RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-03-20 03:48:33 +08:00
Code Issues Projects Releases Packages Wiki Activity

changes in cert decoding logic

Browse source
This commit is contained in:
merlokk 2019-01-09 21:05:52 +02:00
parent 4921308d84
commit 56c0dad966
2 changed files with 32 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
client/emv/emv_pki.c
View file

@ -41,7 +41,8 @@ static unsigned char *emv_pki_decode_message(const struct emv_pk *enc_pk,
uint8_t msgtype, uint8_t msgtype,
size_t *len, size_t *len,
const struct tlv *cert_tlv, const struct tlv *cert_tlv,
... /* A list of tlv pointers, end with NULL */ int tlv_count,
... /* A list of tlv pointers */
) )
{ {
struct crypto_pk *kcp; struct crypto_pk *kcp;
@ -99,11 +100,11 @@ static unsigned char *emv_pki_decode_message(const struct emv_pk *enc_pk,
size_t hash_len = crypto_hash_get_size(ch); size_t hash_len = crypto_hash_get_size(ch);
crypto_hash_write(ch, data + 1, data_len - 2 - hash_len); crypto_hash_write(ch, data + 1, data_len - 2 - hash_len);
va_start(vl, cert_tlv); va_start(vl, tlv_count);
while (true) { for (int i = 0; i < tlv_count; i++) {
const struct tlv *add_tlv = va_arg(vl, const struct tlv *); const struct tlv *add_tlv = va_arg(vl, const struct tlv *);
if (!add_tlv) if (!add_tlv)
break; continue;
crypto_hash_write(ch, add_tlv->value, add_tlv->len); crypto_hash_write(ch, add_tlv->value, add_tlv->len);
} }
@ -168,6 +169,7 @@ static struct emv_pk *emv_pki_decode_key_ex(const struct emv_pk *enc_pk,
const struct tlv *exp_tlv, const struct tlv *exp_tlv,
const struct tlv *rem_tlv, const struct tlv *rem_tlv,
const struct tlv *add_tlv, const struct tlv *add_tlv,
const struct tlv *sdatl_tlv,
bool showData bool showData
) )
{ {
@ -193,9 +195,11 @@ static struct emv_pk *emv_pki_decode_key_ex(const struct emv_pk *enc_pk,
data = emv_pki_decode_message(enc_pk, msgtype, &data_len, data = emv_pki_decode_message(enc_pk, msgtype, &data_len,
cert_tlv, cert_tlv,
5,
rem_tlv, rem_tlv,
exp_tlv, exp_tlv,
add_tlv, add_tlv,
sdatl_tlv,
NULL); NULL);
if (!data || data_len < 11 + pan_length) { if (!data || data_len < 11 + pan_length) {
printf("ERROR: Can't decode message\n"); printf("ERROR: Can't decode message\n");
@ -278,9 +282,10 @@ static struct emv_pk *emv_pki_decode_key(const struct emv_pk *enc_pk,
const struct tlv *cert_tlv, const struct tlv *cert_tlv,
const struct tlv *exp_tlv, const struct tlv *exp_tlv,
const struct tlv *rem_tlv, const struct tlv *rem_tlv,
const struct tlv *add_tlv const struct tlv *add_tlv,
const struct tlv *sdatl_tlv
) { ) {
return emv_pki_decode_key_ex(enc_pk, msgtype, pan_tlv, cert_tlv, exp_tlv, rem_tlv, add_tlv, false); return emv_pki_decode_key_ex(enc_pk, msgtype, pan_tlv, cert_tlv, exp_tlv, rem_tlv, add_tlv, sdatl_tlv, false);
} }
struct emv_pk *emv_pki_recover_issuer_cert(const struct emv_pk *pk, struct tlvdb *db) struct emv_pk *emv_pki_recover_issuer_cert(const struct emv_pk *pk, struct tlvdb *db)
@ -290,17 +295,30 @@ struct emv_pk *emv_pki_recover_issuer_cert(const struct emv_pk *pk, struct tlvdb
tlvdb_get(db, 0x90, NULL), tlvdb_get(db, 0x90, NULL),
tlvdb_get(db, 0x9f32, NULL), tlvdb_get(db, 0x9f32, NULL),
tlvdb_get(db, 0x92, NULL), tlvdb_get(db, 0x92, NULL),
NULL,
NULL); NULL);
} }
struct emv_pk *emv_pki_recover_icc_cert(const struct emv_pk *pk, struct tlvdb *db, const struct tlv *sda_tlv) struct emv_pk *emv_pki_recover_icc_cert(const struct emv_pk *pk, struct tlvdb *db, const struct tlv *sda_tlv)
{ {
