00001
00002
00003
00004
00005
00006
00007 #include <ccid.h>
00008 #include <list.h>
00009 #include <emv.h>
00010 #include <ber.h>
00011 #include "emv-internal.h"
00012
00013 struct sda_req {
00014 unsigned int ca_pk_idx;
00015 const uint8_t *pk_cert;
00016 size_t pk_cert_len;
00017 const uint8_t *pk_r;
00018 size_t pk_r_len;
00019 const uint8_t *pk_exp;
00020 size_t pk_exp_len;
00021 const uint8_t *ssa_data;
00022 size_t ssa_data_len;
00023 };
00024
00025 static int get_required_data(struct _emv *e, struct sda_req *req)
00026 {
00027 const struct _emv_data *d;
00028 int i;
00029
00030 d = _emv_retrieve_data(e, EMV_TAG_CA_PK_INDEX);
00031 i = emv_data_int(d);
00032 if ( i < 0 )
00033 return 0;
00034
00035 req->ca_pk_idx = (unsigned int)i;
00036
00037 d = _emv_retrieve_data(e, EMV_TAG_ISS_PK_CERT);
00038 if ( NULL == d )
00039 return 0;
00040 req->pk_cert = d->d_data;
00041 req->pk_cert_len = d->d_len;
00042 if ( NULL == req->pk_cert )
00043 return 0;
00044
00045 d = _emv_retrieve_data(e, EMV_TAG_ISS_PK_R);
00046 if ( NULL == d )
00047 return 0;
00048 req->pk_r = d->d_data;
00049 req->pk_r_len = d->d_len;
00050 if ( NULL == req->pk_r )
00051 return 0;
00052
00053 d = _emv_retrieve_data(e, EMV_TAG_ISS_PK_EXP);
00054 if ( NULL == d )
00055 return 0;
00056 req->pk_exp = d->d_data;
00057 req->pk_exp_len = d->d_len;
00058 if ( NULL == req->pk_exp)
00059 return 0;
00060
00061 d = _emv_retrieve_data(e, EMV_TAG_SSA_DATA);
00062 if ( NULL == d )
00063 return 0;
00064 req->ssa_data = d->d_data;
00065 req->ssa_data_len = d->d_len;
00066 if ( NULL == req->ssa_data)
00067 return 0;
00068
00069 return 1;
00070 }
00071
00072 static RSA *get_ca_key(unsigned int idx, emv_mod_cb_t mod,
00073 emv_exp_cb_t exp, size_t *key_len, void *priv)
00074 {
00075 const uint8_t *modulus, *exponent;
00076 size_t mod_len, exp_len;
00077 RSA *key;
00078
00079 modulus = (*mod)(priv, idx, &mod_len);
00080 if ( NULL == modulus )
00081 return NULL;
00082
00083 exponent = (*exp)(priv, idx, &exp_len);
00084 if ( NULL == exponent )
00085 return NULL;
00086
00087 key = RSA_new();
00088 if ( NULL == key )
00089 return NULL;
00090
00091 key->n = BN_bin2bn(modulus, mod_len, NULL);
00092 if ( NULL == key->n )
00093 goto err_free_key;
00094
00095 key->e = BN_bin2bn(exponent, exp_len, NULL);
00096 if ( NULL == key->e )
00097 goto err_free_mod;
00098
00099 *key_len = mod_len;
00100
00101 return key;
00102 err_free_mod:
00103 BN_free(key->n);
00104 err_free_key:
00105 RSA_free(key);
00106 return NULL;
00107 }
00108
00109 static int recover(uint8_t *ptr, size_t len, RSA *key)
00110 {
00111 uint8_t *tmp;
00112 int ret;
00113
00114 tmp = malloc(len);
00115 if ( NULL == tmp )
00116 return 0;
00117
00118 ret = RSA_public_encrypt(len, ptr, tmp, key, RSA_NO_PADDING);
00119 if ( ret < 0 || (unsigned)ret != len ) {
00120 free(tmp);
00121 return 0;
00122 }
00123
00124 memcpy(ptr, tmp, len);
