keycard-go/secure_channel.go

package keycard

import (
	"bytes"
	"crypto/ecdsa"
	"errors"

	ethcrypto "github.com/ethereum/go-ethereum/crypto"
	"github.com/status-im/keycard-go/apdu"
	"github.com/status-im/keycard-go/crypto"
	"github.com/status-im/keycard-go/globalplatform"
	"github.com/status-im/keycard-go/hexutils"
	"github.com/status-im/keycard-go/types"
)

var ErrInvalidResponseMAC = errors.New("invalid response MAC")

type SecureChannel struct {
	c         types.Channel
	open      bool
	secret    []byte
	publicKey *ecdsa.PublicKey
	encKey    []byte
	macKey    []byte
	iv        []byte
}

func NewSecureChannel(c types.Channel) *SecureChannel {
	return &SecureChannel{
		c: c,
	}
}

func (sc *SecureChannel) GenerateSecret(cardPubKeyData []byte) error {
	key, err := ethcrypto.GenerateKey()
	if err != nil {
		return err
	}

	cardPubKey, err := ethcrypto.UnmarshalPubkey(cardPubKeyData)
	if err != nil {
		return err
	}

	sc.publicKey = &key.PublicKey
	sc.secret = crypto.GenerateECDHSharedSecret(key, cardPubKey)

	return nil
}

func (sc *SecureChannel) Reset() {
	sc.open = false
}

func (sc *SecureChannel) Init(iv, encKey, macKey []byte) {
	sc.iv = iv
	sc.encKey = encKey
	sc.macKey = macKey
	sc.open = true
}

func (sc *SecureChannel) Secret() []byte {
	return sc.secret
}

func (sc *SecureChannel) PublicKey() *ecdsa.PublicKey {
	return sc.publicKey
}

func (sc *SecureChannel) RawPublicKey() []byte {
	return ethcrypto.FromECDSAPub(sc.publicKey)
}

func (sc *SecureChannel) Send(cmd *apdu.Command) (*apdu.Response, error) {
	if sc.open {
		encData, err := crypto.EncryptData(cmd.Data, sc.encKey, sc.iv)
		if err != nil {
			return nil, err
		}

		meta := []byte{cmd.Cla, cmd.Ins, cmd.P1, cmd.P2, byte(len(encData) + 16), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
		if err = sc.updateIV(meta, encData); err != nil {
			return nil, err
		}

		newData := append(sc.iv, encData...)
		cmd.Data = newData
	}

	resp, err := sc.c.Send(cmd)
	if err != nil {
		return nil, err
	}

	if resp.Sw != globalplatform.SwOK {
		return nil, apdu.NewErrBadResponse(resp.Sw, "unexpected sw in secure channel")
	}

	var plainData []byte

	if sc.open {
		rmeta := []byte{byte(len(resp.Data)), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
		rmac := resp.Data[:len(sc.iv)]
		rdata := resp.Data[len(sc.iv):]

		if plainData, err = crypto.DecryptData(rdata, sc.encKey, sc.iv); err != nil {
			return nil, err
		}

		if err = sc.updateIV(rmeta, rdata); err != nil {
			return nil, err
		}

		if !bytes.Equal(sc.iv, rmac) {
			return nil, ErrInvalidResponseMAC
		}

		logger.Debug("apdu response decrypted", "hex", hexutils.BytesToHexWithSpaces(plainData))
	} else {
		plainData = resp.Data
	}

	return apdu.ParseResponse(plainData)
}

func (sc *SecureChannel) updateIV(meta, data []byte) error {
	mac, err := crypto.CalculateMac(meta, data, sc.macKey)
	if err != nil {
		return err
	}

	sc.iv = mac

	return nil
}

func (sc *SecureChannel) OneShotEncrypt(secrets *Secrets) ([]byte, error) {
	pubKeyData := ethcrypto.FromECDSAPub(sc.publicKey)
	data := append([]byte(secrets.Pin()), []byte(secrets.Puk())...)
	data = append(data, secrets.PairingToken()...)

