Incremental backup -- Auth schemes should be working -- New CommMode checksum functions DO NOT fit into text/data (yet)

Author: maxieds

Firmware/Chameleon-Mini/Application/CryptoCMAC.c

@@ -32,6 +32,7 @@ This notice must be retained at the top of all source files where indicated.
 #include "CryptoTDEA.h"
 #include "CryptoAES128.h"
 
+#if 0
 static uint8_t _cmac_K1[CRYPTO_MAX_BLOCK_SIZE] = { 0x00 };
 static uint8_t _cmac_K2[CRYPTO_MAX_BLOCK_SIZE] = { 0x00 };
 static uint8_t _cmac_RB[CRYPTO_MAX_BLOCK_SIZE] = { 0x00 };
@@ -190,3 +191,4 @@ bool checkBufferMAC(uint8_t *bufferData, uint16_t bufferSize, uint16_t checksumS
     }
     return true;
 }
+#endif

Firmware/Chameleon-Mini/Application/DESFire/DESFireISO14443Support.c

@@ -44,6 +44,9 @@ uint8_t Iso144434LastBlockLength = 0x00;
 uint8_t StateRetryCount = 0x00;
 uint8_t LastReaderSentCmd = 0x00;
 
+uint8_t  ISO14443ALastDataFrame[MAX_DATA_FRAME_XFER_SIZE] = { 0x00 };
+uint16_t ISO14443ALastDataFrameBits = 0;
+
 bool CheckStateRetryCount2(bool resetByDefault, bool performLogging) {
     if (resetByDefault || ++StateRetryCount >= MAX_STATE_RETRY_COUNT) {
         ISO144434SwitchState2(Iso144433AIdleState, performLogging);
@@ -74,6 +77,7 @@ void ISO144434Reset(void) {
     /* No logging -- spams the log */
     Iso144434State = ISO14443_4_STATE_EXPECT_RATS;
     Iso144434BlockNumber = 1;
+    ISO14443ALastDataFrameBits = 0;
 }
 
 static uint16_t ISO144434ProcessBlock(uint8_t *Buffer, uint16_t ByteCount, uint16_t BitCount) {
@@ -205,13 +209,21 @@ static uint16_t ISO144434ProcessBlock(uint8_t *Buffer, uint16_t ByteCount, uint1
                 /* 7.5.4.3, rule 12 */
                 /* This is a NAK. Send an ACK back */
                 Buffer[0] = ISO14443_PCB_R_BLOCK_STATIC | ISO14443_PCB_R_BLOCK_ACK | MyBlockNumber;
-                ByteCount = 1;
+                //ByteCount = 1;
+                // Per the NXP data sheet MF1S50YYX_V1 (Table 10: ACK / NAK), we should return 4 bits:
+                return 4;
             } else {
                 /* This is an ACK */
                 /* NOTE: Chaining is not supported yet. */
                 const char *debugPrintStr = PSTR("ISO144434ProcessBlock: ISO14443_PCB_R_BLOCK -- %d");
                 DEBUG_PRINT_P(debugPrintStr, __LINE__);
-                return ISO14443A_APP_NO_RESPONSE;
+                // Resend the data from the last frame:
+                if (ISO14443ALastDataFrameBits > 0) {
+                    memcpy(&Buffer[0], &ISO14443ALastDataFrame[0], (ISO14443ALastDataFrameBits + BITS_PER_BYTE - 1) / BITS_PER_BYTE);
+                    return ISO14443ALastDataFrameBits;
+                } else {
+                    return ISO14443A_APP_NO_RESPONSE;
+                }
             }
             const char *debugPrintStr6 = PSTR("ISO14443-4: R-BLK");
             LogDebuggingMsg(debugPrintStr6);
@@ -272,6 +284,7 @@ void ISO144433AReset(void) {
     /* No logging -- spams the log */
     Iso144433AState = ISO14443_3A_STATE_IDLE;
     Iso144433AIdleState = ISO14443_3A_STATE_IDLE;
+    ISO14443ALastDataFrameBits = 0;
 }
 
 void ISO144433AHalt(void) {

Firmware/Chameleon-Mini/Application/DESFire/DESFireISO14443Support.h

@@ -41,9 +41,9 @@ This notice must be retained at the top of all source files where indicated.
  */
 
