Merge pull request #319 from maxieds/DESFire-AuthISO-Patch

DESFire emulation support: Bug, stability and reliability fixes and PM3 compatible ISO authentication
emsec · Jul 8, 2022 · bc333f9 · bc333f9
2 parents 99dceff + 37be68d
commit bc333f9
Show file tree

Hide file tree

Showing 95 changed files with 5,258 additions and 3,827 deletions.
diff --git a/Doc/DESFireSupportReadme.md b/Doc/DESFireSupportReadme.md
diff --git a/Dumps/DESFire_example.contents b/Dumps/DESFire_example.contents
diff --git a/Dumps/DESFire_example.dmp b/Dumps/DESFire_example.dmp
diff --git a/Firmware/Chameleon-Mini/.gitignore b/Firmware/Chameleon-Mini/.gitignore
@@ -1,8 +1,11 @@
-/Chameleon-Mini.eep
-/Chameleon-Mini.hex
-/Chameleon-Mini.elf
-/Chameleon-Mini.map
-/Chameleon-Mini.bin
-/Chameleon-Mini.lss
-/Chameleon-Mini.sym
-/Bin/
+Chameleon-Mini.eep
+Chameleon-Mini.hex
+Chameleon-Mini.elf
+Chameleon-Mini.map
+Chameleon-Mini.bin
+Chameleon-Mini.lss
+Chameleon-Mini.sym
+Bin/
+Bin/*
+Latest/
+Latest/*
diff --git a/Firmware/Chameleon-Mini/AntennaLevel.c b/Firmware/Chameleon-Mini/AntennaLevel.c
@@ -11,7 +11,7 @@ void AntennaLevelTick(void) {
     if (rssi < FIELD_MIN_RSSI) {
         LEDHook(LED_FIELD_DETECTED, LED_OFF);
         if (ActiveConfiguration.UidSize != 0) // this implies that we are emulating right now
-            ApplicationReset(); // reset the application just like a real card gets reset when there is no field
+            ApplicationReset();               // reset the application just like a real card gets reset when there is no field
     } else {
         LEDHook(LED_FIELD_DETECTED, LED_ON);
         AntennaLevelLogReaderDetectCount = (++AntennaLevelLogReaderDetectCount) % ANTENNA_LEVEL_LOG_RDRDETECT_INTERVAL;

diff --git a/Firmware/Chameleon-Mini/Application/Application.h b/Firmware/Chameleon-Mini/Application/Application.h
@@ -30,6 +30,14 @@ INLINE void ApplicationInit(void) {
     ActiveConfiguration.ApplicationInitFunc();
 }
 
+INLINE void ApplicationInitRunOnce(void) {
+    if (ActiveConfiguration.ApplicationInitRunOnceFunc != NULL) {
+        ActiveConfiguration.ApplicationInitRunOnceFunc();
+    } else {
+        ActiveConfiguration.ApplicationInitFunc();
+    }
+}
+
 INLINE void ApplicationTask(void) {
     ActiveConfiguration.ApplicationTaskFunc();
 }
@@ -44,7 +52,6 @@ INLINE uint16_t ApplicationProcess(uint8_t *ByteBuffer, uint16_t ByteCount) {
 
 INLINE void ApplicationReset(void) {
     ActiveConfiguration.ApplicationResetFunc();
-    //LogEntry(LOG_INFO_RESET_APP, NULL, 0);
 }
 
 INLINE void ApplicationGetUid(ConfigurationUidType Uid) {

diff --git a/Firmware/Chameleon-Mini/Application/CryptoAES128.c b/Firmware/Chameleon-Mini/Application/CryptoAES128.c
@@ -45,7 +45,7 @@ static aes_callback_t __CryptoAESCallbackFunc = NULL;
 static CryptoAESBlock_t __CryptoAES_IVData = { 0 };
 
