]> git.zerfleddert.de Git - proxmark3-svn/blob - client/emv/emv_pki.c
fix endless loop (#782)
[proxmark3-svn] / client / emv / emv_pki.c
1 /*
2 * libopenemv - a library to work with EMV family of smart cards
3 * Copyright (C) 2015 Dmitry Eremin-Solenikov
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 */
15
16 #ifdef HAVE_CONFIG_H
17 #include <config.h>
18 #endif
19
20 #include "emv_pki.h"
21 #include "crypto.h"
22 #include "dump.h"
23 #include "util.h"
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <stdarg.h>
29
30 static bool strictExecution = true;
31 void PKISetStrictExecution(bool se) {
32 strictExecution = se;
33 }
34
35 static const unsigned char empty_tlv_value[] = {};
36 static const struct tlv empty_tlv = {.tag = 0x0, .len = 0, .value = empty_tlv_value};
37
38 static size_t emv_pki_hash_psn[256] = { 0, 0, 11, 2, 17, 2, };
39
40 static unsigned char *emv_pki_decode_message(const struct emv_pk *enc_pk,
41 uint8_t msgtype,
42 size_t *len,
43 const struct tlv *cert_tlv,
44 int tlv_count,
45 ... /* A list of tlv pointers */
46 )
47 {
48 struct crypto_pk *kcp;
49 unsigned char *data;
50 size_t data_len;
51 va_list vl;
52
53 if (!enc_pk)
54 return NULL;
55
56 if (!cert_tlv) {
57 printf("ERROR: Can't find certificate\n");
58 return NULL;
59 }
60
61 if (cert_tlv->len != enc_pk->mlen) {
62 printf("ERROR: Certificate length (%zd) not equal key length (%zd)\n", cert_tlv->len, enc_pk->mlen);
63 return NULL;
64 }
65 kcp = crypto_pk_open(enc_pk->pk_algo,
66 enc_pk->modulus, enc_pk->mlen,
67 enc_pk->exp, enc_pk->elen);
68 if (!kcp)
69 return NULL;
70
71 data = crypto_pk_encrypt(kcp, cert_tlv->value, cert_tlv->len, &data_len);
72 crypto_pk_close(kcp);
73
74 /* if (true){
75 printf("Recovered data:\n");
76 dump_buffer(data, data_len, stdout, 0);
77 }*/
78
79 if (data[data_len-1] != 0xbc || data[0] != 0x6a || data[1] != msgtype) {
80 printf("ERROR: Certificate format\n");
81 free(data);
82 return NULL;
83 }
84
85 size_t hash_pos = emv_pki_hash_psn[msgtype];
86 if (hash_pos == 0 || hash_pos > data_len){
87 printf("ERROR: Cant get hash position in the certificate\n");
88 free(data);
89 return NULL;
90 }
91
92 struct crypto_hash *ch;
93 ch = crypto_hash_open(data[hash_pos]);
94 if (!ch) {
95 printf("ERROR: Cant do hash\n");
96 free(data);
97 return NULL;
98 }
99
100 size_t hash_len = crypto_hash_get_size(ch);
101 crypto_hash_write(ch, data + 1, data_len - 2 - hash_len);
102
103 va_start(vl, tlv_count);
104 for (int i = 0; i < tlv_count; i++) {
105 const struct tlv *add_tlv = va_arg(vl, const struct tlv *);
106 if (!add_tlv)
107 continue;
108
109 crypto_hash_write(ch, add_tlv->value, add_tlv->len);
110 }
111 va_end(vl);
112
113 uint8_t hash[hash_len];
114 memset(hash, 0, hash_len);
115 memcpy(hash, crypto_hash_read(ch), hash_len);
116 if (memcmp(data + data_len - 1 - hash_len, hash, hash_len)) {
117 printf("ERROR: Calculated wrong hash\n");
118 printf("decoded: %s\n",sprint_hex(data + data_len - 1 - hash_len, hash_len));
119 printf("calculated: %s\n",sprint_hex(hash, hash_len));
120
121 if (strictExecution) {
122 crypto_hash_close(ch);
123 free(data);
124 return NULL;
125 }
126 }
127
128 crypto_hash_close(ch);
129
130 *len = data_len - hash_len - 1;
131
132 return data;
133 }
134