 #define ISO14443A_CMD_RATS                  0xE0
-#define ISO14443A_RATS_FRAME_SIZE           (6 * BITS_PER_BYTE) //(4 * 8) /* Bit */
+#define ISO14443A_RATS_FRAME_SIZE           (6 * BITS_PER_BYTE) /* Bit */
 #define ISO14443A_CMD_RNAK                  0xB2
-#define ISO14443A_CRC_FRAME_SIZE           (ISO14443A_CRCA_SIZE * BITS_PER_BYTE)
+#define ISO14443A_CRC_FRAME_SIZE            (ISO14443A_CRCA_SIZE * BITS_PER_BYTE)
 
 #define ISO14443_PCB_BLOCK_TYPE_MASK        0xC0
 #define ISO14443_PCB_I_BLOCK                0x00
@@ -92,13 +92,29 @@ extern uint8_t Iso144434BlockNumber;
 extern uint8_t Iso144434CardID;
 extern uint8_t LastReaderSentCmd;
 
+/* Configure saving last data frame state so can resend on ACK from the PCD */
+
+#define MAX_DATA_FRAME_XFER_SIZE            (64)
+extern uint8_t  ISO14443ALastDataFrame[MAX_DATA_FRAME_XFER_SIZE];
+extern uint16_t ISO14443ALastDataFrameBits;
+
+INLINE ISO14443AStoreLastDataFrameAndReturn(const uint8_t *Buffer, uint16_t BufferBitCount) {
+    uint16_t ISO14443ALastDataFrameBytes = MIN((BufferBitCount + BITS_PER_BYTE - 1) / BITS_PER_BYTE, MAX_DATA_FRAME_XFER_SIZE);
+    if (ISO14443ALastDataFrameBytes > 0) {
+        memcpy(ISO14443ALastDataFrame, &Buffer[0], ISO14443ALastDataFrameBytes);
+    }
+    ISO14443ALastDataFrameBits = BufferBitCount;
+    return BufferBitCount;
+}
+
 /* Setup some fuzzy response handling for problematic readers like the ACR122U */
+
 #define MAX_STATE_RETRY_COUNT               (4)
 extern uint8_t StateRetryCount;
 bool CheckStateRetryCount(bool resetByDefault);
 bool CheckStateRetryCount2(bool resetByDefault, bool performLogging);
 
-#define IGNORE_ACK_BYTE               (0x92)
+//#define IGNORE_ACK_BYTE               (0x92)
 
 /* Support functions */
 void ISO144434SwitchState(Iso144434StateType NewState);

Firmware/Chameleon-Mini/Application/DESFire/DESFireInstructions.c

@@ -518,6 +518,8 @@ uint16_t EV0CmdAuthenticateLegacy1(uint8_t *Buffer, uint16_t ByteCount) {
     keySize = GetDefaultCryptoMethodKeySize(CRYPTO_TYPE_2KTDEA);
     Key = SessionKey;
     DesfireCommandState.KeyId = KeyId;
+    DesfireCommandState.CryptoMethodType = CRYPTO_TYPE_3K3DES;
+    DesfireCommandState.ActiveCommMode = GetCryptoMethodCommSettings(CRYPTO_TYPE_3K3DES);
 
     /* Fetch the key */
     if (cryptoKeyType == CRYPTO_TYPE_DES) {
@@ -581,10 +583,15 @@ uint16_t EV0CmdAuthenticateLegacy2(uint8_t *Buffer, uint16_t ByteCount) {
 
     /* Reset parameters for authentication from the first exchange */
     KeyId = DesfireCommandState.KeyId;
-    cryptoKeyType = CRYPTO_TYPE_2KTDEA;
-    keySize = GetDefaultCryptoMethodKeySize(CRYPTO_TYPE_2KTDEA);
+    cryptoKeyType = DesfireCommandState.CryptoMethodType;
+    keySize = GetDefaultCryptoMethodKeySize(CRYPTO_TYPE_3K3DES);
     Key = SessionKey;
-    ReadAppKey(SelectedApp.Slot, KeyId, Key, keySize);
+    if (cryptoKeyType == CRYPTO_TYPE_DES) {
+        ReadAppKey(SelectedApp.Slot, KeyId, Key, CRYPTO_DES_KEY_SIZE);
+        memcpy(Key + CRYPTO_DES_KEY_SIZE, Key, CRYPTO_DES_KEY_SIZE);
+    } else {
+        ReadAppKey(SelectedApp.Slot, KeyId, Key, keySize);
+    }
 
