2018-11-07 16:38:53 +00:00
|
|
|
package main
|
2018-10-02 11:25:04 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/rand"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
2018-10-03 14:26:57 +00:00
|
|
|
"os"
|
2018-10-02 11:25:04 +00:00
|
|
|
|
2018-11-06 09:25:54 +00:00
|
|
|
"github.com/status-im/hardware-wallet-go/apdu"
|
|
|
|
"github.com/status-im/hardware-wallet-go/globalplatform"
|
|
|
|
"github.com/status-im/hardware-wallet-go/lightwallet"
|
|
|
|
"github.com/status-im/hardware-wallet-go/lightwallet/actions"
|
2018-10-02 11:25:04 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
2018-11-06 17:38:13 +00:00
|
|
|
errAppletNotInstalled = errors.New("applet not installed")
|
|
|
|
errCardNotInitialized = errors.New("card not initialized")
|
|
|
|
errCardAlreadyInitialized = errors.New("card already initialized")
|
2018-11-28 11:42:20 +00:00
|
|
|
|
|
|
|
ErrNotInitialized = errors.New("card not initialized")
|
2018-10-02 11:25:04 +00:00
|
|
|
)
|
|
|
|
|
2018-11-08 14:08:03 +00:00
|
|
|
// Initializer defines a struct with methods to install applets and initialize a card.
|
|
|
|
type Initializer struct {
|
2018-10-05 11:53:35 +00:00
|
|
|
c globalplatform.Channel
|
2018-10-02 11:25:04 +00:00
|
|
|
}
|
|
|
|
|
2018-11-08 14:08:03 +00:00
|
|
|
// NewInitializer returns a new Initializer that communicates to Transmitter t.
|
|
|
|
func NewInitializer(t globalplatform.Transmitter) *Initializer {
|
|
|
|
return &Initializer{
|
2018-10-05 11:53:35 +00:00
|
|
|
c: globalplatform.NewNormalChannel(t),
|
2018-10-02 11:25:04 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-05 14:40:32 +00:00
|
|
|
// Install installs the applet from the specified capFile.
|
2018-11-08 14:08:03 +00:00
|
|
|
func (i *Initializer) Install(capFile *os.File, overwriteApplet bool) error {
|
2018-11-07 15:33:05 +00:00
|
|
|
info, err := actions.Select(i.c, lightwallet.WalletAID)
|
2018-10-02 11:25:04 +00:00
|
|
|
if err != nil {
|
2018-10-22 17:33:53 +00:00
|
|
|
return err
|
2018-10-02 11:25:04 +00:00
|
|
|
}
|
|
|
|
|
2018-11-06 11:54:11 +00:00
|
|
|
if info.Installed && !overwriteApplet {
|
|
|
|
return errors.New("applet already installed")
|
2018-10-04 14:06:55 +00:00
|
|
|
}
|
|
|
|
|
2018-11-07 15:33:05 +00:00
|
|
|
err = i.initGPSecureChannel(lightwallet.CardManagerAID)
|
2018-11-06 11:54:11 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
2018-10-04 14:06:55 +00:00
|
|
|
}
|
|
|
|
|
2019-02-15 15:32:27 +00:00
|
|
|
err = i.deleteAID(lightwallet.NdefInstanceAID, lightwallet.WalletInstanceAID, lightwallet.AppletPkgAID)
|
2018-10-02 11:25:04 +00:00
|
|
|
if err != nil {
|
2018-10-22 17:33:53 +00:00
|
|
|
return err
|
2018-10-02 11:25:04 +00:00
|
|
|
}
|
|
|
|
|
2018-10-19 11:45:35 +00:00
|
|
|
err = i.installApplets(capFile)
|
2018-10-02 11:25:04 +00:00
|
|
|
if err != nil {
|
2018-10-22 17:33:53 +00:00
|
|
|
return err
|
2018-10-02 11:25:04 +00:00
|
|
|
}
|
|
|
|
|
2018-10-22 17:33:53 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2018-11-08 14:08:03 +00:00