135 static unsigned emv_cn_length(const struct tlv *tlv)
136 {
137 int i;
138
139 for (i = 0; i < tlv->len; i++) {
140 unsigned char c = tlv->value[i];
141
142 if (c >> 4 == 0xf)
143 return 2 * i;
144
145 if ((c & 0xf) == 0xf)
146 return 2 * i + 1;
147 }
148
149 return 2 * tlv->len;
150 }
151
152 static unsigned char emv_cn_get(const struct tlv *tlv, unsigned pos)
153 {
154 if (pos > tlv->len * 2)
155 return 0xf;
156
157 unsigned char c = tlv->value[pos / 2];
158
159 if (pos % 2)
160 return c & 0xf;
161 else
162 return c >> 4;
163 }
164
165 static struct emv_pk *emv_pki_decode_key_ex(const struct emv_pk *enc_pk,
166 unsigned char msgtype,
167 const struct tlv *pan_tlv,
168 const struct tlv *cert_tlv,
169 const struct tlv *exp_tlv,
170 const struct tlv *rem_tlv,
171 const struct tlv *add_tlv,
172 const struct tlv *sdatl_tlv,
173 bool showData
174 )
175 {
176 size_t pan_length;
177 unsigned char *data;
178 size_t data_len;
179 size_t pk_len;
180
181 if (!cert_tlv || !exp_tlv || !pan_tlv)
182 return NULL;
183
184 if (!rem_tlv)
185 rem_tlv = &empty_tlv;
186
187 if (msgtype == 2)
188 pan_length = 4;
189 else if (msgtype == 4)
190 pan_length = 10;
191 else {
192 printf("ERROR: Message type must be 2 or 4\n");
193 return NULL;
194 }
195
196 data = emv_pki_decode_message(enc_pk, msgtype, &data_len,
197 cert_tlv,
198 5,
199 rem_tlv,
200 exp_tlv,
201 add_tlv,
202 sdatl_tlv,
203 NULL);
204 if (!data || data_len < 11 + pan_length) {
205 printf("ERROR: Can't decode message\n");
206 return NULL;
207 }
208
209 if (showData){
210 printf("Recovered data:\n");
211 dump_buffer(data, data_len, stdout, 0);
212 }
213
214 /* Perform the rest of checks here */
215
216 struct tlv pan2_tlv = {
217 .tag = 0x5a,
218 .len = pan_length,
219 .value = &data[2],
220 };
221 unsigned pan_len = emv_cn_length(pan_tlv);
222 unsigned pan2_len = emv_cn_length(&pan2_tlv);
223
224 if (((msgtype == 2) && (pan2_len < 4 || pan2_len > pan_len)) ||
225 ((msgtype == 4) && (pan2_len != pan_len))) {
226 printf("ERROR: Invalid PAN lengths\n");
227 free(data);
228
229 return NULL;
230 }
231
232 unsigned i;
233 for (i = 0; i < pan2_len; i++)
234 if (emv_cn_get(pan_tlv, i) != emv_cn_get(&pan2_tlv, i)) {
235 printf("ERROR: PAN data mismatch\n");
236 printf("tlv pan=%s\n", sprint_hex(pan_tlv->value, pan_tlv->len));
237 printf("cert pan=%s\n", sprint_hex(pan2_tlv.value, pan2_tlv.len));
238 free(data);
239
240 return NULL;
241 }
242
243 pk_len = data[9 + pan_length];
244 if (pk_len > data_len - 11 - pan_length + rem_tlv->len) {
245 printf("ERROR: Invalid pk length\n");
246 free(data);
247 return NULL;
248 }
249
250 if (exp_tlv->len != data[10 + pan_length]) {
251 free(data);
252 return NULL;
253 }
254
255 struct emv_pk *pk = emv_pk_new(pk_len, exp_tlv->len);
256
257 memcpy(pk->rid, enc_pk->rid, 5);
258 pk->index = enc_pk->index;
259
260 pk->hash_algo = data[7 + pan_length];
261 pk->pk_algo = data[8 + pan_length];
262 pk->expire = (data[3 + pan_length] << 16) | (data[2 + pan_length] << 8) | 0x31;
263 memcpy(pk->serial, data + 4 + pan_length, 3);
264 memcpy(pk->pan, data + 2, pan_length);
265 memset(pk->pan + pan_length, 0xff, 10 - pan_length);
266
267 memcpy(pk->modulus, data + 11 + pan_length,
268 pk_len < data_len - (11 + pan_length) ?