 /* Set the last operation mode (ECB or CBC) init for the context */
-static uint8_t __CryptoAESOpMode = CRYPTO_AES_CBC_MODE;
+static uint8_t __CryptoAESOpMode = CRYPTO_AES_ECB_MODE;
 
 void aes_start(void) {
     AES.CTRL |= AES_START_bm;
@@ -99,6 +99,9 @@ void aes_get_key(uint8_t *key_out) {
     }
 }
 
+static void CryptoAESEncryptBlock(uint8_t *Plaintext, uint8_t *Ciphertext, const uint8_t *Key, bool XorModeOn);
+static void CryptoAESDecryptBlock(uint8_t *Plaintext, uint8_t *Ciphertext, const uint8_t *Key);
+
 static bool aes_lastsubkey_generate(uint8_t *key, uint8_t *last_sub_key) {
     bool keygen_ok;
     aes_software_reset();
@@ -178,21 +181,22 @@ void CryptoAESInitContext(CryptoAESConfig_t *ctx) {
     aes_set_callback(&int_callback_aes);
 }
 
-uint16_t CryptoAESGetPaddedBufferSize(uint16_t bufSize) {
+static uint16_t CryptoAESGetPaddedBufferSize(uint16_t bufSize);
+static uint16_t CryptoAESGetPaddedBufferSize(uint16_t bufSize) {
     uint16_t spareBytes = (bufSize % CRYPTO_AES_BLOCK_SIZE);
     if (spareBytes == 0) {
         return bufSize;
     }
     return bufSize + CRYPTO_AES_BLOCK_SIZE - spareBytes;
 }
 
-void CryptoAESEncryptBlock(uint8_t *Plaintext, uint8_t *Ciphertext, const uint8_t *Key, bool XorModeOn) {
+static void CryptoAESEncryptBlock(uint8_t *Plaintext, uint8_t *Ciphertext, const uint8_t *Key, bool XorModeOn) {
     aes_software_reset();
     AES.CTRL = AES_RESET_bm;
     NOP();
     AES.CTRL = 0;
     aes_configure_encrypt(AES_MANUAL, XorModeOn ? AES_XOR_ON : AES_XOR_OFF);
-    aes_isr_configure(AES_INTLVL_LO);
+    aes_isr_configure(AES_INTLVL_OFF);
     aes_set_key(Key);
     for (uint8_t i = 0; i < CRYPTO_AES_BLOCK_SIZE; i++) {
         AES.STATE = 0x00;
@@ -207,7 +211,7 @@ void CryptoAESEncryptBlock(uint8_t *Plaintext, uint8_t *Ciphertext, const uint8_
     aes_clear_error_flag();
 }
 
-void CryptoAESDecryptBlock(uint8_t *Plaintext, uint8_t *Ciphertext, const uint8_t *Key) {
+static void CryptoAESDecryptBlock(uint8_t *Plaintext, uint8_t *Ciphertext, const uint8_t *Key) {
     AES.CTRL = AES_RESET_bm;
     NOP();
     AES.CTRL = 0;
@@ -217,7 +221,7 @@ void CryptoAESDecryptBlock(uint8_t *Plaintext, uint8_t *Ciphertext, const uint8_
     NOP();
     AES.CTRL = 0;
     aes_configure_decrypt(AES_MANUAL, AES_XOR_OFF);
-    aes_isr_configure(AES_INTLVL_LO);
+    aes_isr_configure(AES_INTLVL_OFF);
     aes_set_key(lastSubKey);
     for (uint8_t i = 0; i < CRYPTO_AES_BLOCK_SIZE; i++) {
         AES.STATE = 0x00;
@@ -234,16 +238,18 @@ void CryptoAESDecryptBlock(uint8_t *Plaintext, uint8_t *Ciphertext, const uint8_
 
