| 1 | /* |
| 2 | * libopenemv - a library to work with EMV family of smart cards |
| 3 | * Copyright (C) 2015 Dmitry Eremin-Solenikov |
| 4 | * |
| 5 | * This library is free software; you can redistribute it and/or |
| 6 | * modify it under the terms of the GNU Lesser General Public |
| 7 | * License as published by the Free Software Foundation; either |
| 8 | * version 2.1 of the License, or (at your option) any later version. |
| 9 | * |
| 10 | * This library is distributed in the hope that it will be useful, |
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 13 | * Lesser General Public License for more details. |
| 14 | */ |
| 15 | |
| 16 | #ifdef HAVE_CONFIG_H |
| 17 | #include <config.h> |
| 18 | #endif |
| 19 | |
| 20 | #include "emv_pki.h" |
| 21 | |
| 22 | #include <stdlib.h> |
| 23 | #include <string.h> |
| 24 | #include <stdarg.h> |
| 25 | #include "crypto.h" |
| 26 | #include "dump.h" |
| 27 | #include "util.h" |
| 28 | #include "ui.h" |
| 29 | |
| 30 | static bool strictExecution = true; |
| 31 | void PKISetStrictExecution(bool se) { |
| 32 | strictExecution = se; |
| 33 | } |
| 34 | |
| 35 | static const unsigned char empty_tlv_value[] = {}; |
| 36 | static const struct tlv empty_tlv = {.tag = 0x0, .len = 0, .value = empty_tlv_value}; |
| 37 | |
| 38 | static size_t emv_pki_hash_psn[256] = { 0, 0, 11, 2, 17, 2, }; |
| 39 | |
| 40 | static unsigned char *emv_pki_decode_message(const struct emv_pk *enc_pk, |
| 41 | uint8_t msgtype, |
| 42 | size_t *len, |
| 43 | const struct tlv *cert_tlv, |
| 44 | int tlv_count, |
| 45 | ... /* A list of tlv pointers */ |
| 46 | ) |
| 47 | { |
| 48 | struct crypto_pk *kcp; |
| 49 | unsigned char *data; |
| 50 | size_t data_len; |
| 51 | va_list vl; |
| 52 | |
| 53 | if (!enc_pk) |
| 54 | return NULL; |
| 55 | |
| 56 | if (!cert_tlv) { |
| 57 | PrintAndLogEx(ERR, "Can't find certificate\n"); |
| 58 | return NULL; |
| 59 | } |
| 60 | |
| 61 | if (cert_tlv->len != enc_pk->mlen) { |
| 62 | PrintAndLogEx(ERR, "Certificate length (%zd) not equal key length (%zd)\n", cert_tlv->len, enc_pk->mlen); |
| 63 | return NULL; |
| 64 | } |
| 65 | kcp = crypto_pk_open(enc_pk->pk_algo, |
| 66 | enc_pk->modulus, enc_pk->mlen, |
| 67 | enc_pk->exp, enc_pk->elen); |
| 68 | if (!kcp) |
| 69 | return NULL; |
| 70 | |
| 71 | data = crypto_pk_encrypt(kcp, cert_tlv->value, cert_tlv->len, &data_len); |
| 72 | crypto_pk_close(kcp); |
| 73 | |
| 74 | /*if (true){ |
| 75 | PrintAndLogEx(INFO, "Recovered data:\n"); |
| 76 | dump_buffer(data, data_len, stdout, 0); |
| 77 | }*/ |
| 78 | |
| 79 | if (data[data_len-1] != 0xbc || data[0] != 0x6a || data[1] != msgtype) { |
| 80 | PrintAndLogEx(ERR, "Certificate format\n"); |
| 81 | free(data); |
