AN10922 specifies the key diversification algorithms used by the MIFARE SAM AV3. Support for these algorithms was added to libfreefare via pull-request #79.
However, while every attempt was made to write a faithful implementation, the implemented code did not properly handle cases where the diversification data was less than or equal to the block size of the cipher: 16 bytes for AES, and 8 bytes for DES. This bug was identified in issue #91.
This commit addresses this problem while providing a way to revert to the previous behavior in cases where it is necessary to maintain previous deployments. This was accomplished by introducing a new flags parameter to the mifare_key_deriver_new_an10922 method.
Normally, flags should simply be set to AN10922_FLAG_DEFAULT. However, if the previous behavior is required, it should be set to AN10922_FLAG_EMULATE_ISSUE_91.
AN10922 does not include any test vectors that might have helped to identify this problem earlier. However, AN10957 (pages 13-14) was found to have a suitable example usage of AN10922 with an appropriately short value for M that we are using as a test vector to verify correct behavior.
Note that the issue being addressed here is not a security issue: using the AN10922_FLAG_EMULATE_ISSUE_91 should not be any less secure than using AN10922_FLAG_DEFAULT.
This commit fixes issue #91.
AN10922 specifies the key diversification algorithms used by the MIFARE SAM AV3. Support for these algorithms was added to
libfreefare
via pull-request #79.However, while every attempt was made to write a faithful implementation, the implemented code did not properly handle cases where the diversification data was less than or equal to the block size of the cipher: 16 bytes for AES, and 8 bytes for DES. This bug was identified in issue #91.
This commit addresses this problem while providing a way to revert to the previous behavior in cases where it is necessary to maintain previous deployments. This was accomplished by introducing a new
flags
parameter to themifare_key_deriver_new_an10922
method.Normally,
flags
should simply be set toAN10922_FLAG_DEFAULT
. However, if the previous behavior is required, it should be set toAN10922_FLAG_EMULATE_ISSUE_91
.AN10922 does not include any test vectors that might have helped to identify this problem earlier. However, AN10957 (pages 13-14) was found to have a suitable example usage of AN10922 with an appropriately short value for M that we are using as a test vector to verify correct behavior.
Note that the issue being addressed here is not a security issue: using the
AN10922_FLAG_EMULATE_ISSUE_91
should not be any less secure than usingAN10922_FLAG_DEFAULT
.