	return crypto.OneShotEncrypt(pubKeyData, sc.secret, data)
}
move lightwallet pkg to keycard 2019-03-11 10:05:28 +00:00			`package keycard`
add card secrets initialization 2018-10-22 17:33:53 +00:00
			`import (`
implement applet secure channel 2018-11-06 17:38:13 +00:00			`"bytes"`
add card secrets initialization 2018-10-22 17:33:53 +00:00			`"crypto/ecdsa"`
implement applet secure channel 2018-11-06 17:38:13 +00:00			`"errors"`
add card secrets initialization 2018-10-22 17:33:53 +00:00
fix go-ethereum import 2021-10-21 13:19:02 +00:00			`ethcrypto "github.com/ethereum/go-ethereum/crypto"`
rename to keycard-go 2019-03-01 17:44:07 +00:00			`"github.com/status-im/keycard-go/apdu"`
move lightwallet pkg to keycard 2019-03-11 10:05:28 +00:00			`"github.com/status-im/keycard-go/crypto"`
rename to keycard-go 2019-03-01 17:44:07 +00:00			`"github.com/status-im/keycard-go/globalplatform"`
fix hexutils import path 2019-03-21 22:04:24 +00:00			`"github.com/status-im/keycard-go/hexutils"`
add Delete to Installer 2019-03-11 10:49:00 +00:00			`"github.com/status-im/keycard-go/types"`
add card secrets initialization 2018-10-22 17:33:53 +00:00			`)`

implement applet secure channel 2018-11-06 17:38:13 +00:00			`var ErrInvalidResponseMAC = errors.New("invalid response MAC")`

add card secrets initialization 2018-10-22 17:33:53 +00:00			`type SecureChannel struct {`
add Delete to Installer 2019-03-11 10:49:00 +00:00			`c types.Channel`
add pair command 2019-03-13 12:49:26 +00:00			`open bool`
add pairing actions 2018-10-24 16:16:14 +00:00			`secret []byte`
			`publicKey *ecdsa.PublicKey`
open secure channel 2018-10-27 16:52:39 +00:00			`encKey []byte`
			`macKey []byte`
			`iv []byte`
add card secrets initialization 2018-10-22 17:33:53 +00:00			`}`

add pair command 2019-03-13 12:49:26 +00:00			`func NewSecureChannel(c types.Channel) *SecureChannel {`
			`return &SecureChannel{`
			`c: c,`
			`}`
			`}`

			`func (sc *SecureChannel) GenerateSecret(cardPubKeyData []byte) error {`
add card secrets initialization 2018-10-22 17:33:53 +00:00			`key, err := ethcrypto.GenerateKey()`
			`if err != nil {`
add pair command 2019-03-13 12:49:26 +00:00			`return err`
add card secrets initialization 2018-10-22 17:33:53 +00:00			`}`

add pair command 2019-03-13 12:49:26 +00:00			`cardPubKey, err := ethcrypto.UnmarshalPubkey(cardPubKeyData)`
add card secrets initialization 2018-10-22 17:33:53 +00:00			`if err != nil {`
add pair command 2019-03-13 12:49:26 +00:00			`return err`
add card secrets initialization 2018-10-22 17:33:53 +00:00			`}`

add pair command 2019-03-13 12:49:26 +00:00			`sc.publicKey = &key.PublicKey`
			`sc.secret = crypto.GenerateECDHSharedSecret(key, cardPubKey)`
add card secrets initialization 2018-10-22 17:33:53 +00:00
add pair command 2019-03-13 12:49:26 +00:00			`return nil`
			`}`

			`func (sc *SecureChannel) Reset() {`
			`sc.open = false`
add card secrets initialization 2018-10-22 17:33:53 +00:00			`}`

open secure channel 2018-10-27 16:52:39 +00:00			`func (sc *SecureChannel) Init(iv, encKey, macKey []byte) {`
			`sc.iv = iv`
			`sc.encKey = encKey`
			`sc.macKey = macKey`
add pair command 2019-03-13 12:49:26 +00:00			`sc.open = true`
open secure channel 2018-10-27 16:52:39 +00:00			`}`

