x0D, 0x77, 0x35, 0xB4, 0x0A, 0xC4, 0xEF, 0x16, 0x38, 0xE8, 0xAD, 0x6A};
uint8_t iv5[] = {0xD4, 0x13, 0x77, 0x64, 0x71, 0x6D, 0xBC, 0x8C, 0x57, 0x9B, 0xEA, 0xB7, 0xE7, 0x67, 0x54, 0xE0};
LRPSetKey(&ctx, key5, 3, false);
LRPEvalLRP(&ctx, iv5, sizeof(iv5) * 2 - 1, false, y);
uint8_t y5[] = {0xCF, 0x99, 0x13, 0x92, 0xF0, 0x36, 0x93, 0x50, 0xA7, 0xE2, 0x1B, 0xE5, 0x2F, 0x74, 0x88, 0x21};
res = res && (memcmp(y, y5, sizeof(y5)) == 0);
if (res)
PrintAndLogEx(INFO, "LRP eval.......... " _GREEN_("passed"));
else
PrintAndLogEx(ERR, "LRP eval.......... " _RED_("fail"));
return res;
}
bool DesfireTest(bool verbose) {
bool res = true;
@ -550,6 +606,7 @@ bool DesfireTest(bool verbose) {
res = res && TestTransSessionKeys();
res = res && TestLRPPlaintexts();
res = res && TestLRPUpdatedKeys();
res = res && TestLRPEval();
PrintAndLogEx(INFO, "---------------------------");
if (res)

15
client/src/mifare/lrpcrypto.c
View file

@ -28,6 +28,7 @@
static uint8_t constAA[] = {0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa};
static uint8_t const55[] = {0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55};
static uint8_t const00[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
void LRPClearContext(LRPContext *ctx) {
memset(ctx->key, 0, CRYPTO_AES128_KEY_SIZE);
@ -85,3 +86,17 @@ void LRPGenerateUpdatedKeys(LRPContext *ctx, size_t updatedKeysCount) {
ctx->updatedKeysCount = updatedKeysCount;
}
// https://www.nxp.com/docs/en/application-note/AN12304.pdf
// Algorithm 3
void LRPEvalLRP(LRPContext *ctx, uint8_t *iv, size_t ivlen, bool final, uint8_t *y) {
memcpy(y, ctx->updatedKeys[ctx->useUpdatedKeyNum], CRYPTO_AES128_KEY_SIZE);
for (int i = 0; i < ivlen; i++) {
uint8_t nk = (i % 2) ? iv[i / 2] & 0x0f : (iv[i / 2] >> 4) & 0x0f;
aes_encode(NULL, y, ctx->plaintexts[nk], y, CRYPTO_AES128_KEY_SIZE);
}
if (final)
aes_encode(NULL, y, const00, y, CRYPTO_AES128_KEY_SIZE);
}

2
client/src/mifare/lrpcrypto.h
View file

@ -41,6 +41,6 @@ void LRPClearContext(LRPContext *ctx);
void LRPSetKey(LRPContext *ctx, uint8_t *key, size_t updatedKeyNum, bool useBitPadding);
void LRPGeneratePlaintexts(LRPContext *ctx, size_t plaintextsCount);
void LRPGenerateUpdatedKeys(LRPContext *ctx, size_t updatedKeysCount);
void LRPEvalLRP(LRPContext *ctx, uint8_t *iv, size_t ivlen, bool final, uint8_t *y);
#endif // __LRPCRYPTO_H