00125 free(tmp);
00126
00127 return 1;
00128 }
00129
00130 static int check_pk_cert(struct _emv *e, struct sda_req *req)
00131 {
00132 uint8_t *msg, *tmp;
00133 size_t msg_len;
00134 int ret;
00135
00136 if ( req->pk_cert[0] != 0x6a ) {
00137 printf("emv-sda: bad certificate header\n");
00138 return 0;
00139 }
00140
00141 if ( req->pk_cert[1] != 0x02 ) {
00142 printf("emv-sda: bad certificate format\n");
00143 return 0;
00144 }
00145
00146 if ( req->pk_cert[11] != 0x01 ) {
00147 printf("emv-sda: unexpected hash algorithm\n");
00148 return 0;
00149 }
00150
00151 msg_len = req->pk_cert_len - (SHA_DIGEST_LENGTH + 2) +
00152 req->pk_r_len + req->pk_exp_len;
00153 tmp = msg = malloc(msg_len);
00154 if ( NULL == msg ) {
00155 _emv_sys_error(e);
00156 return 0;
00157 }
00158
00159 memcpy(tmp, req->pk_cert + 1, req->pk_cert_len -
00160 (SHA_DIGEST_LENGTH + 2));
00161 tmp += req->pk_cert_len - (SHA_DIGEST_LENGTH + 2);
00162 memcpy(tmp, req->pk_r, req->pk_r_len);
00163 tmp += req->pk_r_len;
00164 memcpy(tmp, req->pk_exp, req->pk_exp_len);
00165
00166
00167
00168
00169 ret = _emsa_pss_decode(msg, msg_len, req->pk_cert, req->pk_cert_len);
00170 if ( !ret )
00171 _emv_error(e, EMV_ERR_CERTIFICATE);
00172 free(msg);
00173
00174 return ret;
00175 }
00176
00177 static RSA *make_issuer_pk(struct _emv *e, struct sda_req *req)
00178 {
00179 uint8_t *tmp;
00180 const uint8_t *kb;
00181 size_t kb_len;
00182 RSA *key;
00183
00184 tmp = malloc(req->pk_cert_len);
00185 if ( NULL == tmp ) {
00186 _emv_sys_error(e);
00187 return NULL;
00188 }
00189
00190 kb = req->pk_cert + 15;
00191 kb_len = req->pk_cert_len - (15 + 21);
00192
00193 memcpy(tmp, kb, kb_len);
00194 memcpy(tmp + kb_len, req->pk_r, req->pk_r_len);
00195 printf("Retrieved issuer public key:\n");
00196 hex_dump(kb, req->pk_cert_len, 16);
00197 key = RSA_new();
00198 if ( NULL == key ) {
00199 _emv_sys_error(e);
00200 free(tmp);
00201 return NULL;
00202 }
00203
00204 key->n = BN_bin2bn(tmp, req->pk_cert_len, NULL);
00205 key->e = BN_bin2bn(req->pk_exp, req->pk_exp_len, NULL);
00206 free(tmp);
00207 if ( NULL == key->n || NULL == key->e ) {
00208 _emv_sys_error(e);
00209 RSA_free(key);
00210 return NULL;
00211 }
00212
00213 return key;
00214 }
00215
00216 static RSA *get_issuer_pk(struct _emv *e, struct sda_req *req,
00217 RSA *ca_key, size_t key_len)
00218 {
00219
00220 if ( req->pk_cert_len != key_len ) {
00221 _emv_error(e, EMV_ERR_KEY_SIZE_MISMATCH);
00222 return NULL;
00223 }
00224
00225 if ( !recover((uint8_t *)req->pk_cert, key_len, ca_key) ) {
00226 _emv_error(e, EMV_ERR_RSA_RECOVERY);
00227 return NULL;
00228 }
00229
00230
00231
00232
00233 if ( !check_pk_cert(e, req) )
00234 return NULL;
00235
00236 return make_issuer_pk(e, req);
00237 }
00238
00239 static int check_ssa(struct _emv *e, const uint8_t *ptr, size_t len,
00240 struct _emv_data **rec, unsigned int num,
