From 70ecfdf50295481f1516bd94919c373566b17312 Mon Sep 17 00:00:00 2001
From: Ave <ave@ave.zone>
Date: Fri, 11 Dec 2020 06:27:47 +0300
Subject: [PATCH] emrtd: Verify rnd_ifd

---
 client/src/cmdhfemrtd.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/client/src/cmdhfemrtd.c b/client/src/cmdhfemrtd.c
index 3145dd6e6..45f1125bd 100644
--- a/client/src/cmdhfemrtd.c
+++ b/client/src/cmdhfemrtd.c
@@ -184,6 +184,20 @@ static void des3_encrypt_cbc(uint8_t *iv, uint8_t *key, uint8_t *input, int inpu
     mbedtls_des3_free(&ctx);
 }
 
+static void des3_decrypt_cbc(uint8_t *iv, uint8_t *key, uint8_t *input, int inputlen, uint8_t *output) {
+    mbedtls_des3_context ctx;
+    mbedtls_des3_set2key_dec(&ctx, key);
+
+    mbedtls_des3_crypt_cbc(&ctx  // des3_context
+                           , MBEDTLS_DES_DECRYPT    // int mode
+                           , inputlen               // length
+                           , iv                     // iv[8]
+                           , input                  // input
+                           , output                 // output
+                          );
+    mbedtls_des3_free(&ctx);
+}
+
 static void retail_mac(uint8_t *key, uint8_t *input, uint8_t *output) {
     // This code assumes blocklength (n) = 8, and input len of 32 chars
     // This code takes inspirations from https://github.com/devinvenable/iso9797algorithm3
@@ -424,6 +438,15 @@ int infoHF_EMRTD(char *documentnumber, char *dob, char *expiry) {
     }
     PrintAndLogEx(INFO, "External authentication successful.");
 
+    uint8_t dec_output[32] = { 0x00 };
+    des3_decrypt_cbc(iv, kenc, response, 32, dec_output);
+
+    if (memcmp(rnd_ifd, dec_output + 8, 8) != 0) {
+        PrintAndLogEx(ERR, "Challenge failed, rnd_ifd does not match.");
+        DropField();
+        return PM3_ESOFT;
+    }
+
     DropField();
     return PM3_SUCCESS;
 }