FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

MiFare DESFire Light Session key generation and CMAC algorithm

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MiFare DESFire Light Session key generation and CMAC algorithm

‎10-16-2019 11:04 PM
1,708 Views
dev-support
Contributor II

Hi All,

I am using #MIFARE DESFire Light for one of my customer. I can successfully authenticate the card using DESFireEV2First algorithm. After that I'm trying to get the session keys (SesAuthENCKey/SesAuthMACKey) as explained in example of AN12343, Chapter 7.1.3.1/7.1.4, but I can not get the expected output for the session keys. 

 

So, my concern is, Can I use same CMAC algorithm in DESFire Light which was worked in DESFire EV1?

 

If YES, output of CMAC algorithm used in DESFire EV1 = 8 bytes (MAC)

And we want output of CMAC algorithm in DESFire Light = 16 bytes Session keys (SesAuthENCKey/SesAuthMACKey).

it looks confusing for me.

Any guideline regards this will be highly appreciable! 

Tags (1)
Reply
3 Replies

‎10-23-2019 03:40 AM
1,536 Views
dev-support
Contributor II

Hi Ivan,

 

Thanks for the response. The issue was with the XOR calculation. Now, I can get the correct Session keys from the active DESFireEV2 first authentication of DESFire Light.

 

I’m facing issue in write data and read data after this.

 

1) When I try to WriteData in 00EF or 04EF, it gives me error 0x7E (LENGTH_ERROR).

 

I can successfully write data "22222222222222222222222222222222222222222222222222" in encrypted mode same as example of AN12343 (section 8.1.3).

 

But if I try to write my data which is 16 bytes or less i.e. "3132333435", it gives me 0x7E error.

 

>> Write Procedure I followed:

 

IV_Input = A55AFBCF7BCF00000000000000000000 (lable + TI + CmdCounter + Padding followed by 00)

SesAuthENCKey = 1D8C929597A19990295306DEFC57755A

IV = 00000000000000000000000000000000

IV_For Command Data = 6034C0FA74F032CBFFED3B6F3E9C584A

Data with Padding = 31323334358000000000000000000000

Encrypted Data = 77A2FD1B2BC19EC917B26D17694B6844

Command Header = 00000000050000

MAC_Input = 8D0000FBCF7BCF0000000005000077A2FD1B2BC19EC917B26D17694B6844

IV = 00000000000000000000000000000000

SesAuthMACKey = 2D9377F5CAAA1D53935454806B170723

Calculated MAC = CD3177470834C634

APDU to Card = 908D00001F0000000005000077A2FD1B2BC19EC917B26D17694B6844CD3177470834C63400

Response from Card = 917E (LENGTH_ERROR) 

 

Can you guide me which one is the wrong step I'm followed.?

 

 

2) Also, I have followed below steps to read data 22222222222222222222222222222222222222222222222222”,
but it gives me 0x1E (INTEGRITY_ERROR).

 

>> Read Procedure I followed:

 

IV = 00000000000000000000000000000000

Command Header = 00000000190000 (FileID = 00, offset = 000000, DataSizeToRead = 19 bytes)

MAC_Input  = AD0100B39DB01400000000190000

MACKey = C3D79B25473D4DC735F856F6DA8F7C22

Calculated MAC = E2B5F6406CF1FA8C

APDU to Card = 90AD00000F00000000190000E2B5F6406CF1FA8C00

Response from Card = 911E (INTEGRITY_ERROR)

 

Can you guide me which one is the wrong step in read data I'm followed.?

 NFC

0 Kudos
Reply

‎11-20-2019 09:46 AM
1,536 Views
wilmer_suarez
Contributor III

Hello,

I'm currently working on generating the session keys for MIFARE DESFire Light. Is there a library you used to generate the CMAC algorithm? I've tried multiple solutions but I'm unable to generate the proper values.

Thank you!

0 Kudos
Reply

‎10-21-2019 10:50 AM
1,536 Views
IvanRuiz
NXP Employee
NXP Employee

Hello,

A reply was already made to the case, the keys generated are incorrect, please follow AN12343 minutely.

BR,

Ivan.

Reply