sda test ok

client/emv/cmdemv.c

@@ -781,7 +781,7 @@ int CmdHFEMVExec(const char *cmd) {
 }
 
 int CmdHFEMVTest(const char *cmd) {
-	return ExecuteCryptoTests();
+	return ExecuteCryptoTests(true);
 }
 
 int CmdHelp(const char *Cmd);

client/emv/crypto_polarssl.c

@@ -89,6 +89,7 @@ struct crypto_pk_polarssl {
 static struct crypto_pk *crypto_pk_polarssl_open_rsa(va_list vl)
 {
 	struct crypto_pk_polarssl *cp = malloc(sizeof(*cp));
+	memset(cp, 0x00, sizeof(*cp));
 
 	char *mod = va_arg(vl, char *);	 // N
 	int modlen = va_arg(vl, size_t);
@@ -97,12 +98,13 @@ static struct crypto_pk *crypto_pk_polarssl_open_rsa(va_list vl)
 
 	rsa_init(&cp->ctx, RSA_PKCS_V15, 0);
 	
-	cp->ctx.len = modlen * 2; // size(N) in chars
+	cp->ctx.len = modlen; // size(N) in bytes
 	mpi_read_binary(&cp->ctx.N, (const unsigned char *)mod, modlen);
 	mpi_read_binary(&cp->ctx.E, (const unsigned char *)exp, explen);
 	
-	if(rsa_check_pubkey(&cp->ctx) != 0) {
+	int res = rsa_check_pubkey(&cp->ctx);
-		fprintf(stderr, "PolarSSL key error exp=%d mod=%d.\n", explen, modlen);
+	if(res != 0) {
+		fprintf(stderr, "PolarSSL key error res=%x exp=%d mod=%d.\n", res * -1, explen, modlen);
 
 		return NULL;
 	}
@@ -227,24 +229,13 @@ static void crypto_pk_polarssl_close(struct crypto_pk *_cp)
 	free(cp);
 }
 
-static int myrand(void *rng_state, unsigned char *output, size_t len) {
-	size_t i;
-
-	if(rng_state != NULL)
-		rng_state = NULL;
-
-	for(i = 0; i < len; ++i)
-		output[i] = rand();
-	
-	return 0;
-}
-
 static unsigned char *crypto_pk_polarssl_encrypt(const struct crypto_pk *_cp, const unsigned char *buf, size_t len, size_t *clen)
 {
 	struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp;
 	int res;
 	unsigned char *result;
 	
+	*clen = 0;
 	size_t keylen = mpi_size(&cp->ctx.N);
 
 	result = malloc(keylen);
@@ -252,11 +243,10 @@ static unsigned char *crypto_pk_polarssl_encrypt(const struct crypto_pk *_cp, co
 		printf("RSA encrypt failed. Can't allocate result memory.\n");
 		return NULL;
 	}
-printf("## RSA len %d\n", keylen);
-	res = rsa_pkcs1_encrypt(&cp->ctx, &myrand, NULL, RSA_PUBLIC, len, buf, result);
-	if(res) {
-		printf("RSA encrypt failed. Error: %x\n", res * -1);
 
+	res = rsa_public(&cp->ctx, buf, result);
+	if(res) {
+		printf("RSA encrypt failed. Error: %x data len: %d key len: %d\n", res * -1, len, keylen);
 		return NULL;
 	}
 	
@@ -267,131 +257,56 @@ printf("## RSA len %d\n", keylen);
 
 static unsigned char *crypto_pk_polarssl_decrypt(const struct crypto_pk *_cp, const unsigned char *buf, size_t len, size_t *clen)
 {
-//	struct crypto_pk_polarssl *ch = (struct crypto_pk_polarssl *)_ch;
+	struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp;
-	/*struct crypto_pk_polarssl *cp = container_of(_cp, struct crypto_pk_libgcrypt, cp);
+	int res;
-	gcry_error_t err;
-	int blen = len;
-	gcry_sexp_t esexp, dsexp;
-	gcry_mpi_t tmpi;
-	size_t templen;
-	size_t keysize;
 	unsigned char *result;
 	
