DESFire with 3KDES encryption issue

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

DESFire with 3KDES encryption issue

跳至解决方案
3,107 次查看
david13
Contributor III

Dear Support team,

We are developing CLRC663 application with using NFC Library v05.22.00.

We have a problem with reading Mifare DESFire EV1 tag.

We issue DESFire tag with 3KDES encryption, and we use following API:

phStatus_t phalMfdf_AuthenticateISO(
                                       void * pDataParams,
                                       uint16_t wOption,
                                       uint16_t wKeyNo,
                                       uint16_t wKeyVer,
                                       uint8_t bKeyNoCard,
                                       uint8_t * pDivInput,
                                       uint8_t bDivLen
                                       )

When the program run on FRAME Command and go to the step- [Get the encrypted RndA' into bWorkBuffer], it will occur the error: [MF DF Current authentication status does not allow the requested cmd].

If wee use DES or AES encryption tag, then it will be OK.

How to fix this error? We want to know the reason why cause this error. Or there is needed parameters initialization we miss?

Note: Yesterday I post this message but system marked this message as Spam. I don't which content of this message is inappropriate.


Best Regards,
David Huang

标签 (1)
标记 (3)
0 项奖励
回复
1 解答
3,050 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @david13 ,

 

Actually  we provide the demo for DESFire in the extended version, you may refer to "NfcrdlibEx10_MIFAREDESFire" for details. To fetch this version, you have to sign NDA at first, then request it from the NXP doc store. Please kindly refer to the following for details.

CLRC663 NDA lib.png

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

在原帖中查看解决方案

0 项奖励
回复
5 回复数
3,051 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @david13 ,

 

Actually  we provide the demo for DESFire in the extended version, you may refer to "NfcrdlibEx10_MIFAREDESFire" for details. To fetch this version, you have to sign NDA at first, then request it from the NXP doc store. Please kindly refer to the following for details.

CLRC663 NDA lib.png

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复
3,009 次查看
david13
Contributor III

Hi Ken,

Thanks for your reply, that help me go for next step.

I will apply for the ""NfcrdlibEx10_MIFAREDESFire"  you recommend.

Note: I didn't find "Mark Correct" button, so I will click "ACCEPT AS SOLUTION".

Best Regards,
David Huang

0 项奖励
回复
3,054 次查看
david13
Contributor III

Dear support teams,

I found this issue is not suitable for this category. I don't find the way to delete this topic.

If possible, please help me or show me the way to delete this issue.

I will post this issue in the category:

Identification and Security / Secure Authentication

Thanks~

Best Regards,
David Huang

0 项奖励
回复
3,085 次查看
david13
Contributor III

Plus:

Following code we wrote for 3KDES and doesn't work:
case KEY_TYPE_3KDES:
{
        Is_Gigatms_Mdf_Setkey(g_tRegisters.s2.DF.bKey ,PH_KEYSTORE_KEY_TYPE_3K3DES ,STORE_KEYNUM_3K3DES);
        status = phalMfdf_AuthenticateISO(psalMFDF, PHAL_MFDF_NO_DIVERSIFICATION, STORE_KEYNUM_3K3DES, 0, 0, NULL, 0);
        break;
}


Following DES is working:
case KEY_TYPE_DES:
        Is_Gigatms_Mdf_Setkey(g_tRegisters.s2.DF.bKey ,PH_KEYSTORE_KEY_TYPE_DES ,STORE_KEYNUM_DES);
        status = phalMfdf_AuthenticateISO(psalMFDF, PHAL_MFDF_NO_DIVERSIFICATION, STORE_KEYNUM_DES, 0, 0, NULL, 0);
        break;
}

Following code is to used to set key:
bool Is_Gigatms_Mdf_Setkey(uint8_t *pKey, uint8_t bKeyType, uint8_t bKeyName)
{
        status = phKeyStore_FormatKeyEntry(psKeyStore, bKeyName, bKeyType);

        if ((status & PH_ERR_MASK) != PH_ERR_SUCCESS)
               return FALSE;
        /* Set Key Store */
        status = phKeyStore_SetKey(psKeyStore, bKeyName, 0, bKeyType, pKey, 0);
        if ((status & PH_ERR_MASK) != PH_ERR_SUCCESS)
               return FALSE;
        return TRUE;
}

0 项奖励
回复
3,085 次查看
david13
Contributor III

Plus,
Following is the code we write for 3KDES (this doesn't work):
case KEY_TYPE_3KDES:
{
                Is_Gigatms_Mdf_Setkey(g_tRegisters.s2.DF.bKey ,PH_KEYSTORE_KEY_TYPE_3K3DES ,STORE_KEYNUM_3K3DES);
                status = phalMfdf_AuthenticateISO(psalMFDF, PHAL_MFDF_NO_DIVERSIFICATION,                                              STORE_KEYNUM_3K3DES, 0, 0, NULL, 0);
                break;
}


But following code for DES is working:
case KEY_TYPE_DES:
{
                Is_Gigatms_Mdf_Setkey(g_tRegisters.s2.DF.bKey ,PH_KEYSTORE_KEY_TYPE_DES ,STORE_KEYNUM_DES);
                status = phalMfdf_AuthenticateISO(psalMFDF, PHAL_MFDF_NO_DIVERSIFICATION, STORE_KEYNUM_DES, 0, 0, NULL, 0);
                break;
}

Following code is to used to set key:
bool Is_Gigatms_Mdf_Setkey(uint8_t *pKey, uint8_t bKeyType, uint8_t bKeyName)
{
                status = phKeyStore_FormatKeyEntry(psKeyStore, bKeyName, bKeyType);

                if ((status & PH_ERR_MASK) != PH_ERR_SUCCESS)
return FALSE;
                /* Set Key Store */
                status = phKeyStore_SetKey(psKeyStore, bKeyName, 0, bKeyType, pKey, 0);
                if ((status & PH_ERR_MASK) != PH_ERR_SUCCESS)
                               return FALSE;
                return TRUE;
}

 

0 项奖励
回复