Merge pull request #1238 from merlokk/emv_ssad

ApplePay CDA check
2025-08-23 22:55:37 -07:00 · 2021-04-08 18:29:40 +03:00 · 2021-04-08 18:29:40 +03:00 · 9c64d2f4e0
commit 9c64d2f4e0
parent e207091ace 2f634923bb
3 changed files with 23 additions and 15 deletions
--- a/client/src/emv/cmdemv.c
+++ b/client/src/emv/cmdemv.c
@ -1143,9 +1143,13 @@ static int CmdEMVExec(const char *Cmd) {
            // CDA
            PrintAndLogEx(NORMAL, "\n* CDA:");
            struct tlvdb *ac_tlv = tlvdb_parse_multi(buf, len);
-            res = trCDA(tlvRoot, ac_tlv, pdol_data_tlv, cdol_data_tlv);
-            if (res) {
-                PrintAndLogEx(NORMAL, "CDA error (%d)", res);
+            if (tlvdb_get(ac_tlv, 0x9f4b, NULL)) {
+                res = trCDA(tlvRoot, ac_tlv, pdol_data_tlv, cdol_data_tlv);
+                if (res) {
+                    PrintAndLogEx(NORMAL, "CDA error (%d)", res);
+                }
+            } else {
+                PrintAndLogEx(NORMAL, "\n* Signed Dynamic Application Data (0x9f4b) not present");
            }

            free(ac_tlv);
--- a/client/src/emv/emv_pki.c
+++ b/client/src/emv/emv_pki.c
@ -349,7 +349,7 @@ unsigned char *emv_pki_sdatl_fill(const struct tlvdb *db, size_t *sdatl_len) {
 }

 struct tlvdb *emv_pki_recover_dac_ex(const struct emv_pk *enc_pk, const struct tlvdb *db, const struct tlv *sda_tlv, bool showData) {
-    size_t data_len;
+    size_t data_len = 0;

    // Static Data Authentication Tag List
    size_t sdatl_len;
--- a/client/src/emv/emvcore.c
+++ b/client/src/emv/emvcore.c
@ -970,17 +970,21 @@ int trCDA(struct tlvdb *tlv, struct tlvdb *ac_tlv, struct tlv *pdol_data_tlv, st
                  sprint_hex(icc_pk->serial, 3)
                 );

-    struct tlvdb *dac_db = emv_pki_recover_dac(issuer_pk, tlv, sda_tlv);
-    if (dac_db) {
-        const struct tlv *dac_tlv = tlvdb_get(dac_db, 0x9f45, NULL);
-        PrintAndLogEx(SUCCESS, "SSAD verified (%s) (%02hhx:%02hhx)", _GREEN_("ok"), dac_tlv->value[0], dac_tlv->value[1]);
-        tlvdb_add(tlv, dac_db);
-    } else {
-        PrintAndLogEx(ERR, "Error: SSAD verify error");
-        emv_pk_free(pk);
-        emv_pk_free(issuer_pk);
-        emv_pk_free(icc_pk);
-        return 4;
+    // Signed Static Application Data (SSAD) check
+    const struct tlv *ssad_tlv = tlvdb_get(tlv, 0x93, NULL);
+    if (ssad_tlv && ssad_tlv->len > 1) {
+        struct tlvdb *dac_db = emv_pki_recover_dac(issuer_pk, tlv, sda_tlv);
+        if (dac_db) {
+            const struct tlv *dac_tlv = tlvdb_get(dac_db, 0x9f45, NULL);
+            PrintAndLogEx(SUCCESS, "Signed Static Application Data (SSAD) verified (%s) (%02hhx:%02hhx)", _GREEN_("ok"), dac_tlv->value[0], dac_tlv->value[1]);
+            tlvdb_add(tlv, dac_db);
+        } else {
+            PrintAndLogEx(ERR, "Error: Signed Static Application Data (SSAD) verify error");
+            emv_pk_free(pk);
+            emv_pk_free(issuer_pk);
+            emv_pk_free(icc_pk);
+            return 4;
+        }
    }

    PrintAndLogEx(INFO, "* * Check Signed Dynamic Application Data (SDAD)");