From f00e832d4ac1a3e391b348565391c42225ed6d09 Mon Sep 17 00:00:00 2001
From: Jonathan Weth <git@jonathanweth.de>
Date: Sat, 17 Jun 2023 17:17:14 +0200
Subject: [PATCH] Fix bugs in SDM implementation

---
 aleksis/apps/kort/models/sdm.py | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/aleksis/apps/kort/models/sdm.py b/aleksis/apps/kort/models/sdm.py
index 19de0e7..55aed0f 100644
--- a/aleksis/apps/kort/models/sdm.py
+++ b/aleksis/apps/kort/models/sdm.py
@@ -1,10 +1,10 @@
 from binascii import unhexlify
 
 from django.core.exceptions import BadRequest
-from django.core.http import Request
+from django.http import HttpRequest
 
 from libsdm import EncMode, InvalidMessage, decrypt_sun_message
-from libsdm.derive import derive_undiversified_key, derive_tag_key
+from libsdm.derive import derive_tag_key, derive_undiversified_key
 from libsdm.util import parse_parameters
 
 from aleksis.core.mixins import ExtensibleModel, ObjectAuthenticator
@@ -15,13 +15,18 @@ from .cards import Card
 
 class NfcSdmAuthenticator(ObjectAuthenticator):
     """Object authenticator using NFC SDM."""
+
     name = "nfc_sdm"
     require_lrp = False
 
-    def authenticate(self, request: Request, obj: ExtensibleModel):
+    def authenticate(self, request: HttpRequest, obj: ExtensibleModel):
         """SUN decrypting authenticator"""
-        master_key = unhexlify(get_site_preferences()["nfc__sdm_master_key"])
-        param_mode, picc_enc_data, enc_file_data, sdmmac = parse_parameters(request.GET)
+        master_key = unhexlify(get_site_preferences()["kort__sdm_master_key"])
+        try:
+            param_mode, picc_enc_data, enc_file_data, sdmmac = parse_parameters(request.GET)
+        except ValueError as e:
+            raise BadRequest(**e.args)
+
         try:
             res = decrypt_sun_message(
                 param_mode=param_mode,
@@ -40,13 +45,13 @@ class NfcSdmAuthenticator(ObjectAuthenticator):
 
         try:
             card = Card.objects.get(chip_number__iexact=res["uid"].hex())
-        except Card.DoesNotExact:
+        except Card.DoesNotExist:
             return False
 
         if card.person != obj:
             raise BadRequest("Card is not linked to identified object")
 
-        if card.last_read_counter <= res["read_ctr"]:
+        if card.last_read_counter >= res["read_ctr"]:
             raise BadRequest("Read counter went backwards, possible replay attack")
         card.last_read_counter = res["read_ctr"]
         card.save()
-- 
GitLab