269 pk_len :
270 data_len - (11 + pan_length));
271 memcpy(pk->modulus + data_len - (11 + pan_length), rem_tlv->value, rem_tlv->len);
272 memcpy(pk->exp, exp_tlv->value, exp_tlv->len);
273
274 free(data);
275
276 return pk;
277 }
278
279 static struct emv_pk *emv_pki_decode_key(const struct emv_pk *enc_pk,
280 unsigned char msgtype,
281 const struct tlv *pan_tlv,
282 const struct tlv *cert_tlv,
283 const struct tlv *exp_tlv,
284 const struct tlv *rem_tlv,
285 const struct tlv *add_tlv,
286 const struct tlv *sdatl_tlv
287 ) {
288 return emv_pki_decode_key_ex(enc_pk, msgtype, pan_tlv, cert_tlv, exp_tlv, rem_tlv, add_tlv, sdatl_tlv, false);
289 }
290
291 struct emv_pk *emv_pki_recover_issuer_cert(const struct emv_pk *pk, struct tlvdb *db)
292 {
293 return emv_pki_decode_key(pk, 2,
294 tlvdb_get(db, 0x5a, NULL),
295 tlvdb_get(db, 0x90, NULL),
296 tlvdb_get(db, 0x9f32, NULL),
297 tlvdb_get(db, 0x92, NULL),
298 NULL,
299 NULL);
300 }
301
302 struct emv_pk *emv_pki_recover_icc_cert(const struct emv_pk *pk, struct tlvdb *db, const struct tlv *sda_tlv)
303 {
304 size_t sdatl_len;
305 unsigned char *sdatl = emv_pki_sdatl_fill(db, &sdatl_len);
306 struct tlv sda_tdata = {
307 .tag = 0x00, // dummy tag
308 .len = sdatl_len,
309 .value = sdatl
310 };
311
312 struct emv_pk *res = emv_pki_decode_key(pk, 4,
313 tlvdb_get(db, 0x5a, NULL),
314 tlvdb_get(db, 0x9f46, NULL),
315 tlvdb_get(db, 0x9f47, NULL),
316 tlvdb_get(db, 0x9f48, NULL),
317 sda_tlv,
318 &sda_tdata);
319
320 free(sdatl); // malloc here: emv_pki_sdatl_fill
321 return res;
322 }
323
324 struct emv_pk *emv_pki_recover_icc_pe_cert(const struct emv_pk *pk, struct tlvdb *db)
325 {
326 return emv_pki_decode_key(pk, 4,
327 tlvdb_get(db, 0x5a, NULL),
328 tlvdb_get(db, 0x9f2d, NULL),
329 tlvdb_get(db, 0x9f2e, NULL),
330 tlvdb_get(db, 0x9f2f, NULL),
331 NULL,
332 NULL);
333 }
334
335 unsigned char *emv_pki_sdatl_fill(const struct tlvdb *db, size_t *sdatl_len) {
336 uint8_t buf[2048] = {0};
337 size_t len = 0;
338
339 *sdatl_len = 0;
340
341 const struct tlv *sda_tl = tlvdb_get(db, 0x9f4a, NULL);
342 if (!sda_tl || sda_tl->len <= 0)
343 return NULL;
344
345 for (int i = 0; i < sda_tl->len; i++) {
346 uint32_t tag = sda_tl->value[i]; // here may be multibyte, but now not
347 const struct tlv *elm = tlvdb_get(db, tag, NULL);
348 if (elm) {
349 memcpy(&buf[len], elm->value, elm->len);
350 len += elm->len;
351 }
352 }
353
354 if (len) {
355 *sdatl_len = len;
356 unsigned char *value = malloc(len);
357 memcpy(value, buf, len);
358 return value;
359 }
360
361 return NULL;
362 }
363
364
365 struct tlvdb *emv_pki_recover_dac_ex(const struct emv_pk *enc_pk, const struct tlvdb *db, const struct tlv *sda_tlv, bool showData)
366 {
367 size_t data_len;
368
369 // Static Data Authentication Tag List
370 size_t sdatl_len;