			`func (sc *SecureChannel) Secret() []byte {`
			`return sc.secret`
			`}`

add pairing actions 2018-10-24 16:16:14 +00:00			`func (sc SecureChannel) PublicKey() ecdsa.PublicKey {`
			`return sc.publicKey`
			`}`

			`func (sc *SecureChannel) RawPublicKey() []byte {`
			`return ethcrypto.FromECDSAPub(sc.publicKey)`
			`}`

add card secrets initialization 2018-10-22 17:33:53 +00:00			`func (sc SecureChannel) Send(cmd apdu.Command) (*apdu.Response, error) {`
add pair command 2019-03-13 12:49:26 +00:00			`if sc.open {`
			`encData, err := crypto.EncryptData(cmd.Data, sc.encKey, sc.iv)`
			`if err != nil {`
			`return nil, err`
			`}`

			`meta := []byte{cmd.Cla, cmd.Ins, cmd.P1, cmd.P2, byte(len(encData) + 16), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}`
			`if err = sc.updateIV(meta, encData); err != nil {`
			`return nil, err`
			`}`

			`newData := append(sc.iv, encData...)`
			`cmd.Data = newData`
implement applet secure channel 2018-11-06 17:38:13 +00:00			`}`

			`resp, err := sc.c.Send(cmd)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if resp.Sw != globalplatform.SwOK {`
			`return nil, apdu.NewErrBadResponse(resp.Sw, "unexpected sw in secure channel")`
			`}`

add support for metadata 2022-08-02 10:18:52 +00:00			`var plainData []byte`
implement applet secure channel 2018-11-06 17:38:13 +00:00
add support for metadata 2022-08-02 10:18:52 +00:00			`if sc.open {`
			`rmeta := []byte{byte(len(resp.Data)), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}`
			`rmac := resp.Data[:len(sc.iv)]`
			`rdata := resp.Data[len(sc.iv):]`

			`if plainData, err = crypto.DecryptData(rdata, sc.encKey, sc.iv); err != nil {`
			`return nil, err`
			`}`
implement applet secure channel 2018-11-06 17:38:13 +00:00
add support for metadata 2022-08-02 10:18:52 +00:00			`if err = sc.updateIV(rmeta, rdata); err != nil {`
			`return nil, err`
			`}`

			`if !bytes.Equal(sc.iv, rmac) {`
			`return nil, ErrInvalidResponseMAC`
			`}`

			`logger.Debug("apdu response decrypted", "hex", hexutils.BytesToHexWithSpaces(plainData))`
			`} else {`
			`plainData = resp.Data`
			`}`
log decrypted response 2019-03-21 21:59:43 +00:00
implement applet secure channel 2018-11-06 17:38:13 +00:00			`return apdu.ParseResponse(plainData)`
			`}`

			`func (sc *SecureChannel) updateIV(meta, data []byte) error {`
			`mac, err := crypto.CalculateMac(meta, data, sc.macKey)`
			`if err != nil {`
			`return err`
			`}`

			`sc.iv = mac`

			`return nil`
add card secrets initialization 2018-10-22 17:33:53 +00:00			`}`

			`func (sc SecureChannel) OneShotEncrypt(secrets Secrets) ([]byte, error) {`
add pairing actions 2018-10-24 16:16:14 +00:00			`pubKeyData := ethcrypto.FromECDSAPub(sc.publicKey)`
add card secrets initialization 2018-10-22 17:33:53 +00:00			`data := append([]byte(secrets.Pin()), []byte(secrets.Puk())...)`
			`data = append(data, secrets.PairingToken()...)`

			`return crypto.OneShotEncrypt(pubKeyData, sc.secret, data)`
			`}`