keycard-go/actions.go

package keycard

import (
	"bytes"
	"crypto/rand"
	"crypto/sha256"
	"errors"
	"fmt"

	"github.com/status-im/keycard-go/apdu"
	"github.com/status-im/keycard-go/crypto"
	"github.com/status-im/keycard-go/types"
)

var (
	ErrAlreadyInitialized                = errors.New("card already initialized")
	ErrWrongApplicationInfoTemplate      = errors.New("wrong application info template")
	ErrApplicationStatusTemplateNotFound = errors.New("application status template not found")
)

func Pair(c types.Channel, pairingPass string) (*types.PairingInfo, error) {
	challenge := make([]byte, 32)
	if _, err := rand.Read(challenge); err != nil {
		return nil, err
	}

	cmd := NewCommandPairFirstStep(challenge)
	resp, err := c.Send(cmd)
	if err = checkOKResponse(err, resp); err != nil {
		return nil, err
	}

	cardCryptogram := resp.Data[:32]
	cardChallenge := resp.Data[32:]

	secretHash, err := crypto.VerifyCryptogram(challenge, pairingPass, cardCryptogram)
	if err != nil {
		return nil, err
	}

	h := sha256.New()
	h.Write(secretHash[:])
	h.Write(cardChallenge)
	cmd = NewCommandPairFinalStep(h.Sum(nil))
	resp, err = c.Send(cmd)
	if err = checkOKResponse(err, resp); err != nil {
		return nil, err
	}

	h.Reset()
	h.Write(secretHash[:])
	h.Write(resp.Data[1:])

	pairingKey := h.Sum(nil)
	pairingIndex := resp.Data[0]

	return &types.PairingInfo{
		Key:   pairingKey,
		Index: int(pairingIndex),
	}, nil
}

func OpenSecureChannel(c types.Channel, appInfo *types.ApplicationInfo, pairingIndex uint8, pairingKey []byte) (*SecureChannel, error) {
	sc := NewSecureChannel(c)
	cmd := NewCommandOpenSecureChannel(pairingIndex, sc.RawPublicKey())
	resp, err := c.Send(cmd)
	if err = checkOKResponse(err, resp); err != nil {
		return nil, err
	}

	encKey, macKey, iv := crypto.DeriveSessionKeys(sc.Secret(), pairingKey, resp.Data)
	sc.Init(iv, encKey, macKey)

	err = mutualAuthenticate(sc)
	if err != nil {
		return nil, err
	}

	return sc, nil
}

func mutualAuthenticate(sc *SecureChannel) error {
	data := make([]byte, 32)
	if _, err := rand.Read(data); err != nil {
		return err
	}

	cmd := NewCommandMutuallyAuthenticate(data)
	resp, err := sc.Send(cmd)

	return checkOKResponse(err, resp)
}

func GetStatusApplication(c types.Channel) (*types.ApplicationStatus, error) {
	cmd := NewCommandGetStatusApplication()
	resp, err := c.Send(cmd)
	if err = checkOKResponse(err, resp); err != nil {
		return nil, err
	}

	return parseApplicationStatus(resp.Data)
}

func parseApplicationStatus(data []byte) (*types.ApplicationStatus, error) {
	appStatus := &types.ApplicationStatus{}

	tpl, err := apdu.FindTag(data, TagApplicationStatusTemplate)
	if err != nil {
		return nil, ErrApplicationStatusTemplateNotFound
	}

	if pinRetryCount, err := apdu.FindTag(tpl, uint8(0x02)); err == nil && len(pinRetryCount) == 1 {
		appStatus.PinRetryCount = int(pinRetryCount[0])
	}

	if pukRetryCount, err := apdu.FindTagN(tpl, 1, uint8(0x02)); err == nil && len(pukRetryCount) == 1 {
		appStatus.PUKRetryCount = int(pukRetryCount[0])
	}

	if keyInitialized, err := apdu.FindTag(tpl, uint8(0x01)); err == nil {
		if bytes.Equal(keyInitialized, []byte{0xFF}) {
			appStatus.KeyInitialized = true
		}
	}

	if keyDerivationSupported, err := apdu.FindTagN(tpl, 1, uint8(0x01)); err == nil {
		if bytes.Equal(keyDerivationSupported, []byte{0xFF}) {
			appStatus.PubKeyDerivation = true
		}
	}

	return appStatus, nil
}

func checkOKResponse(err error, resp *apdu.Response) error {
	if err != nil {
		return err
	}

	return checkResponse(resp, apdu.SwOK)
}

func checkResponse(resp *apdu.Response, allowedResponses ...uint16) error {
	for _, code := range allowedResponses {
		if code == resp.Sw {
			return nil
		}
	}