| 82 | return NULL; |
| 83 | } |
| 84 | |
| 85 | size_t hash_pos = emv_pki_hash_psn[msgtype]; |
| 86 | if (hash_pos == 0 || hash_pos > data_len){ |
| 87 | PrintAndLogEx(ERR, "Can't get hash position in the certificate\n"); |
| 88 | free(data); |
| 89 | return NULL; |
| 90 | } |
| 91 | |
| 92 | struct crypto_hash *ch; |
| 93 | ch = crypto_hash_open(data[hash_pos]); |
| 94 | if (!ch) { |
| 95 | PrintAndLogEx(ERR, "Can't do hash\n"); |
| 96 | free(data); |
| 97 | return NULL; |
| 98 | } |
| 99 | |
| 100 | size_t hash_len = crypto_hash_get_size(ch); |
| 101 | crypto_hash_write(ch, data + 1, data_len - 2 - hash_len); |
| 102 | |
| 103 | va_start(vl, tlv_count); |
| 104 | for (int i = 0; i < tlv_count; i++) { |
| 105 | const struct tlv *add_tlv = va_arg(vl, const struct tlv *); |
| 106 | if (!add_tlv) |
| 107 | continue; |
| 108 | |
| 109 | crypto_hash_write(ch, add_tlv->value, add_tlv->len); |
| 110 | } |
| 111 | va_end(vl); |
| 112 | |
| 113 | uint8_t hash[hash_len]; |
| 114 | memset(hash, 0, hash_len); |
| 115 | memcpy(hash, crypto_hash_read(ch), hash_len); |
| 116 | if (memcmp(data + data_len - 1 - hash_len, hash, hash_len)) { |
| 117 | PrintAndLogEx(ERR, "Calculated wrong hash\n"); |
| 118 | PrintAndLogEx(INFO, "decoded: %s\n",sprint_hex(data + data_len - 1 - hash_len, hash_len)); |
| 119 | PrintAndLogEx(INFO, "calculated: %s\n",sprint_hex(hash, hash_len)); |
| 120 | |
| 121 | if (strictExecution) { |
| 122 | crypto_hash_close(ch); |
| 123 | free(data); |
| 124 | return NULL; |
| 125 | } |
| 126 | } |
| 127 | |
| 128 | crypto_hash_close(ch); |
| 129 | |
| 130 | *len = data_len - hash_len - 1; |
| 131 | |
| 132 | return data; |
| 133 | } |
| 134 | |
| 135 | static unsigned emv_cn_length(const struct tlv *tlv) |
| 136 | { |
| 137 | int i; |
| 138 | |
| 139 | for (i = 0; i < tlv->len; i++) { |
| 140 | unsigned char c = tlv->value[i]; |
| 141 | |
| 142 | if (c >> 4 == 0xf) |
| 143 | return 2 * i; |
| 144 | |
| 145 | if ((c & 0xf) == 0xf) |
| 146 | return 2 * i + 1; |
| 147 | } |
| 148 | |
| 149 | return 2 * tlv->len; |
| 150 | } |
| 151 | |
| 152 | static unsigned char emv_cn_get(const struct tlv *tlv, unsigned pos) |
| 153 | { |
| 154 | if (pos > tlv->len * 2) |
| 155 | return 0xf; |
| 156 | |
| 157 | unsigned char c = tlv->value[pos / 2]; |
| 158 | |
| 159 | if (pos % 2) |
| 160 | return c & 0xf; |
| 161 | else |
| 162 | return c >> 4; |
| 163 | } |
| 164 | |
| 165 | static struct emv_pk *emv_pki_decode_key_ex(const struct emv_pk *enc_pk, |
| 166 | unsigned char msgtype, |
| 167 | const struct tlv *pan_tlv, |
| 168 | const struct tlv *cert_tlv, |
| 169 | const struct tlv *exp_tlv, |
| 170 | const struct tlv *rem_tlv, |
| 171 | const struct tlv *add_tlv, |