|
|
|
func (i *Initializer) Init() (*lightwallet.Secrets, error) {
|
2018-10-24 11:42:00 +00:00
|
|
|
secrets, err := lightwallet.NewSecrets()
|
2018-10-22 17:33:53 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-11-07 15:33:05 +00:00
|
|
|
info, err := actions.Select(i.c, lightwallet.WalletAID)
|
2018-10-24 16:16:14 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-11-06 12:04:00 +00:00
|
|
|
if !info.Installed {
|
2018-11-06 17:38:13 +00:00
|
|
|
return nil, errAppletNotInstalled
|
2018-11-06 12:04:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if info.Initialized {
|
2018-11-06 17:38:13 +00:00
|
|
|
return nil, errCardAlreadyInitialized
|
2018-11-06 12:04:00 +00:00
|
|
|
}
|
|
|
|
|
2018-11-07 15:33:05 +00:00
|
|
|
err = actions.Init(i.c, info.PublicKey, secrets, lightwallet.WalletAID)
|
2018-10-22 17:33:53 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return secrets, nil
|
2018-10-04 13:05:12 +00:00
|
|
|
}
|
|
|
|
|
2018-11-08 14:08:03 +00:00
|
|
|
func (i *Initializer) Pair(pairingPass, pin string) (*lightwallet.PairingInfo, error) {
|
2018-11-28 11:42:20 +00:00
|
|
|
appInfo, err := actions.Select(i.c, lightwallet.WalletAID)
|
2018-10-24 16:16:14 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-11-28 11:42:20 +00:00
|
|
|
if !appInfo.Initialized {
|
|
|
|
return nil, ErrNotInitialized
|
|
|
|
}
|
|
|
|
|
2018-10-24 16:16:14 +00:00
|
|
|
return actions.Pair(i.c, pairingPass, pin)
|
|
|
|
}
|
|
|
|
|
2018-11-06 17:38:13 +00:00
|
|
|
// Info returns a lightwallet.ApplicationInfo struct with info about the card.
|
2018-11-08 14:08:03 +00:00
|
|
|
func (i *Initializer) Info() (*lightwallet.ApplicationInfo, error) {
|
2018-11-07 15:33:05 +00:00
|
|
|
return actions.Select(i.c, lightwallet.WalletAID)
|
2018-10-04 15:02:10 +00:00
|
|
|
}
|
|
|
|
|
2018-11-06 17:38:13 +00:00
|
|
|
// Status returns
|
2018-11-08 14:08:03 +00:00
|
|
|
func (i *Initializer) Status(index uint8, key []byte) (*lightwallet.ApplicationStatus, error) {
|
2018-11-07 15:33:05 +00:00
|
|
|
info, err := actions.Select(i.c, lightwallet.WalletAID)
|
2018-11-06 17:38:13 +00:00
|
|
|
if err != nil {
|
2018-11-07 13:39:58 +00:00
|
|
|
return nil, err
|
2018-11-06 17:38:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if !info.Installed {
|
2018-11-07 13:39:58 +00:00
|
|
|
return nil, errAppletNotInstalled
|
2018-11-06 17:38:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if !info.Initialized {
|
2018-11-07 13:39:58 +00:00
|
|
|
return nil, errCardNotInitialized
|
2018-11-06 17:38:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
sc, err := actions.OpenSecureChannel(i.c, info, index, key)
|
|
|
|
if err != nil {
|
2018-11-07 13:39:58 +00:00
|
|
|
return nil, err
|
2018-11-06 17:38:13 +00:00
|
|
|
}
|
|
|
|
|
2018-11-07 13:39:58 +00:00
|
|
|
return actions.GetStatusApplication(sc)
|
2018-11-06 17:38:13 +00:00
|
|
|
}
|
|
|
|
|
2018-10-05 14:40:32 +00:00
|
|
|
// Delete deletes the applet and related package from the card.
