github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-08-23 22:45:27 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

sda test ok

Browse source
This commit is contained in:
merlokk 2017-12-05 12:50:29 +02:00
commit 645c1f327c
7 changed files with 83 additions and 162 deletions
Download patch file Download diff file Expand all files Collapse all files

2
client/emv/cmdemv.c
View file

@ -781,7 +781,7 @@ int CmdHFEMVExec(const char *cmd) {
} }
int CmdHFEMVTest(const char *cmd) { int CmdHFEMVTest(const char *cmd) {
return ExecuteCryptoTests(); return ExecuteCryptoTests(true);
} }
int CmdHelp(const char *Cmd); int CmdHelp(const char *Cmd);

157
client/emv/crypto_polarssl.c
View file

@ -89,6 +89,7 @@ struct crypto_pk_polarssl {
static struct crypto_pk *crypto_pk_polarssl_open_rsa(va_list vl) static struct crypto_pk *crypto_pk_polarssl_open_rsa(va_list vl)
{ {
struct crypto_pk_polarssl *cp = malloc(sizeof(*cp)); struct crypto_pk_polarssl *cp = malloc(sizeof(*cp));
memset(cp, 0x00, sizeof(*cp));
char *mod = va_arg(vl, char *); // N char *mod = va_arg(vl, char *); // N
int modlen = va_arg(vl, size_t); int modlen = va_arg(vl, size_t);
@ -97,12 +98,13 @@ static struct crypto_pk *crypto_pk_polarssl_open_rsa(va_list vl)
rsa_init(&cp->ctx, RSA_PKCS_V15, 0); rsa_init(&cp->ctx, RSA_PKCS_V15, 0);
cp->ctx.len = modlen * 2; // size(N) in chars cp->ctx.len = modlen; // size(N) in bytes
mpi_read_binary(&cp->ctx.N, (const unsigned char *)mod, modlen); mpi_read_binary(&cp->ctx.N, (const unsigned char *)mod, modlen);
mpi_read_binary(&cp->ctx.E, (const unsigned char *)exp, explen); mpi_read_binary(&cp->ctx.E, (const unsigned char *)exp, explen);
if(rsa_check_pubkey(&cp->ctx) != 0) { int res = rsa_check_pubkey(&cp->ctx);
fprintf(stderr, "PolarSSL key error exp=%d mod=%d.\n", explen, modlen); if(res != 0) {
fprintf(stderr, "PolarSSL key error res=%x exp=%d mod=%d.\n", res * -1, explen, modlen);
return NULL; return NULL;
} }
@ -227,24 +229,13 @@ static void crypto_pk_polarssl_close(struct crypto_pk *_cp)
free(cp); free(cp);
} }
static int myrand(void *rng_state, unsigned char *output, size_t len) {
size_t i;
if(rng_state != NULL)
rng_state = NULL;
for(i = 0; i < len; ++i)
output[i] = rand();
return 0;
}
static unsigned char *crypto_pk_polarssl_encrypt(const struct crypto_pk *_cp, const unsigned char *buf, size_t len, size_t *clen) static unsigned char *crypto_pk_polarssl_encrypt(const struct crypto_pk *_cp, const unsigned char *buf, size_t len, size_t *clen)
{ {
struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp; struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp;
int res; int res;
unsigned char *result; unsigned char *result;
*clen = 0;
size_t keylen = mpi_size(&cp->ctx.N); size_t keylen = mpi_size(&cp->ctx.N);
result = malloc(keylen); result = malloc(keylen);
@ -252,11 +243,10 @@ static unsigned char *crypto_pk_polarssl_encrypt(const struct crypto_pk *_cp, co
printf("RSA encrypt failed. Can't allocate result memory.\n"); printf("RSA encrypt failed. Can't allocate result memory.\n");
return NULL; return NULL;
} }
printf("## RSA len %d\n", keylen);
res = rsa_pkcs1_encrypt(&cp->ctx, &myrand, NULL, RSA_PUBLIC, len, buf, result);
if(res) {
printf("RSA encrypt failed. Error: %x\n", res * -1);
res = rsa_public(&cp->ctx, buf, result);
if(res) {
printf("RSA encrypt failed. Error: %x data len: %d key len: %d\n", res * -1, len, keylen);
return NULL; return NULL;
} }
@ -267,131 +257,56 @@ printf("## RSA len %d\n", keylen);
static unsigned char *crypto_pk_polarssl_decrypt(const struct crypto_pk *_cp, const unsigned char *buf, size_t len, size_t *clen) static unsigned char *crypto_pk_polarssl_decrypt(const struct crypto_pk *_cp, const unsigned char *buf, size_t len, size_t *clen)
{ {