	return fmt.Errorf("unexpected response: %x", resp.Sw)
}
move lightwallet pkg to keycard 2019-03-11 10:05:28 +00:00			`package keycard`
add actions and actionsets 2018-10-24 11:42:00 +00:00
			`import (`
add status command and action 2018-11-07 13:39:58 +00:00			`"bytes"`
add pairing actions 2018-10-24 16:16:14 +00:00			`"crypto/rand"`
			`"crypto/sha256"`
add actions and actionsets 2018-10-24 11:42:00 +00:00			`"errors"`
add pairing actions 2018-10-24 16:16:14 +00:00			`"fmt"`
add actions and actionsets 2018-10-24 11:42:00 +00:00
rename to keycard-go 2019-03-01 17:44:07 +00:00			`"github.com/status-im/keycard-go/apdu"`
move lightwallet pkg to keycard 2019-03-11 10:05:28 +00:00			`"github.com/status-im/keycard-go/crypto"`
			`"github.com/status-im/keycard-go/types"`
add actions and actionsets 2018-10-24 11:42:00 +00:00			`)`

			`var (`
add status command and action 2018-11-07 13:39:58 +00:00			`ErrAlreadyInitialized = errors.New("card already initialized")`
			`ErrWrongApplicationInfoTemplate = errors.New("wrong application info template")`
			`ErrApplicationStatusTemplateNotFound = errors.New("application status template not found")`
add actions and actionsets 2018-10-24 11:42:00 +00:00			`)`

add pair command 2019-03-13 12:49:26 +00:00			`func Pair(c types.Channel, pairingPass string) (*types.PairingInfo, error) {`
add pairing actions 2018-10-24 16:16:14 +00:00			`challenge := make([]byte, 32)`
			`if _, err := rand.Read(challenge); err != nil {`
			`return nil, err`
			`}`

move lightwallet pkg to keycard 2019-03-11 10:05:28 +00:00			`cmd := NewCommandPairFirstStep(challenge)`
add pairing actions 2018-10-24 16:16:14 +00:00			`resp, err := c.Send(cmd)`
check response and error 2018-10-27 16:12:38 +00:00			`if err = checkOKResponse(err, resp); err != nil {`
add pairing actions 2018-10-24 16:16:14 +00:00			`return nil, err`
			`}`

			`cardCryptogram := resp.Data[:32]`
			`cardChallenge := resp.Data[32:]`

move cryptogram verification to crypto pkg 2018-10-27 15:13:32 +00:00			`secretHash, err := crypto.VerifyCryptogram(challenge, pairingPass, cardCryptogram)`
			`if err != nil {`
			`return nil, err`
add pairing actions 2018-10-24 16:16:14 +00:00			`}`

move cryptogram verification to crypto pkg 2018-10-27 15:13:32 +00:00			`h := sha256.New()`
add pairing actions 2018-10-24 16:16:14 +00:00			`h.Write(secretHash[:])`
			`h.Write(cardChallenge)`
move lightwallet pkg to keycard 2019-03-11 10:05:28 +00:00			`cmd = NewCommandPairFinalStep(h.Sum(nil))`
add pairing actions 2018-10-24 16:16:14 +00:00			`resp, err = c.Send(cmd)`
check response and error 2018-10-27 16:12:38 +00:00			`if err = checkOKResponse(err, resp); err != nil {`
add pairing actions 2018-10-24 16:16:14 +00:00			`return nil, err`
			`}`

			`h.Reset()`
			`h.Write(secretHash[:])`
			`h.Write(resp.Data[1:])`

			`pairingKey := h.Sum(nil)`
			`pairingIndex := resp.Data[0]`

move lightwallet pkg to keycard 2019-03-11 10:05:28 +00:00			`return &types.PairingInfo{`
add info command 2018-11-06 11:54:11 +00:00			`Key: pairingKey,`
			`Index: int(pairingIndex),`
add pairing actions 2018-10-24 16:16:14 +00:00			`}, nil`
			`}`

