Skip to content
Snippets Groups Projects

Draft: Resolve "Object / Person identification using SDM NFC cards"

1 file
+ 12
7
Compare changes
  • Side-by-side
  • Inline
from binascii import unhexlify
from django.core.exceptions import BadRequest
from django.core.http import Request
from django.http import HttpRequest
from libsdm import EncMode, InvalidMessage, decrypt_sun_message
from libsdm.derive import derive_undiversified_key, derive_tag_key
from libsdm.derive import derive_tag_key, derive_undiversified_key
from libsdm.util import parse_parameters
from aleksis.core.mixins import ExtensibleModel, ObjectAuthenticator
@@ -15,13 +15,18 @@ from .cards import Card
class NfcSdmAuthenticator(ObjectAuthenticator):
"""Object authenticator using NFC SDM."""
name = "nfc_sdm"
require_lrp = False
def authenticate(self, request: Request, obj: ExtensibleModel):
def authenticate(self, request: HttpRequest, obj: ExtensibleModel):
"""SUN decrypting authenticator"""
master_key = unhexlify(get_site_preferences()["nfc__sdm_master_key"])
param_mode, picc_enc_data, enc_file_data, sdmmac = parse_parameters(request.GET)
master_key = unhexlify(get_site_preferences()["kort__sdm_master_key"])
try:
param_mode, picc_enc_data, enc_file_data, sdmmac = parse_parameters(request.GET)
except ValueError as e:
raise BadRequest(**e.args)
try:
res = decrypt_sun_message(
param_mode=param_mode,
@@ -40,13 +45,13 @@ class NfcSdmAuthenticator(ObjectAuthenticator):
try:
card = Card.objects.get(chip_number__iexact=res["uid"].hex())
except Card.DoesNotExact:
except Card.DoesNotExist:
return False
if card.person != obj:
raise BadRequest("Card is not linked to identified object")
if card.last_read_counter <= res["read_ctr"]:
if card.last_read_counter >= res["read_ctr"]:
raise BadRequest("Read counter went backwards, possible replay attack")
card.last_read_counter = res["read_ctr"]
card.save()
Loading