From d1ec96ed41a55e80fac58a75cbbb54cca66ac4f6 Mon Sep 17 00:00:00 2001 From: Ave Date: Tue, 29 Dec 2020 19:13:10 +0300 Subject: [PATCH 1/3] emrtd: Ensure that emrtd_parse_ef_sod_hash_algo returns -1 on errors too --- client/src/cmdhfemrtd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/client/src/cmdhfemrtd.c b/client/src/cmdhfemrtd.c index 4ed1732b4..6b966cfad 100644 --- a/client/src/cmdhfemrtd.c +++ b/client/src/cmdhfemrtd.c @@ -1544,6 +1544,9 @@ static int emrtd_parse_ef_sod_hash_algo(uint8_t *data, size_t datalen, int *hash uint8_t hashalgoset[64] = { 0x00 }; size_t hashalgosetlen = 0; + // We'll return hash algo -1 if we can't find anything + *hashalgo = -1; + if (!emrtd_lds_get_data_by_tag(data, datalen, hashalgoset, &hashalgosetlen, 0x30, 0x00, false, true, 0)) { PrintAndLogEx(ERR, "Failed to read hash algo set from EF_SOD."); return false; @@ -1571,8 +1574,6 @@ static int emrtd_parse_ef_sod_hash_algo(uint8_t *data, size_t datalen, int *hash } } - // Return hash algo -1 if we can't find anything - *hashalgo = -1; PrintAndLogEx(ERR, "Failed to parse hash list (Unknown algo: %s). Hash verification won't be available.", sprint_hex_inrow(hashalgoset, hashalgosetlen)); return PM3_ESOFT; } From a14b5f7b5fbde1aec5c5359ded808fd056d5c38a Mon Sep 17 00:00:00 2001 From: Ave Date: Tue, 29 Dec 2020 19:24:44 +0300 Subject: [PATCH 2/3] emrtd: Employ a workaround for data length of 0x80 This is to make US passport hashes read properly. https://wf.lavatech.top/ave-but-random/emrtd-data-quirks#EF_SOD --- client/src/cmdhfemrtd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/client/src/cmdhfemrtd.c b/client/src/cmdhfemrtd.c index 6b966cfad..fa9c936e9 100644 --- a/client/src/cmdhfemrtd.c +++ b/client/src/cmdhfemrtd.c @@ -217,6 +217,11 @@ static int emrtd_get_asn1_data_length(uint8_t *datain, int datainlen, int offset PrintAndLogEx(DEBUG, "asn1 datalength, lenfield: %02X", lenfield); if (lenfield <= 0x7f) { return lenfield; + } else if (lenfield == 0x80) { + // TODO: 0x80 means indeterminate. + // Giving rest of the file is a workaround, nothing more, nothing less. + // More at https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/ + return datainlen; } else if (lenfield == 0x81) { return ((int) * (datain + offset + 1)); } else if (lenfield == 0x82) { @@ -231,7 +236,7 @@ static int emrtd_get_asn1_field_length(uint8_t *datain, int datainlen, int offse PrintAndLogEx(DEBUG, "asn1 fieldlength, datain: %s", sprint_hex_inrow(datain, datainlen)); int lenfield = (int) * (datain + offset); PrintAndLogEx(DEBUG, "asn1 fieldlength, lenfield: %02X", lenfield); - if (lenfield <= 0x7F) { + if (lenfield <= 0x80) { return 1; } else if (lenfield == 0x81) { return 2; From ff4acf70059d86e0bc63a6094a719e3b8b3c06e1 Mon Sep 17 00:00:00 2001 From: Ave Date: Tue, 29 Dec 2020 20:05:50 +0300 Subject: [PATCH 3/3] emrtd: Improve comment on USA quirk workaround --- client/src/cmdhfemrtd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/src/cmdhfemrtd.c b/client/src/cmdhfemrtd.c index fa9c936e9..670ea804d 100644 --- a/client/src/cmdhfemrtd.c +++ b/client/src/cmdhfemrtd.c @@ -218,9 +218,9 @@ static int emrtd_get_asn1_data_length(uint8_t *datain, int datainlen, int offset if (lenfield <= 0x7f) { return lenfield; } else if (lenfield == 0x80) { - // TODO: 0x80 means indeterminate. + // TODO: 0x80 means indeterminate, and this impl is a workaround. // Giving rest of the file is a workaround, nothing more, nothing less. - // More at https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/ + // https://wf.lavatech.top/ave-but-random/emrtd-data-quirks#EF_SOD return datainlen; } else if (lenfield == 0x81) { return ((int) * (datain + offset + 1));