SM: common SM 'increase-sequence-counter' procedure

2013-01-06 17:34:35 +01:00 · 2013-01-06 17:34:35 +01:00 · d30cd83ad4
parent 6a4de6d551
commit d30cd83ad4
3 changed files with 25 additions and 29 deletions
--- a/src/libsm/sm-common.c
+++ b/src/libsm/sm-common.c
@ -1,6 +1,6 @@
 /*
 * sm-common.c: Common cryptographic procedures related to
- * 		Secure Messaging
+ *		Secure Messaging
 *
 * Copyright (C) 2010  Viktor Tarasov <vtarasov@opentrust.com>
 *                      OpenTrust <www.opentrust.com>
@ -48,6 +48,7 @@
 #include "libopensc/log.h"

 #include "sm-common.h"
+
 /*
 * From crypto/des/des_locl.h of OpenSSL .
 */
@ -97,11 +98,11 @@ DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
 				(unsigned char*)output,l8,ks2,iv,!enc);
 		DES_cbc_encrypt((unsigned char*)output,
 				(unsigned char*)output,l8,ks1,iv,enc);
-		if (length >= sizeof(DES_cblock))
+		if ((unsigned)length >= sizeof(DES_cblock))
 			memcpy(icv_out,output[off],sizeof(DES_cblock));
 	}
 	else   {
-		if (length >= sizeof(DES_cblock))
+		if ((unsigned)length >= sizeof(DES_cblock))
 			memcpy(icv_out,input[off],sizeof(DES_cblock));
 		DES_cbc_encrypt((unsigned char*)input,
 				(unsigned char*)output,l8,ks1,iv,enc);
@ -325,14 +326,8 @@ sm_encrypt_des_cbc3(struct sc_context *ctx, unsigned char *key,
 		memcpy(data, in, in_len);

 	memcpy(data + in_len, "\x80\0\0\0\0\0\0\0", 8);
-	if (not_force_pad)   {
-		data_len = in_len + 7;
-		data_len -= (data_len%8);
-	}
-	else   {
-		data_len = in_len + 8;
-		data_len -= (data_len%8);
-	}
+	data_len = in_len + (not_force_pad ? 7 : 8);
+	data_len -= (data_len%8);
 	sc_log(ctx, "SM encrypt_des_cbc3: data to encrypt (len:%i,%s)", data_len, sc_dump_hex(data, data_len));

 	*out_len = data_len;
@ -352,3 +347,19 @@ sm_encrypt_des_cbc3(struct sc_context *ctx, unsigned char *key,
 	free(data);
 	LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 }
+
+
+void
+sm_incr_ssc(unsigned char *ssc, size_t ssc_len)
+{
+	int ii;
+
+	if (!ssc)
+		return;
+
+	for (ii = ssc_len - 1;ii >= 0; ii++)   {
+		*(ssc + ii) += 1;
+		if (*(ssc + ii) != 0)
+			break;
+	}
+}
--- a/src/libsm/sm-common.h
+++ b/src/libsm/sm-common.h
@ -43,6 +43,7 @@ int sm_encrypt_des_cbc3(struct sc_context *ctx, unsigned char *key,
 		not_force_pad);
 int sm_decrypt_des_cbc3(struct sc_context *ctx, unsigned char *key,
 		unsigned char *data, size_t data_len, unsigned char **out, size_t *out_len);
+void sm_incr_ssc(unsigned char *ssc, size_t ssc_len);
 #ifdef __cplusplus
 }
 #endif
--- a/src/smm/sm-cwa14890.c
+++ b/src/smm/sm-cwa14890.c
@ -229,22 +229,6 @@ sm_cwa_init_session_keys(struct sc_context *ctx, struct sm_cwa_session *session_
 }


-void
-sm_cwa_incr_ssc(struct sm_cwa_session *session_data)
-{
-	int ii;
-
-	if (!session_data)
-		return;
-
-	for (ii=7; ii>=0; ii--)   {
-		session_data->ssc[ii] += 1;
-		if (session_data->ssc[ii])
-			break;
-	}
-}
-
-
 int
 sm_cwa_initialize(struct sc_context *ctx, struct sm_info *sm_info, struct sc_remote_data *rdata)
 {
@ -335,7 +319,7 @@ sm_cwa_securize_apdu(struct sc_context *ctx, struct sm_info *sm_info, struct sc_
 	sc_log(ctx, "securize APDU (cla:%X,ins:%X,p1:%X,p2:%X,data(%i):%p)",
 			apdu->cla, apdu->ins, apdu->p1, apdu->p2, apdu->datalen, apdu->data);

-	sm_cwa_incr_ssc(session_data);
+	sm_incr_ssc(session_data->ssc, sizeof(session_data->ssc));

 	rv = sm_encrypt_des_cbc3(ctx, session_data->session_enc, apdu->data, apdu->datalen, &encrypted, &encrypted_len, 0);
 	LOG_TEST_RET(ctx, rv, "securize APDU: DES CBC3 encryption failed");
@ -419,7 +403,7 @@ sm_cwa_securize_apdu(struct sc_context *ctx, struct sm_info *sm_info, struct sc_
 	apdu->datalen = offs;
 	memcpy((unsigned char *)apdu->data, sbuf, offs);

-	sm_cwa_incr_ssc(session_data);
+	sm_incr_ssc(session_data->ssc, sizeof(session_data->ssc));

 	LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 }