DESFire cryptographic functions. More...
#include <desfirecrypto.hpp>
Inheritance diagram for logicalaccess::DESFireCrypto:
Public Member Functions | |
| DESFireCrypto () | |
| Constructor. | |
| virtual | ~DESFireCrypto () |
| Destructor. | |
| void | appendDecipherData (const ByteVector &data) |
| Decipher data step 2. | |
| virtual ByteVector | desfireDecrypt (size_t length) |
| Get the deciphered data into a buffer. | |
| virtual bool | verifyMAC (bool end, const ByteVector &data) |
| Verify MAC into the buffer. | |
| virtual ByteVector | generateMAC (unsigned char cmd, const ByteVector &data) |
| Generate MAC for the total buffer. | |
| virtual ByteVector | desfireEncrypt (const ByteVector &data, const ByteVector ¶m=ByteVector(), bool calccrc=true) |
| Encrypt a buffer for the DESFire card. | |
| ByteVector | iso_encipherData (bool end, const ByteVector &data, const ByteVector ¶m=ByteVector()) |
| ByteVector | desfire_iso_encrypt (const ByteVector &key, const ByteVector &data, std::shared_ptr< openssl::OpenSSLSymmetricCipher > cipher, const ByteVector ¶m=ByteVector(), bool calccrc=true) |
| Return data part for the encrypted communication mode for WriteData / WriteRecord. | |
| ByteVector | desfire_iso_decrypt (const ByteVector &key, const ByteVector &data, std::shared_ptr< openssl::OpenSSLSymmetricCipher > cipher, size_t datalen) |
| Decrypt and verify data part of the decrypted communication mode for ReadData / ReadRecords. | |
| ByteVector | desfire_iso_decrypt (const ByteVector &data, size_t length) |
| Decrypt and verify data part of the decrypted communication mode for ReadData / ReadRecords. | |
| ByteVector | desfire_cmac (const ByteVector &key, std::shared_ptr< openssl::OpenSSLSymmetricCipher > cipherMAC, const ByteVector &data) |
| Return data part for the encrypted communication mode. | |
| ByteVector | desfire_cmac (const ByteVector &data) |
| Return data part for the encrypted communication mode. | |
| virtual ByteVector | authenticate_PICC1 (unsigned char keyno, ByteVector diversify, const ByteVector &encRndB) |
| Authenticate on the card, step 1 for mutual authentication. | |
| virtual void | authenticate_PICC2 (unsigned char keyno, const ByteVector &encRndA) |
| Authenticate on the card, step 2 for mutual authentication. | |
| ByteVector | iso_authenticate_PICC1 (unsigned char keyno, ByteVector diversify, const ByteVector &encRndB, unsigned int randomlen) |
| Authenticate on the card, step 1 for mutual authentication using ISO command. | |
| void | iso_authenticate_PICC2 (unsigned char keyno, const ByteVector &encRndA1, unsigned int randomlen) |
| Authenticate on the card, step 2 for mutual authentication using ISO command. | |
| ByteVector | aes_authenticate_PICC1 (unsigned char keyno, ByteVector diversify, const ByteVector &encRndB) |
| Authenticate on the card, step 1 for mutual authentication using AES. | |
| ByteVector | aes_authenticate_PICC1_GENERIC (unsigned char keyno, const std::shared_ptr< Key > &key, const ByteVector &encRndB) |
| void | aes_authenticate_PICC2 (unsigned char keyno, const ByteVector &encRndA1) |
| Authenticate on the card, step 2 for mutual authentication using AES. | |
| void | aes_authenticate_PICC2_GENERIC (unsigned char keyno, const std::shared_ptr< Key > &key, const ByteVector &encRndA1) |
| void | initBuf () |
| Init buffer for temporised data. | |
| void | selectApplication (size_t aid) |
| Select an application. | |
| virtual ByteVector | changeKey_PICC (uint8_t keyno, ByteVector oldKeyDiversify, std::shared_ptr< DESFireKey > newkey, ByteVector newKeyDiversify, unsigned char keysetno=0) |
| Change key into the card. | |
| void | setCryptoContext (ByteVector identifier) |
| void | createApplication (int aid, uint8_t maxKeySlotNb, uint8_t maxNbKeys, DESFireKeyType cryptoMethod) |
| void | setIdentifier (ByteVector identifier) |
| ByteVector | getIdentifier () const |
| virtual void | setDefaultKeysAt (std::shared_ptr< Location > location) |
| Set default keys for the type card in memory at a specific location. | |
| virtual void | setKey (size_t aid, uint8_t keyslot, uint8_t keyno, std::shared_ptr< DESFireKey > key) |
| Set one of the DESFire keys of this profile. | |