| 172 | const struct tlv *sdatl_tlv, |
| 173 | bool showData |
| 174 | ) |
| 175 | { |
| 176 | size_t pan_length; |
| 177 | unsigned char *data; |
| 178 | size_t data_len; |
| 179 | size_t pk_len; |
| 180 | |
| 181 | if (!cert_tlv || !exp_tlv || !pan_tlv) |
| 182 | return NULL; |
| 183 | |
| 184 | if (!rem_tlv) |
| 185 | rem_tlv = &empty_tlv; |
| 186 | |
| 187 | if (msgtype == 2) |
| 188 | pan_length = 4; |
| 189 | else if (msgtype == 4) |
| 190 | pan_length = 10; |
| 191 | else { |
| 192 | PrintAndLogEx(ERR, "Message type must be 2 or 4\n"); |
| 193 | return NULL; |
| 194 | } |
| 195 | |
| 196 | data = emv_pki_decode_message(enc_pk, msgtype, &data_len, |
| 197 | cert_tlv, |
| 198 | 5, |
| 199 | rem_tlv, |
| 200 | exp_tlv, |
| 201 | add_tlv, |
| 202 | sdatl_tlv, |
| 203 | NULL); |
| 204 | if (!data || data_len < 11 + pan_length) { |
| 205 | PrintAndLogEx(ERR, "Can't decode message\n"); |
| 206 | return NULL; |
| 207 | } |
| 208 | |
| 209 | if (showData){ |
| 210 | PrintAndLogEx(INFO, "Recovered data:\n"); |
| 211 | dump_buffer(data, data_len, stdout, 0); |
| 212 | } |
| 213 | |
| 214 | /* Perform the rest of checks here */ |
| 215 | |
| 216 | struct tlv pan2_tlv = { |
| 217 | .tag = 0x5a, |
| 218 | .len = pan_length, |
| 219 | .value = &data[2], |
| 220 | }; |
| 221 | unsigned pan_len = emv_cn_length(pan_tlv); |
| 222 | unsigned pan2_len = emv_cn_length(&pan2_tlv); |
| 223 | |
| 224 | if (((msgtype == 2) && (pan2_len < 4 || pan2_len > pan_len)) || |
| 225 | ((msgtype == 4) && (pan2_len != pan_len))) { |
| 226 | PrintAndLogEx(ERR, "Invalid PAN lengths\n"); |
| 227 | free(data); |
| 228 | |
| 229 | return NULL; |
| 230 | } |
| 231 | |
| 232 | unsigned i; |
| 233 | for (i = 0; i < pan2_len; i++) |
| 234 | if (emv_cn_get(pan_tlv, i) != emv_cn_get(&pan2_tlv, i)) { |
| 235 | PrintAndLogEx(ERR, "PAN data mismatch\n"); |
| 236 | PrintAndLogEx(INFO, "tlv pan=%s\n", sprint_hex(pan_tlv->value, pan_tlv->len)); |
| 237 | PrintAndLogEx(INFO, "cert pan=%s\n", sprint_hex(pan2_tlv.value, pan2_tlv.len)); |
| 238 | free(data); |
| 239 | |
| 240 | return NULL; |
| 241 | } |
| 242 | |
| 243 | pk_len = data[9 + pan_length]; |
| 244 | if (pk_len > data_len - 11 - pan_length + rem_tlv->len) { |
| 245 | PrintAndLogEx(ERR, "Invalid pk length\n"); |
| 246 | free(data); |
| 247 | return NULL; |
| 248 | } |
| 249 | |
| 250 | if (exp_tlv->len != data[10 + pan_length]) { |
| 251 | free(data); |
| 252 | return NULL; |
| 253 | } |
| 254 | |
| 255 | struct emv_pk *pk = emv_pk_new(pk_len, exp_tlv->len); |
| 256 | |
| 257 | memcpy(pk->rid, enc_pk->rid, 5); |
| 258 | pk->index = enc_pk->index; |
| 259 | |
| 260 | pk->hash_algo = data[7 + pan_length]; |
| 261 | pk->pk_algo = data[8 + pan_length]; |