// struct crypto_pk_polarssl *ch = (struct crypto_pk_polarssl *)_ch; struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp;
/*struct crypto_pk_polarssl *cp = container_of(_cp, struct crypto_pk_libgcrypt, cp); int res;
gcry_error_t err;
int blen = len;
gcry_sexp_t esexp, dsexp;
gcry_mpi_t tmpi;
size_t templen;
size_t keysize;
unsigned char *result; unsigned char *result;
XXX: RSA-only! *clen = 0;
err = gcry_sexp_build(&esexp, NULL, "(enc-val (flags) (rsa (a %b)))", size_t keylen = mpi_size(&cp->ctx.N);
blen, buf);
if (err) {
fprintf(stderr, "LibGCrypt error %s/%s\n",
gcry_strsource (err),
gcry_strerror (err));
return NULL;
}
err = gcry_pk_decrypt(&dsexp, esexp, cp->pk); result = malloc(keylen);
gcry_sexp_release(esexp);
if (err) {
fprintf(stderr, "LibGCrypt error %s/%s\n",
gcry_strsource (err),
gcry_strerror (err));
return NULL;
}
tmpi = gcry_sexp_nth_mpi(dsexp, 1, GCRYMPI_FMT_USG);
gcry_sexp_release(dsexp);
if (!tmpi)
return NULL;
keysize = (gcry_pk_get_nbits(cp->pk) + 7) / 8;
result = malloc(keysize);
if (!result) { if (!result) {
gcry_mpi_release(tmpi); printf("RSA encrypt failed. Can't allocate result memory.\n");
return NULL; return NULL;
} }
err = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, keysize, &templen, tmpi); res = rsa_private(&cp->ctx, buf, result); // CHECK???
if (err) { if(res) {
fprintf(stderr, "LibGCrypt error %s/%s\n", printf("RSA decrypt failed. Error: %x data len: %d key len: %d\n", res * -1, len, keylen);
gcry_strsource (err),
gcry_strerror (err));
gcry_mpi_release(tmpi);
free(result);
return NULL; return NULL;
} }
err = gcry_mpi_print(GCRYMPI_FMT_USG, result + keysize - templen, templen, &templen, tmpi); *clen = keylen;
if (err) {
fprintf(stderr, "LibGCrypt error %s/%s\n",
gcry_strsource (err),
gcry_strerror (err));
gcry_mpi_release(tmpi);
free(result);
return NULL;
}
memset(result, 0, keysize - templen);
*clen = keysize; return result;
gcry_mpi_release(tmpi);
return result;*/
return NULL;
} }
static size_t crypto_pk_polarssl_get_nbits(const struct crypto_pk *_cp) static size_t crypto_pk_polarssl_get_nbits(const struct crypto_pk *_cp)
{ {
// struct crypto_pk_polarssl *ch = (struct crypto_pk_polarssl *)_ch; struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp;
// return gcry_pk_get_nbits(cp->pk); return cp->ctx.len * 8;
return 0; return 0;
} }
static unsigned char *crypto_pk_polarssl_get_parameter(const struct crypto_pk *_cp, unsigned param, size_t *plen) static unsigned char *crypto_pk_polarssl_get_parameter(const struct crypto_pk *_cp, unsigned param, size_t *plen)
{ {
/*struct crypto_pk_polarssl *cp = container_of(_cp, struct crypto_pk_libgcrypt, cp); struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp;
gcry_error_t err; // TODO!!!!!!
gcry_sexp_t psexp; switch(param){
gcry_mpi_t tmpi; // mod
size_t parameter_size; case 0:
unsigned char *result; *plen = mpi_size(&cp->ctx.N);
const char *name; break;
// exp
XXX: RSA-only! case 1:
if (param == 0) *plen = mpi_size(&cp->ctx.E);
name = "n"; break;
else if (param == 1) default:
name = "e"; printf("Error get parameter. Param=%d", param);
else break;
return NULL;
psexp = gcry_sexp_find_token(cp->pk, name, 1);
if (!psexp)
return NULL;
tmpi = gcry_sexp_nth_mpi(psexp, 1, GCRYMPI_FMT_USG);
gcry_sexp_release(psexp);
if (!tmpi)
return NULL;
parameter_size = (gcry_mpi_get_nbits(tmpi) + 7) / 8;
result = malloc(parameter_size);
if (!result) {
gcry_mpi_release(tmpi);
return NULL;
} }
err = gcry_mpi_print(GCRYMPI_FMT_USG, result, parameter_size, NULL, tmpi);
if (err) {
fprintf(stderr, "LibGCrypt error %s/%s\n",
gcry_strsource (err),
gcry_strerror (err));
gcry_mpi_release(tmpi);
free(result);
return NULL;
}
*plen = parameter_size;
gcry_mpi_release(tmpi);
return result;*/
return NULL; return NULL;
} }

