200 lines
5.1 KiB
Go
Raw Normal View History

2018-09-19 15:31:06 +02:00
package globalplatform
2018-10-01 13:25:24 +02:00
import (
2019-03-01 18:44:07 +01:00
"github.com/status-im/keycard-go/apdu"
"github.com/status-im/keycard-go/globalplatform/crypto"
2018-10-01 13:25:24 +02:00
)
2018-09-19 15:31:06 +02:00
2018-10-05 13:46:34 +02:00
// Constants used in apdu commands and responses as defined by iso7816 and globalplatform.
2018-09-25 17:43:26 +02:00
const (
2019-03-28 11:52:17 +01:00
ClaISO7816 = 0x00
ClaGp = 0x80
ClaMac = 0x84
InsSelect = 0xA4
InsInitializeUpdate = 0x50
InsExternalAuthenticate = 0x82
InsGetResponse = 0xC0
InsDelete = 0xE4
InsLoad = 0xE8
InsInstall = 0xE6
InsGetStatus = 0xF2
P1ExternalAuthenticateCMAC = 0x01
P1InstallForLoad = 0x02
P1InstallForInstall = 0x04
P1InstallForMakeSelectable = 0x08
P1LoadMoreBlocks = 0x00
P1LoadLastBlock = 0x80
P1GetStatusIssuerSecurityDomain = 0x80
P1GetStatusApplications = 0x40
P1GetStatusExecLoadFiles = 0x20
P1GetStatusExecLoadFilesAndModules = 0x10
P2GetStatusTLVData = 0x02
P2DeleteObject = 0x00
P2DeleteObjectAndRelatedObject = 0x80
2019-03-28 11:52:17 +01:00
Sw1ResponseDataIncomplete = 0x61
SwOK = 0x9000
SwFileNotFound = 0x6A82
SwReferencedDataNotFound = 0x6A88
SwSecurityConditionNotSatisfied = 0x6982
SwAuthenticationMethodBlocked = 0x6983
tagDeleteAID = 0x4F
tagLoadFileDataBlock = 0xC4
tagGetStatusAID = 0x4F
2018-09-25 17:43:26 +02:00
)
2018-09-19 15:31:06 +02:00
2018-10-05 13:46:34 +02:00
// NewCommandSelect returns a Select command as defined in the globalplatform specifications.
2018-09-19 15:31:06 +02:00
func NewCommandSelect(aid []byte) *apdu.Command {
2018-10-02 13:24:13 +02:00
c := apdu.NewCommand(
ClaISO7816,
2018-09-19 15:31:06 +02:00
InsSelect,
2019-03-28 11:52:17 +01:00
0x04,
0,
2018-09-19 15:31:06 +02:00
aid,
)
2018-10-02 13:24:13 +02:00
return c
2018-09-19 15:31:06 +02:00
}
2018-09-25 17:43:26 +02:00
2018-10-05 16:40:32 +02:00
// NewCommandInitializeUpdate returns an Initialize Update command as defined in the globalplatform specifications.
2018-09-25 17:43:26 +02:00
func NewCommandInitializeUpdate(challenge []byte) *apdu.Command {
c := apdu.NewCommand(
2018-09-25 17:43:26 +02:00
ClaGp,
InsInitializeUpdate,
2019-03-28 11:52:17 +01:00
0,
0,
2018-09-25 17:43:26 +02:00
challenge,
)
// with T=0 we can both set or not the Le value
// with T=1 it works only if Le is set
c.SetLe(0x00)
return c
2018-09-25 17:43:26 +02:00
}
2018-10-01 13:25:24 +02:00
2018-10-05 16:40:32 +02:00
// NewCommandExternalAuthenticate returns an External Authenticate command as defined in the globalplatform specifications.
2018-10-01 13:25:24 +02:00
func NewCommandExternalAuthenticate(encKey, cardChallenge, hostChallenge []byte) (*apdu.Command, error) {
hostCryptogram, err := calculateHostCryptogram(encKey, cardChallenge, hostChallenge)
if err != nil {
return nil, err
}
return apdu.NewCommand(
ClaMac,
InsExternalAuthenticate,
2018-10-03 16:26:26 +02:00
P1ExternalAuthenticateCMAC,
2019-03-28 11:52:17 +01:00
0,
2018-10-01 13:25:24 +02:00
hostCryptogram,
), nil
}
2018-10-05 16:40:32 +02:00
// NewCommandGetResponse returns a Get Response command as defined in the globalplatform specifications.