| virtual void | setKeyInAllKeySet (size_t aid, uint8_t keySlotNb, uint8_t nbKeys, std::shared_ptr< DESFireKey > key) |
| Set one of the DESFire keys of this keyset. | |
| virtual void | clearKeys () |
| Clear all keys in memory. | |
| std::shared_ptr< DESFireKey > | getKey (uint8_t keyslot, uint8_t keyno) const |
| Get a key in memory from the current application. | |
| SignatureResult | get_last_signature () const |
Static Public Member Functions | |
| static short | desfire_crc16 (const void *data, size_t dataLength) |
| Calculate ISO14443 Type A compatible CRC-16. This is ITU-T V.41, not ISO 3309. The differences: | |
| static uint32_t | desfire_crc32 (const void *data, size_t dataLength) |
| Calculate CRC-32. | |
| static ByteVector | desfire_CBC_send (const ByteVector &key, const ByteVector &iv, const ByteVector &data) |
| Perform DESFire CBC decryption operation, which is used for authentication and data encryption. | |
| static ByteVector | desfire_CBC_receive (const ByteVector &key, const ByteVector &iv, const ByteVector &data) |
| Perform DESFire CBC "decryption" operation which is used for decrypting data received from DESFire. | |
| static ByteVector | desfire_CBC_mac (const ByteVector &key, const ByteVector &iv, const ByteVector &data) |
| Perform DESFire CBC encryption operation, which is used for MAC calculation and verification. The algorithm is actually a standard DES CBC. CBC-MAC / ISO 9797-1 MAC Algorithm 1. | |
| static ByteVector | sam_CBC_send (const ByteVector &key, const ByteVector &iv, const ByteVector &data) |
| Preform standard CBC encryption operation, which is used for DESFire SAM cryptograms. | |
| static ByteVector | desfire_mac (const ByteVector &key, ByteVector data) |
| Return data with the DESFire MAC attached. | |
| static ByteVector | desfire_encrypt (const ByteVector &key, ByteVector data, bool calccrc=true) |
| Return data part for the encrypted communication mode for WriteData / WriteRecord. | |
| static ByteVector | sam_encrypt (const ByteVector &key, ByteVector data) |
| Return data part for the encrypted communication mode for WriteData / WriteRecord. | |
| static ByteVector | desfire_decrypt (const ByteVector &key, const ByteVector &data, size_t datalen) |
| Decrypt and verify data part of the decrypted communication mode for ReadData / ReadRecords. | |
| static void | getKey (std::shared_ptr< DESFireKey > key, ByteVector diversify, ByteVector &keydiv) |
| Get key diversified. | |
| static void | getKeyVersioned (std::shared_ptr< DESFireKey > key, ByteVector &keyversioned) |
| Get DES key versionned. | |
| static std::shared_ptr< DESFireKey > | getDefaultKey (DESFireKeyType keyType) |
| Get the default key for an algorithm. | |
Public Attributes | |
| CryptoMethod | d_auth_method |
| The current authentication method. | |
| std::shared_ptr< openssl::OpenSSLSymmetricCipher > | d_cipher |
| The current cipher. | |
| unsigned int | d_mac_size |
| The MAC size. | |
| ByteVector | d_sessionKey |
| The current session key. | |
| ByteVector | d_authkey |
| The authentication key. | |
| ByteVector | d_lastIV |
| The last Initialization Vector (DESFire native mode). | |
| unsigned int | d_currentAid |
| The current Application ID. | |
| unsigned char | d_currentKeyNo |
| The current Key number. | |
| std::unique_ptr< IKSCryptoWrapper > | iks_wrapper_ |
Protected Member Functions | |
| bool | getKey (size_t aid, uint8_t keyset, uint8_t keyno, ByteVector diversify, ByteVector &keydiv) |
| Get key from memory. | |
| bool | getKey (uint8_t keyset, uint8_t keyno, ByteVector diversify, ByteVector &keydiv) |
| Get key from memory. | |
| std::shared_ptr< DESFireKey > | getKey (size_t aid, uint8_t keyslot, uint8_t keyno) const |
| Get one of the DESFire keys of this profile. | |
Protected Attributes | |
| std::map< std::tuple< size_t, uint8_t, uint8_t >, std::shared_ptr< DESFireKey > > | d_keys |
| ByteVector | d_buf |
| The temporised buffer. | |
| ByteVector | d_last_left |
| The last left buffer for card command. | |
| ByteVector | d_rndA |
| The random number A. | |
| ByteVector | d_rndB |
| The random number B. | |
| ByteVector | d_identifier |
| The card identifier use for key diversification. | |
Detailed Description
DESFire cryptographic functions.
