Forum / MIFARE SDK / Mifare DESFire EV1 authentication
-
Hello,
i have a Problem with the Mifare DESFire EV1 authentication. I use the NXP NFC Lib.
I call:
1. phKeyStore_Sw_Init(
2. phCryptoSym_Sw_Init(
3. phCryptoRng_Sw_Init(
- #define MIFAREDF_NUMBER_OF_KEYVERSIONPAIRS 1
- #define MIFAREDF_NUMBER_OF_KUCENTRIES 1
- PHAL_MFDF_NO_DIVERSIFICATION,
- KST KeyNo=0
- wKeyVersion = 0;
- wKeyStoreKeyType = PH_KEYSTORE_KEY_TYPE_2K3DES;
4. Fill Key Store Table with PICC Master Key 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
In NxpNfcLib DesFire function
phStatus_t phalMfdf_Sw_Authenticate(
phalMfdf_Sw_DataParams_t * pDataParams,
uint16_t wOption,
uint16_t wKeyNo,
uint16_t wKeyVer,
uint8_t bKeyNoCard,
uint8_t * pDivInput,
uint8_t bDivLen
)
{
we had a Problem behind generate RndA. The phCryptoRng_Seed() and phCryptoRng_Rnd() set the wKeyType from 4 to 0 to use the AES128. But the phCryptoSym_LoadIv(), phCryptoSym_Encrypt() need the wKeyType 4. Now i add 'pCryptoDataParams->wKeyType = wKeyType;'
Section of phStatus_t phalMfdf_Sw_Authenticate():
...
/* Generate RndA */
PH_CHECK_SUCCESS_FCT(statusTmp,phCryptoRng_Seed(pDataParams->pCryptoRngDataParams, bRndB, bRndLen));
PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoRng_Rnd(pDataParams->pCryptoRngDataParams, bRndLen, bRndA));
/* Concat RndA and RndB' */
bCmdBuff[0] = PHAL_MFDF_RESP_ADDITIONAL_FRAME;
memcpy(&bCmdBuff[1], bRndA, bRndLen); /* PRQA S 3200 */
memcpy(&bCmdBuff[9], &bRndB[1], bRndLen - 1); /* PRQA S 3200 */
bCmdBuff[16] = bRndB[0]; /* RndB left shifted by 8 bits */
/** RNG macht wegen AES128 Bit wKeyType = 0, hier wird der Wert wieder auf 4 gesetzt **/
phCryptoSym_Sw_DataParams_t * pCryptoDataParams = pDataParams->pCryptoDataParamsEnc;
pCryptoDataParams->wKeyType = wKeyType; // pCryptoDataParamsEnc,
pDataParams->bIv,
bIvLen));
/* DF4 Decrypt */
PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoSym_Encrypt(
pDataParams->pCryptoDataParamsEnc,
PH_CRYPTOSYM_CIPHER_MODE_CBC_DF4 | PH_EXCHANGE_BUFFER_CONT,
&bCmdBuff[1],
2 * bRndLen,
bWorkBuffer
));
/* reset bIv to zero */
memset(pDataParams->bIv, 0x00, bIvLen); /* PRQA S 3200 */
/* Copy the encrypted RndA + RndB' */
memcpy(&bCmdBuff[1], bWorkBuffer, 2 * bRndLen); /* PRQA S 3200 */
wCmdLen = 2 * bRndLen + 1;
/* Get the encrypted RndA' into bWorkBuffer */
PH_CHECK_SUCCESS_FCT(status, phalMfdf_ExchangeCmd(
pDataParams,
pDataParams->pPalMifareDataParams,
pDataParams->bWrappedMode,
bCmdBuff,
wCmdLen,
bWorkBuffer,
&wRxlen
));
...
But always the PICC response is: 0xAE Authenticate Error.
Is my NXP NFC Lib not up to date and still contains errors?
I have already tested many different parameters and options, but the PICC always responds when authenticating Error 0xAE.
Without authentication, I can already create applications, create files, etc.. But now I have to change the keys of the PICC and the applications and so I need the authentication.
Is the RNG Key in #include "phCryptoRng_Sw.h" correct?
static const uint8_t PH_CRYPTOSYM_SW_CONST_ROM phCryptoRng_Sw_BlockCipherDf_DefaultKey[PHCRYPTORNG_SW_KEYLEN] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
I hope you can help me.
Regards
Marco
+ 0 | - 0
Oh, i see that the Mifare SDK in not the right place for my topic. Admin, please move this topic to "MIFARE general topics and applications" or "MIFARE and NFC Reader IC`s". (We use the Chip PN7462)
Best Regards
Marco
+ 0 | - 0
Hi Marco,
I can help in questions about the TapLinx SDK for Android and about general questions of MIFARE products. But I cannot say anything about the NXP RdLib, sorry.
The TapLinx team
+ 0 | - 0
It works!!!
In the NXP NFC Reader Libray in Function phStatus_t phalMfdf_Sw_Authenticate() i found an error. The rng loads another key into the pCryptoDataParamsEnc structure. After calling the RNG, the encryption used the wrong key. With an phCryptoSym_LoadKeyDirect after the RNG call it runs.
phStatus_t phalMfdf_Sw_Authenticate()
...
/* Generate RndA */
PH_CHECK_SUCCESS_FCT(statusTmp,phCryptoRng_Seed(pDataParams->pCryptoRngDataParams, bRndB, bRndLen));
PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoRng_Rnd(pDataParams->pCryptoRngDataParams, bRndLen, bRndA));
/* Concat RndA and RndB' */
...
/* load key */
PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoSym_LoadKeyDirect( // pCryptoDataParamsEnc,
bKey,
wKeyType
));
/* Load Iv. All zeroes */
...
/* DF4 Decrypt */
PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoSym_Encrypt(
...
I also have a problem with the workbuffer in the second decrypt:
PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoSym_Decrypt(
pDataParams->pCryptoDataParamsEnc,
PH_CRYPTOSYM_CIPHER_MODE_CBC,
bWorkBuffer,
bRndLen,
&bWorkBuffer[1] // pCryptoDataParamsEnc,
PH_CRYPTOSYM_CIPHER_MODE_CBC,
bWorkBuffer,
bRndLen,
bWorkBuffer
));
for(i=bRndLen;0<i;i--){
bWorkBuffer = bWorkBuffer;
}
bWorkBuffer[0] = bWorkBuffer[bRndLen];
Regards
Marco
+ 0 | - 0
-
AuthorPosts
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic.