Coverage Report

Created: 2025-08-26 06:43

/src/opensc/src/sm/sm-eac.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (C) 2011-2018 Frank Morgner
3
 *
4
 * This file is part of OpenSC.
5
 *
6
 * This library is free software; you can redistribute it and/or
7
 * modify it under the terms of the GNU Lesser General Public
8
 * License as published by the Free Software Foundation; either
9
 * version 2.1 of the License, or (at your option) any later version.
10
 *
11
 * This library is distributed in the hope that it will be useful,
12
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14
 * Lesser General Public License for more details.
15
 *
16
 * You should have received a copy of the GNU Lesser General Public
17
 * License along with this library; if not, write to the Free Software
18
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19
 */
20
#ifdef HAVE_CONFIG_H
21
#include "config.h"
22
#endif
23
24
#include "sm/sm-iso.h"
25
#include "libopensc/asn1.h"
26
#include "libopensc/log.h"
27
#include "libopensc/opensc.h"
28
#include "sm-eac.h"
29
#include <stdlib.h>
30
#include <string.h>
31
32
#ifdef ENABLE_OPENSSL
33
#include <openssl/evp.h>
34
#endif
35
36
char eac_default_flags = 0;
37
0
#define ISO_MSE 0x22
38
39
#if defined(ENABLE_OPENPACE) && defined(ENABLE_SM)
40
#include <eac/ca.h>
41
#include <eac/cv_cert.h>
42
#include <eac/eac.h>
43
#include <eac/objects.h>
44
#include <eac/pace.h>
45
#include <eac/ta.h>
46
#include <openssl/bio.h>
47
#include <openssl/buffer.h>
48
#include <openssl/err.h>
49
#include <openssl/evp.h>
50
#include <openssl/objects.h>
51
52
53
/** @brief EAC secure messaging context */
54
struct eac_sm_ctx {
55
  /** @brief EAC context */
56
  EAC_CTX *ctx;
57
  /** @brief picc's compressed ephemeral public key of PACE */
58
  BUF_MEM *id_icc;
59
  /** @brief PCD's compressed ephemeral public key of CA */
60
  BUF_MEM *eph_pub_key;
61
  /** @brief Auxiliary Data */
62
  BUF_MEM *auxiliary_data;
63
  char flags;
64
};
65
66
67
/* included in OpenPACE, but not propagated */
68
extern BUF_MEM *BUF_MEM_create(size_t len);
69
extern BUF_MEM *BUF_MEM_create_init(const void *buf, size_t len);
70
71
72
static int eac_sm_encrypt(sc_card_t *card, const struct iso_sm_ctx *ctx,
73
    const u8 *data, size_t datalen, u8 **enc);
74
static int eac_sm_decrypt(sc_card_t *card, const struct iso_sm_ctx *ctx,
75
    const u8 *enc, size_t enclen, u8 **data);
76
static int eac_sm_authenticate(sc_card_t *card, const struct iso_sm_ctx *ctx,
77
    const u8 *data, size_t datalen, u8 **outdata);
78
static int eac_sm_verify_authentication(sc_card_t *card, const struct iso_sm_ctx *ctx,
79
    const u8 *mac, size_t maclen,
80
    const u8 *macdata, size_t macdatalen);
81
static int eac_sm_pre_transmit(sc_card_t *card, const struct iso_sm_ctx *ctx,
82
    sc_apdu_t *apdu);
83
static int eac_sm_post_transmit(sc_card_t *card, const struct iso_sm_ctx *ctx,
84
    sc_apdu_t *sm_apdu);
85
static int eac_sm_finish(sc_card_t *card, const struct iso_sm_ctx *ctx,
86
    sc_apdu_t *apdu);
87
static void eac_sm_clear_free(const struct iso_sm_ctx *ctx);
88
89
90
91
92
static struct eac_sm_ctx *
93
eac_sm_ctx_create(EAC_CTX *ctx,
94
    const unsigned char *id_icc, size_t id_icc_length)
95
{
96
  struct eac_sm_ctx *out = malloc(sizeof *out);
97
  if (!out)
98
    goto err;
99
100
  out->ctx = ctx;
101
102
  if (id_icc && id_icc_length) {
103
    out->id_icc = BUF_MEM_create_init(id_icc, id_icc_length);
104
    if (!out->id_icc)
105
      goto err;
106
  } else
107
    out->id_icc = NULL;
108
109
  out->eph_pub_key = NULL;
110
  out->auxiliary_data = NULL;
111
112
  out->flags = eac_default_flags;
113
  if (out->flags & EAC_FLAG_DISABLE_CHECK_TA)
114
    TA_disable_checks(out->ctx);
115
  if (out->flags & EAC_FLAG_DISABLE_CHECK_CA)
116
    CA_disable_passive_authentication(out->ctx);
117
118
  return out;
119
120
err:
121
  free(out);
122
  return NULL;
123
}
124
125
static int
126
eac_sm_start(sc_card_t *card, EAC_CTX *eac_ctx,
127
    const unsigned char *id_icc, size_t id_icc_length)
128
{
129
  int r;
130
  struct iso_sm_ctx *sctx = NULL;
131
132
  if (!eac_ctx || !eac_ctx->key_ctx) {
133
    r = SC_ERROR_INVALID_ARGUMENTS;
134
    goto err;
135
  }
136
137
  sctx = iso_sm_ctx_create();
138
  if (!sctx) {
139
    r = SC_ERROR_OUT_OF_MEMORY;
140
    goto err;
141
  }
142
143
  sctx->priv_data = eac_sm_ctx_create(eac_ctx,
144
      id_icc, id_icc_length);
145
  if (!sctx->priv_data) {
146
    r = SC_ERROR_OUT_OF_MEMORY;
147
    goto err;
148
  }
149
150
  sctx->authenticate = eac_sm_authenticate;
151
  sctx->encrypt = eac_sm_encrypt;
152
  sctx->decrypt = eac_sm_decrypt;
153
  sctx->verify_authentication = eac_sm_verify_authentication;
154
  sctx->pre_transmit = eac_sm_pre_transmit;
155
  sctx->post_transmit = eac_sm_post_transmit;
156
  sctx->finish = eac_sm_finish;
157
  sctx->clear_free = eac_sm_clear_free;
158
  sctx->padding_indicator = SM_ISO_PADDING;
159
  sctx->block_length = EVP_CIPHER_block_size(eac_ctx->key_ctx->cipher);
160
161
  r = iso_sm_start(card, sctx);
162
163
err:
164
  if (r < 0)
165
    iso_sm_ctx_clear_free(sctx);
166
167
  return r;
168
}
169
170
static int get_ef_card_access(sc_card_t *card,
171
    u8 **ef_cardaccess, size_t *length_ef_cardaccess)
172
{
173
  return iso7816_read_binary_sfid(card, SFID_EF_CARDACCESS, ef_cardaccess, length_ef_cardaccess);
174
}
175
176
/*
177
 * MSE:Set AT
178
 */
179
static int encode_mse_cdata(struct sc_context *ctx, int protocol,
180
    const unsigned char *key_reference1, size_t key_reference1_len,
181
    const unsigned char *key_reference2, size_t key_reference2_len,
182
    const unsigned char *eph_pub_key, size_t eph_pub_key_len,
183
    const unsigned char *auxiliary_data, size_t auxiliary_data_len,
184
    const CVC_CHAT *chat, unsigned char **cdata)
185
{
186
  unsigned char *data = NULL, *encoded_chat = NULL, oid[16], *p = NULL;
187
  size_t data_len = 0, oid_len = 0;
188
  int r, encoded_chat_len = 0;
189
190
  struct sc_asn1_entry capdu_eac_mse[] = {
191
    { "Cryptographic mechanism reference",
192
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x00, SC_ASN1_OPTIONAL, NULL, NULL },
193
    { "Reference of a public key / secret key",
194
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x03, SC_ASN1_OPTIONAL, NULL, NULL },
195
    { "Reference of a private key / Reference for computing a session key",
196
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x04, SC_ASN1_OPTIONAL, NULL, NULL },
197
    { "Ephemeral Public Key",
198
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x11, SC_ASN1_OPTIONAL, NULL, NULL },
199
    { "Auxiliary authenticated data",
200
      SC_ASN1_OCTET_STRING, SC_ASN1_APP|SC_ASN1_CONS|0x07, SC_ASN1_OPTIONAL, NULL, NULL },
201
    /* "Certificate Holder Authorization Template", */
202
    { NULL , 0 , 0 , 0 , NULL , NULL }
203
  };
204
205
  if (!cdata) {
206
    r = SC_ERROR_INVALID_ARGUMENTS;
207
    goto err;
208
  }
209
210
  if (protocol) {
211
    ASN1_OBJECT *object = NULL;
212
#ifndef HAVE_EAC_OBJ_NID2OBJ
213
    object = OBJ_nid2obj(protocol);
214
#else
215
    object = EAC_OBJ_nid2obj(protocol);
216
#endif
217
    if (!object) {
218
      sc_debug(ctx, SC_LOG_DEBUG_VERBOSE, "Error setting Cryptographic mechanism reference of MSE:Set AT data");
219
      r = SC_ERROR_INTERNAL;
220
      goto err;
221
    }
222
    oid_len = OBJ_length(object);
223
    memcpy(oid, OBJ_get0_data(object), oid_len);
224
  }
225
226
  sc_format_asn1_entry(capdu_eac_mse + 0, oid, &oid_len, oid_len > 0);
227
  sc_format_asn1_entry(capdu_eac_mse + 1, (unsigned char *) key_reference1, &key_reference1_len, key_reference1 && key_reference1_len);
228
  sc_format_asn1_entry(capdu_eac_mse + 2, (unsigned char *) key_reference2, &key_reference2_len, key_reference2 && key_reference2_len);
229