Constructor & Destructor Documentation
◆ DESFireCrypto()
| logicalaccess::DESFireCrypto::DESFireCrypto | ( | ) |
Constructor.
◆ ~DESFireCrypto()
|
virtual |
Destructor.
Member Function Documentation
◆ aes_authenticate_PICC1()
| ByteVector logicalaccess::DESFireCrypto::aes_authenticate_PICC1 | ( | unsigned char | keyno, |
| ByteVector | diversify, | ||
| const ByteVector & | encRndB | ||
| ) |
Authenticate on the card, step 1 for mutual authentication using AES.
- Parameters
-
keyno The key number to use diversify The diversify buffer for key diversification, NULL if no diversification is needed encRndB The encrypted random number B
- Returns
- The random number A+B 1.
◆ aes_authenticate_PICC1_GENERIC()
| ByteVector logicalaccess::DESFireCrypto::aes_authenticate_PICC1_GENERIC | ( | unsigned char | keyno, |
| const std::shared_ptr< Key > & | key, | ||
| const ByteVector & | encRndB | ||
| ) |
Silimar to aes_authenticate_PICC1 except it uses a generic Key rather than key material as bytes.
KEY DIVERSIFICATION IS NOT SUPPORTED.
◆ aes_authenticate_PICC2()
| void logicalaccess::DESFireCrypto::aes_authenticate_PICC2 | ( | unsigned char | keyno, |
| const ByteVector & | encRndA1 | ||
| ) |
Authenticate on the card, step 2 for mutual authentication using AES.
- Parameters
-
keyno The key number to use encRndA1 The encrypted random number A
◆ aes_authenticate_PICC2_GENERIC()
| void logicalaccess::DESFireCrypto::aes_authenticate_PICC2_GENERIC | ( | unsigned char | keyno, |
| const std::shared_ptr< Key > & | key, | ||
| const ByteVector & | encRndA1 | ||
| ) |
◆ appendDecipherData()
| void logicalaccess::DESFireCrypto::appendDecipherData | ( | const ByteVector & | data | ) |
Decipher data step 2.
- Parameters
-
data The data buffer
◆ authenticate_PICC1()
|
virtual |
Authenticate on the card, step 1 for mutual authentication.
- Parameters
-
keyno The key number to use diversify The diversify buffer for key diversification, NULL if no diversification is needed encRndB The encrypted random number B
- Returns
- The random number A+B 1.
◆ authenticate_PICC2()
|
virtual |
Authenticate on the card, step 2 for mutual authentication.
- Parameters
-
keyno The key number to use encRndA The encrypted random number A
◆ changeKey_PICC()
|
virtual |
Change key into the card.
- Parameters
-
keyno The key number to change newkey The new key information newKeyDiversify The diversify buffer, NULL if no diversification is needed
- Returns
- The change key cryptogram.
◆ clearKeys()
|
virtual |
Clear all keys in memory.