     /* Decrypt the challenge sent back to get RndA and a shifted RndB */
     BYTE challengeRndAB[2 * CRYPTO_CHALLENGE_RESPONSE_BYTES];
@@ -617,8 +624,6 @@ uint16_t EV0CmdAuthenticateLegacy2(uint8_t *Buffer, uint16_t ByteCount) {
     AuthenticatedWithKey = KeyId;
     AuthenticatedWithPICCMasterKey = (SelectedApp.Slot == DESFIRE_PICC_APP_SLOT) &&
                                      (KeyId == DESFIRE_MASTER_KEY_ID);
-    DesfireCommandState.CryptoMethodType = CRYPTO_TYPE_2KTDEA;
-    DesfireCommandState.ActiveCommMode = GetCryptoMethodCommSettings(CRYPTO_TYPE_2KTDEA);
 
     /* Return the status on success */
     Buffer[0] = STATUS_OPERATION_OK;

Firmware/Chameleon-Mini/Application/DESFire/DESFireUtils.c

@@ -148,9 +148,9 @@ bool DesfireCheckParityBits(uint8_t *Buffer, uint16_t BitCount) {
 }
 
 uint16_t DesfirePreprocessAPDU(uint8_t CommMode, uint8_t *Buffer, uint16_t BufferSize) {
-    DEBUG_PRINT_P(PSTR("PRE -- CommMode -- 0x%02x"), CommMode);
+    //DEBUG_PRINT_P(PSTR("PRE -- CommMode -- 0x%02x"), CommMode);
     switch (CommMode) {
-        case DESFIRE_COMMS_PLAINTEXT_MAC: {
+        /*case DESFIRE_COMMS_PLAINTEXT_MAC: {
             uint16_t ChecksumBytes = 0;
             if (DesfireCommandState.CryptoMethodType == CRYPTO_TYPE_DES || DesfireCommandState.CryptoMethodType == CRYPTO_TYPE_2KTDEA) {
                 ChecksumBytes = 4;
@@ -187,18 +187,18 @@ uint16_t DesfirePreprocessAPDU(uint8_t CommMode, uint8_t *Buffer, uint16_t Buffe
                 return 0;
             }
             return MAX(0, BufferSize - ChecksumBytes);
-        }
+        }*/
         case DESFIRE_COMMS_PLAINTEXT:
         default:
-            // Leave the CRCA bytes intact: 
-	    return BufferSize; 
+            // Leave the CRCA bytes intact:
+            return BufferSize;
     }
 }
 
 uint16_t DesfirePostprocessAPDU(uint8_t CommMode, uint8_t *Buffer, uint16_t BufferSize) {
-    DEBUG_PRINT_P(PSTR("POST -- CommMode -- 0x%02x"), CommMode);
+    //DEBUG_PRINT_P(PSTR("POST -- CommMode -- 0x%02x"), CommMode);
     switch (CommMode) {
-        case DESFIRE_COMMS_PLAINTEXT_MAC: {
+        /*case DESFIRE_COMMS_PLAINTEXT_MAC: {
             if (DesfireCommandState.CryptoMethodType == CRYPTO_TYPE_DES || DesfireCommandState.CryptoMethodType == CRYPTO_TYPE_2KTDEA) {
                 return appendBufferMAC(SessionKey, Buffer, BufferSize);
             } else {
@@ -235,12 +235,11 @@ uint16_t DesfirePostprocessAPDU(uint8_t CommMode, uint8_t *Buffer, uint16_t Buff
             CryptoAESEncryptBuffer(XferBytes, Buffer, &Buffer[XferBytes], SessionIV, SessionKey);
             memmove(&Buffer[0], &Buffer[XferBytes], XferBytes);
             return XferBytes;
-        }
+        }*/
         case DESFIRE_COMMS_PLAINTEXT:
         default:
-            //ISO14443AAppendCRCA(Buffer, BufferSize);
-            //return BufferSize + 2;
-	    return BufferSize;
+            ISO14443AAppendCRCA(Buffer, BufferSize);
+            return BufferSize + 2;
     }
 }
 