|
2018-11-08 14:08:03 +00:00
|
|
|
func (i *Initializer) Delete() error {
|
2018-11-07 15:33:05 +00:00
|
|
|
err := i.initGPSecureChannel(lightwallet.CardManagerAID)
|
2018-10-04 15:02:10 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-02-15 15:32:27 +00:00
|
|
|
return i.deleteAID(lightwallet.NdefInstanceAID, lightwallet.WalletInstanceAID, lightwallet.AppletPkgAID)
|
2018-10-04 15:02:10 +00:00
|
|
|
}
|
|
|
|
|
2018-11-08 14:08:03 +00:00
|
|
|
func (i *Initializer) initGPSecureChannel(sdaid []byte) error {
|
2018-10-04 13:05:12 +00:00
|
|
|
// select card manager
|
|
|
|
err := i.selectAID(sdaid)
|
2018-10-02 11:25:04 +00:00
|
|
|
if err != nil {
|
2018-10-04 13:05:12 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// initialize update
|
|
|
|
session, err := i.initializeUpdate()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2018-10-02 11:25:04 +00:00
|
|
|
}
|
|
|
|
|
2018-10-05 11:53:35 +00:00
|
|
|
i.c = globalplatform.NewSecureChannel(session, i.c)
|
2018-10-02 11:25:04 +00:00
|
|
|
|
|
|
|
// external authenticate
|
2018-10-04 13:05:12 +00:00
|
|
|
return i.externalAuthenticate(session)
|
|
|
|
}
|
|
|
|
|
2018-11-08 14:08:03 +00:00
|
|
|
func (i *Initializer) selectAID(aid []byte) error {
|
2018-11-07 15:33:05 +00:00
|
|
|
sel := globalplatform.NewCommandSelect(lightwallet.CardManagerAID)
|
2018-10-04 13:05:12 +00:00
|
|
|
_, err := i.send("select", sel)
|
|
|
|
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2018-11-08 14:08:03 +00:00
|
|
|
func (i *Initializer) initializeUpdate() (*globalplatform.Session, error) {
|
2018-10-04 13:05:12 +00:00
|
|
|
hostChallenge, err := generateHostChallenge()
|
2018-10-02 11:25:04 +00:00
|
|
|
if err != nil {
|
2018-10-04 10:10:19 +00:00
|
|
|
return nil, err
|
2018-10-02 11:25:04 +00:00
|
|
|
}
|
|
|
|
|
2018-10-04 13:05:12 +00:00
|
|
|
init := globalplatform.NewCommandInitializeUpdate(hostChallenge)
|
|
|
|
resp, err := i.send("initialize update", init)
|
2018-10-02 11:25:04 +00:00
|
|
|
if err != nil {
|
2018-10-04 10:10:19 +00:00
|
|
|
return nil, err
|
2018-10-02 11:25:04 +00:00
|
|
|
}
|
|
|
|
|
2018-10-04 13:05:12 +00:00
|
|
|
// verify cryptogram and initialize session keys
|
2018-11-07 15:33:05 +00:00
|
|
|
keys := globalplatform.NewKeyProvider(lightwallet.CardTestKey, lightwallet.CardTestKey)
|
2018-10-04 13:05:12 +00:00
|
|
|
session, err := globalplatform.NewSession(keys, resp, hostChallenge)
|
|
|
|
|
|
|
|
return session, err
|
|
|
|
}
|
|
|
|
|
2018-11-08 14:08:03 +00:00
|
|
|
func (i *Initializer) externalAuthenticate(session *globalplatform.Session) error {
|
2018-10-04 13:05:12 +00:00
|
|
|
encKey := session.KeyProvider().Enc()
|
|
|
|
extAuth, err := globalplatform.NewCommandExternalAuthenticate(encKey, session.CardChallenge(), session.HostChallenge())
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2018-10-02 14:52:50 +00:00
|
|
|
}
|
|
|
|
|
2018-10-04 13:05:12 +00:00
|
|
|
_, err = i.send("external authenticate", extAuth)
|
|
|
|
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2018-11-08 14:08:03 +00:00
|
|
|
func (i *Initializer) deleteAID(aids ...[]byte) error {
|
2018-10-02 14:52:50 +00:00
|
|
|
for _, aid := range aids {
|
|
|
|
del := globalplatform.NewCommandDelete(aid)