15
client/emv/cryptotest.c
View file

@ -10,6 +10,7 @@
#include "cryptotest.h" #include "cryptotest.h"
#include "util.h" #include "util.h"
#include "ui.h"
#include "sda_test.h" #include "sda_test.h"
#include "bignum.h" #include "bignum.h"
@ -19,26 +20,26 @@
#include "sha1.h" #include "sha1.h"
int ExecuteCryptoTests() { int ExecuteCryptoTests(bool verbose) {
int res; int res;
bool TestFail = false; bool TestFail = false;
res = mpi_self_test(true); res = mpi_self_test(verbose);
if (res) TestFail = true; if (res) TestFail = true;
res = aes_self_test(true); res = aes_self_test(verbose);
if (res) TestFail = true; if (res) TestFail = true;
res = des_self_test(true); res = des_self_test(verbose);
if (res) TestFail = true; if (res) TestFail = true;
res = sha1_self_test(true); res = sha1_self_test(verbose);
if (res) TestFail = true; if (res) TestFail = true;
res = rsa_self_test(true); res = rsa_self_test(verbose);
if (res) TestFail = true; if (res) TestFail = true;
res = exec_sda_test(); res = exec_sda_test(verbose);
if (res) TestFail = true; if (res) TestFail = true;
PrintAndLog("--------------------------"); PrintAndLog("--------------------------");

2
client/emv/cryptotest.h
View file

@ -10,4 +10,4 @@
#include <stdbool.h> #include <stdbool.h>
extern int ExecuteCryptoTests(); extern int ExecuteCryptoTests(bool verbose);