Firmware/Chameleon-Mini/Application/MifareDESFire.c

@@ -174,10 +174,11 @@ uint16_t MifareDesfireProcessCommand(uint8_t *Buffer, uint16_t ByteCount) {
 uint16_t MifareDesfireProcess(uint8_t *Buffer, uint16_t BitCount) {
     size_t ByteCount = (BitCount + BITS_PER_BYTE - 1) / BITS_PER_BYTE;
     DesfireCmdCLA = Buffer[0];
-    LogEntry(LOG_INFO_DESFIRE_INCOMING_DATA, Buffer, ByteCount);
+    //LogEntry(LOG_INFO_DESFIRE_INCOMING_DATA, Buffer, ByteCount);
     if (BitCount == 0) {
+        LogEntry(LOG_INFO_DESFIRE_INCOMING_DATA, Buffer, ByteCount);
         return ISO14443A_APP_NO_RESPONSE;
-    } else if ((ByteCount >= 6 && DesfireCLA(Buffer[0]) && Buffer[2] == 0x00 &&
+    } else if ((ByteCount >= 8 && DesfireCLA(Buffer[0]) && Buffer[2] == 0x00 &&
                 Buffer[3] == 0x00 && (Buffer[4] == ByteCount - 6 || Buffer[4] == ByteCount - 8)) || Iso7816CLA(DesfireCmdCLA)) {
         /* Wrapped native command structure or ISO7816: */
         if (Iso7816CLA(DesfireCmdCLA)) {
@@ -186,7 +187,7 @@ uint16_t MifareDesfireProcess(uint8_t *Buffer, uint16_t BitCount) {
                 Buffer[0] = (uint8_t)((iso7816ParamsStatus >> 8) & 0x00ff);
                 Buffer[1] = (uint8_t)(iso7816ParamsStatus & 0x00ff);
                 ByteCount = 2;
-		return ByteCount * BITS_PER_BYTE;
+                return ByteCount * BITS_PER_BYTE;
             }
         }
         ByteCount = Buffer[4];
@@ -203,7 +204,7 @@ uint16_t MifareDesfireProcess(uint8_t *Buffer, uint16_t BitCount) {
         } else {
             /* Re-wrap into ISO 7816-4 */
         }
-        LogEntry(LOG_INFO_DESFIRE_OUTGOING_DATA, Buffer, ByteCount);
+        //LogEntry(LOG_INFO_DESFIRE_OUTGOING_DATA, Buffer, ByteCount);
         return ByteCount * BITS_PER_BYTE;
     } else {
         /* ISO/IEC 14443-4 PDUs: No extra work */
@@ -215,41 +216,37 @@ uint16_t MifareDesfireProcess(uint8_t *Buffer, uint16_t BitCount) {
 uint16_t MifareDesfireAppProcess(uint8_t *Buffer, uint16_t BitCount) {
     uint16_t ByteCount = (BitCount + BITS_PER_BYTE - 1) / BITS_PER_BYTE;
     uint16_t ReturnedBytes = 0;
-    if (ByteCount >= 6 && DesfireCLA(Buffer[0]) && Buffer[2] == 0x00 &&
-            Buffer[3] == 0x00 && (Buffer[4] == ByteCount - 6 || Buffer[4] == ByteCount - 8)) {
+    if (ByteCount >= 8 && DesfireCLA(Buffer[0]) && Buffer[2] == 0x00 &&
+            Buffer[3] == 0x00 && Buffer[4] == ByteCount - 8) {
+        DesfireCmdCLA = Buffer[0];
         uint16_t IncomingByteCount = (BitCount + BITS_PER_BYTE - 1) / BITS_PER_BYTE;
         uint16_t UnwrappedBitCount = DesfirePreprocessAPDU(ActiveCommMode, Buffer, IncomingByteCount) * BITS_PER_BYTE;
         uint16_t ProcessedBitCount = MifareDesfireProcess(Buffer, UnwrappedBitCount);
         uint16_t ProcessedByteCount = (ProcessedBitCount + BITS_PER_BYTE - 1) / BITS_PER_BYTE;
-        ProcessedBitCount = DesfirePostprocessAPDU(ActiveCommMode, Buffer, ProcessedByteCount) * BITS_PER_BYTE;
-        return ProcessedBitCount;
-    } else if (BitCount == 4 && (Buffer[0] & 0xF0) == 0xA0) {
-        // NXP-based PCD sent a "keep alive" response of ACK,
-        // so we respond with a corresponding NAK (with CRCA bytes appended):
-        Buffer[0] = 0x00;
-	return 4;
+        return ISO14443AStoreLastDataFrameAndReturn(Buffer, DesfirePostprocessAPDU(ActiveCommMode, Buffer, ProcessedByteCount) * BITS_PER_BYTE);
     } else if (IsWrappedISO7816CommandType(Buffer, ByteCount)) {
+        DesfireCmdCLA = Buffer[2];
         uint8_t ISO7816PrologueBytes[2];