  sc_format_asn1_entry(capdu_eac_mse + 3, (unsigned char *) eph_pub_key, &eph_pub_key_len, eph_pub_key && eph_pub_key_len);
230
  sc_format_asn1_entry(capdu_eac_mse + 4, (unsigned char *) auxiliary_data, &auxiliary_data_len, auxiliary_data && auxiliary_data_len);
231
232
  r = sc_asn1_encode(ctx, capdu_eac_mse, &data, &data_len);
233
  SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, r, "Error encoding MSE:Set AT APDU data");
234
235
  if (chat) {
236
    encoded_chat_len = i2d_CVC_CHAT((CVC_CHAT *) chat, &encoded_chat);
237
    if (encoded_chat_len < 0) {
238
      sc_log_openssl(ctx);
239
      r = SC_ERROR_INTERNAL;
240
      goto err;
241
    }
242
  }
243
244
245
  p = realloc(*cdata, data_len + encoded_chat_len);
246
  if (!p) {
247
    r = SC_ERROR_OUT_OF_MEMORY;
248
    goto err;
249
  }
250
  memcpy(p, data, data_len);
251
  memcpy(p+data_len, encoded_chat, encoded_chat_len);
252
  *cdata = p;
253
  r = (int)(data_len + encoded_chat_len);
254
255
  sc_debug_hex(ctx, SC_LOG_DEBUG_SM, "MSE command data", p, r);
256
257
err:
258
  free(data);
259
  if (encoded_chat)
260
    OPENSSL_free(encoded_chat);
261
262
  return r;
263
}
264
265
static int eac_mse(sc_card_t *card,
266
    unsigned char p1, unsigned char p2, int protocol,
267
    const unsigned char *key_reference1, size_t key_reference1_len,
268
    const unsigned char *key_reference2, size_t key_reference2_len,
269
    const unsigned char *eph_pub_key, size_t eph_pub_key_len,
270
    const unsigned char *auxiliary_data, size_t auxiliary_data_len,
271
    const CVC_CHAT *chat, u8 *sw1, u8 *sw2)
272
{
273
  sc_apdu_t apdu;
274
  unsigned char *d = NULL;
275
  int r;
276
277
  if (!card) {
278
    r = SC_ERROR_INVALID_ARGUMENTS;
279
    goto err;
280
  }
281
282
  r = encode_mse_cdata(card->ctx, protocol, key_reference1,
283
      key_reference1_len, key_reference2, key_reference2_len,
284
      eph_pub_key, eph_pub_key_len, auxiliary_data, auxiliary_data_len,
285
      chat, &d);
286
  if (r < 0)
287
    goto err;
288
  sc_format_apdu_ex(&apdu, 0x00, ISO_MSE, p1, p2,
289
      d, r, NULL, 0);
290
291
  r = sc_transmit_apdu(card, &apdu);
292
  if (r < 0)
293
    goto err;
294
295
  if (apdu.resplen) {
296
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "MSE:Set AT response data should be empty "
297
        "(contains %"SC_FORMAT_LEN_SIZE_T"u bytes)", apdu.resplen);
298
    r = SC_ERROR_UNKNOWN_DATA_RECEIVED;
299
    goto err;
300
  }
301
302
  if (sw1)
303
    *sw1 = apdu.sw1;
304
  if (sw2)
305
    *sw2 = apdu.sw2;
306
307
err:
308
  free(d);
309
310
  return r;
311
}
312
313
static int eac_mse_set_at(sc_card_t *card, unsigned char p1, int protocol,
314
    const unsigned char *key_reference1, size_t key_reference1_len,
315
    const unsigned char *key_reference2, size_t key_reference2_len,
316
    const unsigned char *eph_pub_key, size_t eph_pub_key_len,
317
    const unsigned char *auxiliary_data, size_t auxiliary_data_len,
318
    const CVC_CHAT *chat, u8 *sw1, u8 *sw2)
319
{
320
  return eac_mse(card, p1, 0xA4, protocol, key_reference1,
321
      key_reference1_len, key_reference2, key_reference2_len,
322
      eph_pub_key, eph_pub_key_len, auxiliary_data, auxiliary_data_len,
323
      chat, sw1, sw2);
324
}
325
326
static int eac_mse_set_at_pace(sc_card_t *card, int protocol,
327
    enum s_type secret_key, const CVC_CHAT *chat, u8 *sw1, u8 *sw2)
328
{
329
  int r, tries;
330
  unsigned char key = secret_key;
331
332
  r = eac_mse_set_at(card, 0xC1, protocol, &key, sizeof key, NULL,
333
      0, NULL, 0, NULL, 0, chat, sw1, sw2);
334
  if (0 > r)
335
    goto err;
336
337
  if (*sw1 == 0x63) {
338
    if ((*sw2 & 0xc0) == 0xc0) {
339
      tries = *sw2 & 0x0f;
340
      if (tries <= 1) {
341
        /* this is only a warning... */
342
        sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Remaining tries: %d (%s must be %s)\n",
343
            tries, eac_secret_name(secret_key),
344
            tries ? "resumed" : "unblocked");
345
      }
346
      r = SC_SUCCESS;
347
    } else {
348
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Unknown status bytes: SW1=%02X, SW2=%02X\n",
349
          *sw1, *sw2);
350
      r = SC_ERROR_CARD_CMD_FAILED;
351
    }
352
  } else if (*sw1 == 0x62 && *sw2 == 0x83) {
353
       sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Password is deactivated\n");
354
       r = SC_ERROR_AUTH_METHOD_BLOCKED;
355
  } else {
356
    r = sc_check_sw(card, *sw1, *sw2);
357
  }
358
359
err:
360
  return r;
361
}
362
363
364
/*
365
 * General Authenticate
366
 */
367
static int encode_gen_auth_cdata(struct sc_context *ctx,
368
    const unsigned char *ca_eph_pub_key, size_t ca_eph_pub_key_len,
369
    const unsigned char *mapping_data, size_t mapping_data_len,
370
    const unsigned char *eph_pub_key, size_t eph_pub_key_len,
371
    const unsigned char *auth_token, size_t auth_token_len,
372
    unsigned char **cdata)
373
{
374
  size_t data_len = 0;
375
  int r;
376
377
  struct sc_asn1_entry capdu_eac_gen_auth_data[] = {
378
    { "Ephemeral Public Key (CA)",
379
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x00, SC_ASN1_OPTIONAL, NULL, NULL },
380
    { "Mapping Data",
381
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x01, SC_ASN1_OPTIONAL, NULL, NULL },
382
    { "Ephemeral Public Key (PACE)",
383
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x03, SC_ASN1_OPTIONAL, NULL, NULL },
384
    { "Authentication Token",
385
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x05, SC_ASN1_OPTIONAL, NULL, NULL },
386
    { NULL , 0 , 0 , 0 , NULL , NULL }
387
  };
388
389
  struct sc_asn1_entry capdu_eac_gen_auth[] = {
390
    { "Dynamic Authentication Data", SC_ASN1_STRUCT, SC_ASN1_APP|SC_ASN1_CONS|0x1c, 0, NULL, NULL },
391
    { NULL , 0 , 0 , 0 , NULL , NULL }
392
  };
393
394
  if (!cdata) {
395
    r = SC_ERROR_INVALID_ARGUMENTS;
396
    goto err;
397
  }
398
399
    sc_format_asn1_entry(capdu_eac_gen_auth + 0, capdu_eac_gen_auth_data, &capdu_eac_gen_auth_data, 1);
400
401
  sc_format_asn1_entry(capdu_eac_gen_auth_data + 0, (unsigned char *) ca_eph_pub_key, &ca_eph_pub_key_len, ca_eph_pub_key && ca_eph_pub_key_len);
402
  sc_format_asn1_entry(capdu_eac_gen_auth_data + 1, (unsigned char *) mapping_data, &mapping_data_len, mapping_data && mapping_data_len);
403
  sc_format_asn1_entry(capdu_eac_gen_auth_data + 2, (unsigned char *) eph_pub_key, &eph_pub_key_len, eph_pub_key && eph_pub_key_len);
404
  sc_format_asn1_entry(capdu_eac_gen_auth_data + 3, (unsigned char *) auth_token, &auth_token_len, auth_token && auth_token_len);
405
406
  r = sc_asn1_encode(ctx, capdu_eac_gen_auth, cdata, &data_len);
407
  SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, r, "Error encoding General Authenticate APDU data");
408
  r = (int)data_len;
409
410
err:
411
  return r;
412
}
413
static int decode_gen_auth_rdata(struct sc_context *ctx,
414
    const unsigned char *rdata, size_t rdata_len,
415
    unsigned char **enc_nonce, size_t *enc_nonce_len,
416
    unsigned char **mapping_data, size_t *mapping_data_len,
417
    unsigned char **eph_pub_key, size_t *eph_pub_key_len,
418
    unsigned char **auth_token, size_t *auth_token_len,
419
    unsigned char **cur_car, size_t *cur_car_len,
420
    unsigned char **prev_car, size_t *prev_car_len)
421
{
422
  struct sc_asn1_entry rapdu_eac_gen_auth_data[] = {
423
    { "Encrypted Nonce",
424
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x00, SC_ASN1_OPTIONAL|SC_ASN1_ALLOC, NULL, NULL },
425
    { "Mapping Data",
426
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x02, SC_ASN1_OPTIONAL|SC_ASN1_ALLOC, NULL, NULL },
427
    { "Ephemeral Public Key",
428
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x04, SC_ASN1_OPTIONAL|SC_ASN1_ALLOC, NULL, NULL },
429
    { "Authentication Token",
430
