DESFire with 3KDES encryption issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DESFire with 3KDES encryption issue

Jump to solution
2,125 Views
david13
Contributor III

Dear Support team,

We are developing CLRC663 application with using NFC Library v05.22.00.

We have a problem with reading Mifare DESFire EV1 tag.

We issue DESFire tag with 3KDES encryption, and we use following API:

phStatus_t phalMfdf_AuthenticateISO(
                                       void * pDataParams,
                                       uint16_t wOption,
                                       uint16_t wKeyNo,
                                       uint16_t wKeyVer,
                                       uint8_t bKeyNoCard,
                                       uint8_t * pDivInput,
                                       uint8_t bDivLen
                                       )

When the program run on FRAME Command and go to the step- [Get the encrypted RndA' into bWorkBuffer], it will occur the error: [MF DF Current authentication status does not allow the requested cmd].

If wee use DES or AES encryption tag, then it will be OK.

How to fix this error? We want to know the reason why cause this error. Or there is needed parameters initialization we miss?

Note: Yesterday I post this message but system marked this message as Spam. I don't which content of this message is inappropriate.


Best Regards,
David Huang

Labels (1)
0 Kudos
1 Solution
2,068 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @david13 ,

 

Actually  we provide the demo for DESFire in the extended version, you may refer to "NfcrdlibEx10_MIFAREDESFire" for details. To fetch this version, you have to sign NDA at first, then request it from the NXP doc store. Please kindly refer to the following for details.

CLRC663 NDA lib.png

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

0 Kudos
5 Replies
2,069 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @david13 ,

 

Actually  we provide the demo for DESFire in the extended version, you may refer to "NfcrdlibEx10_MIFAREDESFire" for details. To fetch this version, you have to sign NDA at first, then request it from the NXP doc store. Please kindly refer to the following for details.

CLRC663 NDA lib.png

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
2,027 Views
david13
Contributor III

Hi Ken,

Thanks for your reply, that help me go for next step.

I will apply for the ""NfcrdlibEx10_MIFAREDESFire"  you recommend.

Note: I didn't find "Mark Correct" button, so I will click "ACCEPT AS SOLUTION".

Best Regards,
David Huang

0 Kudos
2,072 Views
david13
Contributor III

Dear support teams,

I found this issue is not suitable for this category. I don't find the way to delete this topic.

If possible, please help me or show me the way to delete this issue.

I will post this issue in the category:

Identification and Security / Secure Authentication

Thanks~

Best Regards,
David Huang

0 Kudos
2,103 Views
david13
Contributor III

Plus:

Following code we wrote for 3KDES and doesn't work:
case KEY_TYPE_3KDES:
{
        Is_Gigatms_Mdf_Setkey(g_tRegisters.s2.DF.bKey ,PH_KEYSTORE_KEY_TYPE_3K3DES ,STORE_KEYNUM_3K3DES);
        status = phalMfdf_AuthenticateISO(psalMFDF, PHAL_MFDF_NO_DIVERSIFICATION, STORE_KEYNUM_3K3DES, 0, 0, NULL, 0);
        break;
}


Following DES is working:
case KEY_TYPE_DES:
        Is_Gigatms_Mdf_Setkey(g_tRegisters.s2.DF.bKey ,PH_KEYSTORE_KEY_TYPE_DES ,STORE_KEYNUM_DES);
        status = phalMfdf_AuthenticateISO(psalMFDF, PHAL_MFDF_NO_DIVERSIFICATION, STORE_KEYNUM_DES, 0, 0, NULL, 0);
        break;
}

Following code is to used to set key:
bool Is_Gigatms_Mdf_Setkey(uint8_t *pKey, uint8_t bKeyType, uint8_t bKeyName)
{
        status = phKeyStore_FormatKeyEntry(psKeyStore, bKeyName, bKeyType);

        if ((status & PH_ERR_MASK) != PH_ERR_SUCCESS)
               return FALSE;
        /* Set Key Store */
        status = phKeyStore_SetKey(psKeyStore, bKeyName, 0, bKeyType, pKey, 0);
        if ((status & PH_ERR_MASK) != PH_ERR_SUCCESS)
               return FALSE;
        return TRUE;
}

0 Kudos
2,103 Views
david13
Contributor III

Plus,
Following is the code we write for 3KDES (this doesn't work):
case KEY_TYPE_3KDES:
{
                Is_Gigatms_Mdf_Setkey(g_tRegisters.s2.DF.bKey ,PH_KEYSTORE_KEY_TYPE_3K3DES ,STORE_KEYNUM_3K3DES);
                status = phalMfdf_AuthenticateISO(psalMFDF, PHAL_MFDF_NO_DIVERSIFICATION,                                              STORE_KEYNUM_3K3DES, 0, 0, NULL, 0);
                break;
}


But following code for DES is working:
case KEY_TYPE_DES:
{
                Is_Gigatms_Mdf_Setkey(g_tRegisters.s2.DF.bKey ,PH_KEYSTORE_KEY_TYPE_DES ,STORE_KEYNUM_DES);
                status = phalMfdf_AuthenticateISO(psalMFDF, PHAL_MFDF_NO_DIVERSIFICATION, STORE_KEYNUM_DES, 0, 0, NULL, 0);
                break;
}

Following code is to used to set key:
bool Is_Gigatms_Mdf_Setkey(uint8_t *pKey, uint8_t bKeyType, uint8_t bKeyName)
{
                status = phKeyStore_FormatKeyEntry(psKeyStore, bKeyName, bKeyType);

                if ((status & PH_ERR_MASK) != PH_ERR_SUCCESS)
return FALSE;
                /* Set Key Store */
                status = phKeyStore_SetKey(psKeyStore, bKeyName, 0, bKeyType, pKey, 0);
                if ((status & PH_ERR_MASK) != PH_ERR_SUCCESS)
                               return FALSE;
                return TRUE;
}

 

0 Kudos