2019-03-01 17:44:07 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"crypto/rand"
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
|
|
|
|
"os"
|
|
|
|
|
|
2019-03-11 10:05:28 +00:00
|
|
|
keycard "github.com/status-im/keycard-go"
|
2019-03-01 17:44:07 +00:00
|
|
|
"github.com/status-im/keycard-go/apdu"
|
|
|
|
|
"github.com/status-im/keycard-go/globalplatform"
|
2019-03-11 10:05:28 +00:00
|
|
|
"github.com/status-im/keycard-go/identifiers"
|
|
|
|
|
"github.com/status-im/keycard-go/types"
|
2019-03-01 17:44:07 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
errAppletNotInstalled = errors.New("applet not installed")
|
|
|
|
|
errCardNotInitialized = errors.New("card not initialized")
|
|
|
|
|
errCardAlreadyInitialized = errors.New("card already initialized")
|
|
|
|
|
|
|
|
|
|
ErrNotInitialized = errors.New("card not initialized")
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Initializer defines a struct with methods to install applets and initialize a card.
|
|
|
|
|
type Initializer struct {
|
2019-03-11 10:49:00 +00:00
|
|
|
c types.Channel
|
2019-03-01 17:44:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NewInitializer returns a new Initializer that communicates to Transmitter t.
|
|
|
|
|
func NewInitializer(t globalplatform.Transmitter) *Initializer {
|
|
|
|
|
return &Initializer{
|
|
|
|
|
c: globalplatform.NewNormalChannel(t),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-11 10:05:28 +00:00
|
|
|
func (i *Initializer) Init() (*keycard.Secrets, error) {
|
|
|
|
|
secrets, err := keycard.NewSecrets()
|
2019-03-01 17:44:07 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-11 10:05:28 +00:00
|
|
|
info, err := keycard.Select(i.c, identifiers.KeycardAID)
|
2019-03-01 17:44:07 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !info.Installed {
|
|
|
|
|
return nil, errAppletNotInstalled
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if info.Initialized {
|
|
|
|
|
return nil, errCardAlreadyInitialized
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-11 10:05:28 +00:00
|
|
|
err = keycard.Init(i.c, info.PublicKey, secrets, identifiers.KeycardAID)
|
2019-03-01 17:44:07 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return secrets, nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-11 10:05:28 +00:00
|
|
|
// Info returns a types.ApplicationInfo struct with info about the card.
|
|
|
|
|
func (i *Initializer) Info() (*types.ApplicationInfo, error) {
|
|
|
|
|
return keycard.Select(i.c, identifiers.KeycardAID)
|
2019-03-01 17:44:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (i *Initializer) initGPSecureChannel(sdaid []byte) error {
|
|
|
|
|
// select card manager
|
|
|
|
|
err := i.selectAID(sdaid)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// initialize update
|
|
|
|
|
session, err := i.initializeUpdate()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
i.c = globalplatform.NewSecureChannel(session, i.c)
|
|
|
|
|
|
|
|
|
|
// external authenticate
|
|
|
|
|
return i.externalAuthenticate(session)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (i *Initializer) selectAID(aid []byte) error {
|
2019-03-11 10:49:00 +00:00
|
|
|
sel := globalplatform.NewCommandSelect(identifiers.CardManagerAID)
|
2019-03-01 17:44:07 +00:00
|
|
|
_, err := i.send("select", sel)
|
|
|
|
|
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (i *Initializer) initializeUpdate() (*globalplatform.Session, error) {
|
|
|
|
|
hostChallenge, err := generateHostChallenge()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
init := globalplatform.NewCommandInitializeUpdate(hostChallenge)
|
|
|
|
|
resp, err := i.send("initialize update", init)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// verify cryptogram and initialize session keys
|
2019-03-11 10:05:28 +00:00
|
|
|
keys := globalplatform.NewSCP02Keys(identifiers.CardTestKey, identifiers.CardTestKey)
|
2019-03-01 17:44:07 +00:00
|
|
|
session, err := globalplatform.NewSession(keys, resp, hostChallenge)
|
|
|
|
|
|
|
|
|
|
return session, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (i *Initializer) externalAuthenticate(session *globalplatform.Session) error {
|
2019-03-06 09:43:37 +00:00
|
|
|
encKey := session.Keys().Enc()
|
2019-03-01 17:44:07 +00:00
|
|
|
extAuth, err := globalplatform.NewCommandExternalAuthenticate(encKey, session.CardChallenge(), session.HostChallenge())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, err = i.send("external authenticate", extAuth)
|
|
|
|
|
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (i *Initializer) deleteAID(aids ...[]byte) error {
|
|
|
|
|
for _, aid := range aids {
|
|
|
|
|
del := globalplatform.NewCommandDelete(aid)
|
|
|
|
|
_, err := i.send("delete", del, globalplatform.SwOK, globalplatform.SwReferencedDataNotFound)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (i *Initializer) installApplets(capFile *os.File) error {
|
|
|
|
|
// install for load
|
2019-03-11 10:49:00 +00:00
|
|
|
preLoad := globalplatform.NewCommandInstallForLoad(identifiers.PackageAID, identifiers.CardManagerAID)
|
2019-03-01 17:44:07 +00:00
|
|
|
_, err := i.send("install for load", preLoad)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// load
|
|
|
|
|
load, err := globalplatform.NewLoadCommandStream(capFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for load.Next() {
|
|
|
|
|
cmd := load.GetCommand()
|
|
|
|
|
_, err = i.send(fmt.Sprintf("load %d of 40", load.Index()+1), cmd)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-11 10:05:28 +00:00
|
|
|
installNdef := globalplatform.NewCommandInstallForInstall(identifiers.PackageAID, identifiers.NdefAID, identifiers.NdefInstanceAID, []byte{})
|
2019-03-01 17:44:07 +00:00
|
|
|
_, err = i.send("install for install (ndef)", installNdef)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-11 10:05:28 +00:00
|
|
|
instanceAID, err := identifiers.KeycardInstanceAID(1)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
installWallet := globalplatform.NewCommandInstallForInstall(identifiers.PackageAID, identifiers.KeycardAID, instanceAID, []byte{})
|
2019-03-01 17:44:07 +00:00
|
|
|
_, err = i.send("install for install (wallet)", installWallet)
|
|
|
|
|
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (i *Initializer) send(description string, cmd *apdu.Command, allowedResponses ...uint16) (*apdu.Response, error) {
|
|
|
|
|
logger.Debug("sending apdu command", "name", description)
|
|
|
|
|
resp, err := i.c.Send(cmd)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(allowedResponses) == 0 {
|
|
|
|
|
allowedResponses = []uint16{apdu.SwOK}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, code := range allowedResponses {
|
|
|
|
|
if code == resp.Sw {
|
|
|
|
|
return resp, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = fmt.Errorf("unexpected response from command %s: %x", description, resp.Sw)
|
|
|
|
|
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func generateHostChallenge() ([]byte, error) {
|
|
|
|
|
c := make([]byte, 8)
|
|
|
|
|
_, err := rand.Read(c)
|
|
|
|
|
return c, err
|
|
|
|
|
}
|