| 262 | pk->expire = (data[3 + pan_length] << 16) | (data[2 + pan_length] << 8) | 0x31; |
| 263 | memcpy(pk->serial, data + 4 + pan_length, 3); |
| 264 | memcpy(pk->pan, data + 2, pan_length); |
| 265 | memset(pk->pan + pan_length, 0xff, 10 - pan_length); |
| 266 | |
| 267 | memcpy(pk->modulus, data + 11 + pan_length, |
| 268 | pk_len < data_len - (11 + pan_length) ? |
| 269 | pk_len : |
| 270 | data_len - (11 + pan_length)); |
| 271 | memcpy(pk->modulus + data_len - (11 + pan_length), rem_tlv->value, rem_tlv->len); |
| 272 | memcpy(pk->exp, exp_tlv->value, exp_tlv->len); |
| 273 | |
| 274 | free(data); |
| 275 | |
| 276 | return pk; |
| 277 | } |
| 278 | |
| 279 | static struct emv_pk *emv_pki_decode_key(const struct emv_pk *enc_pk, |
| 280 | unsigned char msgtype, |
| 281 | const struct tlv *pan_tlv, |
| 282 | const struct tlv *cert_tlv, |
| 283 | const struct tlv *exp_tlv, |
| 284 | const struct tlv *rem_tlv, |
| 285 | const struct tlv *add_tlv, |
| 286 | const struct tlv *sdatl_tlv |
| 287 | ) { |
| 288 | return emv_pki_decode_key_ex(enc_pk, msgtype, pan_tlv, cert_tlv, exp_tlv, rem_tlv, add_tlv, sdatl_tlv, false); |
| 289 | } |
| 290 | |
| 291 | struct emv_pk *emv_pki_recover_issuer_cert(const struct emv_pk *pk, struct tlvdb *db) |
| 292 | { |
| 293 | return emv_pki_decode_key(pk, 2, |
| 294 | tlvdb_get(db, 0x5a, NULL), |
| 295 | tlvdb_get(db, 0x90, NULL), |
| 296 | tlvdb_get(db, 0x9f32, NULL), |
| 297 | tlvdb_get(db, 0x92, NULL), |
| 298 | NULL, |
| 299 | NULL); |
| 300 | } |
| 301 | |
| 302 | struct emv_pk *emv_pki_recover_icc_cert(const struct emv_pk *pk, struct tlvdb *db, const struct tlv *sda_tlv) |
| 303 | { |
| 304 | size_t sdatl_len; |
| 305 | unsigned char *sdatl = emv_pki_sdatl_fill(db, &sdatl_len); |
| 306 | struct tlv sda_tdata = { |
| 307 | .tag = 0x00, // dummy tag |
| 308 | .len = sdatl_len, |
| 309 | .value = sdatl |
| 310 | }; |
| 311 | |
| 312 | struct emv_pk *res = emv_pki_decode_key(pk, 4, |
| 313 | tlvdb_get(db, 0x5a, NULL), |
| 314 | tlvdb_get(db, 0x9f46, NULL), |
| 315 | tlvdb_get(db, 0x9f47, NULL), |
| 316 | tlvdb_get(db, 0x9f48, NULL), |
| 317 | sda_tlv, |
| 318 | &sda_tdata); |
| 319 | |
| 320 | free(sdatl); // malloc here: emv_pki_sdatl_fill |
| 321 | return res; |
| 322 | } |
| 323 | |
| 324 | struct emv_pk *emv_pki_recover_icc_pe_cert(const struct emv_pk *pk, struct tlvdb *db) |
| 325 | { |
| 326 | return emv_pki_decode_key(pk, 4, |
| 327 | tlvdb_get(db, 0x5a, NULL), |
| 328 | tlvdb_get(db, 0x9f2d, NULL), |
| 329 | tlvdb_get(db, 0x9f2e, NULL), |
| 330 | tlvdb_get(db, 0x9f2f, NULL), |
| 331 | NULL, |
| 332 | NULL); |
| 333 | } |
| 334 | |
| 335 | unsigned char *emv_pki_sdatl_fill(const struct tlvdb *db, size_t *sdatl_len) { |
