diff --git a/src/hsm/cvc.c b/src/hsm/cvc.c index d13e2cf..4c9b5e7 100644 --- a/src/hsm/cvc.c +++ b/src/hsm/cvc.c @@ -293,7 +293,7 @@ const uint8_t *cvc_get_pub(const uint8_t *data, size_t len, size_t *olen) { return NULL; } -extern PUK_store puk_store[3]; +extern PUK puk_store[MAX_PUK_STORE_ENTRIES]; extern int puk_store_entries; int puk_store_index(const uint8_t *chr, size_t chr_len) { @@ -311,8 +311,8 @@ int cvc_verify(const uint8_t *cert, size_t cert_len, const uint8_t *ca, size_t c return CCID_WRONG_DATA; size_t oid_len = 0, cv_body_len = 0, sig_len = 0; const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6); - const uint8_t *cv_body = cvc_get_body(ca, ca_len, &cv_body_len); - const uint8_t *sig = cvc_get_sig(ca, ca_len, &sig_len); + const uint8_t *cv_body = cvc_get_body(cert, cert_len, &cv_body_len); + const uint8_t *sig = cvc_get_sig(cert, cert_len, &sig_len); if (!sig) return CCID_WRONG_DATA; if (!cv_body) @@ -446,6 +446,11 @@ int cvc_verify(const uint8_t *cert, size_t cert_len, const uint8_t *ca, size_t c mbedtls_ecdsa_free(&ecdsa); return CCID_EXEC_ERROR; } + ret = mbedtls_ecp_check_pubkey(&ecdsa.grp, &ecdsa.Q); + if (ret != 0) { + mbedtls_ecdsa_free(&ecdsa); + return CCID_EXEC_ERROR; + } mbedtls_mpi r, s; mbedtls_mpi_init(&r); mbedtls_mpi_init(&s); diff --git a/src/hsm/cvc.h b/src/hsm/cvc.h index 8369cd7..1577d12 100644 --- a/src/hsm/cvc.h +++ b/src/hsm/cvc.h @@ -21,19 +21,19 @@ #include #include "pico/stdlib.h" -typedef struct PUK_store { +typedef struct PUK { const uint8_t *puk; size_t puk_len; const uint8_t *car; size_t car_len; const uint8_t *chr; size_t chr_len; - uint8_t up; const uint8_t *cvcert; size_t cvcert_len; -} PUK_store; + uint8_t up; +} PUK; -#define MAX_PUK_STORE_ENTRIES 16 +#define MAX_PUK_STORE_ENTRIES 4 extern size_t asn1_cvc_cert(void *rsa_ecdsa, uint8_t key_type, uint8_t *buf, size_t buf_len); extern size_t asn1_cvc_aut(void *rsa_ecdsa, uint8_t key_type, uint8_t *buf, size_t buf_len); @@ -41,5 +41,6 @@ extern const uint8_t *cvc_get_field(const uint8_t *data, size_t len, size_t *ole extern const uint8_t *cvc_get_car(const uint8_t *data, size_t len, size_t *olen); extern const uint8_t *cvc_get_chr(const uint8_t *data, size_t len, size_t *olen); extern const uint8_t *cvc_get_pub(const uint8_t *data, size_t len, size_t *olen); +extern int cvc_verify(const uint8_t *cert, size_t cert_len, const uint8_t *ca, size_t ca_len); #endif