avoid padding mac data

dengert · Apr 11, 2024 · 388929c · 388929c
1 parent a85b25a
commit 388929c
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 33 deletions.
diff --git a/src/sm/sm-eac.c b/src/sm/sm-eac.c
@@ -1612,14 +1612,22 @@ eac_sm_authenticate(sc_card_t *card, const struct iso_sm_ctx *ctx,
 	u8 *p = NULL;
 	int r;
 	struct eac_sm_ctx *eacsmctx;
+	size_t mac_data_len;
 
 	if (!card || !ctx || !ctx->priv_data || !macdata) {
 		r = SC_ERROR_INVALID_ARGUMENTS;
 		goto err;
 	}
 	eacsmctx = ctx->priv_data;
 
-	inbuf = BUF_MEM_create_init(data, datalen);
+	r = iso_add_80_pad(ctx, data, datalen, &p);
+	if (r < 0) {
+		goto err;
+	}
+	mac_data_len = r;
+
+	inbuf = BUF_MEM_create_init(p, mac_data_len);
+	free(p);
 	if (!inbuf) {
 		r = SC_ERROR_OUT_OF_MEMORY;
 		goto err;
@@ -1655,19 +1663,28 @@ eac_sm_authenticate(sc_card_t *card, const struct iso_sm_ctx *ctx,
 static int
 eac_sm_verify_authentication(sc_card_t *card, const struct iso_sm_ctx *ctx,
 		const u8 *mac, size_t maclen,
-		const u8 *macdata, size_t macdatalen)
+		const u8 *data, size_t datalen)
 {
 	int r;
 	BUF_MEM *inbuf = NULL, *my_mac = NULL;
 	struct eac_sm_ctx *eacsmctx;
+	u8 *macdata = NULL;
+	size_t macdatalen;
 
 	if (!card || !ctx || !ctx->priv_data) {
 		r = SC_ERROR_INVALID_ARGUMENTS;
 		goto err;
 	}
 	eacsmctx = ctx->priv_data;
 
+	r = iso_add_80_pad(ctx, data, datalen, &macdata);
+	if (r < 0) {
+		goto err;
+	}
+	macdatalen = r;
+
 	inbuf = BUF_MEM_create_init(macdata, macdatalen);
+	free(macdata);
 	if (!inbuf) {
 		r = SC_ERROR_OUT_OF_MEMORY;
 		goto err;

diff --git a/src/sm/sm-iso.c b/src/sm/sm-iso.c
@@ -54,8 +54,8 @@ static const struct sc_asn1_entry c_sm_rapdu[] = {
 	{ NULL, 0, 0, 0, NULL, NULL }
 };
 
-static int
-add_iso_pad(const u8 *data, size_t datalen, size_t block_size, u8 **padded)
+int
+iso_add_80_pad(const u8 *data, size_t datalen, size_t block_size, u8 **padded)
 {
 	u8 *p;
 	int p_len;
@@ -103,7 +103,7 @@ add_padding(const struct iso_sm_ctx *ctx, const u8 *data, size_t datalen,
 			}
 			return (int)datalen;
 		case SM_ISO_PADDING:
-			return add_iso_pad(data, datalen, ctx->block_length, padded);
+			return iso_add_80_pad(data, datalen, ctx->block_length, padded);
 		default:
 			return SC_ERROR_INVALID_ARGUMENTS;
 	}
@@ -455,14 +455,6 @@ static int sm_encrypt(const struct iso_sm_ctx *ctx, sc_card_t *card,
 		mac_data = p;
 		memcpy(mac_data + mac_data_len, asn1, asn1_len);
 		mac_data_len += asn1_len;
-		if (ctx->do_not_pad_macdata == 0) {
-			r = add_padding(ctx, mac_data, mac_data_len, &mac_data);
-			if (r < 0) {
-				goto err;
-			}
-
-			mac_data_len = r;
-		}
 	}
 	sc_log_hex(card->ctx, "Data to authenticate", mac_data, mac_data_len);
 
