Forum / MIFARE general topics and applications / Mifare DESFIRE EV1 CMAC Calculation
-
Hello,
I try to read file from Desfire EV1 (AES Encrypted) tag. I pass the authentication step successfully and generate session key. Now I try to generate CMAC and read file. I tested the CMAC algorithm according to NIST SP 800-38B document for AN094534 document and Table 24.
According to document
CMAC(BD020000000F0000)= 3E24A71F0A58ACE3
I calculate CMAC with my code
CMAC(BD020000000F0000)= 0525C59D56ACB6C75FA93EF158A70679
CMAC(BD020000000F00000000000000000000)=D4247A092E22802E1137F1F48A261B2D
CMAC(0000000000000000BD020000000F0000)= 057B30213E3B30CB407C915F9D047260
I tested my code with offical cmac test vector in this site and I calculate true results. But I couldn’t find the result in Table 24. I try both AES and session key with Current IV in Step 4. But I couldn’t find the result in step 5.
+ 0 | - 0
Hi Barış,
The CMAC calculation requires a key. Without knowing the key, I cannot verify your results. Second, the “MIFARE CMAC” is not exactly the same as explained in the NIST SP 800-38B documentation. The “NIST CMAC” uses always an IV of zero, but the “MIFARE CMAC” uses an IV from the previous operation.
The TapLinx team
+ 0 | - 0
Hello,
Thank you for your interest. For a quick solution I create a demo in C# for this situation. It's include sample test vectors and algorithm for CMAC. You can get this demo from here. I notice IV vectors is different of normal CMAC algorithms. So I modified this CMAC for this situation. But still I get different result according to document AN094534. Could you give me advice for this problem? Is there any other document explain that CMAC algoritm for Mifare?
Best Regards
+ 0 | - 0
Hi Barış,
I have no bandwidth to debug user code, sorry.
The AN094534 is extremely helpful if you implement the cipher functions. In CMAC function the AES is used two times. First, in sub function generate_subkey(), the IV is always zero (take in mind to explicitly reset the IV). But in the main function you must consider the IV. The intermediate results can span more than one block, therefore you must XOR the blocks with the previous block if you use ECB mode. In CBC mode the AES function manage the IV usually. This depend on your base AES functions.
The TapLinx team
+ 0 | - 0
Hello,
Thanks for your interest. I controlled my project and edited CMAC algorithm. Now I get same result with AN094534 document and table 24. Now I trying to calculate CMAC of read command. There is a question here. I use APDU command for read tag.
File = 00
Offset = 000000
Length of data to read = 0A0000 (10 byte)
So according to table 24. my read command must be this
BD000000000A0000
but my APDU frame is
90 BD 00 00
0x07
000000000A0000
00
So which command should I use in CMAC algorithm?
CMAC(BD000000000A0000) or CMAC(90BD000007000000000A000000)
Best Regards.
+ 0 | - 0
Hi Barış,
I cannot go into detail here, because this is NDA classified material. But what you have to use for CMAC is explained in detail in line in step 5 in table 24. The value is in braces.
The TapLinx team
+ 0 | - 0
-
AuthorPosts
Viewing 6 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic.