diff --git a/client/emv/cmdemv.c b/client/emv/cmdemv.c index 0bf96f56..dc83d4cc 100644 --- a/client/emv/cmdemv.c +++ b/client/emv/cmdemv.c @@ -781,7 +781,7 @@ int CmdHFEMVExec(const char *cmd) { } int CmdHFEMVTest(const char *cmd) { - return ExecuteCryptoTests(); + return ExecuteCryptoTests(true); } int CmdHelp(const char *Cmd); diff --git a/client/emv/crypto_polarssl.c b/client/emv/crypto_polarssl.c index 3c9e7eed..f67386a1 100644 --- a/client/emv/crypto_polarssl.c +++ b/client/emv/crypto_polarssl.c @@ -89,6 +89,7 @@ struct crypto_pk_polarssl { static struct crypto_pk *crypto_pk_polarssl_open_rsa(va_list vl) { struct crypto_pk_polarssl *cp = malloc(sizeof(*cp)); + memset(cp, 0x00, sizeof(*cp)); char *mod = va_arg(vl, char *); // N int modlen = va_arg(vl, size_t); @@ -97,12 +98,13 @@ static struct crypto_pk *crypto_pk_polarssl_open_rsa(va_list vl) rsa_init(&cp->ctx, RSA_PKCS_V15, 0); - cp->ctx.len = modlen * 2; // size(N) in chars + cp->ctx.len = modlen; // size(N) in bytes mpi_read_binary(&cp->ctx.N, (const unsigned char *)mod, modlen); mpi_read_binary(&cp->ctx.E, (const unsigned char *)exp, explen); - if(rsa_check_pubkey(&cp->ctx) != 0) { - fprintf(stderr, "PolarSSL key error exp=%d mod=%d.\n", explen, modlen); + int res = rsa_check_pubkey(&cp->ctx); + if(res != 0) { + fprintf(stderr, "PolarSSL key error res=%x exp=%d mod=%d.\n", res * -1, explen, modlen); return NULL; } @@ -227,24 +229,13 @@ static void crypto_pk_polarssl_close(struct crypto_pk *_cp) free(cp); } -static int myrand(void *rng_state, unsigned char *output, size_t len) { - size_t i; - - if(rng_state != NULL) - rng_state = NULL; - - for(i = 0; i < len; ++i) - output[i] = rand(); - - return 0; -} - static unsigned char *crypto_pk_polarssl_encrypt(const struct crypto_pk *_cp, const unsigned char *buf, size_t len, size_t *clen) { struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp; int res; unsigned char *result; + *clen = 0; size_t keylen = mpi_size(&cp->ctx.N); result = malloc(keylen); @@ -252,11 +243,10 @@ static unsigned char *crypto_pk_polarssl_encrypt(const struct crypto_pk *_cp, co printf("RSA encrypt failed. Can't allocate result memory.\n"); return NULL; } -printf("## RSA len %d\n", keylen); - res = rsa_pkcs1_encrypt(&cp->ctx, &myrand, NULL, RSA_PUBLIC, len, buf, result); - if(res) { - printf("RSA encrypt failed. Error: %x\n", res * -1); + res = rsa_public(&cp->ctx, buf, result); + if(res) { + printf("RSA encrypt failed. Error: %x data len: %d key len: %d\n", res * -1, len, keylen); return NULL; } @@ -267,131 +257,56 @@ printf("## RSA len %d\n", keylen); static unsigned char *crypto_pk_polarssl_decrypt(const struct crypto_pk *_cp, const unsigned char *buf, size_t len, size_t *clen) { -// struct crypto_pk_polarssl *ch = (struct crypto_pk_polarssl *)_ch; - /*struct crypto_pk_polarssl *cp = container_of(_cp, struct crypto_pk_libgcrypt, cp); - gcry_error_t err; - int blen = len; - gcry_sexp_t esexp, dsexp; - gcry_mpi_t tmpi; - size_t templen; - size_t keysize; + struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp; + int res; unsigned char *result; + + *clen = 0; + size_t keylen = mpi_size(&cp->ctx.N); - XXX: RSA-only! - err = gcry_sexp_build(&esexp, NULL, "(enc-val (flags) (rsa (a %b)))", - blen, buf); - if (err) { - fprintf(stderr, "LibGCrypt error %s/%s\n", - gcry_strsource (err), - gcry_strerror (err)); - return NULL; - } - - err = gcry_pk_decrypt(&dsexp, esexp, cp->pk); - gcry_sexp_release(esexp); - if (err) { - fprintf(stderr, "LibGCrypt error %s/%s\n", - gcry_strsource (err), - gcry_strerror (err)); - return NULL; - } - - tmpi = gcry_sexp_nth_mpi(dsexp, 1, GCRYMPI_FMT_USG); - gcry_sexp_release(dsexp); - if (!tmpi) - return NULL; - - keysize = (gcry_pk_get_nbits(cp->pk) + 7) / 8; - result = malloc(keysize); + result = malloc(keylen); if (!result) { - gcry_mpi_release(tmpi); + printf("RSA encrypt failed. Can't allocate result memory.