Fix bugs in SDM implementation

f00e832d · Jonathan Weth · 8f6471ac · f00e832d
Verified Commit f00e832d authored 1 year ago by Jonathan Weth
--- a/aleksis/apps/kort/models/sdm.py
+++ b/aleksis/apps/kort/models/sdm.py
 from binascii import unhexlify

 from django.core.exceptions import BadRequest
-from django.core.http import Request
+from django.http import HttpRequest

 from libsdm import EncMode, InvalidMessage, decrypt_sun_message
-from libsdm.derive import derive_undiversified_key, derive_tag_key
+from libsdm.derive import derive_tag_key, derive_undiversified_key
 from libsdm.util import parse_parameters

 from aleksis.core.mixins import ExtensibleModel, ObjectAuthenticator
@@ -15,13 +15,18 @@ from .cards import Card

 class NfcSdmAuthenticator(ObjectAuthenticator):
    """Object authenticator using NFC SDM."""
+
    name = "nfc_sdm"
    require_lrp = False

-    def authenticate(self, request: Request, obj: ExtensibleModel):
+    def authenticate(self, request: HttpRequest, obj: ExtensibleModel):
        """SUN decrypting authenticator"""
-        master_key = unhexlify(get_site_preferences()["nfc__sdm_master_key"])
-        param_mode, picc_enc_data, enc_file_data, sdmmac = parse_parameters(request.GET)
+        master_key = unhexlify(get_site_preferences()["kort__sdm_master_key"])
+        try:
+            param_mode, picc_enc_data, enc_file_data, sdmmac = parse_parameters(request.GET)
+        except ValueError as e:
+            raise BadRequest(**e.args)
+
        try:
            res = decrypt_sun_message(
                param_mode=param_mode,
@@ -40,13 +45,13 @@ class NfcSdmAuthenticator(ObjectAuthenticator):

        try:
            card = Card.objects.get(chip_number__iexact=res["uid"].hex())
-        except Card.DoesNotExact:
+        except Card.DoesNotExist:
            return False

        if card.person != obj:
            raise BadRequest("Card is not linked to identified object")

-        if card.last_read_counter <= res["read_ctr"]:
+        if card.last_read_counter >= res["read_ctr"]:
            raise BadRequest("Read counter went backwards, possible replay attack")
        card.last_read_counter = res["read_ctr"]
        card.save()