 uint8_t CryptoAESEncryptBuffer(uint16_t Count, uint8_t *Plaintext, uint8_t *Ciphertext,
                                const uint8_t *IV, const uint8_t *Key) {
+    bool copyIVBuffer = true;
     if ((Count % CRYPTO_AES_BLOCK_SIZE) != 0) {
         return 0xBE;
     } else if (IV == NULL) {
         memset(__CryptoAES_IVData, 0x00, CRYPTO_AES_BLOCK_SIZE);
         IV = &__CryptoAES_IVData[0];
+        copyIVBuffer = false;
     }
+    CryptoAESBlock_t inputBlock;
     size_t bufBlocks = (Count + CRYPTO_AES_BLOCK_SIZE - 1) / CRYPTO_AES_BLOCK_SIZE;
     for (int blk = 0; blk < bufBlocks; blk++) {
         if (__CryptoAESOpMode == CRYPTO_AES_CBC_MODE) {
-            CryptoAESBlock_t inputBlock;
             if (blk == 0) {
                 memcpy(inputBlock, &Plaintext[0], CRYPTO_AES_BLOCK_SIZE);
                 CryptoMemoryXOR(IV, inputBlock, CRYPTO_AES_BLOCK_SIZE);
@@ -252,26 +258,33 @@ uint8_t CryptoAESEncryptBuffer(uint16_t Count, uint8_t *Plaintext, uint8_t *Ciph
                 CryptoMemoryXOR(&Plaintext[blk * CRYPTO_AES_BLOCK_SIZE], inputBlock, CRYPTO_AES_BLOCK_SIZE);
             }
             CryptoAESEncryptBlock(inputBlock, Ciphertext + blk * CRYPTO_AES_BLOCK_SIZE, Key, true);
+            if (blk + 1 == bufBlocks && copyIVBuffer) {
+                memcpy(IV, inputBlock, CRYPTO_AES_BLOCK_SIZE);
+            }
         } else {
-            CryptoAESEncryptBlock(Plaintext + blk * CRYPTO_AES_BLOCK_SIZE,
-                                  Ciphertext + blk * CRYPTO_AES_BLOCK_SIZE, Key, true);
+            memcpy(inputBlock, Plaintext + blk * CRYPTO_AES_BLOCK_SIZE, CRYPTO_AES_BLOCK_SIZE);
+            CryptoMemoryXOR(IV, inputBlock, CRYPTO_AES_BLOCK_SIZE);
+            CryptoAESEncryptBlock(inputBlock, Ciphertext + blk * CRYPTO_AES_BLOCK_SIZE, Key, true);
+            memcpy(IV, Ciphertext + blk * CRYPTO_AES_BLOCK_SIZE, CRYPTO_AES_BLOCK_SIZE);
         }
     }
     return 0;
 }
 
 uint8_t CryptoAESDecryptBuffer(uint16_t Count, uint8_t *Plaintext, uint8_t *Ciphertext,
                                const uint8_t *IV, const uint8_t *Key) {
+    bool copyIVBuffer = true;
     if ((Count % CRYPTO_AES_BLOCK_SIZE) != 0) {
         return 0xBE;
     } else if (IV == NULL) {
         memset(__CryptoAES_IVData, 0x00, CRYPTO_AES_BLOCK_SIZE);
         IV = &__CryptoAES_IVData[0];
+        copyIVBuffer = false;
     }
+    CryptoAESBlock_t inputBlock;
     size_t bufBlocks = (Count + CRYPTO_AES_BLOCK_SIZE - 1) / CRYPTO_AES_BLOCK_SIZE;
     for (int blk = 0; blk < bufBlocks; blk++) {
         if (__CryptoAESOpMode == CRYPTO_AES_CBC_MODE) {
-            CryptoAESBlock_t inputBlock;
             CryptoAESDecryptBlock(inputBlock, Ciphertext + blk * CRYPTO_AES_BLOCK_SIZE, Key);
             if (blk == 0) {
                 memcpy(Plaintext + blk * CRYPTO_AES_BLOCK_SIZE, inputBlock, CRYPTO_AES_BLOCK_SIZE);
@@ -281,18 +294,24 @@ uint8_t CryptoAESDecryptBuffer(uint16_t Count, uint8_t *Plaintext, uint8_t *Ciph
                 CryptoMemoryXOR(&Ciphertext[(blk - 1) * CRYPTO_AES_BLOCK_SIZE],
                                 Plaintext + blk * CRYPTO_AES_BLOCK_SIZE, CRYPTO_AES_BLOCK_SIZE);
             }
+            if (blk + 1 == bufBlocks && copyIVBuffer) {
+                memcpy(IV, inputBlock, CRYPTO_AES_BLOCK_SIZE);
+            }
         } else {
             CryptoAESDecryptBlock(Plaintext + blk * CRYPTO_AES_BLOCK_SIZE,
                                   Ciphertext + blk * CRYPTO_AES_BLOCK_SIZE, Key);
+            CryptoMemoryXOR(IV, Plaintext + blk * CRYPTO_AES_BLOCK_SIZE, CRYPTO_AES_BLOCK_SIZE);
+            memcpy(IV, Ciphertext + blk * CRYPTO_AES_BLOCK_SIZE, CRYPTO_AES_BLOCK_SIZE);
         }
     }
     return 0;
 }
 