| 336 | uint8_t buf[2048] = {0}; |
| 337 | size_t len = 0; |
| 338 | |
| 339 | *sdatl_len = 0; |
| 340 | |
| 341 | const struct tlv *sda_tl = tlvdb_get(db, 0x9f4a, NULL); |
| 342 | if (!sda_tl || sda_tl->len <= 0) |
| 343 | return NULL; |
| 344 | |
| 345 | for (int i = 0; i < sda_tl->len; i++) { |
| 346 | uint32_t tag = sda_tl->value[i]; // here may be multibyte, but now not |
| 347 | const struct tlv *elm = tlvdb_get(db, tag, NULL); |
| 348 | if (elm) { |
| 349 | memcpy(&buf[len], elm->value, elm->len); |
| 350 | len += elm->len; |
| 351 | } |
| 352 | } |
| 353 | |
| 354 | if (len) { |
| 355 | *sdatl_len = len; |
| 356 | unsigned char *value = malloc(len); |
| 357 | memcpy(value, buf, len); |
| 358 | return value; |
| 359 | } |
| 360 | |
| 361 | return NULL; |
| 362 | } |
| 363 | |
| 364 | |
| 365 | struct tlvdb *emv_pki_recover_dac_ex(const struct emv_pk *enc_pk, const struct tlvdb *db, const struct tlv *sda_tlv, bool showData) |
| 366 | { |
| 367 | size_t data_len; |
| 368 | |
| 369 | // Static Data Authentication Tag List |
| 370 | size_t sdatl_len; |
| 371 | unsigned char *sdatl = emv_pki_sdatl_fill(db, &sdatl_len); |
| 372 | struct tlv sda_tdata = { |
| 373 | .tag = 0x00, // dummy tag |
| 374 | .len = sdatl_len, |
| 375 | .value = sdatl |
| 376 | }; |
| 377 | |
| 378 | unsigned char *data = emv_pki_decode_message(enc_pk, 3, &data_len, |
| 379 | tlvdb_get(db, 0x93, NULL), |
| 380 | 3, |
| 381 | sda_tlv, |
| 382 | &sda_tdata, |
| 383 | NULL); |
| 384 | |
| 385 | free(sdatl); // malloc here: emv_pki_sdatl_fill |
| 386 | |
| 387 | if (!data || data_len < 5) |
| 388 | return NULL; |
| 389 | |
| 390 | if (showData){ |
| 391 | PrintAndLogEx(INFO, "Recovered data:\n"); |
| 392 | dump_buffer(data, data_len, stdout, 0); |
| 393 | } |
| 394 | |
| 395 | struct tlvdb *dac_db = tlvdb_fixed(0x9f45, 2, data+3); |
| 396 | |
| 397 | free(data); |
| 398 | |
| 399 | return dac_db; |
| 400 | } |
| 401 | |
| 402 | struct tlvdb *emv_pki_recover_dac(const struct emv_pk *enc_pk, const struct tlvdb *db, const struct tlv *sda_tlv) { |
| 403 | return emv_pki_recover_dac_ex(enc_pk, db, sda_tlv, false); |
| 404 | } |
| 405 | |
| 406 | struct tlvdb *emv_pki_recover_idn(const struct emv_pk *enc_pk, const struct tlvdb *db, const struct tlv *dyn_tlv) { |
| 407 | return emv_pki_recover_idn_ex(enc_pk, db, dyn_tlv, false); |
| 408 | } |
| 409 | |
| 410 | struct tlvdb *emv_pki_recover_idn_ex(const struct emv_pk *enc_pk, const struct tlvdb *db, const struct tlv *dyn_tlv, bool showData) |
| 411 | { |
| 412 | size_t data_len; |
| 413 | unsigned char *data = emv_pki_decode_message(enc_pk, 5, &data_len, |
| 414 | tlvdb_get(db, 0x9f4b, NULL), |
| 415 | 2, |
| 416 | dyn_tlv, |