◆ createApplication()
| void logicalaccess::DESFireCrypto::createApplication | ( | int | aid, |
| uint8_t | maxKeySlotNb, | ||
| uint8_t | maxNbKeys, | ||
| DESFireKeyType | cryptoMethod | ||
| ) |
◆ desfire_CBC_mac()
|
static |
Perform DESFire CBC encryption operation, which is used for MAC calculation and verification. The algorithm is actually a standard DES CBC. CBC-MAC / ISO 9797-1 MAC Algorithm 1.
- Parameters
-
key The DES key to use iv The Initialization Vector data The data source buffer to encrypt
- Returns
- The data encrypted buffer
◆ desfire_CBC_receive()
|
static |
Perform DESFire CBC "decryption" operation which is used for decrypting data received from DESFire.
- Parameters
-
key The DES key to use iv The Initialization Vector data The data source buffer to decrypt
- Returns
- The decrypted data buffer
◆ desfire_CBC_send()
|
static |
Perform DESFire CBC decryption operation, which is used for authentication and data encryption.
- Parameters
-
key The DES key to use iv The Initialization Vector data The data source buffer to decrypt
- Returns
- The decrypted data buffer
◆ desfire_cmac() [1/2]
| ByteVector logicalaccess::DESFireCrypto::desfire_cmac | ( | const ByteVector & | data | ) |
Return data part for the encrypted communication mode.
- Parameters
-
data The data source buffer to calculate MAC
- Returns
- The MAC result for the message.
◆ desfire_cmac() [2/2]
| ByteVector logicalaccess::DESFireCrypto::desfire_cmac | ( | const ByteVector & | key, |
| std::shared_ptr< openssl::OpenSSLSymmetricCipher > | cipherMAC, | ||
| const ByteVector & | data | ||
| ) |
Return data part for the encrypted communication mode.
- Parameters
-
key The key to use, shall be the session key from the previous authentication block_size The bloc size data The data source buffer to calculate MAC
- Returns
- The MAC result for the message.
◆ desfire_crc16()
|
static |
Calculate ISO14443 Type A compatible CRC-16. This is ITU-T V.41, not ISO 3309. The differences:
- Init value is 0x6363 and not 0xffff
- Data is not inverted at the end. The generating polynomial is the same, that is x^16 + x^12 + x^5 + 1
- Parameters
-
data The data buffer dataLength The data buffer length
- Returns
- The CRC.
◆ desfire_crc32()
|
static |
Calculate CRC-32.
- Parameters
-
data The data buffer dataLength The data buffer length
- Returns
- The CRC.
◆ desfire_decrypt()
|
static |
Decrypt and verify data part of the decrypted communication mode for ReadData / ReadRecords.
- Parameters
-
key The DES key to use, shall be the session key from the previous authentication data The data source buffer to decrypted
- Returns
- The data decrypted buffer
◆ desfire_encrypt()
|
static |
Return data part for the encrypted communication mode for WriteData / WriteRecord.
- Parameters
-
key The DES key to use, shall be the session key from the previous authentication data The data source buffer to encrypt
- Returns
- The data encrypted buffer
◆ desfire_iso_decrypt() [1/2]
| ByteVector logicalaccess::DESFireCrypto::desfire_iso_decrypt | ( | const ByteVector & | data, |
| size_t | length | ||
| ) |
Decrypt and verify data part of the decrypted communication mode for ReadData / ReadRecords.
- Parameters
-
data The data source buffer to decrypted length The decrypted excepted length
- Returns
- The data decrypted buffer
◆ desfire_iso_decrypt() [2/2]
| ByteVector logicalaccess::DESFireCrypto::desfire_iso_decrypt | ( | const ByteVector & | key, |
| const ByteVector & | data, | ||
| std::shared_ptr< openssl::OpenSSLSymmetricCipher > | cipher, | ||
| size_t | datalen | ||
| ) |
Decrypt and verify data part of the decrypted communication mode for ReadData / ReadRecords.
