WIP epass2003.c fix for newi fips devices

Use sconstruct_mac_tlv_case1 for all case1 and case APDUs as SCP01 says no encrtyption if no Lc data to be included in MAC On branch epass2003-sm-new Changes to be committed: modified: card-epass2003.c
dengert · Feb 29, 2024 · 2973e0f · 2973e0f
1 parent 9505b51
commit 2973e0f
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/src/libopensc/card-epass2003.c b/src/libopensc/card-epass2003.c
@@ -947,6 +947,8 @@ construct_data_tlv(struct sc_card *card, struct sc_apdu *apdu, unsigned char *ap
 	epass2003_exdata *exdata = NULL;
 	int r = 0;
 
+	LOG_FUNC_CALLED(card->ctx);
+
 	if (!card->drv_data)
 		return SC_ERROR_INVALID_ARGUMENTS;
 
@@ -1031,6 +1033,8 @@ construct_mac_tlv(struct sc_card *card, unsigned char *apdu_buf, size_t data_tlv
 	int i = (KEY_TYPE_AES == key_type ? 15 : 7);
 	epass2003_exdata *exdata = NULL;
 
+	LOG_FUNC_CALLED(card->ctx);
+
 	if (!card->drv_data)
 		return SC_ERROR_INVALID_ARGUMENTS;
 
@@ -1069,7 +1073,7 @@ construct_mac_tlv(struct sc_card *card, unsigned char *apdu_buf, size_t data_tlv
 	memcpy(icv, exdata->icv_mac, 16);
 	if (KEY_TYPE_AES == key_type) {
 		if(exdata->bFipsCertification)
-        	{
+		{
             		for (int i=0;i<16;i++)
             		{
                 		apdu_buf[i]=apdu_buf[i]^icv[i];
@@ -1110,12 +1114,14 @@ construct_mac_tlv_case1(struct sc_card *card, unsigned char *apdu_buf, size_t da
 	unsigned char *mac_tlv, size_t * mac_tlv_len, const unsigned char key_type)
 {
     int r;
-    size_t block_size = 4;
+    size_t block_size = (KEY_TYPE_AES == key_type ? 16 : 8);
     unsigned char mac[4096] = { 0 };
     size_t mac_len;
     int i = (KEY_TYPE_AES == key_type ? 15 : 7);
     unsigned char icv[16] = { 0 };
 
+	LOG_FUNC_CALLED(card->ctx);
+
     epass2003_exdata *exdata = NULL;
 
     if (!card->drv_data)
@@ -1214,6 +1220,8 @@ encode_apdu(struct sc_card *card, struct sc_apdu *plain, struct sc_apdu *sm,
 	exdata = (epass2003_exdata*)card->drv_data;
 	block_size = (KEY_TYPE_DES == exdata->smtype ? 16 : 8);
 
+	LOG_FUNC_CALLED(card->ctx);
+
 	sm->cse = SC_APDU_CASE_4_SHORT;
 	apdu_buf[0] = (unsigned char)plain->cla;
 	apdu_buf[1] = (unsigned char)plain->ins;
@@ -1239,7 +1247,8 @@ encode_apdu(struct sc_card *card, struct sc_apdu *plain, struct sc_apdu *sm,
 				     &le_tlv_len, exdata->smtype))
 			return -1;
 
-	if(exdata->bFipsCertification && plain->lc == 0 && apdu_buf[1] == 0x82 && apdu_buf[2] == 0x01){
+	if(plain->cse == SC_APDU_CASE_1 || plain->cse == SC_APDU_CASE_2 || plain->cse == SC_APDU_CASE_2_EXT ||
+			(exdata->bFipsCertification && plain->lc == 0 && apdu_buf[1] == 0x82 && apdu_buf[2] == 0x01)){
 		if(0 != construct_mac_tlv_case1(card, apdu_buf, data_tlv_len, le_tlv_len, mac_tlv, &mac_tlv_len, exdata->smtype))
 			return -1;
 	}