diff --git a/src/libopensc/card-epass2003.c b/src/libopensc/card-epass2003.c index 173629bbf3..fc145373f2 100644 --- a/src/libopensc/card-epass2003.c +++ b/src/libopensc/card-epass2003.c @@ -399,16 +399,30 @@ aes128_encrypt_cmac_ft(struct sc_card *card, const unsigned char *key, int keysi if(length < 16){ memcpy(&data2[0],input,length); data2[length] = 0x80; + + //k2 xor padded data + for (int i=0;i<16;i++){ + data2[i]=data2[i]^k2Bin[offset + i]; + } + }else if(length ==16){ + memcpy(&data2[0],input,length); + //k1 xor padded data + for (int i=0;i<16;i++){ + data2[i]=data2[i]^k1Bin[offset + i]; + } + }else{ + memcpy(&data2[0],input,16); + //k1 xor padded data + for (int i=0;i<16;i++){ + data2[i]=data2[i]^k1Bin[offset + i]; + } } - - //k2 xor padded data - for (int i=0;i<16;i++){ - data2[i]=data2[i]^k2Bin[offset + i]; - } + alg = sc_evp_cipher(card->ctx, "AES-128-CBC"); r = openssl_enc(alg, key, iv, data2, 16, output); + if( r!=SC_SUCCESS){ + sc_log_openssl(card->ctx); + } sc_evp_cipher_free(alg); - if (r != SC_SUCCESS) - sc_log_openssl(card->ctx); return r; } @@ -449,19 +463,15 @@ aes128_encrypt_cmac(struct sc_card *card, const unsigned char *key, int keysize, EVP_MAC_CTX *ctx = EVP_MAC_CTX_new(mac); if(ctx == NULL){ EVP_MAC_CTX_free(ctx); - sc_log_openssl(card->ctx); return r; } if(!EVP_MAC_init(ctx, (const unsigned char *)key, keysize/8,params)){ - sc_log_openssl(card->ctx); goto err; } if(!EVP_MAC_update(ctx, input,length)){ - sc_log_openssl(card->ctx); goto err; } if(!EVP_MAC_final(ctx, output, &mactlen, 16)) { - sc_log_openssl(card->ctx); goto err; } r = SC_SUCCESS; @@ -481,8 +491,6 @@ aes128_encrypt_ecb(struct sc_card *card, const unsigned char *key, int keysize, int r; r = openssl_enc(alg, key, iv, input, length, output); sc_evp_cipher_free(alg); - if (r != SC_SUCCESS) - sc_log_openssl(card->ctx); return r; } @@ -495,8 +503,6 @@ aes128_encrypt_cbc(struct sc_card *card, const unsigned char *key, int keysize, int r; r = openssl_enc(alg, key, iv, input, length, output); sc_evp_cipher_free(alg); - if (r != SC_SUCCESS) - sc_log_openssl(card->ctx); return r; } @@ -509,8 +515,6 @@ aes128_decrypt_cbc(struct sc_card *card, const unsigned char *key, int keysize, int r; r = openssl_dec(alg, key, iv, input, length, output); sc_evp_cipher_free(alg); - if (r != SC_SUCCESS) - sc_log_openssl(card->ctx); return r; } @@ -534,8 +538,6 @@ des3_encrypt_ecb(struct sc_card *card, const unsigned char *key, int keysize, r = openssl_enc(alg, bKey, iv, input, length, output); sc_evp_cipher_free(alg); - if (r != SC_SUCCESS) - sc_log_openssl(card->ctx); return r; } @@ -558,8 +560,6 @@ des3_encrypt_cbc(struct sc_card *card, const unsigned char *key, int keysize, un r = openssl_enc(EVP_des_ede3_cbc(), bKey, iv, input, length, output); sc_evp_cipher_free(alg); - if (r != SC_SUCCESS) - sc_log_openssl(card->ctx); return r; } @@ -582,8 +582,6 @@ des3_decrypt_cbc(struct sc_card *card, const unsigned char *key, int keysize, un r = openssl_dec(alg, bKey, iv, input, length, output); sc_evp_cipher_free(alg); - if (r != SC_SUCCESS) - sc_log_openssl(card->ctx); return r; } @@ -597,8 +595,6 @@ des_encrypt_cbc(struct sc_card *card, const unsigned char *key, int keysize, uns r = openssl_enc(alg, key, iv, input, length, output); sc_evp_cipher_free(alg); - if (r != SC_SUCCESS) - sc_log_openssl(card->ctx); return r; } @@ -612,8 +608,6 @@ des_decrypt_cbc(struct sc_card *card, const unsigned char *key, int keysize, uns r = openssl_dec(alg, key, iv, input, length, output); sc_evp_cipher_free(alg); - if (r != SC_SUCCESS) - sc_log_openssl(card->ctx); return r; } @@ -660,8 +654,6 @@ sha1_digest(struct sc_card *card, const unsigned char *input, size_t length, uns r = openssl_dig(md, input, length, output); sc_evp_md_free(md); - if (r != SC_SUCCESS) - sc_log_openssl(card->ctx); return r; } @@ -673,8 +665,6 @@ sha256_digest(struct sc_card *card, const unsigned char *input, size_t length, u r = openssl_dig(md, input, length, output); sc_evp_md_free(md); - if (r != SC_SUCCESS) - sc_log_openssl(card->ctx); return r; } @@ -3359,9 +3349,7 @@ external_key_auth(struct sc_card *card, unsigned char kid, r = hash_data(card, data, datalen, hash, SC_ALGORITHM_ECDSA_HASH_SHA1); LOG_TEST_RET(card->ctx, r, "hash data failed"); - r = des3_encrypt_cbc(card, hash, HASH_LEN, iv, random, 8, tmp_data); - LOG_TEST_RET(card->ctx, r, "encryption failed"); - + des3_encrypt_cbc(card, hash, HASH_LEN, iv, random, 8, tmp_data); sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x82, 0x01, 0x80 | kid); apdu.lc = apdu.datalen = 8; apdu.data = tmp_data; @@ -3413,7 +3401,6 @@ epass2003_pin_cmd(struct sc_card *card, struct sc_pin_cmd_data *data, int *tries int r; u8 kid; u8 retries = 0; - u8 pin_low = 3; unsigned char maxtries = 0; LOG_FUNC_CALLED(card->ctx); @@ -3440,7 +3427,7 @@ epass2003_pin_cmd(struct sc_card *card, struct sc_pin_cmd_data *data, int *tries data->pin1.max_tries = maxtries; } - LOG_TEST_RET(card->ctx, r, "verify pin failed"); + LOG_TEST_RET(card->ctx, r, "get pin retries failed"); } else if (data->cmd == SC_PIN_CMD_UNBLOCK) { /* verify */ r = external_key_auth(card, (kid + 1), (unsigned char *)data->pin1.data, @@ -3450,26 +3437,33 @@ epass2003_pin_cmd(struct sc_card *card, struct sc_pin_cmd_data *data, int *tries else if (data->cmd == SC_PIN_CMD_CHANGE || data->cmd == SC_PIN_CMD_UNBLOCK) { /* change */ r = external_key_auth(card, kid, (unsigned char *)data->pin1.data, data->pin1.len); - LOG_TEST_RET(card->ctx, r, "verify pin failed"); - - r = update_secret_key(card, 0x04, kid, data->pin2.data, + if(r == SC_SUCCESS){ + r = update_secret_key(card, 0x04, kid, data->pin2.data, (unsigned long)data->pin2.len); - LOG_TEST_RET(card->ctx, r, "change pin failed"); + + LOG_TEST_RET(card->ctx, r, "change pin failed"); + }else{ + if (SC_SUCCESS == get_external_key_retries(card, 0x80 | kid, &retries)) { + data->pin1.tries_left = retries; + if (tries_left) + *tries_left = retries; + } + LOG_TEST_RET(card->ctx, r, "change pin failed"); + } } else { r = external_key_auth(card, kid, (unsigned char *)data->pin1.data, data->pin1.len); - LOG_TEST_RET(card->ctx, r, "verify pin failed"); - - r = get_external_key_retries(card, 0x80 | kid, &retries); - if (retries < pin_low) - sc_log(card->ctx, "Verification failed (remaining tries: %d)", retries); + if (SC_SUCCESS == get_external_key_retries(card, 0x80 | kid, &retries)){ + data->pin1.tries_left = retries; + if (tries_left) + *tries_left = retries; + } LOG_TEST_RET(card->ctx, r, "verify pin failed"); } - if (r == SC_SUCCESS) - { + if (r == SC_SUCCESS){ data->pin1.logged_in = SC_PIN_STATE_LOGGED_IN; } return r;