         memcpy(&ISO7816PrologueBytes[0], Buffer, 2);
         uint16_t IncomingByteCount = DesfirePreprocessAPDU(ActiveCommMode, Buffer, IncomingByteCount);
-	memmove(&Buffer[0], &Buffer[2], IncomingByteCount - 2);
+        memmove(&Buffer[0], &Buffer[2], IncomingByteCount - 2);
         uint16_t UnwrappedBitCount = (IncomingByteCount - 2) * BITS_PER_BYTE;
-	uint16_t ProcessedBitCount = MifareDesfireProcess(Buffer, UnwrappedBitCount);
+        uint16_t ProcessedBitCount = MifareDesfireProcess(Buffer, UnwrappedBitCount);
         uint16_t ProcessedByteCount = (ProcessedBitCount + BITS_PER_BYTE - 1) / BITS_PER_BYTE;
         /* Append the same ISO7816 prologue bytes to the response: */
         memmove(&Buffer[2], &Buffer[0], ProcessedByteCount);
         memcpy(&Buffer[0], &ISO7816PrologueBytes[0], 2);
         ProcessedBitCount = DesfirePostprocessAPDU(ActiveCommMode, Buffer, ProcessedByteCount + 2) * BITS_PER_BYTE;
-        return ProcessedBitCount;
+        return ISO14443AStoreLastDataFrameAndReturn(Buffer, ProcessedBitCount);
     } else if ((ReturnedBytes = CallInstructionHandler(Buffer, ByteCount)) != ISO14443A_APP_NO_RESPONSE) {
         /* This case should handle non-wrappped native commands. No pre/postprocessing afterwards: */
-        return ReturnedBytes;
-    } else { // if (!AnticolNoResp) {
+        return ISO14443AStoreLastDataFrameAndReturn(Buffer, ReturnedBytes * BITS_PER_BYTE);
+    } else if (!AnticolNoResp || BitCount < BITS_PER_BYTE) {
         /* This case is to exchange anticollision loop and RATS data. No need to pre/postprocess it depending
-        * on the CommMode, which has not been set yet if we reach this point:
+         * on the CommMode, which has not been set yet if we reach this point:
          */
-        uint16_t PiccProcessRespBytes = ISO144433APiccProcess(Buffer, BitCount);
-        if (PiccProcessRespBytes == ISO14443A_APP_NO_RESPONSE) {
+        uint16_t PiccProcessRespBits = ISO144433APiccProcess(Buffer, BitCount);
+        if (PiccProcessRespBits == ISO14443A_APP_NO_RESPONSE) {
             // Stop pesky USB readers trying to autodetect all tag types by brute-force enumeration
             // from interfering with making it into the command exchange (DESFIRE_IDLE) states.
             // Once the anticollision and/or RATS has completed, set this flag to keep it from
@@ -259,8 +256,9 @@ uint16_t MifareDesfireAppProcess(uint8_t *Buffer, uint16_t BitCount) {
             // and it really screws things up timing-wise!
             AnticolNoResp = true;
         }
-        return PiccProcessRespBytes;
+        return ISO14443AStoreLastDataFrameAndReturn(Buffer, PiccProcessRespBits);
     }
+    LogEntry(LOG_INFO_DESFIRE_OUTGOING_DATA, Buffer, ByteCount);
     return ISO14443A_APP_NO_RESPONSE;
 }
 

Firmware/Chameleon-Mini/Makefile

@@ -191,7 +191,7 @@ CC_FLAGS     = -g0 -DUSE_LUFA_CONFIG_HEADER -DFLASH_DATA_ADDR=$(FLASH_DATA_ADDR)
 			   -D__AVR_ATxmega128A4U__ -D__PROG_TYPES_COMPAT__ -DMAX_ENDPOINT_INDEX=4 \
 			   -std=gnu99 -Werror=implicit-function-declaration \
 			   -fno-inline-small-functions -fshort-enums -fpack-struct \
-			   -ffunction-sections -fdata-sections -fvisibility=hidden -fvisibility-inlines-hidden \
+			   -ffunction-sections -fdata-sections -fvisibility=hidden \
 			   -Wl,-strip-all -Wl,--gc-sections --data-sections \
                            -Wl,-relax -fno-split-wide-types -fno-tree-scev-cprop \
 			   -fno-aggressive-loop-optimizations #-fno-jump-tables -fno-common