Mifare DESFire EV1 authentication

Forum / MIFARE SDK / Mifare DESFire EV1 authentication

  • 15. March 2017 at 23:35

    Marco Mühlenstrodt
    Hello,

    i have a Problem with the Mifare DESFire EV1 authentication. I use the NXP NFC Lib.

    I call:
    1. phKeyStore_Sw_Init(
    2. phCryptoSym_Sw_Init(
    3. phCryptoRng_Sw_Init(
    - #define MIFAREDF_NUMBER_OF_KEYVERSIONPAIRS 1
    - #define MIFAREDF_NUMBER_OF_KUCENTRIES 1
    - PHAL_MFDF_NO_DIVERSIFICATION,
    - KST KeyNo=0
    - wKeyVersion = 0;
    - wKeyStoreKeyType = PH_KEYSTORE_KEY_TYPE_2K3DES;
    4. Fill Key Store Table with PICC Master Key 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00


    In NxpNfcLib DesFire function
    phStatus_t phalMfdf_Sw_Authenticate(
    phalMfdf_Sw_DataParams_t * pDataParams,
    uint16_t wOption,
    uint16_t wKeyNo,
    uint16_t wKeyVer,
    uint8_t bKeyNoCard,
    uint8_t * pDivInput,
    uint8_t bDivLen
    )
    {
    we had a Problem behind generate RndA. The phCryptoRng_Seed() and phCryptoRng_Rnd() set the wKeyType from 4 to 0 to use the AES128. But the phCryptoSym_LoadIv(), phCryptoSym_Encrypt() need the wKeyType 4. Now i add 'pCryptoDataParams->wKeyType = wKeyType;'

    Section of phStatus_t phalMfdf_Sw_Authenticate():
    ...
    /* Generate RndA */
    PH_CHECK_SUCCESS_FCT(statusTmp,phCryptoRng_Seed(pDataParams->pCryptoRngDataParams, bRndB, bRndLen));

    PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoRng_Rnd(pDataParams->pCryptoRngDataParams, bRndLen, bRndA));

    /* Concat RndA and RndB' */
    bCmdBuff[0] = PHAL_MFDF_RESP_ADDITIONAL_FRAME;
    memcpy(&bCmdBuff[1], bRndA, bRndLen); /* PRQA S 3200 */
    memcpy(&bCmdBuff[9], &bRndB[1], bRndLen - 1); /* PRQA S 3200 */
    bCmdBuff[16] = bRndB[0]; /* RndB left shifted by 8 bits */


    /** RNG macht wegen AES128 Bit wKeyType = 0, hier wird der Wert wieder auf 4 gesetzt **/
    phCryptoSym_Sw_DataParams_t * pCryptoDataParams = pDataParams->pCryptoDataParamsEnc;
    pCryptoDataParams->wKeyType = wKeyType; // pCryptoDataParamsEnc,
    pDataParams->bIv,
    bIvLen));


    /* DF4 Decrypt */
    PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoSym_Encrypt(
    pDataParams->pCryptoDataParamsEnc,
    PH_CRYPTOSYM_CIPHER_MODE_CBC_DF4 | PH_EXCHANGE_BUFFER_CONT,
    &bCmdBuff[1],
    2 * bRndLen,
    bWorkBuffer
    ));

    /* reset bIv to zero */
    memset(pDataParams->bIv, 0x00, bIvLen); /* PRQA S 3200 */

    /* Copy the encrypted RndA + RndB' */
    memcpy(&bCmdBuff[1], bWorkBuffer, 2 * bRndLen); /* PRQA S 3200 */

    wCmdLen = 2 * bRndLen + 1;

    /* Get the encrypted RndA' into bWorkBuffer */
    PH_CHECK_SUCCESS_FCT(status, phalMfdf_ExchangeCmd(
    pDataParams,
    pDataParams->pPalMifareDataParams,
    pDataParams->bWrappedMode,
    bCmdBuff,
    wCmdLen,
    bWorkBuffer,
    &wRxlen
    ));
    ...


    But always the PICC response is: 0xAE Authenticate Error.


    Is my NXP NFC Lib not up to date and still contains errors?
    I have already tested many different parameters and options, but the PICC always responds when authenticating Error 0xAE.
    Without authentication, I can already create applications, create files, etc.. But now I have to change the keys of the PICC and the applications and so I need the authentication.

    Is the RNG Key in #include "phCryptoRng_Sw.h" correct?
    static const uint8_t PH_CRYPTOSYM_SW_CONST_ROM phCryptoRng_Sw_BlockCipherDf_DefaultKey[PHCRYPTORNG_SW_KEYLEN] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};


    I hope you can help me.

    Regards
    Marco

    + 0  |  - 0

    Re: Mifare DESFire EV1 authentication

    16. March 2017 at 12:05

    Marco Mühlenstrodt
    Oh, i see that the Mifare SDK in not the right place for my topic. Admin, please move this topic to "MIFARE general topics and applications" or "MIFARE and NFC Reader IC`s". (We use the Chip PN7462)

    Best Regards
    Marco
    + 0  |  - 0

    Re: Mifare DESFire EV1 authentication

    16. March 2017 at 16:09

    TapLinx Support
    Hi Marco,

    I can help in questions about the TapLinx SDK for Android and about general questions of MIFARE products. But I cannot say anything about the NXP RdLib, sorry.

    The TapLinx team
    + 0  |  - 0

    Re: Mifare DESFire EV1 authentication

    17. March 2017 at 10:32

    Marco Mühlenstrodt
    It works!!!

    In the NXP NFC Reader Libray in Function phStatus_t phalMfdf_Sw_Authenticate() i found an error. The rng loads another key into the pCryptoDataParamsEnc structure. After calling the RNG, the encryption used the wrong key. With an phCryptoSym_LoadKeyDirect after the RNG call it runs.

    phStatus_t phalMfdf_Sw_Authenticate()
    ...
    /* Generate RndA */
    PH_CHECK_SUCCESS_FCT(statusTmp,phCryptoRng_Seed(pDataParams->pCryptoRngDataParams, bRndB, bRndLen));
    PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoRng_Rnd(pDataParams->pCryptoRngDataParams, bRndLen, bRndA));

    /* Concat RndA and RndB' */
    ...

    /* load key */
    PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoSym_LoadKeyDirect( // pCryptoDataParamsEnc,
    bKey,
    wKeyType
    ));

    /* Load Iv. All zeroes */
    ...

    /* DF4 Decrypt */
    PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoSym_Encrypt(
    ...






    I also have a problem with the workbuffer in the second decrypt:
    PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoSym_Decrypt(
    pDataParams->pCryptoDataParamsEnc,
    PH_CRYPTOSYM_CIPHER_MODE_CBC,
    bWorkBuffer,
    bRndLen,
    &bWorkBuffer[1] // pCryptoDataParamsEnc,
    PH_CRYPTOSYM_CIPHER_MODE_CBC,
    bWorkBuffer,
    bRndLen,
    bWorkBuffer
    ));

    for(i=bRndLen;0<i;i--){
    bWorkBuffer = bWorkBuffer;
    }
    bWorkBuffer[0] = bWorkBuffer[bRndLen];



    Regards
    Marco
    + 0  |  - 0
  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.