keycard-go/globalplatform/commands.go

package globalplatform

import (
	"github.com/status-im/status-go/smartcard/apdu"
	"github.com/status-im/status-go/smartcard/globalplatform/crypto"
)

const (
	ClaISO7816 = uint8(0x00)
	ClaGp      = uint8(0x80)
	ClaMac     = uint8(0x84)

	InsSelect               = uint8(0xA4)
	InsInitializeUpdate     = uint8(0x50)
	InsExternalAuthenticate = uint8(0x82)
	InsGetResponse          = uint8(0xC0)
	InsDelete               = uint8(0xE4)
	InsInstall              = uint8(0xE6)

	P1InstallForLoad = uint8(0x02)

	Sw1ResponseDataIncomplete = uint8(0x61)

	SwOK                            = uint16(0x9000)
	SwReferencedDataNotFound        = uint16(0x6A88)
	SwSecurityConditionNotSatisfied = uint16(0x6982)
	SwAuthenticationMethodBlocked   = uint16(0x6983)

	tagDeleteAID = byte(0x4F)
)

func NewCommandSelect(aid []byte) *apdu.Command {
	c := apdu.NewCommand(
		ClaISO7816,
		InsSelect,
		uint8(0x04),
		uint8(0x00),
		aid,
	)

	c.SetLe(0x00)

	return c
}

func NewCommandInitializeUpdate(challenge []byte) *apdu.Command {
	return apdu.NewCommand(
		ClaGp,
		InsInitializeUpdate,
		uint8(0x00),
		uint8(0x00),
		challenge,
	)
}

func NewCommandExternalAuthenticate(encKey, cardChallenge, hostChallenge []byte) (*apdu.Command, error) {
	hostCryptogram, err := calculateHostCryptogram(encKey, cardChallenge, hostChallenge)
	if err != nil {
		return nil, err
	}

	return apdu.NewCommand(
		ClaMac,
		InsExternalAuthenticate,
		uint8(0x01), // C-MAC
		uint8(0x00),
		hostCryptogram,
	), nil
}

func NewCommandGetResponse(length uint8) *apdu.Command {
	c := apdu.NewCommand(
		ClaISO7816,
		InsGetResponse,
		uint8(0),
		uint8(0),
		nil,
	)

	c.SetLe(length)

	return c
}

func NewCommandDelete(aid []byte) *apdu.Command {
	data := []byte{tagDeleteAID, byte(len(aid))}
	data = append(data, aid...)

	return apdu.NewCommand(
		ClaGp,
		InsDelete,
		uint8(0x00),
		uint8(0x00),
		data,
	)
}

func NewCommandInstallForLoad(aid, sdaid []byte) *apdu.Command {
	data := []byte{byte(len(aid))}
	data = append(data, aid...)
	data = append(data, byte(len(sdaid)))
	data = append(data, sdaid...)
	// empty hash length and hash
	data = append(data, []byte{0x00, 0x00, 0x00}...)

	return apdu.NewCommand(
		ClaGp,
		InsInstall,
		P1InstallForLoad,
		uint8(0x00),
		data,
	)
}

func calculateHostCryptogram(encKey, cardChallenge, hostChallenge []byte) ([]byte, error) {
	var data []byte
	data = append(data, cardChallenge...)
	data = append(data, hostChallenge...)
	data = crypto.AppendDESPadding(data)

	return crypto.Mac3DES(encKey, data, crypto.NullBytes8)
}
add Select command 2018-09-19 13:31:06 +00:00			`package globalplatform`

add external auth command 2018-10-01 11:25:24 +00:00			`import (`
			`"github.com/status-im/status-go/smartcard/apdu"`
			`"github.com/status-im/status-go/smartcard/globalplatform/crypto"`
			`)`
add Select command 2018-09-19 13:31:06 +00:00
add initialize update command 2018-09-25 15:43:26 +00:00			`const (`
add GetResponse command 2018-10-02 11:24:13 +00:00			`ClaISO7816 = uint8(0x00)`
			`ClaGp = uint8(0x80)`
			`ClaMac = uint8(0x84)`
add Select command 2018-09-19 13:31:06 +00:00
add external auth command 2018-10-01 11:25:24 +00:00			`InsSelect = uint8(0xA4)`
			`InsInitializeUpdate = uint8(0x50)`
			`InsExternalAuthenticate = uint8(0x82)`
add GetResponse command 2018-10-02 11:24:13 +00:00			`InsGetResponse = uint8(0xC0)`
add delete command 2018-10-02 11:44:14 +00:00			`InsDelete = uint8(0xE4)`
add install for load command 2018-10-02 15:15:17 +00:00			`InsInstall = uint8(0xE6)`