-	 XXX: RSA-only! 
+	*clen = 0;
-	err = gcry_sexp_build(&esexp, NULL, "(enc-val (flags) (rsa (a %b)))",
+	size_t keylen = mpi_size(&cp->ctx.N);
-			blen, buf);
-	if (err) {
-		fprintf(stderr, "LibGCrypt error %s/%s\n",
-				gcry_strsource (err),
-				gcry_strerror (err));
-		return NULL;
-	}
 
-	err = gcry_pk_decrypt(&dsexp, esexp, cp->pk);
+	result = malloc(keylen);
-	gcry_sexp_release(esexp);
-	if (err) {
-		fprintf(stderr, "LibGCrypt error %s/%s\n",
-				gcry_strsource (err),
-				gcry_strerror (err));
-		return NULL;
-	}
-
-	tmpi = gcry_sexp_nth_mpi(dsexp, 1, GCRYMPI_FMT_USG);
-	gcry_sexp_release(dsexp);
-	if (!tmpi)
-		return NULL;
-
-	keysize = (gcry_pk_get_nbits(cp->pk) + 7) / 8;
-	result = malloc(keysize);
 	if (!result) {
-		gcry_mpi_release(tmpi);
+		printf("RSA encrypt failed. Can't allocate result memory.\n");
 		return NULL;
 	}
 
-	err = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, keysize, &templen, tmpi);
+	res = rsa_private(&cp->ctx, buf, result); // CHECK???
-	if (err) {
+	if(res) {
-		fprintf(stderr, "LibGCrypt error %s/%s\n",
+		printf("RSA decrypt failed. Error: %x data len: %d key len: %d\n", res * -1, len, keylen);
-				gcry_strsource (err),
-				gcry_strerror (err));
-		gcry_mpi_release(tmpi);
-		free(result);
 		return NULL;
 	}
 	
-	err = gcry_mpi_print(GCRYMPI_FMT_USG, result + keysize - templen, templen, &templen, tmpi);
+	*clen = keylen;
-	if (err) {
-		fprintf(stderr, "LibGCrypt error %s/%s\n",
-				gcry_strsource (err),
-				gcry_strerror (err));
-		gcry_mpi_release(tmpi);
-		free(result);
-		return NULL;
-	}
-	memset(result, 0, keysize - templen);
 	
-	*clen = keysize;
+	return result;
-	gcry_mpi_release(tmpi);
-
-	return result;*/
-	return NULL;
 }
 
 static size_t crypto_pk_polarssl_get_nbits(const struct crypto_pk *_cp)
 {
-//	struct crypto_pk_polarssl *ch = (struct crypto_pk_polarssl *)_ch;
+	struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp;
 
-//	return gcry_pk_get_nbits(cp->pk);
+	return cp->ctx.len * 8;
 return 0;
 }
 
 static unsigned char *crypto_pk_polarssl_get_parameter(const struct crypto_pk *_cp, unsigned param, size_t *plen)
 {
-	/*struct crypto_pk_polarssl *cp = container_of(_cp, struct crypto_pk_libgcrypt, cp);
+	struct crypto_pk_polarssl *cp = (struct crypto_pk_polarssl *)_cp;
-	gcry_error_t err;
+	// TODO!!!!!!
-	gcry_sexp_t psexp;
+	switch(param){
-	gcry_mpi_t tmpi;
+		// mod
-	size_t parameter_size;
+		case 0:
-	unsigned char *result;
+			*plen = mpi_size(&cp->ctx.N);
-	const char *name;
+			break;
-
+		// exp
-	 XXX: RSA-only! 
+		case 1:
-	if (param == 0)
+			*plen = mpi_size(&cp->ctx.E);
-		name = "n";
+			break;
-	else if (param == 1)
+		default:
-		name = "e";
+			printf("Error get parameter. Param=%d", param);
-	else
+			break;
-		return NULL;
-
-	psexp = gcry_sexp_find_token(cp->pk, name, 1);
-	if (!psexp)
-		return NULL;
-
-	tmpi = gcry_sexp_nth_mpi(psexp, 1, GCRYMPI_FMT_USG);
-	gcry_sexp_release(psexp);
-	if (!tmpi)
-		return NULL;
-
-	parameter_size = (gcry_mpi_get_nbits(tmpi) + 7) / 8;
-	result = malloc(parameter_size);
-	if (!result) {
-		gcry_mpi_release(tmpi);
-		return NULL;
 	}
 	