 // This routine performs the CBC "send" mode chaining: C = E(P ^ IV); IV = C
-void CryptoAES_CBCSend(uint16_t Count, void *Plaintext, void *Ciphertext,
-                       uint8_t *IV, uint8_t *Key,
-                       CryptoAES_CBCSpec_t CryptoSpec) {
+static void CryptoAES_CBCSend(uint16_t Count, void *Plaintext, void *Ciphertext, uint8_t *IV, uint8_t *Key, CryptoAES_CBCSpec_t CryptoSpec);
+static void CryptoAES_CBCSend(uint16_t Count, void *Plaintext, void *Ciphertext,
+                              uint8_t *IV, uint8_t *Key,
+                              CryptoAES_CBCSpec_t CryptoSpec) {
     uint16_t numBlocks = CRYPTO_BYTES_TO_BLOCKS(Count, CryptoSpec.blockSize);
     uint16_t blockIndex = 0;
     uint8_t *ptBuf = (uint8_t *) Plaintext, *ctBuf = (uint8_t *) Ciphertext;
@@ -316,9 +335,10 @@ void CryptoAES_CBCSend(uint16_t Count, void *Plaintext, void *Ciphertext,
 }
 
 // This routine performs the CBC "receive" mode chaining: C = E(P) ^ IV; IV = P
-void CryptoAES_CBCRecv(uint16_t Count, void *Plaintext, void *Ciphertext,
-                       uint8_t *IV, uint8_t *Key,
-                       CryptoAES_CBCSpec_t CryptoSpec) {
+static void CryptoAES_CBCRecv(uint16_t Count, void *Plaintext, void *Ciphertext, uint8_t *IV, uint8_t *Key, CryptoAES_CBCSpec_t CryptoSpec);
+static void CryptoAES_CBCRecv(uint16_t Count, void *Plaintext, void *Ciphertext,
+                              uint8_t *IV, uint8_t *Key,
+                              CryptoAES_CBCSpec_t CryptoSpec) {
     uint16_t numBlocks = CRYPTO_BYTES_TO_BLOCKS(Count, CryptoSpec.blockSize);
     uint16_t blockIndex = 0;
     uint8_t *ptBuf = (uint8_t *) Plaintext, *ctBuf = (uint8_t *) Ciphertext;
@@ -341,38 +361,60 @@ void CryptoAES_CBCRecv(uint16_t Count, void *Plaintext, void *Ciphertext,
     }
 }
 