- Parameters
-
key The key to use, shall be the session key from the previous authentication data The data source buffer to decrypted cipher The cipher to use block_size The bloc size
- Returns
- The data decrypted buffer
◆ desfire_iso_encrypt()
| ByteVector logicalaccess::DESFireCrypto::desfire_iso_encrypt | ( | const ByteVector & | key, |
| const ByteVector & | data, | ||
| std::shared_ptr< openssl::OpenSSLSymmetricCipher > | cipher, | ||
| const ByteVector & | param = ByteVector(), |
||
| bool | calccrc = true |
||
| ) |
Return data part for the encrypted communication mode for WriteData / WriteRecord.
- Parameters
-
key The key to use, shall be the session key from the previous authentication data The data source buffer to encrypt cipher The cypher to use block_size The bloc size param The optional parameters
- Returns
- The data encrypted buffer
◆ desfire_mac()
|
static |
Return data with the DESFire MAC attached.
- Parameters
-
key The DES key to use, shall be the session key from the previous authentication
- Returns
- The data mac buffer
◆ desfireDecrypt()
|
virtual |
Get the deciphered data into a buffer.
- Parameters
-
length The excepted deciphared data buffer length, or 0 to automatic.
- Returns
- data The deciphered data buffer
◆ desfireEncrypt()
|
virtual |
Encrypt a buffer for the DESFire card.
- Parameters
-
data The data buffer param The parameters.
- Returns
- The encrypted data buffer
◆ generateMAC()
|
virtual |
Generate MAC for the total buffer.
- Parameters
-
data The data buffer part
- Returns
- The MACed data buffer
◆ get_last_signature()
| SignatureResult logicalaccess::DESFireCrypto::get_last_signature | ( | ) | const |
Retrieve the IKS signature (if requested) for the last decrypted data block.
This will return an empty object if no IKS was used or if the operation mode does make sense to have that.
◆ getDefaultKey()
|
static |
Get the default key for an algorithm.
- Parameters
-
keyType The key algorithm type.
- Returns
- The default key.
◆ getIdentifier()
|
inline |
◆ getKey() [1/5]
|
protected |
Get key from memory.
- Parameters
-
aid The Application ID keyno The key number diversify The diversify buffer, NULL if no diversification is needed keydiv The key data, diversified if a diversify buffer is specified.
- Returns
- True on success, false otherwise.
◆ getKey() [2/5]
|
protected |
Get one of the DESFire keys of this profile.
- Parameters
-
aid The application id. keyslot The key slot to set keyno The key number to set
- Returns
- The specified DESFire key or a null key if params are invalid.
◆ getKey() [3/5]
|
static |
Get key diversified.
- Parameters
-
key The DESFire key information diversify The diversify buffer, NULL if no diversification is needed keydiv The key data, diversified if a diversify buffer is specified.
◆ getKey() [4/5]
|
protected |
Get key from memory.
- Parameters
-
keyno The key number diversify The diversify buffer, NULL if no diversification is needed keydiv The key data, diversified if a diversify buffer is specified.
- Returns
- True on success, false otherwise.
◆ getKey() [5/5]
| std::shared_ptr< DESFireKey > logicalaccess::DESFireCrypto::getKey | ( | uint8_t | keyslot, |
| uint8_t | keyno | ||
| ) | const |
Get a key in memory from the current application.
- Parameters
-
keyslot The key slot. keyno The key number.
- Returns
- The key.
◆ getKeyVersioned()
|
static |
Get DES key versionned.
- Parameters
-
key The DESFire key information keyversioned The key versioned.
◆ initBuf()
| void logicalaccess::DESFireCrypto::initBuf | ( | ) |
Init buffer for temporised data.
◆ iso_authenticate_PICC1()
| ByteVector logicalaccess::DESFireCrypto::iso_authenticate_PICC1 | ( | unsigned char | keyno, |
| ByteVector | diversify, | ||
| const ByteVector & | encRndB, | ||
| unsigned int | randomlen | ||
| ) |
Authenticate on the card, step 1 for mutual authentication using ISO command.
- Parameters
-
keyno The key number to use diversify The diversify buffer for key diversification, NULL if no diversification is needed encRndB The encrypted random number B randomlen The random length
- Returns
- The random number A+B 1.
