From f26668b81d1ed53b98d6f5dad95ef2caadf3b7e8 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 11 Apr 2022 01:16:20 +0200 Subject: [PATCH] Fixed IV computation. IV is computed encrypting macCounter with a initial IV=0x0000. Signed-off-by: Pol Henarejos --- src/hsm/eac.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/hsm/eac.c b/src/hsm/eac.c index 0d29525..6fcc86d 100644 --- a/src/hsm/eac.c +++ b/src/hsm/eac.c @@ -113,6 +113,7 @@ int sm_unwrap() { aes_decrypt(sm_kenc, sm_iv, 128, HSM_AES_MODE_CBC, body, body_size); memmove(apdu.cmd_apdu_data, body, body_size); apdu.cmd_apdu_data_len = sm_remove_padding(apdu.cmd_apdu_data, body_size); + DEBUG_PAYLOAD(apdu.cmd_apdu_data, apdu.cmd_apdu_data_len); return HSM_OK; } @@ -120,7 +121,7 @@ int sm_wrap() { uint8_t sm_indicator = (CLA(apdu) >> 2) & 0x3; if (sm_indicator == 0) return HSM_OK; - uint8_t wrap[1024], input[1024]; + uint8_t input[1024]; size_t input_len = 0; memset(input, 0, sizeof(input)); mbedtls_mpi ssc; @@ -130,6 +131,7 @@ int sm_wrap() { int r = mbedtls_mpi_write_binary(&ssc, input, sm_blocksize); input_len += sm_blocksize; mbedtls_mpi_free(&ssc); + DEBUG_PAYLOAD(res_APDU, res_APDU_size); if (res_APDU_size > 0) { res_APDU[res_APDU_size++] = 0x80; memset(res_APDU+res_APDU_size, 0, (sm_blocksize - (res_APDU_size%sm_blocksize))); @@ -188,10 +190,11 @@ int sm_get_le() { } void sm_update_iv() { - uint8_t tmp_iv[16]; - mbedtls_mpi_write_binary(&sm_mSSC, tmp_iv, sizeof(tmp_iv)); - aes_encrypt(sm_kenc, sm_iv, 128, HSM_AES_MODE_CBC, tmp_iv, sizeof(tmp_iv)); - memcpy(sm_iv, tmp_iv, sizeof(tmp_iv)); + uint8_t tmp_iv[16], sc_counter[16]; + memset(tmp_iv, 0, sizeof(tmp_iv)); //IV is always 0 for encryption of IV based on counter + mbedtls_mpi_write_binary(&sm_mSSC, sc_counter, sizeof(sc_counter)); + aes_encrypt(sm_kenc, tmp_iv, 128, HSM_AES_MODE_CBC, sc_counter, sizeof(sc_counter)); + memcpy(sm_iv, sc_counter, sizeof(sc_counter)); } int sm_verify() {