-void CryptoAESEncrypt_CBCSend(uint16_t Count, uint8_t *PlainText, uint8_t *CipherText,
+#ifdef ENABLE_CRYPTO_TESTS
+void CryptoAESDecrypt_CBCSend(uint16_t Count, uint8_t *PlainText, uint8_t *CipherText,
                               uint8_t *Key, uint8_t *IV) {
     CryptoAES_CBCSpec_t CryptoSpec = {
-        .cryptFunc   = &CryptoAESEncryptBlock,
+        .cryptFunc   = &CryptoAESDecryptBlock,
         .blockSize   = CRYPTO_AES_BLOCK_SIZE
     };
     CryptoAES_CBCSend(Count, PlainText, CipherText, IV, Key, CryptoSpec);
 }
 
-void CryptoAESDecrypt_CBCSend(uint16_t Count, uint8_t *PlainText, uint8_t *CipherText,
-                              uint8_t *Key, uint8_t *IV) {
+void CryptoAESDecrypt_CBCReceive(uint16_t Count, uint8_t *PlainText, uint8_t *CipherText,
+                                 uint8_t *Key, uint8_t *IV) {
     CryptoAES_CBCSpec_t CryptoSpec = {
         .cryptFunc   = &CryptoAESDecryptBlock,
         .blockSize   = CRYPTO_AES_BLOCK_SIZE
     };
-    CryptoAES_CBCSend(Count, PlainText, CipherText, IV, Key, CryptoSpec);
+    CryptoAES_CBCRecv(Count, PlainText, CipherText, IV, Key, CryptoSpec);
 }
+#endif
 
-void CryptoAESEncrypt_CBCReceive(uint16_t Count, uint8_t *PlainText, uint8_t *CipherText,
-                                 uint8_t *Key, uint8_t *IV) {
+void CryptoAESEncrypt_CBCSend(uint16_t Count, uint8_t *PlainText, uint8_t *CipherText,
+                              uint8_t *Key, uint8_t *IV) {
     CryptoAES_CBCSpec_t CryptoSpec = {
         .cryptFunc   = &CryptoAESEncryptBlock,
         .blockSize   = CRYPTO_AES_BLOCK_SIZE
     };
-    CryptoAES_CBCRecv(Count, PlainText, CipherText, IV, Key, CryptoSpec);
+    CryptoAES_CBCSend(Count, PlainText, CipherText, IV, Key, CryptoSpec);
 }
 
-void CryptoAESDecrypt_CBCReceive(uint16_t Count, uint8_t *PlainText, uint8_t *CipherText,
+void CryptoAESEncrypt_CBCReceive(uint16_t Count, uint8_t *PlainText, uint8_t *CipherText,
                                  uint8_t *Key, uint8_t *IV) {
     CryptoAES_CBCSpec_t CryptoSpec = {
-        .cryptFunc   = &CryptoAESDecryptBlock,
+        .cryptFunc   = &CryptoAESEncryptBlock,
         .blockSize   = CRYPTO_AES_BLOCK_SIZE
     };
     CryptoAES_CBCRecv(Count, PlainText, CipherText, IV, Key, CryptoSpec);
 }
+
+uint16_t appendBufferCRC32C(uint8_t *bufferData, uint16_t bufferSize) {
+    uint32_t workingCRC = INIT_CRC32C_VALUE;
+    for (int i = 0; i < bufferSize; i++) {
+        workingCRC = workingCRC ^ *(bufferData++);
+        for (int j = 0; j < 8; j++) {
+            if (workingCRC & 1) {
+                workingCRC = (workingCRC >> 1) ^ LE_CRC32C_POLYNOMIAL;
+            } else {
+                workingCRC = workingCRC >> 1;
+            }
+        }
+    }
+    // Append the CRC32C bytes in little endian byte order to the end of the buffer:
+    bufferData[bufferSize] = (uint8_t)(workingCRC & 0x000000FF);
+    bufferData[bufferSize + 1] = (uint8_t)((workingCRC & 0x0000FF00) >> 8);
+    bufferData[bufferSize + 2] = (uint8_t)((workingCRC & 0x00FF0000) >> 16);
+    bufferData[bufferSize + 4] = (uint8_t)((workingCRC & 0xFF000000) >> 24);
+    return bufferSize + 4;
+}