-	err = gcry_mpi_print(GCRYMPI_FMT_USG, result, parameter_size, NULL, tmpi);
-	if (err) {
-		fprintf(stderr, "LibGCrypt error %s/%s\n",
-				gcry_strsource (err),
-				gcry_strerror (err));
-		gcry_mpi_release(tmpi);
-		free(result);
-		return NULL;
-	}
-
-	*plen = parameter_size;
-	gcry_mpi_release(tmpi);
-
-	return result;*/
 	return NULL;
 }
 

client/emv/cryptotest.c

@@ -10,6 +10,7 @@
 
 #include "cryptotest.h"
 #include "util.h"
+#include "ui.h"
 
 #include "sda_test.h"
 #include "bignum.h"
@@ -19,26 +20,26 @@
 #include "sha1.h"
 
 
-int ExecuteCryptoTests() {
+int ExecuteCryptoTests(bool verbose) {
 	int res;
 	bool TestFail = false;
 	
-	res = mpi_self_test(true);
+	res = mpi_self_test(verbose);
 	if (res) TestFail = true;
 	
-	res = aes_self_test(true);
+	res = aes_self_test(verbose);
 	if (res) TestFail = true;
 	
-	res = des_self_test(true);
+	res = des_self_test(verbose);
 	if (res) TestFail = true;
 	
-	res = sha1_self_test(true);
+	res = sha1_self_test(verbose);
 	if (res) TestFail = true;
 	
-	res = rsa_self_test(true);
+	res = rsa_self_test(verbose);
 	if (res) TestFail = true;
 	
-	res = exec_sda_test();
+	res = exec_sda_test(verbose);
 	if (res) TestFail = true;
 	
 	PrintAndLog("--------------------------");

client/emv/cryptotest.h

@@ -10,4 +10,4 @@
 
 #include <stdbool.h>
 
-extern int ExecuteCryptoTests();
+extern int ExecuteCryptoTests(bool verbose);

client/emv/sda_test.c

@@ -98,7 +98,7 @@ const unsigned char pan[] = {
 	0x42, 0x76, 0x55, 0x00, 0x00, 0x00, 0x00, 0x00,
 };
 
-static int sda_test_raw(void)
+static int sda_test_raw(bool verbose)
 {
 	const struct emv_pk *pk = &vsdc_01;
 
@@ -107,7 +107,7 @@ static int sda_test_raw(void)
 			pk->exp, pk->elen);
 	if (!kcp)
 		return 1;
-printf("--open\n");
+
 	unsigned char *ipk_data;
 	size_t ipk_data_len;
 	ipk_data = crypto_pk_encrypt(kcp, issuer_cert, sizeof(issuer_cert), &ipk_data_len);
@@ -115,9 +115,11 @@ printf("--open\n");
 
 	if (!ipk_data)
 		return 1;
-printf("--ipk_data\n");
 
-	dump_buffer(ipk_data, ipk_data_len, stdout, 0);
+	if (verbose) {
+		printf("issuer cert:\n");
+		dump_buffer(ipk_data, ipk_data_len, stdout, 0);
+	}
 
 	size_t ipk_pk_len = ipk_data[13];
 	unsigned char *ipk_pk = malloc(ipk_pk_len);
@@ -131,7 +133,6 @@ printf("--ipk_data\n");
 		free(ipk_data);
 		return 1;
 	}
-printf("--crypto_hash_open\n");
 
 	crypto_hash_write(ch, ipk_data + 1, 14);
 	crypto_hash_write(ch, ipk_pk, ipk_pk_len);
@@ -144,9 +145,11 @@ printf("--crypto_hash_open\n");
 		free(ipk_data);
 		return 1;
 	}
-printf("--crypto_hash_read\n");
 