371 unsigned char *sdatl = emv_pki_sdatl_fill(db, &sdatl_len);
372 struct tlv sda_tdata = {
373 .tag = 0x00, // dummy tag
374 .len = sdatl_len,
375 .value = sdatl
376 };
377
378 unsigned char *data = emv_pki_decode_message(enc_pk, 3, &data_len,
379 tlvdb_get(db, 0x93, NULL),
380 3,
381 sda_tlv,
382 &sda_tdata,
383 NULL);
384
385 free(sdatl); // malloc here: emv_pki_sdatl_fill
386
387 if (!data || data_len < 5)
388 return NULL;
389
390 if (showData){
391 printf("Recovered data:\n");
392 dump_buffer(data, data_len, stdout, 0);
393 }
394
395 struct tlvdb *dac_db = tlvdb_fixed(0x9f45, 2, data+3);
396
397 free(data);
398
399 return dac_db;
400 }
401 struct tlvdb *emv_pki_recover_dac(const struct emv_pk *enc_pk, const struct tlvdb *db, const struct tlv *sda_tlv) {
402 return emv_pki_recover_dac_ex(enc_pk, db, sda_tlv, false);
403 }
404
405 struct tlvdb *emv_pki_recover_idn(const struct emv_pk *enc_pk, const struct tlvdb *db, const struct tlv *dyn_tlv) {
406 return emv_pki_recover_idn_ex(enc_pk, db, dyn_tlv, false);
407 }
408
409 struct tlvdb *emv_pki_recover_idn_ex(const struct emv_pk *enc_pk, const struct tlvdb *db, const struct tlv *dyn_tlv, bool showData)
410 {
411 size_t data_len;
412 unsigned char *data = emv_pki_decode_message(enc_pk, 5, &data_len,
413 tlvdb_get(db, 0x9f4b, NULL),
414 2,
415 dyn_tlv,
416 NULL);
417
418 if (!data || data_len < 3)
419 return NULL;
420
421 if (data[3] < 2 || data[3] > data_len - 3) {
422 free(data);
423 return NULL;
424 }
425
426 if (showData){
427 printf("Recovered data:\n");
428 dump_buffer(data, data_len, stdout, 0);
429 }
430
431 size_t idn_len = data[4];
432 if (idn_len > data[3] - 1) {
433 free(data);
434 return NULL;
435 }
436
437 // 9f4c ICC Dynamic Number
438 struct tlvdb *idn_db = tlvdb_fixed(0x9f4c, idn_len, data + 5);
439
440 free(data);
441
442 return idn_db;
443 }
444
445 struct tlvdb *emv_pki_recover_atc_ex(const struct emv_pk *enc_pk, const struct tlvdb *db, bool showData)
446 {
447 size_t data_len;
448 unsigned char *data = emv_pki_decode_message(enc_pk, 5, &data_len,
449 tlvdb_get(db, 0x9f4b, NULL),
450 5,
451 tlvdb_get(db, 0x9f37, NULL),
452 tlvdb_get(db, 0x9f02, NULL),
453 tlvdb_get(db, 0x5f2a, NULL),
454 tlvdb_get(db, 0x9f69, NULL),
455 NULL);
456
457 if (!data || data_len < 3)
458 return NULL;
459
460 if (data[3] < 2 || data[3] > data_len - 3) {
461 free(data);
462 return NULL;
463 }
464
465 if (showData){
466 printf("Recovered data:\n");
467 dump_buffer(data, data_len, stdout, 0);
468 }
469
470 size_t idn_len = data[4];
471 if (idn_len > data[3] - 1) {
472 free(data);
473 return NULL;
474 }
475
476 // 9f36 Application Transaction Counter (ATC)
477 struct tlvdb *atc_db = tlvdb_fixed(0x9f36, idn_len, data + 5);
478
479 free(data);
480
481 return atc_db;
482 }
483
484 static bool tlv_hash(void *data, const struct tlv *tlv, int level, bool is_leaf)