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x06, SC_ASN1_OPTIONAL|SC_ASN1_ALLOC, NULL, NULL },
431
    { "Most recent Certification Authority Reference",
432
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x07, SC_ASN1_OPTIONAL|SC_ASN1_ALLOC, NULL, NULL },
433
    { "Pverious recent Certification Authority Reference",
434
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x07, SC_ASN1_OPTIONAL|SC_ASN1_ALLOC, NULL, NULL },
435
    { NULL , 0 , 0 , 0 , NULL , NULL }
436
  };
437
438
  struct sc_asn1_entry rapdu_eac_gen_auth[] = {
439
    { "Dynamic Authentication Data", SC_ASN1_STRUCT, SC_ASN1_APP|SC_ASN1_CONS|0x1c, 0, NULL, NULL },
440
    { NULL , 0 , 0 , 0 , NULL , NULL }
441
  };
442
443
    sc_format_asn1_entry(rapdu_eac_gen_auth + 0, rapdu_eac_gen_auth_data, &rapdu_eac_gen_auth_data, 1);
444
445
  sc_format_asn1_entry(rapdu_eac_gen_auth_data + 0, enc_nonce, enc_nonce_len, 0);
446
  sc_format_asn1_entry(rapdu_eac_gen_auth_data + 1, mapping_data, mapping_data_len, 0);
447
  sc_format_asn1_entry(rapdu_eac_gen_auth_data + 2, eph_pub_key, eph_pub_key_len, 0);
448
  sc_format_asn1_entry(rapdu_eac_gen_auth_data + 3, auth_token, auth_token_len, 0);
449
  sc_format_asn1_entry(rapdu_eac_gen_auth_data + 4, cur_car, cur_car_len, 0);
450
  sc_format_asn1_entry(rapdu_eac_gen_auth_data + 5, prev_car, prev_car_len, 0);
451
452
  return sc_asn1_decode(ctx, rapdu_eac_gen_auth, rdata, rdata_len, NULL, NULL);
453
}
454
#define ISO_GENERAL_AUTHENTICATE 0x86
455
#define ISO_COMMAND_CHAINING 0x10
456
static int eac_gen_auth_1_encrypted_nonce(sc_card_t *card,
457
    u8 **enc_nonce, size_t *enc_nonce_len)
458
{
459
  sc_apdu_t apdu;
460
  unsigned char *d = NULL;
461
  int r;
462
  unsigned char resp[SC_MAX_APDU_RESP_SIZE];
463
464
  r = encode_gen_auth_cdata(card->ctx, NULL, 0, NULL, 0, NULL, 0, NULL, 0, &d);
465
  if (r < 0)
466
    goto err;
467
  sc_format_apdu_ex(&apdu, 0x00, ISO_GENERAL_AUTHENTICATE, 0x00, 0x00,
468
      d, r, resp, sizeof resp);
469
  apdu.cla = ISO_COMMAND_CHAINING;
470
471
  r = sc_transmit_apdu(card, &apdu);
472
  if (r < 0)
473
    goto err;
474
475
  r = sc_check_sw(card, apdu.sw1, apdu.sw2);
476
  if (r < 0)
477
    goto err;
478
  r = decode_gen_auth_rdata(card->ctx, apdu.resp, apdu.resplen,
479
      enc_nonce, enc_nonce_len,
480
      NULL, NULL,
481
      NULL, NULL,
482
      NULL, NULL,
483
      NULL, NULL,
484
      NULL, NULL);
485
486
err:
487
  free(d);
488
489
  return r;
490
}
491
static int eac_gen_auth_2_map_nonce(sc_card_t *card,
492
    const u8 *in, size_t in_len,
493
    u8 **map_data_out, size_t *map_data_out_len)
494
{
495
  sc_apdu_t apdu;
496
  unsigned char *d = NULL;
497
  int r;
498
  unsigned char resp[SC_MAX_APDU_RESP_SIZE];
499
500
  r = encode_gen_auth_cdata(card->ctx, NULL, 0, in, in_len, NULL, 0, NULL, 0, &d);
501
  if (r < 0)
502
    goto err;
503
  sc_format_apdu_ex(&apdu, 0x00, ISO_GENERAL_AUTHENTICATE, 0x00, 0x00,
504
        d, r, resp, sizeof resp);
505
  apdu.cla = ISO_COMMAND_CHAINING;
506
507
  r = sc_transmit_apdu(card, &apdu);
508
  if (r < 0)
509
    goto err;
510
511
  r = sc_check_sw(card, apdu.sw1, apdu.sw2);
512
  if (r < 0)
513
    goto err;
514
515
  r = decode_gen_auth_rdata(card->ctx, apdu.resp, apdu.resplen,
516
      NULL, NULL,
517
      map_data_out, map_data_out_len,
518
      NULL, NULL,
519
      NULL, NULL,
520
      NULL, NULL,
521
      NULL, NULL);
522
523
err:
524
  free(d);
525
526
  return r;
527
}
528
static int eac_gen_auth_3_perform_key_agreement(sc_card_t *card,
529
    const u8 *in, size_t in_len,
530
    u8 **eph_pub_key_out, size_t *eph_pub_key_out_len)
531
{
532
  sc_apdu_t apdu;
533
  unsigned char *d = NULL;
534
  int r;
535
  unsigned char resp[SC_MAX_APDU_RESP_SIZE];
536
537
  r = encode_gen_auth_cdata(card->ctx, NULL, 0, NULL, 0, in, in_len, NULL, 0, &d);
538
  if (r < 0)
539
    goto err;
540
  sc_format_apdu_ex(&apdu, 0x00, ISO_GENERAL_AUTHENTICATE, 0x00, 0x00,
541
      d, r, resp, sizeof resp);
542
  apdu.cla = ISO_COMMAND_CHAINING;
543
544
  r = sc_transmit_apdu(card, &apdu);
545
  if (r < 0)
546
    goto err;
547
548
  r = sc_check_sw(card, apdu.sw1, apdu.sw2);
549
  if (r < 0)
550
    goto err;
551
552
  r = decode_gen_auth_rdata(card->ctx, apdu.resp, apdu.resplen,
553
      NULL, NULL,
554
      NULL, NULL,
555
      eph_pub_key_out, eph_pub_key_out_len,
556
      NULL, NULL,
557
      NULL, NULL,
558
      NULL, NULL);
559
560
err:
561
  free(d);
562
563
  return r;
564
}
565
static int eac_gen_auth_4_mutual_authentication(sc_card_t *card,
566
    const u8 *in, size_t in_len,
567
    u8 **auth_token_out, size_t *auth_token_out_len,
568
    u8 **recent_car_out, size_t *recent_car_len,
569
    u8 **prev_car_out, size_t *prev_car_len)
570
{
571
  sc_apdu_t apdu;
572
  unsigned char *d = NULL;
573
  int r;
574
  unsigned char resp[SC_MAX_APDU_RESP_SIZE];
575
576
  r = encode_gen_auth_cdata(card->ctx, NULL, 0, NULL, 0, NULL, 0, in, in_len, &d);
577
  if (r < 0)
578
    goto err;
579
  sc_format_apdu_ex(&apdu, 0x00, ISO_GENERAL_AUTHENTICATE, 0x00, 0x00,
580
      d, r, resp, sizeof resp);
581
582
  r = sc_transmit_apdu(card, &apdu);
583
  if (r < 0)
584
    goto err;
585
586
  r = sc_check_sw(card, apdu.sw1, apdu.sw2);
587
  if (r < 0)
588
    goto err;
589
590
  r = decode_gen_auth_rdata(card->ctx, apdu.resp, apdu.resplen,
591
      NULL, NULL,
592
      NULL, NULL,
593
      NULL, NULL,
594
      auth_token_out, auth_token_out_len,
595
      recent_car_out, recent_car_len,
596
      prev_car_out, prev_car_len);
597
598
err:
599
  free(d);
600
601
  return r;
602
}
603
604
static PACE_SEC *
605
get_psec(sc_card_t *card, const char *pin, size_t length_pin, enum s_type pin_id)
606
{
607
  char *p = NULL;
608
  PACE_SEC *r;
609
  char buf[EAC_MAX_MRZ_LEN > 32 ? EAC_MAX_MRZ_LEN : 32];
610
611
  if (!length_pin || !pin) {
612
    if (0 > snprintf(buf, sizeof buf, "Please enter your %s: ",
613
          eac_secret_name(pin_id))) {
614
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not create password prompt.\n");
615
      return NULL;
616
    }
617
    p = malloc(EAC_MAX_MRZ_LEN+1);
618
    if (!p) {
619
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Not enough memory for %s.\n",
620
          eac_secret_name(pin_id));
621
      return NULL;
622
    }
623
    if (0 > EVP_read_pw_string_min(p, 0, EAC_MAX_MRZ_LEN, buf, 0)) {
624
      sc_log_openssl(card->ctx);
625
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not read %s.\n",
626
          eac_secret_name(pin_id));
627
      return NULL;
628
    }
629
    length_pin = strlen(p);
630
    if (length_pin > EAC_MAX_MRZ_LEN) {
631
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "MRZ too long");
632
      return NULL;
633
    }
634
    pin = p;
635
  }
636
637
  if (pin_id != PACE_PIN && pin_id != PACE_CAN && pin_id != PACE_MRZ && pin_id != PACE_PUK)
638
    pin_id = PACE_RAW;
639
640
  r = PACE_SEC_new(pin, length_pin, pin_id);
641
642
  if (p) {
643
    OPENSSL_cleanse(p, length_pin);
644
    free(p);
645
  }
646
647
  return r;
648
}
649
650
651
int perform_pace(sc_card_t *card,
652
    struct establish_pace_channel_input pace_input,
653
    struct establish_pace_channel_output *pace_output,
654
    enum eac_tr_version tr_version)
655
{
656
  u8 *p = NULL;
657
  EAC_CTX *eac_ctx = NULL;
658
  BUF_MEM *enc_nonce = NULL, *mdata = NULL, *mdata_opp = NULL,
659
      *token_opp = NULL, *token = NULL, *pub = NULL, *pub_opp = NULL,
660
      *comp_pub = NULL, *comp_pub_opp = NULL;
661
  PACE_SEC *sec = NULL;
662
  CVC_CHAT *chat = NULL;
663
  BIO *bio_stdout = NULL;
664
  CVC_CERTIFICATE_DESCRIPTION *desc = NULL;
665
  int r;
666
  const unsigned char *pp;
667
668
  if (!card || !card->reader || !card->reader->ops || !pace_output)
669
    return SC_ERROR_INVALID_ARGUMENTS;
670
671
  /* show description in advance to give the user more time to read it...