-	dump_buffer(h, 20, stdout, 0);
+	if (verbose) {
+		printf("crypto hash:\n");
+		dump_buffer(h, 20, stdout, 0);
+	}
 
 	if (memcmp(ipk_data + ipk_data_len - 21, h, 20)) {
 		crypto_hash_close(ch);
@@ -163,23 +166,23 @@ printf("--crypto_hash_read\n");
 	free(ipk_pk);
 	if (!ikcp)
 		return 1;
-printf("--crypto_pk_open\n");
 
 	size_t ssad_len;
 	unsigned char *ssad = crypto_pk_encrypt(ikcp, ssad_cr, sizeof(ssad_cr), &ssad_len);
 	crypto_pk_close(ikcp);
 	if (!ssad)
 		return 1;
-printf("--crypto_pk_encrypt\n");
 
-	dump_buffer(ssad, ssad_len, stdout, 0);
+	if (verbose) {
+		printf("ssad:\n");
+		dump_buffer(ssad, ssad_len, stdout, 0);
+	}
 
 	ch = crypto_hash_open(HASH_SHA_1);
 	if (!ch) {
 		free(ssad);
 		return 1;
 	}
-printf("--crypto_hash_open2\n");
 
 	crypto_hash_write(ch, ssad + 1, ssad_len - 22);
 	crypto_hash_write(ch, ssd1, sizeof(ssd1));
@@ -190,19 +193,20 @@ printf("--crypto_hash_open2\n");
 		free(ssad);
 		return 1;
 	}
-printf("--crypto_hash_read2\n");
 
-	dump_buffer(h2, 20, stdout, 0);
+	if (verbose) {
+		printf("crypto hash2:\n");
+		dump_buffer(h2, 20, stdout, 0);
+	}
 
 	crypto_hash_close(ch);
 
 	free(ssad);
-printf("--done\n");
 
 	return 0;
 }
 
-static int sda_test_pk(void)
+static int sda_test_pk(bool verbose)
 {
 	const struct emv_pk *pk = &vsdc_01;
 	struct tlvdb *db;
@@ -238,7 +242,10 @@ static int sda_test_pk(void)
 		return 2;
 	}
 
-	dump_buffer(dac->value, dac->len, stdout, 0);
+	if (verbose) {
+		printf("dac:\n");
+		dump_buffer(dac->value, dac->len, stdout, 0);
+	}
 
 	tlvdb_free(dacdb);
 	emv_pk_free(ipk);
@@ -247,25 +254,23 @@ static int sda_test_pk(void)
 	return 0;
 }
 
-int exec_sda_test(void)
+int exec_sda_test(bool verbose)
 {
 	int ret;
 
-	fprintf(stdout, "SDA raw test: ");
+	ret = sda_test_raw(verbose);
-	ret = sda_test_raw();
 	if (ret) {
-		fprintf(stderr, "[ERROR]\n");
+		fprintf(stderr, "SDA raw test: failed\n");
 		return ret;
 	}
-	fprintf(stdout, "[OK]\n");
+	fprintf(stdout, "SDA raw test: passed\n");
 
-	fprintf(stdout, "SDA test pk: ");
+	ret = sda_test_pk(verbose);
-	ret = sda_test_pk();
 	if (ret) {
-		fprintf(stdout, "SDA raw test: ");
+		fprintf(stderr, "SDA test pk: failed\n");
 		return ret;
 	}
-	fprintf(stdout, "[OK]\n");
+	fprintf(stdout, "SDA test pk: passed\n");
 
 	return 0;
 }

client/emv/sda_test.h

@@ -13,4 +13,4 @@
  * Lesser General Public License for more details.
  */
  
-extern int exec_sda_test(void);
+extern int exec_sda_test(bool verbose);

common/polarssl/rsa.c

@@ -453,8 +453,8 @@ int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx,
 
     olen = ctx->len;
 
-    if( olen < ilen + 11 )
+//    if( olen < ilen + 11 )
-        return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+//        return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
     nb_pad = olen - 3 - ilen;