auth refactoring

2024-09-22 08:16:16 +08:00 · 2021-05-29 21:46:22 +03:00 · 2021-05-29 21:46:22 +03:00 · 54e7713a9a
parent b4ecbdb5f6
commit 54e7713a9a
3 changed files with 66 additions and 34 deletions
--- a/client/src/cipurse/cipursecore.c
+++ b/client/src/cipurse/cipursecore.c
@ -99,3 +99,58 @@ int CIPURSEChallenge(uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, ui
 int CIPURSEMutalAuthenticate(uint8_t keyIndex, uint8_t *params, uint8_t paramslen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) {
    return CIPURSEExchangeEx(false, true, (sAPDU) {0x00, 0x82, 0x00, keyIndex, paramslen, params}, true, 0x10, Result, MaxResultLen, ResultLen, sw);
 }
+
+bool CIPURSEChannelAuthenticate(uint8_t keyIndex, uint8_t *key, bool verbose) {
+    uint8_t buf[APDU_RES_LEN] = {0};
+    size_t len = 0;
+    uint16_t sw = 0;
+
+    CipurseContext cpc = {0};
+    CipurseCSetKey(&cpc, keyIndex, key);
+    
+    // get RP, rP
+    int res = CIPURSEChallenge(buf, sizeof(buf), &len, &sw);
+    if (res != 0 || len != 0x16) {
+        if (verbose)
+            PrintAndLogEx(ERR, "Cipurse get challenge " _RED_("error") ". Card returns 0x%04x.", sw);
+        
+        return false;
+    }
+    CipurseCSetRandomFromPICC(&cpc, buf);
+
+    // make auth data
+    uint8_t authparams[16 + 16 + 6] = {0};
+    CipurseCAuthenticateHost(&cpc, authparams);
+    
+    // authenticate
+    res = CIPURSEMutalAuthenticate(keyIndex, authparams, sizeof(authparams), buf, sizeof(buf), &len, &sw);
+    if (res != 0 || sw != 0x9000 || len != 16) {
+        if (sw == 0x6988) {
+            if (verbose)
+                PrintAndLogEx(ERR, "Cipurse authentication " _RED_("error") ". Wrong key.");
+        } else if ((sw == 0x6A88)) {
+            if (verbose)
+                PrintAndLogEx(ERR, "Cipurse authentication " _RED_("error") ". Wrong key number.");
+        } else {
+            if (verbose)
+                PrintAndLogEx(ERR, "Cipurse authentication " _RED_("error") ". Card returns 0x%04x.", sw);
+        }
+        
+        CipurseCClearContext(&cipurseContext);
+        return false;
+    }
+    
+    if (CipurseCCheckCT(&cpc, buf)) {
+        if (verbose)
+            PrintAndLogEx(INFO, "Authentication " _GREEN_("OK"));
+        
+        memcpy(&cipurseContext, &cpc, sizeof(CipurseContext));
+        return true;
+    } else {
+        if (verbose)
+            PrintAndLogEx(ERR, "Authentication " _RED_("ERROR") " card returned wrong CT");
+        
+        CipurseCClearContext(&cipurseContext);
+        return false;
+    }
+}
--- a/client/src/cipurse/cipursecore.h
+++ b/client/src/cipurse/cipursecore.h
@ -31,4 +31,6 @@ int CIPURSEReadFileAttributes(uint8_t *data, uint16_t *datalen);
 int CIPURSEReadBinary(uint16_t offset, uint8_t *data, uint16_t *datalen);
 int CIPURSEUpdateBinary(uint16_t offset, uint8_t *data, uint16_t datalen);

+bool CIPURSEChannelAuthenticate(uint8_t keyIndex, uint8_t *key, bool verbose);
+
 #endif /* __CIPURSECORE_H__ */
--- a/client/src/cmdhfcipurse.c
+++ b/client/src/cmdhfcipurse.c
@ -121,7 +121,7 @@ static int CmdHFCipurseAuth(const char *Cmd) {
    
    SetAPDULogging(APDULogging);

-    CLIParserFree(ctx);    
+    CLIParserFree(ctx);
    
    int res = CIPURSESelect(true, true, buf, sizeof(buf), &len, &sw);
    if (res != 0 || sw != 0x9000) {
@ -129,48 +129,23 @@ static int CmdHFCipurseAuth(const char *Cmd) {
        DropField();
        return PM3_ESOFT;
    }
-    
-    CipurseContext cpc = {0};
-    CipurseCSetKey(&cpc, keyId, key);
-    
+        
    uint8_t kvv[CIPURSE_KVV_LENGTH] = {0};
    CipurseCGetKVV(key, kvv);
    if (verbose)
        PrintAndLogEx(INFO, "Key id: %d key: %s KVV: %s", keyId, sprint_hex(key, CIPURSE_AES_KEY_LENGTH), sprint_hex_inrow(kvv, CIPURSE_KVV_LENGTH));

-    // get RP, rP
-    res = CIPURSEChallenge(buf, sizeof(buf), &len, &sw);
-    if (res != 0 || len != 0x16) {
-        PrintAndLogEx(ERR, "Cipurse get challenge " _RED_("error") ". Card returns 0x%04x.", sw);
-        DropField();
-        return PM3_ESOFT;
-    }
-    CipurseCSetRandomFromPICC(&cpc, buf);
-
-    // make auth data
-    uint8_t authparams[16 + 16 + 6] = {0};
-    CipurseCAuthenticateHost(&cpc, authparams);
+    bool bres = CIPURSEChannelAuthenticate(keyId, key, verbose);
    
-    // authenticate
-    res = CIPURSEMutalAuthenticate(keyId, authparams, sizeof(authparams), buf, sizeof(buf), &len, &sw);
-    if (res != 0 || sw != 0x9000 || len != 16) {
-        if (sw == 0x6988)
-            PrintAndLogEx(ERR, "Cipurse authentication " _RED_("error") ". Wrong key.");
-        else if ((sw == 0x6A88))
-            PrintAndLogEx(ERR, "Cipurse authentication " _RED_("error") ". Wrong key number.");
-        else PrintAndLogEx(ERR, "Cipurse authentication " _RED_("error") ". Card returns 0x%04x.", sw);
-        
-        DropField();
-        return PM3_ESOFT;
+    if (verbose == false) {
+        if (bres)
+            PrintAndLogEx(INFO, "Authentication " _GREEN_("OK"));
+        else
+            PrintAndLogEx(ERR, "Authentication " _RED_("ERROR"));
    }
    
-    if (CipurseCCheckCT(&cpc, buf))
-        PrintAndLogEx(INFO, "Authentication " _GREEN_("OK"));
-    else
-        PrintAndLogEx(ERR, "Authentication " _RED_("ERROR") " card returned wrong CT");
-    
    DropField();
-    return PM3_SUCCESS;
+    return bres ? PM3_SUCCESS : PM3_ESOFT;
 }