485 {
486 struct crypto_hash *ch = data;
487 size_t tag_len;
488 unsigned char *tag;
489
490 if (tlv_is_constructed(tlv))
491 return true;
492
493 if (tlv->tag == 0x9f4b)
494 return true;
495
496 tag = tlv_encode(tlv, &tag_len);
497 crypto_hash_write(ch, tag, tag_len);
498 free(tag);
499
500 return true;
501 }
502
503 struct tlvdb *emv_pki_perform_cda(const struct emv_pk *enc_pk, const struct tlvdb *db,
504 const struct tlvdb *this_db,
505 const struct tlv *pdol_data_tlv,
506 const struct tlv *crm1_tlv,
507 const struct tlv *crm2_tlv)
508 {
509 return emv_pki_perform_cda_ex(enc_pk, db, this_db, pdol_data_tlv, crm1_tlv, crm2_tlv, false);
510 }
511 struct tlvdb *emv_pki_perform_cda_ex(const struct emv_pk *enc_pk, const struct tlvdb *db,
512 const struct tlvdb *this_db, // AC TLV result
513 const struct tlv *pdol_data_tlv, // PDOL
514 const struct tlv *crm1_tlv, // CDOL1
515 const struct tlv *crm2_tlv, // CDOL2
516 bool showData)
517 {
518 const struct tlv *un_tlv = tlvdb_get(db, 0x9f37, NULL);
519 const struct tlv *cid_tlv = tlvdb_get(this_db, 0x9f27, NULL);
520
521 if (!un_tlv || !cid_tlv)
522 return NULL;
523
524 size_t data_len = 0;
525 unsigned char *data = emv_pki_decode_message(enc_pk, 5, &data_len,
526 tlvdb_get(this_db, 0x9f4b, NULL),
527 2,
528 un_tlv,
529 NULL);
530 if (!data || data_len < 3) {
531 printf("ERROR: can't decode message. len %zd\n", data_len);
532 return NULL;
533 }
534
535 if (showData){
536 printf("Recovered data:\n");
537 dump_buffer(data, data_len, stdout, 0);
538 }
539
540 if (data[3] < 30 || data[3] > data_len - 4) {
541 printf("ERROR: Invalid data length\n");
542 free(data);
543 return NULL;
544 }
545
546 if (!cid_tlv || cid_tlv->len != 1 || cid_tlv->value[0] != data[5 + data[4]]) {
547 printf("ERROR: CID mismatch\n");
548 free(data);
549 return NULL;
550 }
551
552 struct crypto_hash *ch;
553 ch = crypto_hash_open(enc_pk->hash_algo);
554 if (!ch) {
555 printf("ERROR: can't create hash\n");
556 free(data);
557 return NULL;
558 }
559
560 if (pdol_data_tlv)
561 crypto_hash_write(ch, pdol_data_tlv->value, pdol_data_tlv->len);
562 if (crm1_tlv)
563 crypto_hash_write(ch, crm1_tlv->value, crm1_tlv->len);
564 if (crm2_tlv)
565 crypto_hash_write(ch, crm2_tlv->value, crm2_tlv->len);
566
567 tlvdb_visit(this_db, tlv_hash, ch, 0);
568
569 if (memcmp(data + 5 + data[4] + 1 + 8, crypto_hash_read(ch), 20)) {
570 printf("ERROR: calculated hash error\n");
571 crypto_hash_close(ch);
572 free(data);
573 return NULL;
574 }
575 crypto_hash_close(ch);
576
577 size_t idn_len = data[4];
578 if (idn_len > data[3] - 1) {
579 printf("ERROR: Invalid IDN length\n");
580 free(data);
581 return NULL;
582 }
583
584 struct tlvdb *idn_db = tlvdb_fixed(0x9f4c, idn_len, data + 5);
585 free(data);
586
587 return idn_db;
588 }
Impressum, Datenschutz