			`P1InstallForLoad = uint8(0x02)`
add GetResponse command 2018-10-02 11:24:13 +00:00
			`Sw1ResponseDataIncomplete = uint8(0x61)`
add tlv formatting to delete data 2018-10-02 12:24:30 +00:00
add delete command to installation process 2018-10-02 14:52:50 +00:00			`SwOK = uint16(0x9000)`
			`SwReferencedDataNotFound = uint16(0x6A88)`
			`SwSecurityConditionNotSatisfied = uint16(0x6982)`
			`SwAuthenticationMethodBlocked = uint16(0x6983)`

add tlv formatting to delete data 2018-10-02 12:24:30 +00:00			`tagDeleteAID = byte(0x4F)`
add initialize update command 2018-09-25 15:43:26 +00:00			`)`
add Select command 2018-09-19 13:31:06 +00:00
			`func NewCommandSelect(aid []byte) *apdu.Command {`
add GetResponse command 2018-10-02 11:24:13 +00:00			`c := apdu.NewCommand(`
			`ClaISO7816,`
add Select command 2018-09-19 13:31:06 +00:00			`InsSelect,`
			`uint8(0x04),`
			`uint8(0x00),`
			`aid,`
			`)`
add GetResponse command 2018-10-02 11:24:13 +00:00
			`c.SetLe(0x00)`

			`return c`
add Select command 2018-09-19 13:31:06 +00:00			`}`
add initialize update command 2018-09-25 15:43:26 +00:00
			`func NewCommandInitializeUpdate(challenge []byte) *apdu.Command {`
			`return apdu.NewCommand(`
			`ClaGp,`
			`InsInitializeUpdate,`
			`uint8(0x00),`
			`uint8(0x00),`
			`challenge,`
			`)`
			`}`
add external auth command 2018-10-01 11:25:24 +00:00
			`func NewCommandExternalAuthenticate(encKey, cardChallenge, hostChallenge []byte) (*apdu.Command, error) {`
			`hostCryptogram, err := calculateHostCryptogram(encKey, cardChallenge, hostChallenge)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return apdu.NewCommand(`
			`ClaMac,`
			`InsExternalAuthenticate,`
			`uint8(0x01), // C-MAC`
			`uint8(0x00),`
			`hostCryptogram,`
			`), nil`
			`}`

add GetResponse command 2018-10-02 11:24:13 +00:00			`func NewCommandGetResponse(length uint8) *apdu.Command {`
			`c := apdu.NewCommand(`
			`ClaISO7816,`
			`InsGetResponse,`
			`uint8(0),`
			`uint8(0),`
			`nil,`
			`)`

			`c.SetLe(length)`

			`return c`
			`}`

add delete command 2018-10-02 11:44:14 +00:00			`func NewCommandDelete(aid []byte) *apdu.Command {`
add tlv formatting to delete data 2018-10-02 12:24:30 +00:00			`data := []byte{tagDeleteAID, byte(len(aid))}`
			`data = append(data, aid...)`

add delete command 2018-10-02 11:44:14 +00:00			`return apdu.NewCommand(`
			`ClaGp,`
			`InsDelete,`
			`uint8(0x00),`
			`uint8(0x00),`
add tlv formatting to delete data 2018-10-02 12:24:30 +00:00			`data,`
add delete command 2018-10-02 11:44:14 +00:00			`)`
			`}`

add install for load command 2018-10-02 15:15:17 +00:00			`func NewCommandInstallForLoad(aid, sdaid []byte) *apdu.Command {`
			`data := []byte{byte(len(aid))}`
			`data = append(data, aid...)`
			`data = append(data, byte(len(sdaid)))`
			`data = append(data, sdaid...)`
			`// empty hash length and hash`
			`data = append(data, []byte{0x00, 0x00, 0x00}...)`

			`return apdu.NewCommand(`
			`ClaGp,`
			`InsInstall,`
			`P1InstallForLoad,`
			`uint8(0x00),`
			`data,`
			`)`
			`}`

add external auth command 2018-10-01 11:25:24 +00:00			`func calculateHostCryptogram(encKey, cardChallenge, hostChallenge []byte) ([]byte, error) {`
			`var data []byte`
			`data = append(data, cardChallenge...)`
			`data = append(data, hostChallenge...)`
			`data = crypto.AppendDESPadding(data)`

			`return crypto.Mac3DES(encKey, data, crypto.NullBytes8)`
			`}`