672
   * This behaviour differs from TR-03119 v1.1 p. 44. */
673
  if (pace_input.certificate_description_length &&
674
      pace_input.certificate_description) {
675
676
    pp = pace_input.certificate_description;
677
    if (!d2i_CVC_CERTIFICATE_DESCRIPTION(&desc,
678
          &pp, pace_input.certificate_description_length)) {
679
      sc_log_openssl(card->ctx);
680
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not parse certificate description.");
681
      r = SC_ERROR_INTERNAL;
682
      goto err;
683
    }
684
685
    if (!bio_stdout) {
686
      bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
687
      if (!bio_stdout) {
688
        sc_log_openssl(card->ctx);
689
        sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not create output buffer.");
690
        r = SC_ERROR_INTERNAL;
691
        goto err;
692
      }
693
    }
694
695
    printf("Certificate Description\n");
696
    switch(certificate_description_print(bio_stdout, desc, 8)) {
697
      case 0:
698
        sc_log_openssl(card->ctx);
699
        sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not print certificate description.");
700
        r = SC_ERROR_INTERNAL;
701
        goto err;
702
        break;
703
      case 1:
704
        /* text format */
705
        break;
706
      case 2:
707
        sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Certificate description in "
708
            "HTML format can not (yet) be handled.");
709
        r = SC_ERROR_NOT_SUPPORTED;
710
        goto err;
711
        break;
712
      case 3:
713
        sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Certificate description in "
714
            "PDF format can not (yet) be handled.");
715
        r = SC_ERROR_NOT_SUPPORTED;
716
        goto err;
717
        break;
718
      default:
719
        sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Certificate description in "
720
            "unknown format can not be handled.");
721
        r = SC_ERROR_NOT_SUPPORTED;
722
        goto err;
723
        break;
724
    }
725
  }
726
727
  /* show chat in advance to give the user more time to read it...
728
   * This behaviour differs from TR-03119 v1.1 p. 44. */
729
  if (pace_input.chat_length && pace_input.chat) {
730
731
    if (!bio_stdout) {
732
      bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
733
      if (!bio_stdout) {
734
        sc_log_openssl(card->ctx);
735
        sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not create output buffer.");
736
        r = SC_ERROR_INTERNAL;
737
        goto err;
738
      }
739
    }
740
741
    pp = pace_input.chat;
742
    if (!d2i_CVC_CHAT(&chat, &pp, pace_input.chat_length)) {
743
      sc_log_openssl(card->ctx);
744
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not parse card holder authorization template (CHAT).");
745
      r = SC_ERROR_INTERNAL;
746
      goto err;
747
    }
748
749
    printf("Card holder authorization template (CHAT)\n");
750
    if (!cvc_chat_print(bio_stdout, chat, 8)) {
751
      sc_log_openssl(card->ctx);
752
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not print card holder authorization template (CHAT).");
753
      r = SC_ERROR_INTERNAL;
754
      goto err;
755
    }
756
  }
757
758
  if (card->reader->capabilities & SC_READER_CAP_PACE_GENERIC
759
      && card->reader->ops->perform_pace) {
760
    r = card->reader->ops->perform_pace(card->reader, &pace_input, pace_output);
761
    if (r < 0)
762
      goto err;
763
  } else {
764
    if (!pace_output->ef_cardaccess_length || !pace_output->ef_cardaccess) {
765
      r = get_ef_card_access(card, &pace_output->ef_cardaccess,
766
          &pace_output->ef_cardaccess_length);
767
      if (r < 0) {
768
        sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not get EF.CardAccess.");
769
        goto err;
770
      }
771
    }
772
773
    sc_debug_hex(card->ctx, SC_LOG_DEBUG_SM, "EF.CardAccess", pace_output->ef_cardaccess,
774
        pace_output->ef_cardaccess_length);
775
776
    EAC_init();
777
    eac_ctx = EAC_CTX_new();
778
    if (!eac_ctx
779
        || !EAC_CTX_init_ef_cardaccess(pace_output->ef_cardaccess,
780
          pace_output->ef_cardaccess_length, eac_ctx)
781
        || !eac_ctx->pace_ctx) {
782
      sc_log_openssl(card->ctx);
783
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not parse EF.CardAccess.");
784
      r = SC_ERROR_INTERNAL;
785
      goto err;
786
    }
787
788
    eac_ctx->tr_version = tr_version;
789
790
    r = eac_mse_set_at_pace(card, eac_ctx->pace_ctx->protocol,
791
        pace_input.pin_id, chat, &pace_output->mse_set_at_sw1,
792
        &pace_output->mse_set_at_sw2);
793
    if (r < 0) {
794
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not select protocol properties "
795
          "(MSE: Set AT failed).");
796
      goto err;
797
    }
798
799
    enc_nonce = BUF_MEM_new();
800
    if (!enc_nonce) {
801
      sc_log_openssl(card->ctx);
802
      r = SC_ERROR_OUT_OF_MEMORY;
803
      goto err;
804
    }
805
    p = (u8 *) enc_nonce->data;
806
    r = eac_gen_auth_1_encrypted_nonce(card, &p, &enc_nonce->length);
807
    enc_nonce->data = (char *) p;
808
    if (r < 0) {
809
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not get encrypted nonce from card "
810
          "(General Authenticate step 1 failed).");
811
      goto err;
812
    }
813
    sc_debug_hex(card->ctx, SC_LOG_DEBUG_SM, "Encrypted nonce from MRTD", (u8 *)enc_nonce->data, enc_nonce->length);
814
    enc_nonce->max = enc_nonce->length;
815
816
    sec = get_psec(card, (char *) pace_input.pin, pace_input.pin_length,
817
        pace_input.pin_id);
818
    if (!sec) {
819
      sc_log_openssl(card->ctx);
820
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not encode PACE secret.");
821
      r = SC_ERROR_INTERNAL;
822
      goto err;
823
    }
824
825
    if (!PACE_STEP2_dec_nonce(eac_ctx, sec, enc_nonce)) {
826
      sc_log_openssl(card->ctx);
827
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not decrypt MRTD's nonce.");
828
      r = SC_ERROR_INTERNAL;
829
      goto err;
830
    }
831
832
    mdata_opp = BUF_MEM_new();
833
    mdata = PACE_STEP3A_generate_mapping_data(eac_ctx);
834
    if (!mdata || !mdata_opp) {
835
      sc_log_openssl(card->ctx);
836
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not generate mapping data.");
837
      r = SC_ERROR_INTERNAL;
838
      goto err;
839
    }
840
    p = (u8 *) mdata_opp->data;
841
    r = eac_gen_auth_2_map_nonce(card, (u8 *) mdata->data, mdata->length,
842
        &p, &mdata_opp->length);
843
    mdata_opp->data = (char *) p;
844
    if (r < 0) {
845
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not exchange mapping data with card "
846
          "(General Authenticate step 2 failed).");
847
      goto err;
848
    }
849
    mdata_opp->max = mdata_opp->length;
850
    sc_debug_hex(card->ctx, SC_LOG_DEBUG_SM, "Mapping data from MRTD", (u8 *) mdata_opp->data, mdata_opp->length);
851
852
    if (!PACE_STEP3A_map_generator(eac_ctx, mdata_opp)) {
853
      sc_log_openssl(card->ctx);
854
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not map generator.");
855
      r = SC_ERROR_INTERNAL;
856
      goto err;
857
    }
858
859
    pub = PACE_STEP3B_generate_ephemeral_key(eac_ctx);
860
    pub_opp = BUF_MEM_new();
861
    if (!pub || !pub_opp) {
862
      sc_log_openssl(card->ctx);
863
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not generate ephemeral domain parameter or "
864
          "ephemeral key pair.");
865
      r = SC_ERROR_INTERNAL;
866
      goto err;
867
    }
868
    p = (u8 *) pub_opp->data;
869
    r = eac_gen_auth_3_perform_key_agreement(card, (u8 *) pub->data, pub->length,
870
        &p, &pub_opp->length);
871
    pub_opp->data = (char *) p;
872
    if (r < 0) {
873
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not exchange ephemeral public key with card "
874
          "(General Authenticate step 3 failed).");