◆ iso_authenticate_PICC2()
| void logicalaccess::DESFireCrypto::iso_authenticate_PICC2 | ( | unsigned char | keyno, |
| const ByteVector & | encRndA1, | ||
| unsigned int | randomlen | ||
| ) |
Authenticate on the card, step 2 for mutual authentication using ISO command.
- Parameters
-
keyno The key number to use randomlen The random length
◆ iso_encipherData()
| ByteVector logicalaccess::DESFireCrypto::iso_encipherData | ( | bool | end, |
| const ByteVector & | data, | ||
| const ByteVector & | param = ByteVector() |
||
| ) |
◆ sam_CBC_send()
|
static |
Preform standard CBC encryption operation, which is used for DESFire SAM cryptograms.
- Parameters
-
key The DES key to use iv The Initialization Vector data The data source buffer to encrypt
- Returns
- The data encrypted buffer
◆ sam_encrypt()
|
static |
Return data part for the encrypted communication mode for WriteData / WriteRecord.
- Parameters
-
key The DES key to use, shall be the session key from the previous authentication data The data source buffer to encrypt
- Returns
- The data encrypted buffer
◆ selectApplication()
| void logicalaccess::DESFireCrypto::selectApplication | ( | size_t | aid | ) |
Select an application.
- Parameters
-
aid The Application ID to select.
◆ setCryptoContext()
| void logicalaccess::DESFireCrypto::setCryptoContext | ( | ByteVector | identifier | ) |
◆ setDefaultKeysAt()
|
virtual |
Set default keys for the type card in memory at a specific location.
◆ setIdentifier()
|
inline |
◆ setKey()
|
virtual |
Set one of the DESFire keys of this profile.
- Parameters
-
aid Application ID keyslot The key slot to set keyno The key number to set key The value of the key.
◆ setKeyInAllKeySet()
|
virtual |
Set one of the DESFire keys of this keyset.
- Parameters
-
aid Application ID keySlotNb The key slot to set nbKeys The key number to set key The value of the key.
◆ verifyMAC()
|
virtual |
Verify MAC into the buffer.
- Parameters
-
end True if it's the last buffer, false otherwise data The data buffer
- Returns
- True on success, false otherwise.
Member Data Documentation
◆ d_auth_method
| CryptoMethod logicalaccess::DESFireCrypto::d_auth_method |
The current authentication method.
◆ d_authkey
| ByteVector logicalaccess::DESFireCrypto::d_authkey |
The authentication key.
◆ d_buf
|
protected |
The temporised buffer.
◆ d_cipher
| std::shared_ptr<openssl::OpenSSLSymmetricCipher> logicalaccess::DESFireCrypto::d_cipher |
The current cipher.
◆ d_currentAid
| unsigned int logicalaccess::DESFireCrypto::d_currentAid |
The current Application ID.
◆ d_currentKeyNo
| unsigned char logicalaccess::DESFireCrypto::d_currentKeyNo |
The current Key number.
◆ d_identifier
|
protected |
The card identifier use for key diversification.
◆ d_keys
|
protected |
Key store - AID / KeySlot / KeyNo / DESFireKey
◆ d_last_left
|
protected |
The last left buffer for card command.
◆ d_lastIV
| ByteVector logicalaccess::DESFireCrypto::d_lastIV |
The last Initialization Vector (DESFire native mode).
◆ d_mac_size
| unsigned int logicalaccess::DESFireCrypto::d_mac_size |
The MAC size.
◆ d_rndA
|
protected |
The random number A.
◆ d_rndB
|
protected |
The random number B.
◆ d_sessionKey
| ByteVector logicalaccess::DESFireCrypto::d_sessionKey |
The current session key.
◆ iks_wrapper_
| std::unique_ptr<IKSCryptoWrapper> logicalaccess::DESFireCrypto::iks_wrapper_ |
The documentation for this class was generated from the following files:
- C:/dev/lla/liblogicalaccess/plugins/logicalaccess/plugins/cards/desfire/desfirecrypto.hpp
- C:/dev/lla/liblogicalaccess/plugins/logicalaccess/plugins/cards/desfire/desfirecrypto.cpp
