keycard-go/cmd/status-hardware-wallet/initializer.go

272 lines
6.5 KiB
Go
Raw Normal View History

2018-11-07 16:38:53 +00:00
package main
import (
"crypto/rand"
"errors"
"fmt"
2018-10-03 14:26:57 +00:00
"os"
2018-11-06 09:25:54 +00:00
"github.com/status-im/hardware-wallet-go/apdu"
"github.com/status-im/hardware-wallet-go/globalplatform"
"github.com/status-im/hardware-wallet-go/lightwallet"
"github.com/status-im/hardware-wallet-go/lightwallet/actions"
)
var (
2018-11-06 17:38:13 +00:00
errAppletNotInstalled = errors.New("applet not installed")
errCardNotInitialized = errors.New("card not initialized")
errCardAlreadyInitialized = errors.New("card already initialized")
2018-11-28 11:42:20 +00:00
ErrNotInitialized = errors.New("card not initialized")
)
2018-11-08 14:08:03 +00:00
// Initializer defines a struct with methods to install applets and initialize a card.
type Initializer struct {
c globalplatform.Channel
}
2018-11-08 14:08:03 +00:00
// NewInitializer returns a new Initializer that communicates to Transmitter t.
func NewInitializer(t globalplatform.Transmitter) *Initializer {
return &Initializer{
c: globalplatform.NewNormalChannel(t),
}
}
2018-10-05 14:40:32 +00:00
// Install installs the applet from the specified capFile.
2018-11-08 14:08:03 +00:00
func (i *Initializer) Install(capFile *os.File, overwriteApplet bool) error {
2018-11-07 15:33:05 +00:00
info, err := actions.Select(i.c, lightwallet.WalletAID)
if err != nil {
2018-10-22 17:33:53 +00:00
return err
}
2018-11-06 11:54:11 +00:00
if info.Installed && !overwriteApplet {
return errors.New("applet already installed")
2018-10-04 14:06:55 +00:00
}
2018-11-07 15:33:05 +00:00
err = i.initGPSecureChannel(lightwallet.CardManagerAID)
2018-11-06 11:54:11 +00:00
if err != nil {
return err
2018-10-04 14:06:55 +00:00
}
2019-02-15 15:32:27 +00:00
err = i.deleteAID(lightwallet.NdefInstanceAID, lightwallet.WalletInstanceAID, lightwallet.AppletPkgAID)
if err != nil {
2018-10-22 17:33:53 +00:00
return err
}
2018-10-19 11:45:35 +00:00
err = i.installApplets(capFile)
if err != nil {
2018-10-22 17:33:53 +00:00
return err
}
2018-10-22 17:33:53 +00:00
return err
}
2018-11-08 14:08:03 +00:00
func (i *Initializer) Init() (*lightwallet.Secrets, error) {
2018-10-24 11:42:00 +00:00
secrets, err := lightwallet.NewSecrets()
2018-10-22 17:33:53 +00:00
if err != nil {
return nil, err
}
2018-11-07 15:33:05 +00:00
info, err := actions.Select(i.c, lightwallet.WalletAID)
2018-10-24 16:16:14 +00:00
if err != nil {
return nil, err
}
if !info.Installed {
2018-11-06 17:38:13 +00:00
return nil, errAppletNotInstalled
}
if info.Initialized {
2018-11-06 17:38:13 +00:00
return nil, errCardAlreadyInitialized
}
2018-11-07 15:33:05 +00:00
err = actions.Init(i.c, info.PublicKey, secrets, lightwallet.WalletAID)
2018-10-22 17:33:53 +00:00
if err != nil {
return nil, err
}
return secrets, nil
}
2018-11-08 14:08:03 +00:00
func (i *Initializer) Pair(pairingPass, pin string) (*lightwallet.PairingInfo, error) {
2018-11-28 11:42:20 +00:00
appInfo, err := actions.Select(i.c, lightwallet.WalletAID)
2018-10-24 16:16:14 +00:00
if err != nil {
return nil, err
}
2018-11-28 11:42:20 +00:00
if !appInfo.Initialized {
return nil, ErrNotInitialized
}
2018-10-24 16:16:14 +00:00
return actions.Pair(i.c, pairingPass, pin)
}
2018-11-06 17:38:13 +00:00
// Info returns a lightwallet.ApplicationInfo struct with info about the card.
2018-11-08 14:08:03 +00:00
func (i *Initializer) Info() (*lightwallet.ApplicationInfo, error) {
2018-11-07 15:33:05 +00:00
return actions.Select(i.c, lightwallet.WalletAID)
}
2018-11-06 17:38:13 +00:00
// Status returns
2018-11-08 14:08:03 +00:00
func (i *Initializer) Status(index uint8, key []byte) (*lightwallet.ApplicationStatus, error) {
2018-11-07 15:33:05 +00:00
info, err := actions.Select(i.c, lightwallet.WalletAID)
2018-11-06 17:38:13 +00:00
if err != nil {
2018-11-07 13:39:58 +00:00
return nil, err
2018-11-06 17:38:13 +00:00
}
if !info.Installed {
2018-11-07 13:39:58 +00:00
return nil, errAppletNotInstalled
2018-11-06 17:38:13 +00:00
}
if !info.Initialized {
2018-11-07 13:39:58 +00:00
return nil, errCardNotInitialized
2018-11-06 17:38:13 +00:00
}
sc, err := actions.OpenSecureChannel(i.c, info, index, key)
if err != nil {
2018-11-07 13:39:58 +00:00
return nil, err
2018-11-06 17:38:13 +00:00
}
2018-11-07 13:39:58 +00:00
return actions.GetStatusApplication(sc)
2018-11-06 17:38:13 +00:00
}
2018-10-05 14:40:32 +00:00
// Delete deletes the applet and related package from the card.