875
      goto err;
876
    }
877
    pub_opp->max = pub_opp->length;
878
    sc_debug_hex(card->ctx, SC_LOG_DEBUG_SM, "Ephemeral public key from MRTD", (u8 *) pub_opp->data, pub_opp->length);
879
880
881
    if (!PACE_STEP3B_compute_shared_secret(eac_ctx, pub_opp)
882
        || !PACE_STEP3C_derive_keys(eac_ctx)) {
883
      sc_log_openssl(card->ctx);
884
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not compute ephemeral shared secret or "
885
          "derive keys for encryption and authentication.");
886
      r = SC_ERROR_INTERNAL;
887
      goto err;
888
    }
889
    token = PACE_STEP3D_compute_authentication_token(eac_ctx, pub_opp);
890
    token_opp = BUF_MEM_new();
891
    if (!token || !token_opp) {
892
      sc_log_openssl(card->ctx);
893
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not compute authentication token.");
894
      r = SC_ERROR_INTERNAL;
895
      goto err;
896
    }
897
    p = (u8 *) token_opp->data;
898
    r = eac_gen_auth_4_mutual_authentication(card, (u8 *) token->data, token->length,
899
        &p, &token_opp->length,
900
        &pace_output->recent_car, &pace_output->recent_car_length,
901
        &pace_output->previous_car, &pace_output->previous_car_length);
902
    token_opp->data = (char *) p;
903
904
    if (r < 0) {
905
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not exchange authentication token with card "
906
          "(General Authenticate step 4 failed).");
907
      goto err;
908
    }
909
    token_opp->max = token_opp->length;
910
911
    if (!PACE_STEP3D_verify_authentication_token(eac_ctx, token_opp)) {
912
      sc_log_openssl(card->ctx);
913
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not verify authentication token.");
914
      r = SC_ERROR_INTERNAL;
915
      goto err;
916
    }
917
918
    /* Initialize secure channel */
919
    if (!EAC_CTX_set_encryption_ctx(eac_ctx, EAC_ID_PACE)) {
920
      sc_log_openssl(card->ctx);
921
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not initialize encryption.");
922
      r = SC_ERROR_INTERNAL;
923
      goto err;
924
    }
925
926
    /* Identifier for ICC and PCD */
927
    comp_pub = EAC_Comp(eac_ctx, EAC_ID_PACE, pub);
928
    comp_pub_opp = EAC_Comp(eac_ctx, EAC_ID_PACE, pub_opp);
929
    if (!comp_pub || !comp_pub_opp) {
930
      sc_log_openssl(card->ctx);
931
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not compress public keys for identification.");
932
      r = SC_ERROR_INTERNAL;
933
      goto err;
934
    }
935
    if (comp_pub_opp->length == 0) {
936
      r = SC_ERROR_INTERNAL;
937
      goto err;
938
    }
939
    p = realloc(pace_output->id_icc, comp_pub_opp->length);
940
    if (!p) {
941
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Not enough memory for ID ICC.\n");
942
      r = SC_ERROR_OUT_OF_MEMORY;
943
      goto err;
944
    }
945
    pace_output->id_icc = p;
946
    pace_output->id_icc_length = comp_pub_opp->length;
947
    memcpy(pace_output->id_icc, comp_pub_opp->data, comp_pub_opp->length);
948
    sc_debug_hex(card->ctx, SC_LOG_DEBUG_SM, "ID ICC", pace_output->id_icc,
949
        pace_output->id_icc_length);
950
    if (comp_pub->length == 0) {
951
      r = SC_ERROR_INTERNAL;
952
      goto err;
953
    }
954
    p = realloc(pace_output->id_pcd, comp_pub->length);
955
    if (!p) {
956
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Not enough memory for ID PCD.\n");
957
      r = SC_ERROR_OUT_OF_MEMORY;
958
      goto err;
959
    }
960
    pace_output->id_pcd = p;
961
    pace_output->id_pcd_length = comp_pub->length;
962
    memcpy(pace_output->id_pcd, comp_pub->data, comp_pub->length);
963
    sc_debug_hex(card->ctx, SC_LOG_DEBUG_SM, "ID PCD", pace_output->id_pcd,
964
        pace_output->id_pcd_length);
965
966
    r = eac_sm_start(card, eac_ctx, pace_output->id_icc, pace_output->id_icc_length);
967
  }
968
969
err:
970
  if (enc_nonce)
971
    BUF_MEM_free(enc_nonce);
972
  if (mdata)
973
    BUF_MEM_free(mdata);
974
  if (mdata_opp)
975
    BUF_MEM_free(mdata_opp);
976
  if (token_opp)
977
    BUF_MEM_free(token_opp);
978
  if (token)
979
    BUF_MEM_free(token);
980
  if (pub)
981
    BUF_MEM_free(pub);
982
  if (pub_opp)
983
    BUF_MEM_free(pub_opp);
984
  if (comp_pub_opp)
985
    BUF_MEM_free(comp_pub_opp);
986
  if (comp_pub)
987
    BUF_MEM_free(comp_pub);
988
  PACE_SEC_clear_free(sec);
989
  if (bio_stdout)
990
    BIO_free_all(bio_stdout);
991
  if (desc)
992
    CVC_CERTIFICATE_DESCRIPTION_free(desc);
993
  if (chat)
994
    CVC_CHAT_free(chat);
995
996
  if (r < 0)
997
    EAC_CTX_clear_free(eac_ctx);
998
999
  SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_SM, r);
1000
}
1001
1002
static int eac_mse_set_at_ta(sc_card_t *card, int protocol,
1003
    const unsigned char *chr, size_t chr_len,
1004
    const unsigned char *eph_pub_key, size_t eph_pub_key_len,
1005
    const unsigned char *auxiliary_data, size_t auxiliary_data_len)
1006
{
1007
  return eac_mse_set_at(card, 0x81, protocol, chr, chr_len, NULL, 0,
1008
      eph_pub_key, eph_pub_key_len, auxiliary_data, auxiliary_data_len,
1009
      NULL, NULL, NULL);
1010
}
1011
1012
static int eac_mse_set_dst(sc_card_t *card,
1013
    const unsigned char *chr, size_t chr_len)
1014
{
1015
  return eac_mse(card, 0x81, 0xb6, 0, chr, chr_len, NULL, 0, NULL, 0, NULL,
1016
      0, NULL, NULL, NULL);
1017
}
1018
1019
static int eac_get_challenge(sc_card_t *card,
1020
    unsigned char *challenge, size_t len)
1021
{
1022
  sc_apdu_t apdu;
1023
  int r;
1024
1025
  if (!card) {
1026
    r = SC_ERROR_INVALID_ARGUMENTS;
1027
    goto err;
1028
  }
1029
1030
  sc_format_apdu_ex(&apdu, 0x00, 0x84, 0x00, 0x00, NULL, 0, challenge, len);
1031
1032
  r = sc_transmit_apdu(card, &apdu);
1033
  if (r < 0)
1034
    goto err;
1035
1036
  r = sc_check_sw(card, apdu.sw1, apdu.sw2);
1037
1038
err:
1039
  return r;
1040
}
1041
1042
static int eac_verify(sc_card_t *card,
1043
    const unsigned char *cert, size_t cert_len)
1044
{
1045
  sc_apdu_t apdu;
1046
  int r, class, tag;
1047
  long int length;
1048
1049
  memset(&apdu, 0, sizeof apdu);
1050
1051
  if (!card) {
1052
    r = SC_ERROR_INVALID_ARGUMENTS;
1053
    goto err;
1054
  }
1055
1056
  if (0x80 & ASN1_get_object(&cert, &length, &tag, &class, cert_len)) {
1057
    sc_log_openssl(card->ctx);
1058
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Error decoding Certificate");
1059
    r = SC_ERROR_INTERNAL;
1060
    goto err;
1061
  }
1062
1063
  sc_format_apdu_ex(&apdu, 0x00, 0x2A, 0x00, 0xbe, (unsigned char *) cert, length, NULL, 0);
1064
1065
  r = sc_transmit_apdu(card, &apdu);
1066
  if (r < 0)
1067
    goto err;
1068
1069
  r = sc_check_sw(card, apdu.sw1, apdu.sw2);
1070
1071
err:
1072
  return r;
1073
}
1074
1075
static int eac_external_authenticate(sc_card_t *card,
1076
    unsigned char *signature, size_t signature_len)
1077
{
1078
  int r;
1079
  sc_apdu_t apdu;
1080
  memset(&apdu, 0, sizeof apdu);
1081
1082
  if (!card) {
1083
    r = SC_ERROR_INVALID_ARGUMENTS;
1084
    goto err;
1085
  }
1086
1087
  sc_format_apdu_ex(&apdu, 0x00, 0x82, 0x00, 0x00, signature, signature_len, NULL, 0);
1088
1089
  r = sc_transmit_apdu(card, &apdu);
1090
  if (r < 0)
1091
    goto err;
1092
1093
  r = sc_check_sw(card, apdu.sw1, apdu.sw2);
1094
1095
err:
1096
  return r;
1097
}
1098
1099
static void eac_sm_clear_free_without_ctx(const struct iso_sm_ctx *ctx)
1100
{
1101
  if (ctx) {
1102
    struct eac_sm_ctx *eacsmctx = ctx->priv_data;
1103
    if (eacsmctx)
1104
      eacsmctx->ctx = NULL;
1105
    eac_sm_clear_free(ctx);
1106
  }
1107
}
1108
1109
#define TA_NONCE_LENGTH 8
1110
int perform_terminal_authentication(sc_card_t *card,
1111
    const unsigned char **certs, const size_t *certs_lens,
1112
    const unsigned char *privkey, size_t privkey_len,
1113
    const unsigned char *auxiliary_data, size_t auxiliary_data_len)
1114
{
1115
  int r;
1116
  const unsigned char *cert = NULL;
