4  * SPDX-License-Identifier: Apache-2.0
39 	memcpy(scbk, pd->sc.pd_client_uid, 8);  in osdp_compute_scbk()
41 		scbk[i] = ~scbk[i - 8];  in osdp_compute_scbk()
56 			osdp_compute_scbk(pd, ctx->sc_master_key, scbk);  in osdp_compute_session_keys()
58 			memcpy(scbk, pd->sc.scbk, 16);  in osdp_compute_session_keys()
62 	memset(pd->sc.s_enc, 0, 16);  in osdp_compute_session_keys()
63 	memset(pd->sc.s_mac1, 0, 16);  in osdp_compute_session_keys()
64 	memset(pd->sc.s_mac2, 0, 16);  in osdp_compute_session_keys()
66 	pd->sc.s_enc[0] = 0x01;  in osdp_compute_session_keys()
67 	pd->sc.s_enc[1] = 0x82;  in osdp_compute_session_keys()
68 	pd->sc.s_mac1[0] = 0x01;  in osdp_compute_session_keys()
69 	pd->sc.s_mac1[1] = 0x01;  in osdp_compute_session_keys()
70 	pd->sc.s_mac2[0] = 0x01;  in osdp_compute_session_keys()
71 	pd->sc.s_mac2[1] = 0x02;  in osdp_compute_session_keys()
74 		pd->sc.s_enc[i] = pd->sc.cp_random[i - 2];  in osdp_compute_session_keys()
75 		pd->sc.s_mac1[i] = pd->sc.cp_random[i - 2];  in osdp_compute_session_keys()
76 		pd->sc.s_mac2[i] = pd->sc.cp_random[i - 2];  in osdp_compute_session_keys()
79 	osdp_encrypt(scbk, NULL, pd->sc.s_enc, 16);  in osdp_compute_session_keys()
80 	osdp_encrypt(scbk, NULL, pd->sc.s_mac1, 16);  in osdp_compute_session_keys()
81 	osdp_encrypt(scbk, NULL, pd->sc.s_mac2, 16);  in osdp_compute_session_keys()
86 	/* cp_cryptogram = AES-ECB( pd_random[8] || cp_random[8], s_enc ) */  in osdp_compute_cp_cryptogram()
87 	memcpy(pd->sc.cp_cryptogram + 0, pd->sc.pd_random, 8);  in osdp_compute_cp_cryptogram()
88 	memcpy(pd->sc.cp_cryptogram + 8, pd->sc.cp_random, 8);  in osdp_compute_cp_cryptogram()
89 	osdp_encrypt(pd->sc.s_enc, NULL, pd->sc.cp_cryptogram, 16);  in osdp_compute_cp_cryptogram()
95  * Returns 0 if memory pointed to by s1 and s2 are identical; non-zero
114 	/* cp_cryptogram = AES-ECB( pd_random[8] || cp_random[8], s_enc ) */  in osdp_verify_cp_cryptogram()
115 	memcpy(cp_crypto + 0, pd->sc.pd_random, 8);  in osdp_verify_cp_cryptogram()
116 	memcpy(cp_crypto + 8, pd->sc.cp_random, 8);  in osdp_verify_cp_cryptogram()
117 	osdp_encrypt(pd->sc.s_enc, NULL, cp_crypto, 16);  in osdp_verify_cp_cryptogram()
119 	if (osdp_ct_compare(pd->sc.cp_cryptogram, cp_crypto, 16) != 0) {  in osdp_verify_cp_cryptogram()
120 		return -1;  in osdp_verify_cp_cryptogram()
127 	/* pd_cryptogram = AES-ECB( cp_random[8] || pd_random[8], s_enc ) */  in osdp_compute_pd_cryptogram()
128 	memcpy(pd->sc.pd_cryptogram + 0, pd->sc.cp_random, 8);  in osdp_compute_pd_cryptogram()
129 	memcpy(pd->sc.pd_cryptogram + 8, pd->sc.pd_random, 8);  in osdp_compute_pd_cryptogram()
130 	osdp_encrypt(pd->sc.s_enc, NULL, pd->sc.pd_cryptogram, 16);  in osdp_compute_pd_cryptogram()
137 	/* pd_cryptogram = AES-ECB( cp_random[8] || pd_random[8], s_enc ) */  in osdp_verify_pd_cryptogram()
138 	memcpy(pd_crypto + 0, pd->sc.cp_random, 8);  in osdp_verify_pd_cryptogram()
139 	memcpy(pd_crypto + 8, pd->sc.pd_random, 8);  in osdp_verify_pd_cryptogram()