|
2018-10-04 13:05:12 +00:00
|
|
|
_, err := i.send("delete", del, globalplatform.SwOK, globalplatform.SwReferencedDataNotFound)
|
2018-10-02 14:52:50 +00:00
|
|
|
if err != nil {
|
2018-10-04 13:05:12 +00:00
|
|
|
return err
|
2018-10-02 14:52:50 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-04 13:05:12 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-11-08 14:08:03 +00:00
|
|
|
func (i *Initializer) installApplets(capFile *os.File) error {
|
2018-10-03 14:26:57 +00:00
|
|
|
// install for load
|
2018-11-07 15:33:05 +00:00
|
|
|
preLoad := globalplatform.NewCommandInstallForLoad(lightwallet.AppletPkgAID, lightwallet.CardManagerAID)
|
2018-10-04 13:05:12 +00:00
|
|
|
_, err := i.send("install for load", preLoad)
|
2018-10-03 14:26:57 +00:00
|
|
|
if err != nil {
|
2018-10-19 11:45:35 +00:00
|
|
|
return err
|
2018-10-03 14:26:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// load
|
|
|
|
load, err := globalplatform.NewLoadCommandStream(capFile)
|
|
|
|
if err != nil {
|
2018-10-19 11:45:35 +00:00
|
|
|
return err
|
2018-10-03 14:26:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for load.Next() {
|
|
|
|
cmd := load.GetCommand()
|
2019-02-15 15:26:55 +00:00
|
|
|
_, err = i.send(fmt.Sprintf("load %d of 40", load.Index()+1), cmd)
|
2018-10-03 14:26:57 +00:00
|
|
|
if err != nil {
|
2018-10-19 11:45:35 +00:00
|
|
|
return err
|
2018-10-03 14:26:57 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-07 15:33:05 +00:00
|
|
|
installNdef := globalplatform.NewCommandInstallForInstall(lightwallet.AppletPkgAID, lightwallet.NdefAppletAID, lightwallet.NdefInstanceAID, []byte{})
|
2018-10-19 11:45:35 +00:00
|
|
|
_, err = i.send("install for install (ndef)", installNdef)
|
2018-10-04 10:10:19 +00:00
|
|
|
if err != nil {
|
2018-10-19 11:45:35 +00:00
|
|
|
return err
|
2018-10-04 10:10:19 +00:00
|
|
|
}
|
|
|
|
|
2019-02-15 15:26:38 +00:00
|
|
|
installWallet := globalplatform.NewCommandInstallForInstall(lightwallet.AppletPkgAID, lightwallet.WalletAID, lightwallet.WalletInstanceAID, []byte{})
|
2018-10-19 11:45:35 +00:00
|
|
|
_, err = i.send("install for install (wallet)", installWallet)
|
2018-10-04 10:10:19 +00:00
|
|
|
|
2018-10-19 11:45:35 +00:00
|
|
|
return err
|
2018-10-02 11:25:04 +00:00
|
|
|
}
|
|
|
|
|
2018-11-08 14:08:03 +00:00
|
|
|
func (i *Initializer) send(description string, cmd *apdu.Command, allowedResponses ...uint16) (*apdu.Response, error) {
|
2018-10-05 09:35:56 +00:00
|
|
|
logger.Debug("sending apdu command", "name", description)
|
2018-10-02 11:25:04 +00:00
|
|
|
resp, err := i.c.Send(cmd)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(allowedResponses) == 0 {
|
|
|
|
allowedResponses = []uint16{apdu.SwOK}
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, code := range allowedResponses {
|
|
|
|
if code == resp.Sw {
|
|
|
|
return resp, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-05 14:40:32 +00:00
|
|
|
err = fmt.Errorf("unexpected response from command %s: %x", description, resp.Sw)
|
2018-10-02 11:25:04 +00:00
|
|
|
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
func generateHostChallenge() ([]byte, error) {
|
|
|
|
c := make([]byte, 8)
|
|
|
|
_, err := rand.Read(c)
|
|
|
|
return c, err
|
|
|
|
}
|