BUF_MEM *
compute_authentication_token(int protocol, const KA_CTX *ka_ctx, EVP_PKEY *opp_key,
BN_CTX *bn_ctx, enum eac_tr_version tr_version)
{
BUF_MEM *asn1 = NULL, *out = NULL, *pad =NULL;
check(ka_ctx, "Invalid arguments");
asn1 = asn1_pubkey(protocol, opp_key, bn_ctx, tr_version);
/* ISO 9797-1 algorithm 3 retail MAC now needs extra padding (padding method 2) */
if (EVP_CIPHER_nid(ka_ctx->cipher) == NID_des_ede_cbc) {
pad = add_iso_pad(asn1, EVP_CIPHER_block_size(ka_ctx->cipher));
if (!pad)
goto err;
out = authenticate(ka_ctx, pad);
} else {
out = authenticate(ka_ctx, asn1);
}
err:
if (asn1)
BUF_MEM_free(asn1);
if (pad)
BUF_MEM_free(pad);
return out;
}
static int
add_padding(const struct iso_sm_ctx *ctx, const u8 *data, size_t datalen,
u8 **padded)
{
u8 *p;
switch (ctx->padding_indicator) {
case SM_NO_PADDING:
if (*padded != data) {
p = realloc(*padded, datalen);
if (!p)
return SC_ERROR_OUT_OF_MEMORY;
*padded = p;
/* Flawfinder: ignore */
memcpy(*padded, data, datalen);
}
return datalen;
case SM_ISO_PADDING:
return add_iso_pad(data, datalen, ctx->block_length, padded);
default:
return SC_ERROR_INVALID_ARGUMENTS;
}
}