1117
  size_t cert_len = 0, ef_cardaccess_length = 0;
1118
  CVC_CERT *cvc_cert = NULL;
1119
  BUF_MEM *nonce = NULL, *signature = NULL;
1120
  struct iso_sm_ctx *isosmctx = NULL;
1121
  struct eac_sm_ctx *eacsmctx = NULL;
1122
  unsigned char *ef_cardaccess = NULL;
1123
  EAC_CTX *eac_ctx = NULL;
1124
  const unsigned char *chr = NULL;
1125
  size_t chr_len = 0;
1126
1127
  if (!card || !certs_lens || !certs) {
1128
    r = SC_ERROR_INVALID_ARGUMENTS;
1129
    goto err;
1130
  }
1131
  if (!card->sm_ctx.info.cmd_data) {
1132
    card->sm_ctx.info.cmd_data = iso_sm_ctx_create();
1133
    card->sm_ctx.ops.close = iso_sm_close;
1134
  }
1135
  if (!card->sm_ctx.info.cmd_data) {
1136
    r = SC_ERROR_INTERNAL;
1137
    goto err;
1138
  }
1139
1140
  isosmctx = card->sm_ctx.info.cmd_data;
1141
  if (!isosmctx->priv_data) {
1142
    r = get_ef_card_access(card, &ef_cardaccess, &ef_cardaccess_length);
1143
    if (r < 0) {
1144
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not get EF.CardAccess.");
1145
      goto err;
1146
    }
1147
1148
    sc_debug_hex(card->ctx, SC_LOG_DEBUG_SM, "EF.CardAccess", ef_cardaccess,
1149
        ef_cardaccess_length);
1150
1151
    EAC_init();
1152
    eac_ctx = EAC_CTX_new();
1153
    if (!eac_ctx
1154
        || !EAC_CTX_init_ef_cardaccess(ef_cardaccess,
1155
          ef_cardaccess_length, eac_ctx)) {
1156
      sc_log_openssl(card->ctx);
1157
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not parse EF.CardAccess.");
1158
      r = SC_ERROR_INTERNAL;
1159
      goto err;
1160
    }
1161
1162
    isosmctx->priv_data = eac_sm_ctx_create(eac_ctx, NULL, 0);
1163
    if (!isosmctx->priv_data) {
1164
      r = SC_ERROR_INTERNAL;
1165
      goto err;
1166
    }
1167
    /* when iso_sm_ctx_clear_free is called, we want everything to be freed
1168
     * except the EAC_CTX, because it is needed for performing SM *after*
1169
     * iso_sm_start was called. */
1170
    isosmctx->clear_free = eac_sm_clear_free_without_ctx;
1171
    eac_ctx = NULL;
1172
  }
1173
  eacsmctx = isosmctx->priv_data;
1174
1175
1176
  while (*certs && *certs_lens) {
1177
    cert = *certs;
1178
    cert_len = *certs_lens;
1179
    if (!CVC_d2i_CVC_CERT(&cvc_cert, &cert, cert_len) || !cvc_cert
1180
        || !cvc_cert->body || !cvc_cert->body->certificate_authority_reference
1181
        || !cvc_cert->body->certificate_holder_reference) {
1182
      sc_log_openssl(card->ctx);
1183
      r = SC_ERROR_INVALID_DATA;
1184
      goto err;
1185
    }
1186
    cert = *certs;
1187
1188
    r = eac_mse_set_dst(card,
1189
        cvc_cert->body->certificate_authority_reference->data,
1190
        cvc_cert->body->certificate_authority_reference->length);
1191
    if (r < 0) {
1192
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not select protocol properties "
1193
          "(MSE: Set AT failed).");
1194
      goto err;
1195
    }
1196
1197
    r = eac_verify(card, cert, cert_len);
1198
    if (r < 0)
1199
      goto err;
1200
1201
    chr = cvc_cert->body->certificate_holder_reference->data;
1202
    chr_len = cvc_cert->body->certificate_holder_reference->length;
1203
1204
    certs++;
1205
    certs_lens++;
1206
  }
1207
1208
1209
  if (!EAC_CTX_init_ta(eacsmctx->ctx, privkey, privkey_len, cert, cert_len)) {
1210
    sc_log_openssl(card->ctx);
1211
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not initialize TA.");
1212
    r = SC_ERROR_INTERNAL;
1213
    goto err;
1214
  }
1215
1216
1217
  if (eacsmctx->eph_pub_key)
1218
    BUF_MEM_free(eacsmctx->eph_pub_key);
1219
  eacsmctx->eph_pub_key = TA_STEP3_generate_ephemeral_key(eacsmctx->ctx);
1220
  if (!eacsmctx->eph_pub_key) {
1221
    sc_log_openssl(card->ctx);
1222
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not generate CA ephemeral key.");
1223
    r = SC_ERROR_INTERNAL;
1224
    goto err;
1225
  }
1226
1227
1228
  r = eac_mse_set_at_ta(card, eacsmctx->ctx->ta_ctx->protocol, chr, chr_len,
1229
      (unsigned char *) eacsmctx->eph_pub_key->data, eacsmctx->eph_pub_key->length,
1230
      auxiliary_data, auxiliary_data_len);
1231
  if (r < 0) {
1232
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not select protocol properties "
1233
        "(MSE: Set AT failed).");
1234
    goto err;
1235
  }
1236
1237
  nonce = BUF_MEM_create(TA_NONCE_LENGTH);
1238
  if (!nonce) {
1239
    sc_log_openssl(card->ctx);
1240
    r = SC_ERROR_INTERNAL;
1241
    goto err;
1242
  }
1243
  r = eac_get_challenge(card, (unsigned char *) nonce->data, nonce->length);
1244
  if (r < 0) {
1245
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not get nonce for TA.");
1246
    goto err;
1247
  }
1248
  if (!TA_STEP4_set_nonce(eacsmctx->ctx, nonce)) {
1249
    sc_log_openssl(card->ctx);
1250
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not set nonce for TA.");
1251
    r = SC_ERROR_INTERNAL;
1252
    goto err;
1253
  }
1254
1255
  if (eacsmctx->auxiliary_data)
1256
    BUF_MEM_free(eacsmctx->auxiliary_data);
1257
  eacsmctx->auxiliary_data = BUF_MEM_create_init(auxiliary_data,
1258
      auxiliary_data_len);
1259
  if (!eacsmctx->id_icc)
1260
    eacsmctx->id_icc = BUF_MEM_new();
1261
  signature = TA_STEP5_sign(eacsmctx->ctx, eacsmctx->eph_pub_key,
1262
      eacsmctx->id_icc, eacsmctx->auxiliary_data);
1263
  if (!signature) {
1264
    sc_log_openssl(card->ctx);
1265
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not generate signature.");
1266
    r = SC_ERROR_INTERNAL;
1267
    goto err;
1268
  }
1269
  r = eac_external_authenticate(card, (unsigned char *) signature->data,
1270
      signature->length);
1271
1272
err:
1273
  if (cvc_cert)
1274
    CVC_CERT_free(cvc_cert);
1275
  free(ef_cardaccess);
1276
  EAC_CTX_clear_free(eac_ctx);
1277
  BUF_MEM_clear_free(nonce);
1278
  BUF_MEM_clear_free(signature);
1279
1280
  if (card)
1281
    SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_SM, r);
1282
  else
1283
    return r;
1284
}
1285
1286
static int eac_mse_set_at_ca(sc_card_t *card, int protocol)
1287
{
1288
  return eac_mse_set_at(card, 0x41, protocol, NULL, 0, NULL, 0, NULL, 0,
1289
      NULL, 0, NULL, NULL, NULL);
1290
}
1291
1292
static int decode_gen_auth_ca_rdata(struct sc_context *ctx,
1293
    const unsigned char *rdata, size_t rdata_len,
1294
    unsigned char **nonce, size_t *enc_nonce_len,
1295
    unsigned char **auth_token, size_t *auth_token_len)
1296
{
1297
  struct sc_asn1_entry rapdu_eac_gen_auth_ca_data[] = {
1298
    { "Nonce",
1299
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x01, SC_ASN1_OPTIONAL|SC_ASN1_ALLOC, NULL, NULL },
1300
    { "Authentication Token",
1301
      SC_ASN1_OCTET_STRING, SC_ASN1_CTX|0x02, SC_ASN1_OPTIONAL|SC_ASN1_ALLOC, NULL, NULL },
1302
    { NULL , 0 , 0 , 0 , NULL , NULL }
1303
  };
1304
1305
  struct sc_asn1_entry rapdu_eac_gen_auth_ca[] = {
1306
    { "Dynamic Authentication Data", SC_ASN1_STRUCT, SC_ASN1_APP|SC_ASN1_CONS|0x1c, 0, NULL, NULL },
1307
    { NULL , 0 , 0 , 0 , NULL , NULL }
1308
  };
1309
1310
    sc_format_asn1_entry(rapdu_eac_gen_auth_ca + 0, rapdu_eac_gen_auth_ca_data, &rapdu_eac_gen_auth_ca_data, 1);
1311
1312
  sc_format_asn1_entry(rapdu_eac_gen_auth_ca_data + 0, nonce, enc_nonce_len, 0);
1313
  sc_format_asn1_entry(rapdu_eac_gen_auth_ca_data + 1, auth_token, auth_token_len, 0);
1314
1315
  return sc_asn1_decode(ctx, rapdu_eac_gen_auth_ca, rdata, rdata_len, NULL, NULL);
1316
}
1317
static int eac_gen_auth_ca(sc_card_t *card, const BUF_MEM *eph_pub_key,
1318
    BUF_MEM **nonce, BUF_MEM **token)
1319
{
1320
  sc_apdu_t apdu;
1321
  unsigned char *d = NULL, *p, *q;
1322
  int r;
1323
  unsigned char resp[SC_MAX_APDU_RESP_SIZE];
1324
  BUF_MEM *nonce_out = NULL, *token_out = NULL;
1325
1326
  if (!eph_pub_key) {
1327
    r = SC_ERROR_INVALID_ARGUMENTS;
1328
    goto err;
1329
  }
1330
1331
  r = encode_gen_auth_cdata(card->ctx, (unsigned char *) eph_pub_key->data, eph_pub_key->length, NULL, 0, NULL, 0, NULL, 0, &d);
1332
  if (r < 0)
1333
