From 44c2299b70a15ec3bb66c932b358918c4bbf5d8b Mon Sep 17 00:00:00 2001
From: Chris van Marle <qistoph@gmail.com>
Date: Tue, 11 Oct 2022 22:13:04 +0200
Subject: [PATCH] MRTD use smaller data type of lengths, add sha1 test

---
 lib/nfc/protocols/mrtd_helpers.c | 14 +++++++-------
 lib/nfc/protocols/mrtd_helpers.h |  4 ++--
 test_mrtd_helpers.c              | 33 ++++++++++++++++++++++++++++----
 3 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/lib/nfc/protocols/mrtd_helpers.c b/lib/nfc/protocols/mrtd_helpers.c
index b27b832e0..97d9eb69a 100644
--- a/lib/nfc/protocols/mrtd_helpers.c
+++ b/lib/nfc/protocols/mrtd_helpers.c
@@ -1,12 +1,12 @@
 #include "mrtd_helpers.h"
 
-uint8_t mrtd_bac_check_digit(const uint8_t* input, const size_t length) {
-    const size_t num_weights = 3;
+uint8_t mrtd_bac_check_digit(const uint8_t* input, const uint8_t length) {
+    const uint8_t num_weights = 3;
     uint8_t weights[] = {7, 3, 1};
     uint8_t check_digit = 0;
     uint8_t idx;
 
-    for(size_t i=0; i<length; ++i) {
+    for(uint8_t i=0; i<length; ++i) {
         uint8_t c = input[i];
         if(c >= 'A' && c <= 'Z') {
             idx = c - 'A' + 10;
@@ -37,10 +37,10 @@ void mrtd_print_date(uint8_t* output, MrtdDate* date) {
 // - DOCNR of size <9
 // - DOCNR of size >9
 // - DOCNR of size MRTD_DOCNR_MAX_LENGTH
-bool mrtd_bac_get_kmrz(MrtdAuthData* auth, uint8_t* output, size_t output_size) {
-    size_t idx = 0;
-    size_t docnr_length = strlen(auth->doc_number);
-    size_t cd_idx = 0;
+bool mrtd_bac_get_kmrz(MrtdAuthData* auth, uint8_t* output, uint8_t output_size) {
+    uint8_t idx = 0;
+    uint8_t docnr_length = strlen(auth->doc_number);
+    uint8_t cd_idx = 0;
     if(output_size < docnr_length + 16) {
         return false;
     }
diff --git a/lib/nfc/protocols/mrtd_helpers.h b/lib/nfc/protocols/mrtd_helpers.h
index 83a398d4f..6ad283c68 100644
--- a/lib/nfc/protocols/mrtd_helpers.h
+++ b/lib/nfc/protocols/mrtd_helpers.h
@@ -30,8 +30,8 @@ typedef struct {
     //TODO: PACE
 } MrtdAuthData;
 
-uint8_t mrtd_bac_check_digit(const uint8_t* input, const size_t length);
+uint8_t mrtd_bac_check_digit(const uint8_t* input, const uint8_t length);
 
 void mrtd_print_date(uint8_t* output, MrtdDate* date);
 
-bool mrtd_bac_get_kmrz(MrtdAuthData* auth, uint8_t* output, size_t output_size);
+bool mrtd_bac_get_kmrz(MrtdAuthData* auth, uint8_t* output, uint8_t output_size);
diff --git a/test_mrtd_helpers.c b/test_mrtd_helpers.c
index b10196b3b..633dd39c7 100644
--- a/test_mrtd_helpers.c
+++ b/test_mrtd_helpers.c
@@ -1,12 +1,15 @@
 #include <stdio.h>
+#include <mbedtls/sha1.h>
 
 #include "lib/nfc/protocols/mrtd_helpers.h"
 
+// gcc -o test_mrtd_helpers -Ilib/mbedtls/include lib/nfc/protocols/mrtd_helpers.c lib/mbedtls/library/sha1.c lib/mbedtls/library/platform_util.c test_mrtd_helpers.c
+
 #define COLOR_RED "\033[0;31m"
 #define COLOR_GREEN "\033[0;32m"
 #define COLOR_RESET "\033[0;0m"
 
-void test_mrtd_bac_check_digit(const uint8_t* input, uint8_t exp_output) {
+void test_mrtd_bac_check_digit(const uint8_t* input, const uint8_t exp_output) {
     uint8_t output = mrtd_bac_check_digit(input, strlen(input));
     if(output != exp_output) {
         printf(COLOR_RED "FAILED  - mrtd_bac_check_digit for %s is not %d, but %d\n" COLOR_RESET,
@@ -18,11 +21,11 @@ void test_mrtd_bac_check_digit(const uint8_t* input, uint8_t exp_output) {
             input, output);
 }
 
-void test_bac_get_kmrz(MrtdAuthData* auth, uint8_t* exp_output) {
+void test_bac_get_kmrz(MrtdAuthData* auth, const uint8_t* exp_output) {
     bool result;
-    uint8_t buffer[1000];
+    uint8_t buffer[255];
 
-    result = mrtd_bac_get_kmrz(auth, buffer, 1000);
+    result = mrtd_bac_get_kmrz(auth, buffer, 255);
     if(!result) {
         printf(COLOR_RED "FAILED  - mrtd_bac_get_kmrz returned FALSE for" COLOR_RESET);
         return;
@@ -38,6 +41,26 @@ void test_bac_get_kmrz(MrtdAuthData* auth, uint8_t* exp_output) {
         buffer);
 }
 
+void test_sha1(const uint8_t* data, const uint8_t* exp_output) {
+    uint8_t hash[20];
+    mbedtls_sha1(data, strlen(data), hash);
+
+    if(memcmp(hash, exp_output, 20)) {
+        printf(COLOR_RED "FAILED  - sha1 of %s, expected:\n", data);
+        for(uint8_t i=0; i<20; ++i) {
+            printf("%02X", exp_output[i]);
+        }
+        printf(", result:\n");
+    } else {
+        printf(COLOR_GREEN "SUCCESS - sha1 of %s is: ", data);
+    }
+
+    for(uint8_t i=0; i<20; ++i) {
+        printf("%02X", hash[i]);
+    }
+    printf("\n" COLOR_RESET);
+}
+
 int main(int argc, char** argv) {
     test_mrtd_bac_check_digit("D23145890734", 9);
     test_mrtd_bac_check_digit("340712", 7);
@@ -55,5 +78,7 @@ int main(int argc, char** argv) {
         .expiry_date = {94, 6, 23},
     }, "L898902C<369080619406236");
 
+    test_sha1("L898902C<369080619406236", "\x23\x9a\xb9\xcb\x28\x2d\xaf\x66\x23\x1d\xc5\xa4\xdf\x6b\xfb\xae\xdf\x47\x75\x65");
+
     return 0;
 }