lib: check internal authentication crypt errors

This commit is contained in:
Dave Pate
2019-01-07 15:10:18 -08:00
committed by Klas Lindfors
parent b2dd16deb4
commit eb250134f8
+14 -2
View File
@@ -684,6 +684,7 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
uint32_t recv_len = sizeof(data); uint32_t recv_len = sizeof(data);
int sw; int sw;
ykpiv_rc res; ykpiv_rc res;
des_rc drc = DES_OK;
des_key* mgm_key = NULL; des_key* mgm_key = NULL;
size_t out_len = 0; size_t out_len = 0;
@@ -728,7 +729,12 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
unsigned char *dataptr = apdu.st.data; unsigned char *dataptr = apdu.st.data;
unsigned char response[8]; unsigned char response[8];
out_len = sizeof(response); out_len = sizeof(response);
des_decrypt(mgm_key, challenge, sizeof(challenge), response, &out_len); drc = des_decrypt(mgm_key, challenge, sizeof(challenge), response, &out_len);
if (drc != DES_OK) {
res = YKPIV_AUTHENTICATION_ERROR;
goto Cleanup;
}
recv_len = sizeof(data); recv_len = sizeof(data);
memset(apdu.raw, 0, sizeof(apdu)); memset(apdu.raw, 0, sizeof(apdu));
@@ -766,7 +772,13 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
{ {
unsigned char response[8]; unsigned char response[8];
out_len = sizeof(response); out_len = sizeof(response);
des_encrypt(mgm_key, challenge, sizeof(challenge), response, &out_len); drc = des_encrypt(mgm_key, challenge, sizeof(challenge), response, &out_len);
if (drc != DES_OK) {
res = YKPIV_AUTHENTICATION_ERROR;
goto Cleanup;
}
if (memcmp(response, data + 4, 8) == 0) { if (memcmp(response, data + 4, 8) == 0) {
res = YKPIV_OK; res = YKPIV_OK;
} }