| 417 | NULL); |
| 418 | |
| 419 | if (!data || data_len < 3) |
| 420 | return NULL; |
| 421 | |
| 422 | if (data[3] < 2 || data[3] > data_len - 3) { |
| 423 | free(data); |
| 424 | return NULL; |
| 425 | } |
| 426 | |
| 427 | if (showData){ |
| 428 | PrintAndLogEx(INFO, "Recovered data:\n"); |
| 429 | dump_buffer(data, data_len, stdout, 0); |
| 430 | } |
| 431 | |
| 432 | size_t idn_len = data[4]; |
| 433 | if (idn_len > data[3] - 1) { |
| 434 | free(data); |
| 435 | return NULL; |
| 436 | } |
| 437 | |
| 438 | // 9f4c ICC Dynamic Number |
| 439 | struct tlvdb *idn_db = tlvdb_fixed(0x9f4c, idn_len, data + 5); |
| 440 | |
| 441 | free(data); |
| 442 | |
| 443 | return idn_db; |
| 444 | } |
| 445 | |
| 446 | struct tlvdb *emv_pki_recover_atc_ex(const struct emv_pk *enc_pk, const struct tlvdb *db, bool showData) |
| 447 | { |
| 448 | size_t data_len; |
| 449 | unsigned char *data = emv_pki_decode_message(enc_pk, 5, &data_len, |
| 450 | tlvdb_get(db, 0x9f4b, NULL), |
| 451 | 5, |
| 452 | tlvdb_get(db, 0x9f37, NULL), |
| 453 | tlvdb_get(db, 0x9f02, NULL), |
| 454 | tlvdb_get(db, 0x5f2a, NULL), |
| 455 | tlvdb_get(db, 0x9f69, NULL), |
| 456 | NULL); |
| 457 | |
| 458 | if (!data || data_len < 3) |
| 459 | return NULL; |
| 460 | |
| 461 | if (data[3] < 2 || data[3] > data_len - 3) { |
| 462 | free(data); |
| 463 | return NULL; |
| 464 | } |
| 465 | |
| 466 | if (showData){ |
| 467 | PrintAndLogEx(INFO, "Recovered data:\n"); |
| 468 | dump_buffer(data, data_len, stdout, 0); |
| 469 | } |
| 470 | |
| 471 | size_t idn_len = data[4]; |
| 472 | if (idn_len > data[3] - 1) { |
| 473 | free(data); |
| 474 | return NULL; |
| 475 | } |
| 476 | |
| 477 | // 9f36 Application Transaction Counter (ATC) |
| 478 | struct tlvdb *atc_db = tlvdb_fixed(0x9f36, idn_len, data + 5); |
| 479 | |
| 480 | free(data); |
| 481 | |
| 482 | return atc_db; |
| 483 | } |
| 484 | |
| 485 | static bool tlv_hash(void *data, const struct tlv *tlv, int level, bool is_leaf) |
| 486 | { |
| 487 | struct crypto_hash *ch = data; |
| 488 | size_t tag_len; |
| 489 | unsigned char *tag; |
| 490 | |
| 491 | if (tlv_is_constructed(tlv)) |
| 492 | return true; |
| 493 | |
| 494 | if (tlv->tag == 0x9f4b) |
| 495 | return true; |
| 496 | |
| 497 | tag = tlv_encode(tlv, &tag_len); |
| 498 | crypto_hash_write(ch, tag, tag_len); |
| 499 | free(tag); |
| 500 | |
| 501 | return true; |
| 502 | } |
| 503 | |
| 504 | struct tlvdb *emv_pki_perform_cda(const struct emv_pk *enc_pk, const struct tlvdb *db, |
| 505 | const struct tlvdb *this_db, |
| 506 | const struct tlv *pdol_data_tlv, |
| 507 | const struct tlv *crm1_tlv, |
| 508 | const struct tlv *crm2_tlv) |
| 509 | { |