2018-10-02 13:24:13 +02:00
func NewCommandGetResponse(length uint8) *apdu.Command {
c := apdu.NewCommand(
ClaISO7816,
InsGetResponse,
2019-03-28 11:52:17 +01:00
0,
0,
2018-10-02 13:24:13 +02:00
nil,
)
c.SetLe(length)
return c
}
2018-10-05 16:40:32 +02:00
// NewCommandDelete returns a Delete command as defined in the globalplatform specifications.
func NewCommandDelete(aid []byte, p2 uint8) *apdu.Command {
2018-10-02 14:24:30 +02:00
data := []byte{tagDeleteAID, byte(len(aid))}
data = append(data, aid...)
2018-10-02 13:44:14 +02:00
return apdu.NewCommand(
ClaGp,
InsDelete,
2019-03-28 11:52:17 +01:00
0,
p2,
2018-10-02 14:24:30 +02:00
data,
2018-10-02 13:44:14 +02:00
)
}
2018-10-05 16:40:32 +02:00
// NewCommandInstallForLoad returns an Install command with the install-for-load parameter as defined in the globalplatform specifications.
2018-10-02 17:15:17 +02:00
func NewCommandInstallForLoad(aid, sdaid []byte) *apdu.Command {
data := []byte{byte(len(aid))}
data = append(data, aid...)
data = append(data, byte(len(sdaid)))
data = append(data, sdaid...)
// empty hash length and hash
data = append(data, []byte{0x00, 0x00, 0x00}...)
return apdu.NewCommand(
ClaGp,
InsInstall,
P1InstallForLoad,
2019-03-28 11:52:17 +01:00
0,
2018-10-02 17:15:17 +02:00
data,
)
}
2018-10-05 16:40:32 +02:00
// NewCommandInstallForInstall returns an Install command with the install-for-instalp parameter as defined in the globalplatform specifications.
2018-10-02 17:37:28 +02:00
func NewCommandInstallForInstall(pkgAID, appletAID, instanceAID, params []byte) *apdu.Command {
data := []byte{byte(len(pkgAID))}
data = append(data, pkgAID...)
data = append(data, byte(len(appletAID)))
data = append(data, appletAID...)
data = append(data, byte(len(instanceAID)))
data = append(data, instanceAID...)
// privileges
priv := []byte{0x00}
data = append(data, byte(len(priv)))
data = append(data, priv...)
// params
fullParams := []byte{byte(0xC9), byte(len(params))}
fullParams = append(fullParams, params...)
data = append(data, byte(len(fullParams)))
data = append(data, fullParams...)
// empty perform token
data = append(data, byte(0x00))
return apdu.NewCommand(
ClaGp,
InsInstall,
P1InstallForInstall|P1InstallForMakeSelectable,
2019-03-28 11:52:17 +01:00
0,
2018-10-02 17:37:28 +02:00
data,
)
}
2018-10-05 16:40:32 +02:00
// NewCommandGetStatus returns a Get Status command as defined in the globalplatform specifications.
2018-10-04 16:06:55 +02:00
func NewCommandGetStatus(aid []byte, p1 uint8) *apdu.Command {
data := []byte{tagGetStatusAID}
data = append(data, byte(len(aid)))
data = append(data, aid...)
return apdu.NewCommand(
ClaGp,
InsGetStatus,
p1,
P2GetStatusTLVData,
data,
)
}
2018-10-01 13:25:24 +02:00
func calculateHostCryptogram(encKey, cardChallenge, hostChallenge []byte) ([]byte, error) {
var data []byte
data = append(data, cardChallenge...)
data = append(data, hostChallenge...)
data = crypto.AppendDESPadding(data)
return crypto.Mac3DES(encKey, data, crypto.NullBytes8)
}