From 9d5e996d49f549b3ef6b05b2f1b82fa4a5f92d42 Mon Sep 17 00:00:00 2001 From: Andrea Franz Date: Tue, 9 Apr 2019 00:06:04 +0200 Subject: [PATCH] verify init-update cryptogram with globalplatform or keycard keys --- globalplatform/command_set.go | 35 +++++++++++++++++++++++++++++++++-- identifiers/identifiers.go | 3 ++- 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/globalplatform/command_set.go b/globalplatform/command_set.go index 028df11..53ddfe3 100644 --- a/globalplatform/command_set.go +++ b/globalplatform/command_set.go @@ -158,17 +158,48 @@ func (cs *CommandSet) initializeUpdate(hostChallenge []byte) error { } // verify cryptogram and initialize session keys - keys := NewSCP02Keys(identifiers.CardTestKey, identifiers.CardTestKey) - session, err := NewSession(keys, resp, hostChallenge) + session, err := cs.initializeSession(resp, hostChallenge) if err != nil { return err } + cs.sc = NewSecureChannel(session, cs.c) cs.session = session return nil } +func (cs *CommandSet) initializeSession(resp *apdu.Response, hostChallenge []byte) (session *Session, err error) { + keySets := []struct { + name string + key []byte + }{ + {"globalplatform", identifiers.GlobalPlatformDefaultKey}, + {"keycard", identifiers.KeycardDevelopmentKey}, + } + + for _, set := range keySets { + logger.Debug("initialize session", "keys", set.name) + keys := NewSCP02Keys(set.key, set.key) + session, err = NewSession(keys, resp, hostChallenge) + + // good keys + if err == nil { + break + } + + // try the next keys + if err == errBadCryptogram { + continue + } + + // unexpected error + return nil, err + } + + return session, err +} + func (cs *CommandSet) externalAuthenticate() error { if cs.session == nil { return errors.New("session must be initialized using initializeUpdate") diff --git a/identifiers/identifiers.go b/identifiers/identifiers.go index 8b7aee9..fafc50f 100644 --- a/identifiers/identifiers.go +++ b/identifiers/identifiers.go @@ -3,7 +3,8 @@ package identifiers import "errors" var ( - CardTestKey = []byte{0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f} + GlobalPlatformDefaultKey = []byte{0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f} + KeycardDevelopmentKey = []byte{0xc2, 0x12, 0xe0, 0x73, 0xff, 0x8b, 0x4b, 0xbf, 0xaf, 0xf4, 0xde, 0x8a, 0xb6, 0x55, 0x22, 0x1f} PackageAID = []byte{0xA0, 0x00, 0x00, 0x08, 0x04, 0x00, 0x01} KeycardAID = []byte{0xA0, 0x00, 0x00, 0x08, 0x04, 0x00, 0x01, 0x01}