@@ -551,9 +543,9 @@ static int sm_decrypt(const struct iso_sm_ctx *ctx, sc_card_t *card,
 	struct sc_asn1_entry my_sm_rapdu[5];
 	u8 sw[2], mac[8], fdata[SC_MAX_EXT_APDU_BUFFER_SIZE];
 	size_t sw_len = sizeof sw, mac_len = sizeof mac, mac_data_len, fdata_len = sizeof fdata,
-		   buf_len, asn1_len, fdata_offset = 0;
+		   buf_len, fdata_offset = 0;
 	const u8 *buf;
-	u8 *data = NULL, *mac_data = NULL, *asn1 = NULL;
+	u8 *data = NULL, *mac_data = NULL;
 
 	sc_copy_asn1_entry(c_sm_rapdu, sm_rapdu);
 	sc_format_asn1_entry(sm_rapdu + 0, fdata, &fdata_len, 0);
@@ -576,22 +568,10 @@ static int sm_decrypt(const struct iso_sm_ctx *ctx, sc_card_t *card,
 		sc_copy_asn1_entry(sm_rapdu, my_sm_rapdu);
 		sc_copy_asn1_entry(&c_sm_rapdu[3], &my_sm_rapdu[3]);
 
-		r = sc_asn1_encode(card->ctx, my_sm_rapdu, &asn1, &asn1_len);
+		r = sc_asn1_encode(card->ctx, my_sm_rapdu, &mac_data, &mac_data_len);
 		if (r < 0)
 			goto err;
 
-		if (ctx->do_not_pad_macdata) {
-			mac_data_len = asn1_len;
-			mac_data = asn1;
-		} else {
-			r = add_padding(ctx, asn1, asn1_len, &mac_data);
-			if (r < 0) {
-				goto err;
-			}
-
-			mac_data_len = r;
-		}
-
 		r = ctx->verify_authentication(card, ctx, mac, mac_len,
 				mac_data, mac_data_len);
 		if (r < 0)
@@ -660,8 +640,6 @@ static int sm_decrypt(const struct iso_sm_ctx *ctx, sc_card_t *card,
 	r = SC_SUCCESS;
 
 err:
-	if (asn1 != mac_data)
-		free(asn1);
 	free(mac_data);
 	if (data) {
 		sc_mem_clear(data, buf_len);

diff --git a/src/sm/sm-iso.h b/src/sm/sm-iso.h
@@ -167,8 +167,6 @@ struct iso_sm_ctx {
 	u8 padding_indicator;
 	/** @brief if 1 use tag 87 */
 	u8 padding_tag;
-	/** @brief if 1 do not pad data to to be mac'ed */
-	u8  do_not_pad_macdata;
 	/** @brief do_not_split_apdu into multiple apdus */
 	u8  use_sm_chaining;
 	/** @brief get response is always in clear */
@@ -239,6 +237,8 @@ int iso_sm_start(struct sc_card *card, struct iso_sm_ctx *sctx);
 
 int iso_sm_close(struct sc_card *card);
 
+int iso_add_80_pad(const u8 *data, size_t datalen, size_t block_size, u8 **padded);
+
 #ifdef  __cplusplus
 }
 #endif

diff --git a/src/sm/sm-nist.c b/src/sm/sm-nist.c
@@ -1825,7 +1825,6 @@ int sm_nist_start(sc_card_t *card,
 	sctx->clear_free = nist_sm_clear_free;
 	sctx->padding_indicator = SM_ISO_PADDING;
 	sctx->padding_tag = 1;
-	sctx->do_not_pad_macdata = 1;
 	sctx->use_sm_chaining = 1;
 	sctx->get_response_in_clear = 1;
 	sctx->block_length = 16; /* 800-73-4 uses 16 for both cipher suites */