add Delete to Installer 2019-03-11 10:49:00 +00:00			`func OpenSecureChannel(c types.Channel, appInfo types.ApplicationInfo, pairingIndex uint8, pairingKey []byte) (SecureChannel, error) {`
add pair command 2019-03-13 12:49:26 +00:00			`sc := NewSecureChannel(c)`
move lightwallet pkg to keycard 2019-03-11 10:05:28 +00:00			`cmd := NewCommandOpenSecureChannel(pairingIndex, sc.RawPublicKey())`
add pairing actions 2018-10-24 16:16:14 +00:00			`resp, err := c.Send(cmd)`
check response and error 2018-10-27 16:12:38 +00:00			`if err = checkOKResponse(err, resp); err != nil {`
open secure channel 2018-10-27 16:52:39 +00:00			`return nil, err`
add pairing actions 2018-10-24 16:16:14 +00:00			`}`
add actions and actionsets 2018-10-24 11:42:00 +00:00
implement applet secure channel 2018-11-06 17:38:13 +00:00			`encKey, macKey, iv := crypto.DeriveSessionKeys(sc.Secret(), pairingKey, resp.Data)`
			`sc.Init(iv, encKey, macKey)`
open secure channel 2018-10-27 16:52:39 +00:00
implement applet secure channel 2018-11-06 17:38:13 +00:00			`err = mutualAuthenticate(sc)`
			`if err != nil {`
			`return nil, err`
			`}`
open secure channel 2018-10-27 16:52:39 +00:00
implement applet secure channel 2018-11-06 17:38:13 +00:00			`return sc, nil`
			`}`
open secure channel 2018-10-27 16:52:39 +00:00
move lightwallet pkg to keycard 2019-03-11 10:05:28 +00:00			`func mutualAuthenticate(sc *SecureChannel) error {`
implement applet secure channel 2018-11-06 17:38:13 +00:00			`data := make([]byte, 32)`
			`if _, err := rand.Read(data); err != nil {`
			`return err`
			`}`
open secure channel 2018-10-27 16:52:39 +00:00
move lightwallet pkg to keycard 2019-03-11 10:05:28 +00:00			`cmd := NewCommandMutuallyAuthenticate(data)`
implement applet secure channel 2018-11-06 17:38:13 +00:00			`resp, err := sc.Send(cmd)`

			`return checkOKResponse(err, resp)`
			`}`

add Delete to Installer 2019-03-11 10:49:00 +00:00			`func GetStatusApplication(c types.Channel) (*types.ApplicationStatus, error) {`
move lightwallet pkg to keycard 2019-03-11 10:05:28 +00:00			`cmd := NewCommandGetStatusApplication()`
add status command and action 2018-11-07 13:39:58 +00:00			`resp, err := c.Send(cmd)`
			`if err = checkOKResponse(err, resp); err != nil {`
			`return nil, err`
			`}`

			`return parseApplicationStatus(resp.Data)`
add actions and actionsets 2018-10-24 11:42:00 +00:00			`}`

move lightwallet pkg to keycard 2019-03-11 10:05:28 +00:00			`func parseApplicationStatus(data []byte) (*types.ApplicationStatus, error) {`
			`appStatus := &types.ApplicationStatus{}`
add status command and action 2018-11-07 13:39:58 +00:00
move lightwallet pkg to keycard 2019-03-11 10:05:28 +00:00			`tpl, err := apdu.FindTag(data, TagApplicationStatusTemplate)`
add status command and action 2018-11-07 13:39:58 +00:00			`if err != nil {`
			`return nil, ErrApplicationStatusTemplateNotFound`
			`}`

			`if pinRetryCount, err := apdu.FindTag(tpl, uint8(0x02)); err == nil && len(pinRetryCount) == 1 {`
			`appStatus.PinRetryCount = int(pinRetryCount[0])`
			`}`

			`if pukRetryCount, err := apdu.FindTagN(tpl, 1, uint8(0x02)); err == nil && len(pukRetryCount) == 1 {`
			`appStatus.PUKRetryCount = int(pukRetryCount[0])`
			`}`

			`if keyInitialized, err := apdu.FindTag(tpl, uint8(0x01)); err == nil {`
			`if bytes.Equal(keyInitialized, []byte{0xFF}) {`
			`appStatus.KeyInitialized = true`
			`}`
			`}`

			`if keyDerivationSupported, err := apdu.FindTagN(tpl, 1, uint8(0x01)); err == nil {`
			`if bytes.Equal(keyDerivationSupported, []byte{0xFF}) {`
			`appStatus.PubKeyDerivation = true`
			`}`
			`}`

			`return appStatus, nil`
			`}`

check response and error 2018-10-27 16:12:38 +00:00			`func checkOKResponse(err error, resp *apdu.Response) error {`
			`if err != nil {`
			`return err`
			`}`

add pairing actions 2018-10-24 16:16:14 +00:00			`return checkResponse(resp, apdu.SwOK)`
			`}`

			`func checkResponse(resp *apdu.Response, allowedResponses ...uint16) error {`
			`for _, code := range allowedResponses {`
			`if code == resp.Sw {`
			`return nil`
			`}`
			`}`

			`return fmt.Errorf("unexpected response: %x", resp.Sw)`
			`}`