Improve code and fix sign bugs (#1306)
1. In epass2003_set_security_env, remove unused code, add condition check of ec and rsa 2. Line 1709 - add return check of hash_data 3. In epass2003_decipher API, the old sign using apdu.le = 256, now add condition check of rsa 4. Line 2731-2734 - After login successful, need get session status, adjust code, improve condition check of data->cmd.
This commit is contained in:
parent
54097c0fc0
commit
7b249084d8
|
@ -1582,20 +1582,9 @@ epass2003_set_security_env(struct sc_card *card, const sc_security_env_t * env,
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
|
||||||
exdata = (epass2003_exdata *)card->drv_data;
|
exdata = (epass2003_exdata *)card->drv_data;
|
||||||
exdata->currAlg = SC_ALGORITHM_RSA; //default algorithm
|
|
||||||
|
|
||||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, 0);
|
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, 0);
|
||||||
switch (env->operation) {
|
|
||||||
case SC_SEC_OPERATION_DECIPHER:
|
|
||||||
apdu.p2 = 0xB8;
|
|
||||||
break;
|
|
||||||
case SC_SEC_OPERATION_SIGN:
|
|
||||||
apdu.p2 = 0xB8;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
|
||||||
}
|
|
||||||
|
|
||||||
p = sbuf;
|
p = sbuf;
|
||||||
*p++ = 0x80; /* algorithm reference */
|
*p++ = 0x80; /* algorithm reference */
|
||||||
*p++ = 0x01;
|
*p++ = 0x01;
|
||||||
|
@ -1633,6 +1622,16 @@ epass2003_set_security_env(struct sc_card *card, const sc_security_env_t * env,
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else if(env->algorithm == SC_ALGORITHM_RSA)
|
||||||
|
{
|
||||||
|
exdata->currAlg = SC_ALGORITHM_RSA;
|
||||||
|
apdu.p2 = 0xB8;
|
||||||
|
sc_log(card->ctx, "setenv RSA Algorithm alg_flags = %0x\n",env->algorithm_flags);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
sc_log(card->ctx, "%0x Alg Not Support! ", env->algorithm);
|
||||||
|
}
|
||||||
|
|
||||||
if (se_num > 0) {
|
if (se_num > 0) {
|
||||||
r = sc_lock(card);
|
r = sc_lock(card);
|
||||||
|
@ -1697,7 +1696,8 @@ static int epass2003_decipher(struct sc_card *card, const u8 * data, size_t data
|
||||||
{
|
{
|
||||||
if(exdata->ecAlgFlags | SC_ALGORITHM_ECDSA_HASH_SHA1)
|
if(exdata->ecAlgFlags | SC_ALGORITHM_ECDSA_HASH_SHA1)
|
||||||
{
|
{
|
||||||
hash_data(data, datalen, sbuf, SC_ALGORITHM_ECDSA_HASH_SHA1);
|
r = hash_data(data, datalen, sbuf, SC_ALGORITHM_ECDSA_HASH_SHA1);
|
||||||
|
LOG_TEST_RET(card->ctx, r, "hash_data failed");
|
||||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_3,0x2A, 0x9E, 0x9A);
|
sc_format_apdu(card, &apdu, SC_APDU_CASE_3,0x2A, 0x9E, 0x9A);
|
||||||
apdu.data = sbuf;
|
apdu.data = sbuf;
|
||||||
apdu.lc = 0x14;
|
apdu.lc = 0x14;
|
||||||
|
@ -1705,7 +1705,8 @@ static int epass2003_decipher(struct sc_card *card, const u8 * data, size_t data
|
||||||
}
|
}
|
||||||
else if (exdata->ecAlgFlags | SC_ALGORITHM_ECDSA_HASH_SHA256)
|
else if (exdata->ecAlgFlags | SC_ALGORITHM_ECDSA_HASH_SHA256)
|
||||||
{
|
{
|
||||||
hash_data(data, datalen, sbuf, SC_ALGORITHM_ECDSA_HASH_SHA256);
|
r = hash_data(data, datalen, sbuf, SC_ALGORITHM_ECDSA_HASH_SHA256);
|
||||||
|
LOG_TEST_RET(card->ctx, r, "hash_data failed");
|
||||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_3,0x2A, 0x9E, 0x9A);
|
sc_format_apdu(card, &apdu, SC_APDU_CASE_3,0x2A, 0x9E, 0x9A);
|
||||||
apdu.data = sbuf;
|
apdu.data = sbuf;
|
||||||
apdu.lc = 0x20;
|
apdu.lc = 0x20;
|
||||||
|