2018-11-08 14:08:03 +00:00
func (i *Initializer) Delete() error {
2018-11-07 15:33:05 +00:00
err := i.initGPSecureChannel(lightwallet.CardManagerAID)
if err != nil {
return err
}
2019-02-15 15:32:27 +00:00
return i.deleteAID(lightwallet.NdefInstanceAID, lightwallet.WalletInstanceAID, lightwallet.AppletPkgAID)
}
2018-11-08 14:08:03 +00:00
func (i *Initializer) initGPSecureChannel(sdaid []byte) error {
// select card manager
err := i.selectAID(sdaid)
if err != nil {
return err
}
// initialize update
session, err := i.initializeUpdate()
if err != nil {
return err
}
i.c = globalplatform.NewSecureChannel(session, i.c)
// external authenticate
return i.externalAuthenticate(session)
}
2018-11-08 14:08:03 +00:00
func (i *Initializer) selectAID(aid []byte) error {
2018-11-07 15:33:05 +00:00
sel := globalplatform.NewCommandSelect(lightwallet.CardManagerAID)
_, err := i.send("select", sel)
return err
}
2018-11-08 14:08:03 +00:00
func (i *Initializer) initializeUpdate() (*globalplatform.Session, error) {
hostChallenge, err := generateHostChallenge()
if err != nil {
2018-10-04 10:10:19 +00:00
return nil, err
}
init := globalplatform.NewCommandInitializeUpdate(hostChallenge)
resp, err := i.send("initialize update", init)
if err != nil {
2018-10-04 10:10:19 +00:00
return nil, err
}
// verify cryptogram and initialize session keys
2018-11-07 15:33:05 +00:00
keys := globalplatform.NewKeyProvider(lightwallet.CardTestKey, lightwallet.CardTestKey)
session, err := globalplatform.NewSession(keys, resp, hostChallenge)
return session, err
}
2018-11-08 14:08:03 +00:00
func (i *Initializer) externalAuthenticate(session *globalplatform.Session) error {
encKey := session.KeyProvider().Enc()
extAuth, err := globalplatform.NewCommandExternalAuthenticate(encKey, session.CardChallenge(), session.HostChallenge())
if err != nil {
return err
}
_, err = i.send("external authenticate", extAuth)
return err
}
2018-11-08 14:08:03 +00:00
func (i *Initializer) deleteAID(aids ...[]byte) error {
for _, aid := range aids {
del := globalplatform.NewCommandDelete(aid)
_, err := i.send("delete", del, globalplatform.SwOK, globalplatform.SwReferencedDataNotFound)
if err != nil {
return err
}
}
return nil
}
2018-11-08 14:08:03 +00:00
func (i *Initializer) installApplets(capFile *os.File) error {
2018-10-03 14:26:57 +00:00
// install for load
2018-11-07 15:33:05 +00:00
preLoad := globalplatform.NewCommandInstallForLoad(lightwallet.AppletPkgAID, lightwallet.CardManagerAID)
_, err := i.send("install for load", preLoad)
2018-10-03 14:26:57 +00:00
if err != nil {
2018-10-19 11:45:35 +00:00
return err
2018-10-03 14:26:57 +00:00
}
// load
load, err := globalplatform.NewLoadCommandStream(capFile)
if err != nil {
2018-10-19 11:45:35 +00:00
return err
2018-10-03 14:26:57 +00:00
}
for load.Next() {
cmd := load.GetCommand()
2019-02-15 15:26:55 +00:00
_, err = i.send(fmt.Sprintf("load %d of 40", load.Index()+1), cmd)
2018-10-03 14:26:57 +00:00
if err != nil {
2018-10-19 11:45:35 +00:00
return err
2018-10-03 14:26:57 +00:00
}
}
2018-11-07 15:33:05 +00:00
installNdef := globalplatform.NewCommandInstallForInstall(lightwallet.AppletPkgAID, lightwallet.NdefAppletAID, lightwallet.NdefInstanceAID, []byte{})
2018-10-19 11:45:35 +00:00
_, err = i.send("install for install (ndef)", installNdef)
2018-10-04 10:10:19 +00:00
if err != nil {
2018-10-19 11:45:35 +00:00
return err
2018-10-04 10:10:19 +00:00
}
2019-02-15 15:26:38 +00:00
installWallet := globalplatform.NewCommandInstallForInstall(lightwallet.AppletPkgAID, lightwallet.WalletAID, lightwallet.WalletInstanceAID, []byte{})
2018-10-19 11:45:35 +00:00
_, err = i.send("install for install (wallet)", installWallet)
2018-10-04 10:10:19 +00:00
2018-10-19 11:45:35 +00:00
return err
}
2018-11-08 14:08:03 +00:00
func (i *Initializer) send(description string, cmd *apdu.Command, allowedResponses ...uint16) (*apdu.Response, error) {
2018-10-05 09:35:56 +00:00
logger.Debug("sending apdu command", "name", description)
resp, err := i.c.Send(cmd)
if err != nil {
return nil, err
}
if len(allowedResponses) == 0 {
allowedResponses = []uint16{apdu.SwOK}
}
for _, code := range allowedResponses {
if code == resp.Sw {
return resp, nil
}
}
2018-10-05 14:40:32 +00:00
err = fmt.Errorf("unexpected response from command %s: %x", description, resp.Sw)
return nil, err
}
func generateHostChallenge() ([]byte, error) {
c := make([]byte, 8)
_, err := rand.Read(c)
return c, err
}