keycard-go/globalplatform/command_set.go

206 lines
4.4 KiB
Go
Raw Normal View History

2019-03-06 09:45:52 +00:00
package globalplatform
import (
"crypto/rand"
"errors"
"os"
"github.com/status-im/keycard-go/apdu"
2019-03-06 10:30:00 +00:00
"github.com/status-im/keycard-go/identifiers"
2019-03-11 10:49:00 +00:00
"github.com/status-im/keycard-go/types"
2019-03-06 09:45:52 +00:00
)
var ErrSecureChannelNotOpen = errors.New("secure channel not open")
2019-03-06 09:45:52 +00:00
type LoadingCallback = func(loadingBlock, totalBlocks int)
type CommandSet struct {
2019-03-11 10:49:00 +00:00
c types.Channel
sc *SecureChannel
2019-03-06 09:45:52 +00:00
session *Session
}
2019-03-11 10:49:00 +00:00
func NewCommandSet(c types.Channel) *CommandSet {
2019-03-06 09:45:52 +00:00
return &CommandSet{
c: c,
}
}
2019-03-06 12:45:32 +00:00
func (cs *CommandSet) Select() error {
2019-03-06 13:31:40 +00:00
return cs.SelectAID(nil)
}
func (cs *CommandSet) SelectAID(aid []byte) error {
2019-03-06 09:45:52 +00:00
cmd := apdu.NewCommand(
0x00,
InsSelect,
uint8(0x04),
uint8(0x00),
2019-03-06 13:31:40 +00:00
aid,
2019-03-06 09:45:52 +00:00
)
cmd.SetLe(0)
2019-03-06 09:45:52 +00:00
resp, err := cs.c.Send(cmd)
2019-03-06 12:45:32 +00:00
return cs.checkOK(resp, err)
2019-03-06 09:45:52 +00:00
}
func (cs *CommandSet) OpenSecureChannel() error {
hostChallenge, err := generateHostChallenge()
if err != nil {
return err
}
err = cs.initializeUpdate(hostChallenge)
if err != nil {
return err
}
return cs.externalAuthenticate()
}
func (cs *CommandSet) DeleteKeycardInstancesAndPackage() error {
if cs.sc == nil {
return ErrSecureChannelNotOpen
}
instanceAID, err := identifiers.KeycardInstanceAID(identifiers.KeycardDefaultInstanceIndex)
2019-03-06 10:30:00 +00:00
if err != nil {
return err
}
2019-03-06 09:45:52 +00:00
ids := [][]byte{
2019-03-06 10:30:00 +00:00
identifiers.NdefInstanceAID,
instanceAID,
identifiers.PackageAID,
2019-03-06 09:45:52 +00:00
}
for _, aid := range ids {
err := cs.Delete(aid)
if err != nil {
2019-03-06 09:45:52 +00:00
return err
}
}
return nil
}
func (cs *CommandSet) Delete(aid []byte) error {
cmd := NewCommandDelete(aid)
resp, err := cs.sc.Send(cmd)
return cs.checkOK(resp, err, SwOK, SwReferencedDataNotFound)
}
2019-03-06 09:45:52 +00:00
func (cs *CommandSet) LoadKeycardPackage(capFile *os.File, callback LoadingCallback) error {
return cs.LoadPackage(capFile, identifiers.PackageAID, callback)
}
func (cs *CommandSet) LoadPackage(capFile *os.File, pkgAID []byte, callback LoadingCallback) error {
if cs.sc == nil {
return ErrSecureChannelNotOpen
}
preLoad := NewCommandInstallForLoad(pkgAID, []byte{})
resp, err := cs.sc.Send(preLoad)
2019-03-06 09:45:52 +00:00
if err = cs.checkOK(resp, err); err != nil {
return err
}
load, err := NewLoadCommandStream(capFile)
if err != nil {
return err
}
for load.Next() {
cmd := load.GetCommand()
callback(int(load.Index()), load.BlocksCount())
resp, err = cs.sc.Send(cmd)
2019-03-06 09:45:52 +00:00
if err = cs.checkOK(resp, err); err != nil {
return err
}
}
return nil
}
func (cs *CommandSet) InstallNDEFApplet(ndefRecord []byte) error {
return cs.InstallForInstall(
2019-03-06 10:30:00 +00:00
identifiers.PackageAID,
identifiers.NdefAID,
identifiers.NdefInstanceAID,
ndefRecord)
2019-03-06 09:45:52 +00:00
}
func (cs *CommandSet) InstallKeycardApplet() error {
instanceAID, err := identifiers.KeycardInstanceAID(identifiers.KeycardDefaultInstanceIndex)
2019-03-06 10:30:00 +00:00
if err != nil {
return err
}
return cs.InstallForInstall(
2019-03-06 10:30:00 +00:00
identifiers.PackageAID,
identifiers.KeycardAID,
instanceAID,
[]byte{})
2019-03-06 09:45:52 +00:00
}
func (cs *CommandSet) InstallForInstall(packageAID, appletAID, instanceAID, params []byte) error {
2019-03-06 09:45:52 +00:00
cmd := NewCommandInstallForInstall(packageAID, appletAID, instanceAID, params)
resp, err := cs.sc.Send(cmd)
2019-03-06 09:45:52 +00:00
return cs.checkOK(resp, err)
}
func (cs *CommandSet) initializeUpdate(hostChallenge []byte) error {
cmd := NewCommandInitializeUpdate(hostChallenge)
resp, err := cs.c.Send(cmd)
if err = cs.checkOK(resp, err); err != nil {
return err
}
// verify cryptogram and initialize session keys
2019-03-06 10:30:00 +00:00
keys := NewSCP02Keys(identifiers.CardTestKey, identifiers.CardTestKey)
2019-03-06 09:45:52 +00:00
session, err := NewSession(keys, resp, hostChallenge)
2019-03-06 11:55:57 +00:00
if err != nil {
return err
}
cs.sc = NewSecureChannel(session, cs.c)
2019-03-06 09:45:52 +00:00
cs.session = session
return nil
}
func (cs *CommandSet) externalAuthenticate() error {
if cs.session == nil {
return errors.New("session must be initialized using initializeUpdate")
}
encKey := cs.session.Keys().Enc()
cmd, err := NewCommandExternalAuthenticate(encKey, cs.session.CardChallenge(), cs.session.HostChallenge())
if err != nil {
return err
}
resp, err := cs.sc.Send(cmd)
2019-03-06 09:45:52 +00:00
return cs.checkOK(resp, err)
}
func (cs *CommandSet) checkOK(resp *apdu.Response, err error, allowedResponses ...uint16) error {
if len(allowedResponses) == 0 {
allowedResponses = []uint16{apdu.SwOK}
}
for _, code := range allowedResponses {
if code == resp.Sw {
return nil
}
}
2019-03-06 13:31:40 +00:00
return apdu.NewErrBadResponse(resp.Sw, "unexpected response")
2019-03-06 09:45:52 +00:00
}
func generateHostChallenge() ([]byte, error) {
c := make([]byte, 8)
_, err := rand.Read(c)
return c, err
}