00241 const uint8_t *aip)
00242 {
00243 uint8_t *tmp, *msg;
00244 const uint8_t *cf;
00245 size_t msg_len, cf_len, data_len;
00246 unsigned int i;
00247 int ret;
00248
00249 for(data_len = 2, i = 0; i < num; i++)
00250 data_len += rec[i]->d_len;
00251
00252 cf = ptr + 1;
00253 cf_len = len - (SHA_DIGEST_LENGTH + 2);
00254 msg_len = cf_len + data_len;
00255
00256 tmp = msg = malloc(msg_len);
00257 if ( NULL == msg ) {
00258 _emv_sys_error(e);
00259 return 0;
00260 }
00261
00262 memcpy(msg, cf, cf_len), tmp += cf_len;
00263
00264 for(i = 0; i < num; i++) {
00265 memcpy(tmp, rec[i]->d_data, rec[i]->d_len);
00266 tmp += rec[i]->d_len;
00267 }
00268
00269 memcpy(tmp, aip, 2);
00270
00271 #if 0
00272 printf("%u byte ssa certificate:\n", msg_len);
00273 hex_dump(ptr, len, 16);
00274
00275 printf("%u byte ssa message:\n", msg_len);
00276 hex_dump(msg, msg_len, 16);
00277 #endif
00278
00279 ret = _emsa_pss_decode(msg, msg_len, ptr, len);
00280 if ( !ret )
00281 _emv_error(e, EMV_ERR_SSA_SIGNATURE);
00282 free(msg);
00283
00284 return ret;
00285 }
00286
00287 static int verify_ssa_data(struct _emv *e, struct _emv_data **rec,
00288 unsigned int num_rec, struct sda_req *req,
00289 RSA *iss_key, const uint8_t *aip)
00290 {
00291 if ( !recover((uint8_t *)req->ssa_data, req->ssa_data_len, iss_key) ) {
00292 _emv_error(e, EMV_ERR_RSA_RECOVERY);
00293 return 0;
00294 }
00295
00296 if ( req->ssa_data[0] != 0x6a ) {
00297 _emv_error(e, EMV_ERR_SSA_SIGNATURE);
00298 return 0;
00299 }
00300
00301 if ( req->ssa_data[1] != 0x03 ) {
00302 _emv_error(e, EMV_ERR_SSA_SIGNATURE);
00303 return 0;
00304 }
00305
00306 if ( req->ssa_data[2] != 0x01 ) {
00307 _emv_error(e, EMV_ERR_SSA_SIGNATURE);
00308 return 0;
00309 }
00310
00311 return check_ssa(e, req->ssa_data, req->ssa_data_len,
00312 rec, num_rec, aip);
00313 }
00314
00315 int emv_authenticate_static_data(emv_t e, emv_mod_cb_t mod, emv_exp_cb_t exp,
00316 void *priv)
00317 {
00318 struct sda_req req;
00319 size_t ca_key_len;
00320 RSA *ca_key;
00321
00322 if ( e->e_sda_ok )
00323 return 1;
00324
00325 if ( !(e->e_aip[0] & EMV_AIP_SDA) ) {
00326 _emv_error(e, EMV_ERR_FUNC_NOT_SUPPORTED);
00327 return 0;
00328 }
00329
00330 if ( !get_required_data(e, &req) ) {
00331 _emv_error(e, EMV_ERR_DATA_ELEMENT_NOT_FOUND);
00332 return 0;
00333 }
00334
00335 ca_key = get_ca_key(req.ca_pk_idx, mod, exp, &ca_key_len, priv);
00336 if ( NULL == ca_key ) {
00337 _emv_error(e, EMV_ERR_KEY_NOT_FOUND);
00338 return 0;
00339 }
00340
00341 e->e_ca_pk = ca_key;
00342
00343 e->e_iss_pk = get_issuer_pk(e, &req, ca_key, ca_key_len);
00344 if ( NULL == e->e_iss_pk )
00345 return 0;
00346
00347 if ( !verify_ssa_data(e, e->e_db.db_sda, e->e_db.db_numsda,
00348 &req, e->e_iss_pk, e->e_aip) )
00349 return 0;
00350
00351 e->e_sda_ok = 1;
00352 return 1;
00353 }
00354
00355 int emv_sda_ok(emv_t e)
00356 {
00357 return !!e->e_sda_ok;
00358 }