@ -1728,15 +1729,30 @@ static int epass2003_decipher(struct sc_card *card, const u8 * data, size_t data
|
||||||
}
|
}
|
||||||
LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
|
LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
|
||||||
}
|
}
|
||||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_4_EXT, 0x2A, 0x80, 0x86);
|
else if(exdata->currAlg == SC_ALGORITHM_RSA)
|
||||||
apdu.resp = rbuf;
|
{
|
||||||
apdu.resplen = sizeof(rbuf);
|
sc_format_apdu(card, &apdu, SC_APDU_CASE_4_EXT, 0x2A, 0x80, 0x86);
|
||||||
apdu.le = 256;
|
apdu.resp = rbuf;
|
||||||
|
apdu.resplen = sizeof(rbuf);
|
||||||
|
apdu.le = 0;
|
||||||
|
|
||||||
memcpy(sbuf, data, datalen);
|
memcpy(sbuf, data, datalen);
|
||||||
apdu.data = sbuf;
|
apdu.data = sbuf;
|
||||||
apdu.lc = datalen;
|
apdu.lc = datalen;
|
||||||
apdu.datalen = datalen;
|
apdu.datalen = datalen;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
sc_format_apdu(card, &apdu, SC_APDU_CASE_4_EXT, 0x2A, 0x80, 0x86);
|
||||||
|
apdu.resp = rbuf;
|
||||||
|
apdu.resplen = sizeof(rbuf);
|
||||||
|
apdu.le = 256;
|
||||||
|
|
||||||
|
memcpy(sbuf, data, datalen);
|
||||||
|
apdu.data = sbuf;
|
||||||
|
apdu.lc = datalen;
|
||||||
|
apdu.datalen = datalen;
|
||||||
|
}
|
||||||
|
|
||||||
r = sc_transmit_apdu_t(card, &apdu);
|
r = sc_transmit_apdu_t(card, &apdu);
|
||||||
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
|
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
|
||||||
|
@ -2680,15 +2696,19 @@ epass2003_pin_cmd(struct sc_card *card, struct sc_pin_cmd_data *data, int *tries
|
||||||
|
|
||||||
data->pin1.max_tries = maxtries;
|
data->pin1.max_tries = maxtries;
|
||||||
}
|
}
|
||||||
|
//reomve below code, because the old implement only return PIN retries, now modify the code and return PIN status
|
||||||
return r;
|
// return r;
|
||||||
}
|
}
|
||||||
/* verify */
|
else if (data->cmd == SC_PIN_CMD_UNBLOCK) { /* verify */
|
||||||
if (data->cmd == SC_PIN_CMD_UNBLOCK) {
|
|
||||||
r = external_key_auth(card, (kid + 1), (unsigned char *)data->pin1.data,
|
r = external_key_auth(card, (kid + 1), (unsigned char *)data->pin1.data,
|
||||||
data->pin1.len);
|
data->pin1.len);
|
||||||
LOG_TEST_RET(card->ctx, r, "verify pin failed");
|
LOG_TEST_RET(card->ctx, r, "verify pin failed");
|
||||||
}
|
}
|
||||||
|
else if (data->cmd == SC_PIN_CMD_CHANGE || data->cmd == SC_PIN_CMD_UNBLOCK) { /* change */
|
||||||
|
r = update_secret_key(card, 0x04, kid, data->pin2.data,
|
||||||
|
(unsigned long)data->pin2.len);
|
||||||
|
LOG_TEST_RET(card->ctx, r, "verify pin failed");
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
r = external_key_auth(card, kid, (unsigned char *)data->pin1.data,
|
r = external_key_auth(card, kid, (unsigned char *)data->pin1.data,
|
||||||
data->pin1.len);
|
data->pin1.len);
|
||||||
|
@ -2699,13 +2719,11 @@ epass2003_pin_cmd(struct sc_card *card, struct sc_pin_cmd_data *data, int *tries
|
||||||
}
|
}
|
||||||
LOG_TEST_RET(card->ctx, r, "verify pin failed");
|
LOG_TEST_RET(card->ctx, r, "verify pin failed");
|
||||||
|
|
||||||
|
if (r == SC_SUCCESS)
|
||||||
if (data->cmd == SC_PIN_CMD_CHANGE || data->cmd == SC_PIN_CMD_UNBLOCK) {
|
{
|
||||||
/* change */
|
data->pin1.logged_in = SC_PIN_STATE_LOGGED_IN;
|
||||||
r = update_secret_key(card, 0x04, kid, data->pin2.data,
|
|
||||||
(unsigned long)data->pin2.len);
|
|
||||||
LOG_TEST_RET(card->ctx, r, "verify pin failed");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue