Fixed signature clobbering bug (issue #2)

makinako · Jan 8, 2018 · d7ffd46 · d7ffd46
1 parent f3427ee
commit d7ffd46
Showing 1 changed file with 13 additions and 7 deletions.
diff --git a/src/com/makina/security/OpenFIPS201/PIV.java b/src/com/makina/security/OpenFIPS201/PIV.java
@@ -916,7 +916,7 @@ private void authenticateReset() {
      */
     public short generalAuthenticate(byte[] buffer, short offset, short length) {
 
-        final byte CONST_TAG_TEMPLATE	= (byte)0x7C;
+        final byte CONST_TAG_TEMPLATE		= (byte)0x7C;
         final byte CONST_TAG_WITNESS 	= (byte)0x80;
         final byte CONST_TAG_CHALLENGE 	= (byte)0x81;
         final byte CONST_TAG_RESPONSE 	= (byte)0x82;
@@ -1049,16 +1049,20 @@ public short generalAuthenticate(byte[] buffer, short offset, short length) {
                 ISOException.throwIt(ISO7816.SW_WRONG_DATA);
             }
 
+            // Encrypt the CHALLENGE data
+            length = cspPIV.encrypt(key, scratch, tlvReader.getDataOffset(), length, buffer, (short)0);
+
+            cspPIV.zeroise(scratch, (short)0, LENGTH_SCRATCH);
+
             // Write out the response TLV, passing through the block length as an indicative maximum
             tlvWriter.init(scratch, (short)0, length, CONST_TAG_TEMPLATE);
 
             // Create the RESPONSE tag
             tlvWriter.writeTag(CONST_TAG_RESPONSE);
             tlvWriter.writeLength(length);
 
-            // Encrypt the CHALLENGE data and write it to the output buffer
-            offset = tlvWriter.getOffset();
-            offset += cspPIV.encrypt(key, scratch, tlvReader.getDataOffset(), length, scratch, offset);
+			// Write the response cryptogram
+            offset = Util.arrayCopyNonAtomic(buffer, (short)0, scratch, tlvWriter.getOffset(), length);
             tlvWriter.setOffset(offset); // Update the TLV offset value
 
             // Finalise the TLV object and get the entire data object length
@@ -1286,16 +1290,18 @@ else if (witnessOffset != 0 && !witnessEmpty && challengeOffset != 0 && !challen
                 ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
             }
 
+            // Encrypt the CHALLENGE data
+            length = cspPIV.encrypt(key, scratch, tlvReader.getDataOffset(), length, buffer, (short)0);
+
             // Write out the response TLV, passing through the block length as an indicative maximum
             tlvWriter.init(scratch, (short)0, length, CONST_TAG_TEMPLATE);
 
             // Create the RESPONSE tag
             tlvWriter.writeTag(CONST_TAG_RESPONSE);
             tlvWriter.writeLength(length);
 
-            // Encrypt the RESPONSE data and write it to the output buffer
-            offset = tlvWriter.getOffset();
-            offset += cspPIV.encrypt(key, scratch, tlvReader.getDataOffset(), key.getBlockLength(), scratch, offset);
+			// Write the response cryptogram
+            offset = Util.arrayCopyNonAtomic(buffer, (short)0, scratch, tlvWriter.getOffset(), length);
             tlvWriter.setOffset(offset); // Update the TLV offset value
 
             // Finalise the TLV object and get the entire data object length