45
client/emv/sda_test.c
View file

@ -98,7 +98,7 @@ const unsigned char pan[] = {
0x42, 0x76, 0x55, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0x76, 0x55, 0x00, 0x00, 0x00, 0x00, 0x00,
}; };
static int sda_test_raw(void) static int sda_test_raw(bool verbose)
{ {
const struct emv_pk *pk = &vsdc_01; const struct emv_pk *pk = &vsdc_01;
@ -107,7 +107,7 @@ static int sda_test_raw(void)
pk->exp, pk->elen); pk->exp, pk->elen);
if (!kcp) if (!kcp)
return 1; return 1;
printf("--open\n");
unsigned char *ipk_data; unsigned char *ipk_data;
size_t ipk_data_len; size_t ipk_data_len;
ipk_data = crypto_pk_encrypt(kcp, issuer_cert, sizeof(issuer_cert), &ipk_data_len); ipk_data = crypto_pk_encrypt(kcp, issuer_cert, sizeof(issuer_cert), &ipk_data_len);
@ -115,9 +115,11 @@ printf("--open\n");
if (!ipk_data) if (!ipk_data)
return 1; return 1;
printf("--ipk_data\n");
if (verbose) {
printf("issuer cert:\n");
dump_buffer(ipk_data, ipk_data_len, stdout, 0); dump_buffer(ipk_data, ipk_data_len, stdout, 0);
}
size_t ipk_pk_len = ipk_data[13]; size_t ipk_pk_len = ipk_data[13];
unsigned char *ipk_pk = malloc(ipk_pk_len); unsigned char *ipk_pk = malloc(ipk_pk_len);
@ -131,7 +133,6 @@ printf("--ipk_data\n");
free(ipk_data); free(ipk_data);
return 1; return 1;
} }
printf("--crypto_hash_open\n");
crypto_hash_write(ch, ipk_data + 1, 14); crypto_hash_write(ch, ipk_data + 1, 14);
crypto_hash_write(ch, ipk_pk, ipk_pk_len); crypto_hash_write(ch, ipk_pk, ipk_pk_len);
@ -144,9 +145,11 @@ printf("--crypto_hash_open\n");
free(ipk_data); free(ipk_data);
return 1; return 1;
} }
printf("--crypto_hash_read\n");
if (verbose) {
printf("crypto hash:\n");
dump_buffer(h, 20, stdout, 0); dump_buffer(h, 20, stdout, 0);
}
if (memcmp(ipk_data + ipk_data_len - 21, h, 20)) { if (memcmp(ipk_data + ipk_data_len - 21, h, 20)) {
crypto_hash_close(ch); crypto_hash_close(ch);
@ -163,23 +166,23 @@ printf("--crypto_hash_read\n");
free(ipk_pk); free(ipk_pk);
if (!ikcp) if (!ikcp)
return 1; return 1;
printf("--crypto_pk_open\n");
size_t ssad_len; size_t ssad_len;
unsigned char *ssad = crypto_pk_encrypt(ikcp, ssad_cr, sizeof(ssad_cr), &ssad_len); unsigned char *ssad = crypto_pk_encrypt(ikcp, ssad_cr, sizeof(ssad_cr), &ssad_len);
crypto_pk_close(ikcp); crypto_pk_close(ikcp);
if (!ssad) if (!ssad)
return 1; return 1;
printf("--crypto_pk_encrypt\n");
if (verbose) {
printf("ssad:\n");
dump_buffer(ssad, ssad_len, stdout, 0); dump_buffer(ssad, ssad_len, stdout, 0);
}
ch = crypto_hash_open(HASH_SHA_1); ch = crypto_hash_open(HASH_SHA_1);
if (!ch) { if (!ch) {
free(ssad); free(ssad);
return 1; return 1;
} }
printf("--crypto_hash_open2\n");
crypto_hash_write(ch, ssad + 1, ssad_len - 22); crypto_hash_write(ch, ssad + 1, ssad_len - 22);
crypto_hash_write(ch, ssd1, sizeof(ssd1)); crypto_hash_write(ch, ssd1, sizeof(ssd1));
@ -190,19 +193,20 @@ printf("--crypto_hash_open2\n");
free(ssad); free(ssad);
return 1; return 1;
} }
printf("--crypto_hash_read2\n");
if (verbose) {
printf("crypto hash2:\n");
dump_buffer(h2, 20, stdout, 0); dump_buffer(h2, 20, stdout, 0);
}
crypto_hash_close(ch); crypto_hash_close(ch);
free(ssad); free(ssad);
printf("--done\n");
return 0; return 0;
} }
static int sda_test_pk(void) static int sda_test_pk(bool verbose)
{ {
const struct emv_pk *pk = &vsdc_01; const struct emv_pk *pk = &vsdc_01;
struct tlvdb *db; struct tlvdb *db;
@ -238,7 +242,10 @@ static int sda_test_pk(void)
return 2; return 2;
} }
if (verbose) {
printf("dac:\n");
dump_buffer(dac->value, dac->len, stdout, 0); dump_buffer(dac->value, dac->len, stdout, 0);
}
tlvdb_free(dacdb); tlvdb_free(dacdb);
emv_pk_free(ipk); emv_pk_free(ipk);
@ -247,25 +254,23 @@ static int sda_test_pk(void)
return 0; return 0;
} }
int exec_sda_test(void) int exec_sda_test(bool verbose)
{ {
int ret; int ret;
fprintf(stdout, "SDA raw test: "); ret = sda_test_raw(verbose);
ret = sda_test_raw();
if (ret) { if (ret) {
fprintf(stderr, "[ERROR]\n"); fprintf(stderr, "SDA raw test: failed\n");
return ret; return ret;
} }
fprintf(stdout, "[OK]\n"); fprintf(stdout, "SDA raw test: passed\n");
fprintf(stdout, "SDA test pk: "); ret = sda_test_pk(verbose);
ret = sda_test_pk();
if (ret) { if (ret) {
fprintf(stdout, "SDA raw test: "); fprintf(stderr, "SDA test pk: failed\n");
return ret; return ret;
} }
fprintf(stdout, "[OK]\n"); fprintf(stdout, "SDA test pk: passed\n");
return 0; return 0;
} }

2
client/emv/sda_test.h
View file

@ -13,4 +13,4 @@
* Lesser General Public License for more details. * Lesser General Public License for more details.
*/ */
extern int exec_sda_test(void); extern int exec_sda_test(bool verbose);

4
common/polarssl/rsa.c
View file

@ -453,8 +453,8 @@ int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx,
olen = ctx->len; olen = ctx->len;
if( olen < ilen + 11 ) // if( olen < ilen + 11 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); // return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
nb_pad = olen - 3 - ilen; nb_pad = olen - 3 - ilen;