return emv_pki_decode_key(pk, 4, size_t sdatl_len;
unsigned char *sdatl = emv_pki_sdatl_fill(db, &sdatl_len);
struct tlv sda_tdata = {
.tag = 0x00, // dummy tag
.len = sdatl_len,
.value = sdatl
};
struct emv_pk *res = emv_pki_decode_key(pk, 4,
tlvdb_get(db, 0x5a, NULL), tlvdb_get(db, 0x5a, NULL),
tlvdb_get(db, 0x9f46, NULL), tlvdb_get(db, 0x9f46, NULL),
tlvdb_get(db, 0x9f47, NULL), tlvdb_get(db, 0x9f47, NULL),
tlvdb_get(db, 0x9f48, NULL), tlvdb_get(db, 0x9f48, NULL),
sda_tlv); sda_tlv,
&sda_tdata);
free(sdatl); // malloc here: emv_pki_sdatl_fill
return res;
} }
struct emv_pk *emv_pki_recover_icc_pe_cert(const struct emv_pk *pk, struct tlvdb *db) struct emv_pk *emv_pki_recover_icc_pe_cert(const struct emv_pk *pk, struct tlvdb *db)
@ -310,6 +328,7 @@ struct emv_pk *emv_pki_recover_icc_pe_cert(const struct emv_pk *pk, struct tlvdb
tlvdb_get(db, 0x9f2d, NULL), tlvdb_get(db, 0x9f2d, NULL),
tlvdb_get(db, 0x9f2e, NULL), tlvdb_get(db, 0x9f2e, NULL),
tlvdb_get(db, 0x9f2f, NULL), tlvdb_get(db, 0x9f2f, NULL),
NULL,
NULL); NULL);
} }
@ -358,6 +377,7 @@ struct tlvdb *emv_pki_recover_dac_ex(const struct emv_pk *enc_pk, const struct t
unsigned char *data = emv_pki_decode_message(enc_pk, 3, &data_len, unsigned char *data = emv_pki_decode_message(enc_pk, 3, &data_len,
tlvdb_get(db, 0x93, NULL), tlvdb_get(db, 0x93, NULL),
3,
sda_tlv, sda_tlv,
&sda_tdata, &sda_tdata,
NULL); NULL);
@ -391,6 +411,7 @@ struct tlvdb *emv_pki_recover_idn_ex(const struct emv_pk *enc_pk, const struct t
size_t data_len; size_t data_len;
unsigned char *data = emv_pki_decode_message(enc_pk, 5, &data_len, unsigned char *data = emv_pki_decode_message(enc_pk, 5, &data_len,
tlvdb_get(db, 0x9f4b, NULL), tlvdb_get(db, 0x9f4b, NULL),
2,
dyn_tlv, dyn_tlv,
NULL); NULL);
@ -426,6 +447,7 @@ struct tlvdb *emv_pki_recover_atc_ex(const struct emv_pk *enc_pk, const struct t
size_t data_len; size_t data_len;
unsigned char *data = emv_pki_decode_message(enc_pk, 5, &data_len, unsigned char *data = emv_pki_decode_message(enc_pk, 5, &data_len,
tlvdb_get(db, 0x9f4b, NULL), tlvdb_get(db, 0x9f4b, NULL),
5,
tlvdb_get(db, 0x9f37, NULL), tlvdb_get(db, 0x9f37, NULL),
tlvdb_get(db, 0x9f02, NULL), tlvdb_get(db, 0x9f02, NULL),
tlvdb_get(db, 0x5f2a, NULL), tlvdb_get(db, 0x5f2a, NULL),
@ -502,6 +524,7 @@ struct tlvdb *emv_pki_perform_cda_ex(const struct emv_pk *enc_pk, const struct t
size_t data_len = 0; size_t data_len = 0;
unsigned char *data = emv_pki_decode_message(enc_pk, 5, &data_len, unsigned char *data = emv_pki_decode_message(enc_pk, 5, &data_len,
tlvdb_get(this_db, 0x9f4b, NULL), tlvdb_get(this_db, 0x9f4b, NULL),
2,
un_tlv, un_tlv,
NULL); NULL);
if (!data || data_len < 3) { if (!data || data_len < 3) {

1
client/emv/emv_pki.h
View file

@ -23,6 +23,7 @@
extern void PKISetStrictExecution(bool se); extern void PKISetStrictExecution(bool se);
unsigned char *emv_pki_sdatl_fill(const struct tlvdb *db, size_t *sdatl_len);
struct emv_pk *emv_pki_recover_issuer_cert(const struct emv_pk *pk, struct tlvdb *db); struct emv_pk *emv_pki_recover_issuer_cert(const struct emv_pk *pk, struct tlvdb *db);
struct emv_pk *emv_pki_recover_icc_cert(const struct emv_pk *pk, struct tlvdb *db, const struct tlv *sda_tlv); struct emv_pk *emv_pki_recover_icc_cert(const struct emv_pk *pk, struct tlvdb *db, const struct tlv *sda_tlv);
struct emv_pk *emv_pki_recover_icc_pe_cert(const struct emv_pk *pk, struct tlvdb *db); struct emv_pk *emv_pki_recover_icc_pe_cert(const struct emv_pk *pk, struct tlvdb *db);