]>
Commit | Line | Data |
---|---|---|
298e1a2d | 1 | /***************************************************************************** |
2 | * WARNING | |
3 | * | |
4 | * THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY. | |
5 | * | |
6 | * USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL | |
7 | * PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL, | |
8 | * AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES. | |
9 | * | |
10 | * THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS. | |
11 | * | |
12 | ***************************************************************************** | |
13 | * | |
14 | * This file is part of loclass. It is a reconstructon of the cipher engine | |
15 | * used in iClass, and RFID techology. | |
16 | * | |
17 | * The implementation is based on the work performed by | |
18 | * Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and | |
19 | * Milosch Meriac in the paper "Dismantling IClass". | |
20 | * | |
21 | * Copyright (C) 2014 Martin Holst Swende | |
22 | * | |
23 | * This is free software: you can redistribute it and/or modify | |
24 | * it under the terms of the GNU General Public License version 2 as published | |
25 | * by the Free Software Foundation, or, at your option, any later version. | |
26 | * | |
27 | * This file is distributed in the hope that it will be useful, | |
28 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
29 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
30 | * GNU General Public License for more details. | |
31 | * | |
32 | * You should have received a copy of the GNU General Public License | |
33 | * along with loclass. If not, see <http://www.gnu.org/licenses/>. | |
34 | * | |
35 | * | |
36 | ****************************************************************************/ | |
37 | ||
17505ce2 | 38 | #ifndef OPTIMIZED_CIPHER_H__ |
39 | #define OPTIMIZED_CIPHER_H__ | |
40 | ||
c99dc845 | 41 | #include <stdint.h> |
61fe9073 MHS |
42 | |
43 | /** | |
44 | * Definition 1 (Cipher state). A cipher state of iClass s is an element of F 40/2 | |
45 | * consisting of the following four components: | |
17505ce2 | 46 | * 1. the left register l = (l 0 . . . l 7 ) ∈ F 8/2 ; |
47 | * 2. the right register r = (r 0 . . . r 7 ) ∈ F 8/2 ; | |
48 | * 3. the top register t = (t 0 . . . t 15 ) ∈ F 16/2 . | |
49 | * 4. the bottom register b = (b 0 . . . b 7 ) ∈ F 8/2 . | |
61fe9073 MHS |
50 | **/ |
51 | typedef struct { | |
52 | uint8_t l; | |
53 | uint8_t r; | |
54 | uint8_t b; | |
55 | uint16_t t; | |
56 | } State; | |
57 | ||
58 | /** The reader MAC is MAC(key, CC * NR ) | |
59 | **/ | |
60 | void opt_doReaderMAC(uint8_t *cc_nr_p, uint8_t *div_key_p, uint8_t mac[4]); | |
17505ce2 | 61 | |
61fe9073 MHS |
62 | /** |
63 | * The tag MAC is MAC(key, CC * NR * 32x0)) | |
64 | */ | |
65 | void opt_doTagMAC(uint8_t *cc_p, const uint8_t *div_key_p, uint8_t mac[4]); | |
66 | ||
67 | /** | |
68 | * The tag MAC can be divided (both can, but no point in dividing the reader mac) into | |
69 | * two functions, since the first 8 bytes are known, we can pre-calculate the state | |
70 | * reached after feeding CC to the cipher. | |
71 | * @param cc_p | |
72 | * @param div_key_p | |
73 | * @return the cipher state | |
74 | */ | |
75 | State opt_doTagMAC_1(uint8_t *cc_p, const uint8_t *div_key_p); | |
17505ce2 | 76 | |
61fe9073 MHS |
77 | /** |
78 | * The second part of the tag MAC calculation, since the CC is already calculated into the state, | |
79 | * this function is fed only the NR, and internally feeds the remaining 32 0-bits to generate the tag | |
80 | * MAC response. | |
81 | * @param _init - precalculated cipher state | |
82 | * @param nr - the reader challenge | |
83 | * @param mac - where to store the MAC | |
84 | * @param div_key_p - the key to use | |
85 | */ | |
17505ce2 | 86 | void opt_doTagMAC_2(State _init, uint8_t *nr, uint8_t mac[4], const uint8_t *div_key_p); |
61fe9073 | 87 | |
17505ce2 | 88 | #endif // OPTIMIZED_CIPHER_H__ |