\n"); return NULL; } - err = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, keysize, &templen, tmpi); - if (err) { - fprintf(stderr, "LibGCrypt error %s/%s\n", - gcry_strsource (err), - gcry_strerror (err)); - gcry_mpi_release(tmpi); - free(result); + res = rsa_private(&cp->ctx, buf, result); // CHECK??? + if(res) { + printf("RSA decrypt failed. Error: %x data len: %d key len: %d\n", res * -1, len, keylen); return NULL; } - - err = gcry_mpi_print(GCRYMPI_FMT_USG, result + keysize - templen, templen, &templen, tmpi); - if (err) { - fprintf(stderr, "LibGCrypt error %s/%s\n", - gcry_strsource (err), - gcry_strerror (err)); - gcry_mpi_release(tmpi); - free(result); - return NULL; - } - memset(result, 0, keysize - templen); - - *clen = keysize; - gcry_mpi_release(tmpi); - - return result;*/ - return NULL; + + *clen = keylen; + + return result; } static size_t crypto_pk_polarssl_get_nbits(const struct crypto_pk *_cp) { -// struct crypto_pk_polarssl *ch = (struct crypto_pk_polarssl *)_ch; + struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp; -// return gcry_pk_get_nbits(cp->pk); + return cp->ctx.len * 8; return 0; } static unsigned char *crypto_pk_polarssl_get_parameter(const struct crypto_pk *_cp, unsigned param, size_t *plen) { - /*struct crypto_pk_polarssl *cp = container_of(_cp, struct crypto_pk_libgcrypt, cp); - gcry_error_t err; - gcry_sexp_t psexp; - gcry_mpi_t tmpi; - size_t parameter_size; - unsigned char *result; - const char *name; - - XXX: RSA-only! - if (param == 0) - name = "n"; - else if (param == 1) - name = "e"; - else - return NULL; - - psexp = gcry_sexp_find_token(cp->pk, name, 1); - if (!psexp) - return NULL; - - tmpi = gcry_sexp_nth_mpi(psexp, 1, GCRYMPI_FMT_USG); - gcry_sexp_release(psexp); - if (!tmpi) - return NULL; - - parameter_size = (gcry_mpi_get_nbits(tmpi) + 7) / 8; - result = malloc(parameter_size); - if (!result) { - gcry_mpi_release(tmpi); - return NULL; + struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp; + // TODO!!!!!! + switch(param){ + // mod + case 0: + *plen = mpi_size(&cp->ctx.N); + break; + // exp + case 1: + *plen = mpi_size(&cp->ctx.E); + break; + default: + printf("Error get parameter. Param=%d", param); + break; } - - err = gcry_mpi_print(GCRYMPI_FMT_USG, result, parameter_size, NULL, tmpi); - if (err) { - fprintf(stderr, "LibGCrypt error %s/%s\n", - gcry_strsource (err), - gcry_strerror (err)); - gcry_mpi_release(tmpi); - free(result); - return NULL; - } - - *plen = parameter_size; - gcry_mpi_release(tmpi); - - return result;*/ + return NULL; } diff --git a/client/emv/cryptotest.c b/client/emv/cryptotest.c index a298a3d0..b6a40d31 100644 --- a/client/emv/cryptotest.c +++ b/client/emv/cryptotest.c @@ -10,6 +10,7 @@ #include "cryptotest.h" #include "util.h" +#include "ui.h" #include "sda_test.h" #include "bignum.h" @@ -19,26 +20,26 @@ #include "sha1.h" -int ExecuteCryptoTests() { +int ExecuteCryptoTests(bool verbose) { int res; bool TestFail = false; - res = mpi_self_test(true); + res = mpi_self_test(verbose); if (res) TestFail = true; - res = aes_self_test(true); + res = aes_self_test(verbose); if (res) TestFail = true; - res = des_self_test(true); + res = des_self_test(verbose); if (res) TestFail = true; - res = sha1_self_test(true); + res = sha1_self_test(verbose); if (res) TestFail = true; - res = rsa_self_test(true); + res = rsa_self_test(verbose); if (res) TestFail = true; - res = exec_sda_test(); + res = exec_sda_test(verbose); if (res) TestFail = true; PrintAndLog("--------------------------"); diff --git a/client/emv/cryptotest.h b/client/emv/cryptotest.h index d2c9acd0..5c6aaae2 100644 --- a/client/emv/cryptotest.h +++ b/client/emv/cryptotest.h @@ -10,4 +10,4 @@ #include -extern int ExecuteCryptoTests(); +extern int ExecuteCryptoTests(bool verbose); diff --git a/client/emv/sda_test.c b/client/emv/sda_test.c index 78c7e9ae..b41f8fd3 100644 --- a/client/emv/sda_test.c +++ b/client/emv/sda_test.c @@ -98,7 +98,7 @@ const unsigned