    goto err;
1334
  sc_format_apdu_ex(&apdu, 0x00, ISO_GENERAL_AUTHENTICATE, 0, 0, d, r, resp, sizeof resp);
1335
1336
  r = sc_transmit_apdu(card, &apdu);
1337
  if (r < 0)
1338
    goto err;
1339
1340
  r = sc_check_sw(card, apdu.sw1, apdu.sw2);
1341
  if (r < 0)
1342
    goto err;
1343
1344
  nonce_out = BUF_MEM_new();
1345
  token_out = BUF_MEM_new();
1346
  if (!nonce_out || !token_out) {
1347
    r = SC_ERROR_NOT_ENOUGH_MEMORY;
1348
    goto err;
1349
  }
1350
1351
  p = (u8 *) nonce_out->data;
1352
  q = (u8 *) token_out->data;
1353
  r = decode_gen_auth_ca_rdata(card->ctx, apdu.resp, apdu.resplen,
1354
      &p, &nonce_out->length,
1355
      &q, &token_out->length);
1356
  nonce_out->data = (char *) p;
1357
  token_out->data = (char *) q;
1358
  if (r < 0)
1359
    goto err;
1360
1361
  if (*nonce)
1362
    BUF_MEM_free(*nonce);
1363
  if (*token)
1364
    BUF_MEM_free(*token);
1365
  *nonce = nonce_out;
1366
  *token = token_out;
1367
  nonce_out = NULL;
1368
  token_out = NULL;
1369
1370
err:
1371
  BUF_MEM_free(nonce_out);
1372
  BUF_MEM_free(token_out);
1373
  free(d);
1374
1375
  return r;
1376
}
1377
1378
static int get_ef_card_security(sc_card_t *card,
1379
    u8 **ef_security, size_t *length_ef_security)
1380
{
1381
  return iso7816_read_binary_sfid(card, SFID_EF_CARDSECURITY, ef_security, length_ef_security);
1382
}
1383
1384
int perform_chip_authentication(sc_card_t *card,
1385
    unsigned char **ef_cardsecurity, size_t *ef_cardsecurity_len)
1386
{
1387
  int r;
1388
  BUF_MEM *picc_pubkey = NULL;
1389
  struct iso_sm_ctx *isosmctx;
1390
  struct eac_sm_ctx *eacsmctx;
1391
1392
  if (!card || !ef_cardsecurity || !ef_cardsecurity_len) {
1393
    r = SC_ERROR_INVALID_ARGUMENTS;
1394
    goto err;
1395
  }
1396
  isosmctx = card->sm_ctx.info.cmd_data;
1397
  if (!isosmctx->priv_data) {
1398
    r = SC_ERROR_INVALID_ARGUMENTS;
1399
    goto err;
1400
  }
1401
  eacsmctx = isosmctx->priv_data;
1402
1403
  /* Passive Authentication */
1404
  if (!*ef_cardsecurity && !*ef_cardsecurity_len) {
1405
    r = get_ef_card_security(card, ef_cardsecurity, ef_cardsecurity_len);
1406
    if (r < 0 || !ef_cardsecurity || !ef_cardsecurity_len) {
1407
      sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not get EF.CardSecurity.");
1408
      goto err;
1409
    }
1410
  }
1411
  picc_pubkey = CA_get_pubkey(eacsmctx->ctx, *ef_cardsecurity, *ef_cardsecurity_len);
1412
  if (!picc_pubkey) {
1413
    sc_log_openssl(card->ctx);
1414
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not verify EF.CardSecurity.");
1415
    r = SC_ERROR_INTERNAL;
1416
    goto err;
1417
  }
1418
1419
  r = perform_chip_authentication_ex(card, eacsmctx->ctx,
1420
      (unsigned char *) picc_pubkey->data, picc_pubkey->length);
1421
1422
err:
1423
  BUF_MEM_clear_free(picc_pubkey);
1424
1425
  if (card)
1426
    SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_SM, r);
1427
  else
1428
    return r;
1429
}
1430
1431
int perform_chip_authentication_ex(sc_card_t *card, void *eac_ctx,
1432
    unsigned char *picc_pubkey, size_t picc_pubkey_len)
1433
{
1434
  int r;
1435
  BUF_MEM *picc_pubkey_buf = NULL, *nonce = NULL, *token = NULL,
1436
      *eph_pub_key = NULL;
1437
  EAC_CTX *ctx = eac_ctx;
1438
1439
  if (!card || !ctx) {
1440
    r = SC_ERROR_INVALID_ARGUMENTS;
1441
    goto err;
1442
  }
1443
1444
1445
  picc_pubkey_buf = BUF_MEM_create_init(picc_pubkey, picc_pubkey_len);
1446
  if (!picc_pubkey_buf) {
1447
    sc_log_openssl(card->ctx);
1448
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not verify EF.CardSecurity.");
1449
    r = SC_ERROR_INTERNAL;
1450
    goto err;
1451
  }
1452
1453
1454
  r = eac_mse_set_at_ca(card, ctx->ca_ctx->protocol);
1455
  if (r < 0) {
1456
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not select protocol properties "
1457
        "(MSE: Set AT failed).");
1458
    goto err;
1459
  }
1460
1461
1462
  eph_pub_key = CA_STEP2_get_eph_pubkey(ctx);
1463
  if (!eph_pub_key) {
1464
    sc_log_openssl(card->ctx);
1465
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not derive keys.");
1466
    r = SC_ERROR_INTERNAL;
1467
    goto err;
1468
  }
1469
  r = eac_gen_auth_ca(card, eph_pub_key, &nonce, &token);
1470
  if (r < 0) {
1471
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "(General Authenticate failed).");
1472
    goto err;
1473
  }
1474
1475
1476
  if (!CA_STEP4_compute_shared_secret(ctx, picc_pubkey_buf)) {
1477
    sc_log_openssl(card->ctx);
1478
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not compute shared secret.");
1479
    r = SC_ERROR_INTERNAL;
1480
    goto err;
1481
  }
1482
1483
1484
  if (!CA_STEP6_derive_keys(ctx, nonce, token)) {
1485
    sc_log_openssl(card->ctx);
1486
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not derive keys.");
1487
    r = SC_ERROR_INTERNAL;
1488
    goto err;
1489
  }
1490
1491
1492
  /* Initialize secure channel */
1493
  if (!EAC_CTX_set_encryption_ctx(ctx, EAC_ID_CA)) {
1494
    sc_log_openssl(card->ctx);
1495
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not initialize encryption.");
1496
    r = SC_ERROR_INTERNAL;
1497
    goto err;
1498
  }
1499
1500
  if (card->sm_ctx.sm_mode != SM_MODE_TRANSMIT) {
1501
    r = eac_sm_start(card, ctx, NULL, 0);
1502
  }
1503
1504
err:
1505
  BUF_MEM_clear_free(picc_pubkey_buf);
1506
  BUF_MEM_clear_free(nonce);
1507
  BUF_MEM_clear_free(token);
1508
  BUF_MEM_clear_free(eph_pub_key);
1509
1510
  if (card)
1511
    SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_SM, r);
1512
  else
1513
    return r;
1514
}
1515
1516
static int
1517
increment_ssc(struct eac_sm_ctx *eacsmctx)
1518
{
1519
  if (!eacsmctx)
1520
    return SC_ERROR_INVALID_ARGUMENTS;
1521
1522
  if (!EAC_increment_ssc(eacsmctx->ctx))
1523
    return SC_ERROR_INTERNAL;
1524
1525
  return SC_SUCCESS;
1526
}
1527
1528
static int
1529
eac_sm_encrypt(sc_card_t *card, const struct iso_sm_ctx *ctx,
1530
    const u8 *data, size_t datalen, u8 **enc)
1531
{
1532
  BUF_MEM *encbuf = NULL, *databuf = NULL;
1533
  u8 *p = NULL;
1534
  int r;
1535
  struct eac_sm_ctx *eacsmctx;
1536
1537
  if (!card || !ctx || !enc || !ctx->priv_data) {
1538
    r = SC_ERROR_INVALID_ARGUMENTS;
1539
    goto err;
1540
  }
1541
  eacsmctx = ctx->priv_data;
1542
1543
  databuf = BUF_MEM_create_init(data, datalen);
1544
  encbuf = EAC_encrypt(eacsmctx->ctx, databuf);
1545
  if (!databuf || !encbuf || !encbuf->length) {
1546
    sc_log_openssl(card->ctx);
1547
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not encrypt data.");
1548
    r = SC_ERROR_INTERNAL;
1549
    goto err;
1550
  }
1551
1552
  p = realloc(*enc, encbuf->length);
1553
  if (!p) {
1554
    r = SC_ERROR_OUT_OF_MEMORY;
1555
    goto err;
1556
  }
1557
  *enc = p;
1558
  memcpy(*enc, encbuf->data, encbuf->length);
1559
  r = (int)encbuf->length;
1560
1561
err:
1562
  BUF_MEM_clear_free(databuf);
1563
  if (encbuf)
1564
    BUF_MEM_free(encbuf);
1565
1566
  return r;
1567
}
1568
1569
static int
1570
eac_sm_decrypt(sc_card_t *card, const struct iso_sm_ctx *ctx,
1571
    const u8 *enc, size_t enclen, u8 **data)
1572
{
1573
  BUF_MEM *encbuf = NULL, *databuf = NULL;
1574
  u8 *p = NULL;
1575
  int r;
1576
  struct eac_sm_ctx *eacsmctx;
1577
1578
  if (!card || !ctx || !enc || !ctx->priv_data || !data) {
1579
    r = SC_ERROR_INVALID_ARGUMENTS;
1580
    goto err;
1581
  }
1582
  eacsmctx = ctx->priv_data;
1583
1584
  encbuf = BUF_MEM_create_init(enc, enclen);
1585
  databuf = EAC_decrypt(eacsmctx->ctx, encbuf);
1586
  if (!encbuf || !databuf || !databuf->length) {
1587
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not decrypt data.");
1588
    sc_log_openssl(card->ctx);
1589
    r = SC_ERROR_INTERNAL;
1590
    goto err;
1591
  }
1592
1593
  p = realloc(*data, databuf->length);
1594
  if (!p) {
1595
    r = SC_ERROR_OUT_OF_MEMORY;
1596
    goto err;
1597
  }
1598
  *data = p;
1599
  memcpy(*data, databuf->data, databuf->length);
1600
