From d30cd83ad4b62f2d158cc7b61fa0022afc5d0af2 Mon Sep 17 00:00:00 2001 From: Viktor Tarasov Date: Sun, 6 Jan 2013 17:34:35 +0100 Subject: [PATCH] SM: common SM 'increase-sequence-counter' procedure --- src/libsm/sm-common.c | 33 ++++++++++++++++++++++----------- src/libsm/sm-common.h | 1 + src/smm/sm-cwa14890.c | 20 ++------------------ 3 files changed, 25 insertions(+), 29 deletions(-) diff --git a/src/libsm/sm-common.c b/src/libsm/sm-common.c index f21f3172..cb500b4e 100644 --- a/src/libsm/sm-common.c +++ b/src/libsm/sm-common.c @@ -1,6 +1,6 @@ /* * sm-common.c: Common cryptographic procedures related to - * Secure Messaging + * Secure Messaging * * Copyright (C) 2010 Viktor Tarasov * OpenTrust @@ -48,6 +48,7 @@ #include "libopensc/log.h" #include "sm-common.h" + /* * From crypto/des/des_locl.h of OpenSSL . */ @@ -97,11 +98,11 @@ DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length, (unsigned char*)output,l8,ks2,iv,!enc); DES_cbc_encrypt((unsigned char*)output, (unsigned char*)output,l8,ks1,iv,enc); - if (length >= sizeof(DES_cblock)) + if ((unsigned)length >= sizeof(DES_cblock)) memcpy(icv_out,output[off],sizeof(DES_cblock)); } else { - if (length >= sizeof(DES_cblock)) + if ((unsigned)length >= sizeof(DES_cblock)) memcpy(icv_out,input[off],sizeof(DES_cblock)); DES_cbc_encrypt((unsigned char*)input, (unsigned char*)output,l8,ks1,iv,enc); @@ -325,14 +326,8 @@ sm_encrypt_des_cbc3(struct sc_context *ctx, unsigned char *key, memcpy(data, in, in_len); memcpy(data + in_len, "\x80\0\0\0\0\0\0\0", 8); - if (not_force_pad) { - data_len = in_len + 7; - data_len -= (data_len%8); - } - else { - data_len = in_len + 8; - data_len -= (data_len%8); - } + data_len = in_len + (not_force_pad ? 7 : 8); + data_len -= (data_len%8); sc_log(ctx, "SM encrypt_des_cbc3: data to encrypt (len:%i,%s)", data_len, sc_dump_hex(data, data_len)); *out_len = data_len; @@ -352,3 +347,19 @@ sm_encrypt_des_cbc3(struct sc_context *ctx, unsigned char *key, free(data); LOG_FUNC_RETURN(ctx, SC_SUCCESS); } + + +void +sm_incr_ssc(unsigned char *ssc, size_t ssc_len) +{ + int ii; + + if (!ssc) + return; + + for (ii = ssc_len - 1;ii >= 0; ii++) { + *(ssc + ii) += 1; + if (*(ssc + ii) != 0) + break; + } +} diff --git a/src/libsm/sm-common.h b/src/libsm/sm-common.h index 3860b5c2..7e830145 100644 --- a/src/libsm/sm-common.h +++ b/src/libsm/sm-common.h @@ -43,6 +43,7 @@ int sm_encrypt_des_cbc3(struct sc_context *ctx, unsigned char *key, not_force_pad); int sm_decrypt_des_cbc3(struct sc_context *ctx, unsigned char *key, unsigned char *data, size_t data_len, unsigned char **out, size_t *out_len); +void sm_incr_ssc(unsigned char *ssc, size_t ssc_len); #ifdef __cplusplus } #endif diff --git a/src/smm/sm-cwa14890.c b/src/smm/sm-cwa14890.c index 5b3f6e96..ea0ff8fa 100644 --- a/src/smm/sm-cwa14890.c +++ b/src/smm/sm-cwa14890.c @@ -229,22 +229,6 @@ sm_cwa_init_session_keys(struct sc_context *ctx, struct sm_cwa_session *session_ } -void -sm_cwa_incr_ssc(struct sm_cwa_session *session_data) -{ - int ii; - - if (!session_data) - return; - - for (ii=7; ii>=0; ii--) { - session_data->ssc[ii] += 1; - if (session_data->ssc[ii]) - break; - } -} - - int sm_cwa_initialize(struct sc_context *ctx, struct sm_info *sm_info, struct sc_remote_data *rdata) { @@ -335,7 +319,7 @@ sm_cwa_securize_apdu(struct sc_context *ctx, struct sm_info *sm_info, struct sc_ sc_log(ctx, "securize APDU (cla:%X,ins:%X,p1:%X,p2:%X,data(%i):%p)", apdu->cla, apdu->ins, apdu->p1, apdu->p2, apdu->datalen, apdu->data); - sm_cwa_incr_ssc(session_data); + sm_incr_ssc(session_data->ssc, sizeof(session_data->ssc)); rv = sm_encrypt_des_cbc3(ctx, session_data->session_enc, apdu->data, apdu->datalen, &encrypted, &encrypted_len, 0); LOG_TEST_RET(ctx, rv, "securize APDU: DES CBC3 encryption failed"); @@ -419,7 +403,7 @@ sm_cwa_securize_apdu(struct sc_context *ctx, struct sm_info *sm_info, struct sc_ apdu->datalen = offs; memcpy((unsigned char *)apdu->data, sbuf, offs); - sm_cwa_incr_ssc(session_data); + sm_incr_ssc(session_data->ssc, sizeof(session_data->ssc)); LOG_FUNC_RETURN(ctx, SC_SUCCESS); }