140 	osdp_encrypt(pd->sc.s_enc, NULL, pd_crypto, 16);  in osdp_verify_pd_cryptogram()
142 	if (osdp_ct_compare(pd->sc.pd_cryptogram, pd_crypto, 16) != 0) {  in osdp_verify_pd_cryptogram()
143 		return -1;  in osdp_verify_pd_cryptogram()
150 	/* rmac_i = AES-ECB( AES-ECB( cp_cryptogram, s_mac1 ), s_mac2 ) */  in osdp_compute_rmac_i()
151 	memcpy(pd->sc.r_mac, pd->sc.cp_cryptogram, 16);  in osdp_compute_rmac_i()
152 	osdp_encrypt(pd->sc.s_mac1, NULL, pd->sc.r_mac, 16);  in osdp_compute_rmac_i()
153 	osdp_encrypt(pd->sc.s_mac2, NULL, pd->sc.r_mac, 16);  in osdp_compute_rmac_i()
162 		return -1;  in osdp_decrypt_data()
165 	memcpy(iv, is_cmd ? pd->sc.r_mac : pd->sc.c_mac, 16);  in osdp_decrypt_data()
170 	osdp_decrypt(pd->sc.s_enc, iv, data, length);  in osdp_decrypt_data()
172 	length--;  in osdp_decrypt_data()
174 		length--;  in osdp_decrypt_data()
177 		return -1;  in osdp_decrypt_data()
191 	if ((pad_len - length - 1) > 0) {  in osdp_encrypt_data()
192 		memset(data + length + 1, 0, pad_len - length - 1);  in osdp_encrypt_data()
194 	memcpy(iv, is_cmd ? pd->sc.r_mac : pd->sc.c_mac, 16);  in osdp_encrypt_data()
199 	osdp_encrypt(pd->sc.s_enc, iv, data, pad_len);  in osdp_encrypt_data()
218 	 * IV1 = R_MAC (or) C_MAC  -- depending on is_cmd  in osdp_compute_mac()
219 	 * IV2 = B[N-1] after -- AES-CBC ( IV1, B[1] to B[N-1], SMAC-1 )  in osdp_compute_mac()
220 	 * MAC = AES-ECB ( IV2, B[N], SMAC-2 )  in osdp_compute_mac()
223 	memcpy(iv, is_cmd ? pd->sc.r_mac : pd->sc.c_mac, 16);  in osdp_compute_mac()
225 		/* N-1 blocks -- encrypted with SMAC-1 */  in osdp_compute_mac()
226 		osdp_encrypt(pd->sc.s_mac1, iv, buf, pad_len - 16);  in osdp_compute_mac()
227 		/* N-1 th block is the IV for N th block */  in osdp_compute_mac()
228 		memcpy(iv, buf + pad_len - 32, 16);  in osdp_compute_mac()
231 	/* N-th Block encrypted with SMAC-2 == MAC */  in osdp_compute_mac()
232 	osdp_encrypt(pd->sc.s_mac2, iv, buf + pad_len - 16, 16);  in osdp_compute_mac()
233 	memcpy(is_cmd ? pd->sc.c_mac : pd->sc.r_mac, buf + pad_len - 16, 16);  in osdp_compute_mac()
244 		memcpy(scbk, pd->sc.scbk, 16);  in osdp_sc_setup()
246 	memset(&pd->sc, 0, sizeof(struct osdp_secure_channel));  in osdp_sc_setup()
248 		memcpy(pd->sc.scbk, scbk, 16);  in osdp_sc_setup()
252 		pd->sc.pd_client_uid[0] = BYTE_0(pd->id.vendor_code);  in osdp_sc_setup()
253 		pd->sc.pd_client_uid[1] = BYTE_1(pd->id.vendor_code);  in osdp_sc_setup()
254 		pd->sc.pd_client_uid[2] = BYTE_0(pd->id.model);  in osdp_sc_setup()
255 		pd->sc.pd_client_uid[3] = BYTE_1(pd->id.version);  in osdp_sc_setup()
256 		pd->sc.pd_client_uid[4] = BYTE_0(pd->id.serial_number);  in osdp_sc_setup()
257 		pd->sc.pd_client_uid[5] = BYTE_1(pd->id.serial_number);  in osdp_sc_setup()
258 		pd->sc.pd_client_uid[6] = BYTE_2(pd->id.serial_number);  in osdp_sc_setup()
259 		pd->sc.pd_client_uid[7] = BYTE_3(pd->id.serial_number);  in osdp_sc_setup()
261 		osdp_fill_random(pd->sc.cp_random, 8);  in osdp_sc_setup()