| 510 | return emv_pki_perform_cda_ex(enc_pk, db, this_db, pdol_data_tlv, crm1_tlv, crm2_tlv, false); |
| 511 | } |
| 512 | struct tlvdb *emv_pki_perform_cda_ex(const struct emv_pk *enc_pk, const struct tlvdb *db, |
| 513 | const struct tlvdb *this_db, // AC TLV result |
| 514 | const struct tlv *pdol_data_tlv, // PDOL |
| 515 | const struct tlv *crm1_tlv, // CDOL1 |
| 516 | const struct tlv *crm2_tlv, // CDOL2 |
| 517 | bool showData) |
| 518 | { |
| 519 | const struct tlv *un_tlv = tlvdb_get(db, 0x9f37, NULL); |
| 520 | const struct tlv *cid_tlv = tlvdb_get(this_db, 0x9f27, NULL); |
| 521 | |
| 522 | if (!un_tlv || !cid_tlv) |
| 523 | return NULL; |
| 524 | |
| 525 | size_t data_len = 0; |
| 526 | unsigned char *data = emv_pki_decode_message(enc_pk, 5, &data_len, |
| 527 | tlvdb_get(this_db, 0x9f4b, NULL), |
| 528 | 2, |
| 529 | un_tlv, |
| 530 | NULL); |
| 531 | if (!data || data_len < 3) { |
| 532 | PrintAndLogEx(ERR, "can't decode message. len %zd\n", data_len); |
| 533 | return NULL; |
| 534 | } |
| 535 | |
| 536 | if (showData){ |
| 537 | PrintAndLogEx(INFO, "Recovered data:\n"); |
| 538 | dump_buffer(data, data_len, stdout, 0); |
| 539 | } |
| 540 | |
| 541 | if (data[3] < 30 || data[3] > data_len - 4) { |
| 542 | PrintAndLogEx(ERR, "Invalid data length\n"); |
| 543 | free(data); |
| 544 | return NULL; |
| 545 | } |
| 546 | |
| 547 | if (!cid_tlv || cid_tlv->len != 1 || cid_tlv->value[0] != data[5 + data[4]]) { |
| 548 | PrintAndLogEx(ERR, "CID mismatch\n"); |
| 549 | free(data); |
| 550 | return NULL; |
| 551 | } |
| 552 | |
| 553 | struct crypto_hash *ch; |
| 554 | ch = crypto_hash_open(enc_pk->hash_algo); |
| 555 | if (!ch) { |
| 556 | PrintAndLogEx(ERR, "Can't create hash\n"); |
| 557 | free(data); |
| 558 | return NULL; |
| 559 | } |
| 560 | |
| 561 | if (pdol_data_tlv) |
| 562 | crypto_hash_write(ch, pdol_data_tlv->value, pdol_data_tlv->len); |
| 563 | if (crm1_tlv) |
| 564 | crypto_hash_write(ch, crm1_tlv->value, crm1_tlv->len); |
| 565 | if (crm2_tlv) |
| 566 | crypto_hash_write(ch, crm2_tlv->value, crm2_tlv->len); |
| 567 | |
| 568 | tlvdb_visit(this_db, tlv_hash, ch, 0); |
| 569 | |
| 570 | if (memcmp(data + 5 + data[4] + 1 + 8, crypto_hash_read(ch), 20)) { |
| 571 | PrintAndLogEx(ERR, "Calculated hash error\n"); |
| 572 | crypto_hash_close(ch); |
| 573 | free(data); |
| 574 | return NULL; |
| 575 | } |
| 576 | crypto_hash_close(ch); |
| 577 | |
| 578 | size_t idn_len = data[4]; |
| 579 | if (idn_len > data[3] - 1) { |
| 580 | PrintAndLogEx(ERR, "Invalid IDN length\n"); |
| 581 | free(data); |
| 582 | return NULL; |
| 583 | } |
| 584 | |
| 585 | struct tlvdb *idn_db = tlvdb_fixed(0x9f4c, idn_len, data + 5); |
| 586 | free(data); |
| 587 | |
| 588 | return idn_db; |
| 589 | } |