char pan[] = { 0x42, 0x76, 0x55, 0x00, 0x00, 0x00, 0x00, 0x00, }; -static int sda_test_raw(void) +static int sda_test_raw(bool verbose) { const struct emv_pk *pk = &vsdc_01; @@ -107,7 +107,7 @@ static int sda_test_raw(void) pk->exp, pk->elen); if (!kcp) return 1; -printf("--open\n"); + unsigned char *ipk_data; size_t ipk_data_len; ipk_data = crypto_pk_encrypt(kcp, issuer_cert, sizeof(issuer_cert), &ipk_data_len); @@ -115,9 +115,11 @@ printf("--open\n"); if (!ipk_data) return 1; -printf("--ipk_data\n"); - dump_buffer(ipk_data, ipk_data_len, stdout, 0); + if (verbose) { + printf("issuer cert:\n"); + dump_buffer(ipk_data, ipk_data_len, stdout, 0); + } size_t ipk_pk_len = ipk_data[13]; unsigned char *ipk_pk = malloc(ipk_pk_len); @@ -131,7 +133,6 @@ printf("--ipk_data\n"); free(ipk_data); return 1; } -printf("--crypto_hash_open\n"); crypto_hash_write(ch, ipk_data + 1, 14); crypto_hash_write(ch, ipk_pk, ipk_pk_len); @@ -144,9 +145,11 @@ printf("--crypto_hash_open\n"); free(ipk_data); return 1; } -printf("--crypto_hash_read\n"); - dump_buffer(h, 20, stdout, 0); + if (verbose) { + printf("crypto hash:\n"); + dump_buffer(h, 20, stdout, 0); + } if (memcmp(ipk_data + ipk_data_len - 21, h, 20)) { crypto_hash_close(ch); @@ -163,23 +166,23 @@ printf("--crypto_hash_read\n"); free(ipk_pk); if (!ikcp) return 1; -printf("--crypto_pk_open\n"); size_t ssad_len; unsigned char *ssad = crypto_pk_encrypt(ikcp, ssad_cr, sizeof(ssad_cr), &ssad_len); crypto_pk_close(ikcp); if (!ssad) return 1; -printf("--crypto_pk_encrypt\n"); - dump_buffer(ssad, ssad_len, stdout, 0); + if (verbose) { + printf("ssad:\n"); + dump_buffer(ssad, ssad_len, stdout, 0); + } ch = crypto_hash_open(HASH_SHA_1); if (!ch) { free(ssad); return 1; } -printf("--crypto_hash_open2\n"); crypto_hash_write(ch, ssad + 1, ssad_len - 22); crypto_hash_write(ch, ssd1, sizeof(ssd1)); @@ -190,19 +193,20 @@ printf("--crypto_hash_open2\n"); free(ssad); return 1; } -printf("--crypto_hash_read2\n"); - dump_buffer(h2, 20, stdout, 0); + if (verbose) { + printf("crypto hash2:\n"); + dump_buffer(h2, 20, stdout, 0); + } crypto_hash_close(ch); free(ssad); -printf("--done\n"); return 0; } -static int sda_test_pk(void) +static int sda_test_pk(bool verbose) { const struct emv_pk *pk = &vsdc_01; struct tlvdb *db; @@ -238,7 +242,10 @@ static int sda_test_pk(void) return 2; } - dump_buffer(dac->value, dac->len, stdout, 0); + if (verbose) { + printf("dac:\n"); + dump_buffer(dac->value, dac->len, stdout, 0); + } tlvdb_free(dacdb); emv_pk_free(ipk); @@ -247,25 +254,23 @@ static int sda_test_pk(void) return 0; } -int exec_sda_test(void) +int exec_sda_test(bool verbose) { int ret; - fprintf(stdout, "SDA raw test: "); - ret = sda_test_raw(); + ret = sda_test_raw(verbose); if (ret) { - fprintf(stderr, "[ERROR]\n"); + fprintf(stderr, "SDA raw test: failed\n"); return ret; } - fprintf(stdout, "[OK]\n"); + fprintf(stdout, "SDA raw test: passed\n"); - fprintf(stdout, "SDA test pk: "); - ret = sda_test_pk(); + ret = sda_test_pk(verbose); if (ret) { - fprintf(stdout, "SDA raw test: "); + fprintf(stderr, "SDA test pk: failed\n"); return ret; } - fprintf(stdout, "[OK]\n"); + fprintf(stdout, "SDA test pk: passed\n"); return 0; } diff --git a/client/emv/sda_test.h b/client/emv/sda_test.h index 006082a2..43a4c948 100644 --- a/client/emv/sda_test.h +++ b/client/emv/sda_test.h @@ -13,4 +13,4 @@ * Lesser General Public License for more details. */ -extern int exec_sda_test(void); +extern int exec_sda_test(bool verbose); diff --git a/common/polarssl/rsa.c b/common/polarssl/rsa.c index 9872274b..74dbf4e0 100644 --- a/common/polarssl/rsa.c +++ b/common/polarssl/rsa.c @@ -453,8 +453,8 @@ int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx, olen = ctx->len; - if( olen < ilen + 11 ) - return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); +// if( olen < ilen + 11 ) +// return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); nb_pad = olen - 3 - ilen;