  r = (int)databuf->length;
1601
1602
err:
1603
  BUF_MEM_clear_free(databuf);
1604
  if (encbuf)
1605
    BUF_MEM_free(encbuf);
1606
1607
  return r;
1608
}
1609
1610
static int
1611
eac_sm_authenticate(sc_card_t *card, const struct iso_sm_ctx *ctx,
1612
    const u8 *data, size_t datalen, u8 **macdata)
1613
{
1614
  BUF_MEM *inbuf = NULL, *macbuf = NULL;
1615
  u8 *p = NULL;
1616
  int r;
1617
  struct eac_sm_ctx *eacsmctx;
1618
1619
  if (!card || !ctx || !ctx->priv_data || !macdata) {
1620
    r = SC_ERROR_INVALID_ARGUMENTS;
1621
    goto err;
1622
  }
1623
  eacsmctx = ctx->priv_data;
1624
1625
  inbuf = BUF_MEM_create_init(data, datalen);
1626
  if (!inbuf) {
1627
    r = SC_ERROR_OUT_OF_MEMORY;
1628
    goto err;
1629
  }
1630
1631
  macbuf = EAC_authenticate(eacsmctx->ctx, inbuf);
1632
  if (!macbuf || !macbuf->length) {
1633
    sc_log_openssl(card->ctx);
1634
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE,
1635
        "Could not compute message authentication code (MAC).");
1636
    r = SC_ERROR_INTERNAL;
1637
    goto err;
1638
  }
1639
1640
  p = realloc(*macdata, macbuf->length);
1641
  if (!p) {
1642
    r = SC_ERROR_OUT_OF_MEMORY;
1643
    goto err;
1644
  }
1645
  *macdata = p;
1646
  memcpy(*macdata, macbuf->data, macbuf->length);
1647
  r = (int)macbuf->length;
1648
1649
err:
1650
  if (inbuf)
1651
    BUF_MEM_free(inbuf);
1652
  if (macbuf)
1653
    BUF_MEM_free(macbuf);
1654
1655
  return r;
1656
}
1657
1658
static int
1659
eac_sm_verify_authentication(sc_card_t *card, const struct iso_sm_ctx *ctx,
1660
    const u8 *mac, size_t maclen,
1661
    const u8 *macdata, size_t macdatalen)
1662
{
1663
  int r;
1664
  BUF_MEM *inbuf = NULL, *my_mac = NULL;
1665
  struct eac_sm_ctx *eacsmctx;
1666
1667
  if (!card || !ctx || !ctx->priv_data) {
1668
    r = SC_ERROR_INVALID_ARGUMENTS;
1669
    goto err;
1670
  }
1671
  eacsmctx = ctx->priv_data;
1672
1673
  inbuf = BUF_MEM_create_init(macdata, macdatalen);
1674
  if (!inbuf) {
1675
    r = SC_ERROR_OUT_OF_MEMORY;
1676
    goto err;
1677
  }
1678
1679
  my_mac = EAC_authenticate(eacsmctx->ctx, inbuf);
1680
  if (!my_mac) {
1681
    sc_log_openssl(card->ctx);
1682
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE,
1683
        "Could not compute message authentication code (MAC) for verification.");
1684
    r = SC_ERROR_INTERNAL;
1685
    goto err;
1686
  }
1687
1688
  if (my_mac->length != maclen ||
1689
      memcmp(my_mac->data, mac, maclen) != 0) {
1690
    r = SC_ERROR_OBJECT_NOT_VALID;
1691
    sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE,
1692
        "Authentication data not verified");
1693
    goto err;
1694
  }
1695
1696
  sc_debug(card->ctx, SC_LOG_DEBUG_SM, "Authentication data verified");
1697
1698
  r = SC_SUCCESS;
1699
1700
err:
1701
  if (inbuf)
1702
    BUF_MEM_free(inbuf);
1703
  if (my_mac)
1704
    BUF_MEM_free(my_mac);
1705
1706
  return r;
1707
}
1708
1709
static int
1710
eac_sm_pre_transmit(sc_card_t *card, const struct iso_sm_ctx *ctx,
1711
    sc_apdu_t *apdu)
1712
{
1713
  int r;
1714
  CVC_CERT *cvc_cert = NULL;
1715
  unsigned char *cert = NULL;
1716
  BUF_MEM *signature = NULL;
1717
  unsigned char *sequence = NULL;
1718
1719
  if (!card)
1720
     return SC_ERROR_INVALID_ARGUMENTS;
1721
  if(!ctx || !apdu || !ctx->priv_data) {
1722
    r = SC_ERROR_INVALID_ARGUMENTS;
1723
    goto err;
1724
  }
1725
1726
  r = increment_ssc(ctx->priv_data);
1727
1728
err:
1729
  if (cvc_cert)
1730
    CVC_CERT_free(cvc_cert);
1731
  if (signature)
1732
    BUF_MEM_free(signature);
1733
  if (cert)
1734
    OPENSSL_free(cert);
1735
  if (sequence)
1736
    OPENSSL_free(sequence);
1737
1738
  SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_SM, r);
1739
}
1740
1741
static int
1742
eac_sm_post_transmit(sc_card_t *card, const struct iso_sm_ctx *ctx,
1743
    sc_apdu_t *sm_apdu)
1744
{
1745
  SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_SM,
1746
      increment_ssc(ctx->priv_data));
1747
}
1748
1749
static int
1750
eac_sm_finish(sc_card_t *card, const struct iso_sm_ctx *ctx,
1751
    sc_apdu_t *apdu)
1752
{
1753
  if (!card)
1754
     return SC_ERROR_INVALID_ARGUMENTS;
1755
  if(!ctx || !ctx->priv_data || !apdu)
1756
    SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_SM,
1757
        SC_ERROR_INVALID_ARGUMENTS);
1758
1759
  SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_SM,  SC_SUCCESS);
1760
}
1761
1762
static void
1763
eac_sm_clear_free(const struct iso_sm_ctx *ctx)
1764
{
1765
  if (ctx) {
1766
    struct eac_sm_ctx *eacsmctx = ctx->priv_data;
1767
    if (eacsmctx) {
1768
      EAC_CTX_clear_free(eacsmctx->ctx);
1769
      if (eacsmctx->id_icc)
1770
        BUF_MEM_free(eacsmctx->id_icc);
1771
      if (eacsmctx->eph_pub_key)
1772
        BUF_MEM_free(eacsmctx->eph_pub_key);
1773
      if (eacsmctx->auxiliary_data)
1774
        BUF_MEM_free(eacsmctx->auxiliary_data);
1775
      free(eacsmctx);
1776
    }
1777
  }
1778
}
1779
1780
#else
1781
1782
int perform_pace(sc_card_t *card,
1783
    struct establish_pace_channel_input pace_input,
1784
    struct establish_pace_channel_output *pace_output,
1785
    enum eac_tr_version tr_version)
1786
0
{
1787
0
  int r;
1788
1789
0
  if (!card)
1790
0
     return SC_ERROR_INVALID_ARGUMENTS;
1791
1792
0
  if (card->reader
1793
0
      && card->reader->capabilities & SC_READER_CAP_PACE_GENERIC
1794
0
      && card->reader->ops->perform_pace) {
1795
0
    r = card->reader->ops->perform_pace(card->reader, &pace_input, pace_output);
1796
0
  } else {
1797
0
    r = SC_ERROR_NOT_SUPPORTED;
1798
0
  }
1799
1800
0
  SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_SM, r);
1801
0
}
1802
1803
int perform_terminal_authentication(sc_card_t *card,
1804
    const unsigned char **certs, const size_t *certs_lens,
1805
    const unsigned char *privkey, size_t privkey_len,
1806
    const unsigned char *auxiliary_data, size_t auxiliary_data_len)
1807
0
{
1808
0
  SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_SM, SC_ERROR_NOT_SUPPORTED);
1809
0
}
1810
1811
int perform_chip_authentication(sc_card_t *card,
1812
    unsigned char **ef_cardsecurity, size_t *ef_cardsecurity_len)
1813
0
{
1814
0
  SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_SM, SC_ERROR_NOT_SUPPORTED);
1815
0
}
1816
1817
int perform_chip_authentication_ex(sc_card_t *card, void *eac_ctx,
1818
    unsigned char *picc_pubkey, size_t picc_pubkey_len)
1819
0
{
1820
0
  SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_SM, SC_ERROR_NOT_SUPPORTED);
1821
0
}
1822
1823
#endif
1824
1825
static const char *MRZ_name = "MRZ";
1826
static const char *PIN_name = "eID PIN";
1827
static const char *PUK_name = "PUK";
1828
static const char *CAN_name = "CAN";
1829
static const char *UNDEF_name = "UNDEF";
1830
0
const char *eac_secret_name(enum s_type pin_id) {
1831
0
  switch (pin_id) {
1832
0
    case PACE_MRZ:
1833
0
      return MRZ_name;
1834
0
    case PACE_PUK:
1835
0
      return PUK_name;
1836
0
    case PACE_PIN:
1837
0
      return PIN_name;
1838
0
    case PACE_CAN:
1839
0
      return CAN_name;
1840
0
    default:
1841
0
      return UNDEF_name;
1842
0
  }
1843
0
}
1844
1845
int eac_pace_get_tries_left(sc_card_t *card,
1846
    enum s_type pin_id, int *tries_left)
1847
0
{
1848
0
  int r;
1849
0
  u8 sw1, sw2;
1850
1851
0
  if (tries_left) {
1852
#if defined(ENABLE_OPENPACE) && defined(ENABLE_SM)
1853
    r = eac_mse_set_at_pace(card, 0, pin_id, 0, &sw1, &sw2);
1854
#else
1855
0
    sc_apdu_t apdu;
1856
0
    sc_format_apdu_ex(&apdu, 0x00, ISO_MSE, 0xC1, 0xA4, NULL, 0, NULL, 0);
1857
0
    r = sc_transmit_apdu(card, &apdu);
1858
0
    sw1 = apdu.sw1;
1859
0
    sw2 = apdu.sw2;
1860
0
#endif
1861
1862
0
    if (r > 0 && (sw1 == 0x63) && ((sw2 & 0xc0) == 0xc0)) {
1863
0
      *tries_left = sw2 & 0x0f;
1864
0
    } else {
1865
0
      *tries_left = -1;
1866
0
    }
1867
0
  } else {
1868
0
    r = SC_ERROR_INVALID_ARGUMENTS;
1869
0
  }
1870
1871
0
  return r;
1872
0
}