def __init__(self):
self.pse = None # 将PSE/PPSE对象作为主应用的一部分,用于检测PSE与主应用之间的关联性
self.ppse = None
self.aid = ''
self.sig_data = '' #读记录中的签名数据,包含tag82
self.tags_info = [] #存储每个交易步骤中的tag信息
self.cvn = '' # CVN
self.dki = '' # DKI
self.key_ac = '' # AC Master Key
self.key_mac = '' # MAC Master Key
self.key_enc = '' # ENC Master Key
self.key_flag = App_Master_Key.UDK # Master Key Type
self.unpredicatble_number = '' # CDA时,需要缓存该数据
key = terminal.get_terminal(App_Master_Key.UDK)
if key:
self.key_ac = key[0:32]
self.key_mac = key[32:64]
self.key_enc = key[64:96]
self.key_flag = App_Master_Key.UDK
else:
key = terminal.get_terminal(App_Master_Key.MDK)
if key:
self.key_ac = key[0:32]
self.key_mac = key[32:64]
self.key_enc = key[64:96]
self.key_flag = App_Master_Key.MDK
self.session_key_mac = '' # First GAC后进行分散处理
self.session_key_enc = ''
self.session_key_ac = ''
def do_dda(self,fDDA=False):
tag9F47 = self.get_tag(PROCESS_STEP.READ_RECORD,'9F47')
if not tag9F47:
Log.error('tag9F47: %s',tag9F47)
Log.error('require tag9F47 failed whereby dda failed')
return False
tag9F4B = ''
ddol = ''
if fDDA:
tag9F4B = self.get_tag(PROCESS_STEP.GPO,'9F4B')
tag9F69 = self.get_tag(PROCESS_STEP.READ_RECORD,'9F69')
if not tag9F69:
Log.error('tag9F69: %s',tag9F69)
Log.error('require tag9F69 failed whereby dda failed')
return False
# 这里无需再判断终端数据是否存在,在GPO阶段已经验证过
tag9F37 = terminal.get_terminal('9F37')
tag9F02 = terminal.get_terminal('9F02')
tag5F2A = terminal.get_terminal('5F2A')
# 这里默认使用ddol代替fDDA的签名数据
# 签名使用的tag9F36自动包含在了tag9F4B恢复数据中,这里无需重复包含
ddol = tag9F37 + tag9F02 + tag5F2A + tag9F69
else:
tag9F49 = self.get_tag(PROCESS_STEP.READ_RECORD,'9F49')
if not tag9F49:
Log.error('tag9F49: %s',tag9F49)
Log.error('require tag9F49 failed whereby dda failed')
return False
ddol = tools.assemble_dol(tag9F49)
if not ddol:
Log.error('tag9F49: %s',tag9F49)
Log.error('can not get terminal ddol data whereby dda failed')
return False
tag9F4B = self.gen_9F4B(ddol)
if not tag9F4B:
Log.error('can not get tag9F4B data whereby dda failed')
return False
issuer_pub_key = self._get_issuer_pub_key()
if not issuer_pub_key:
Log.error('get issuer public key failed where by dda failed.')
return False
icc_pub_key = self._get_icc_pub_key(issuer_pub_key)
if not icc_pub_key:
Log.error('get icc public key failed where by dda failed.')
return False
if not auth.validate_9F4B(icc_pub_key,tag9F47,ddol,tag9F4B):
Log.error('icc public key: %s',icc_pub_key)
Log.error('tag9F47: %s',tag9F47)
Log.error('sig data: %s',ddol)
Log.error('tag9F4B: %s',tag9F4B)
Log.error('validate tag9F4B failed whereby dda failed')
return False
Log.info('dda authentication sucess.')
return True
def divert_key(self):
if self.key_flag == App_Master_Key.MDK:
tag5A = self.get_tag(PROCESS_STEP.READ_RECORD, '5A')
tag5F34 = self.get_tag(PROCESS_STEP.READ_RECORD, '5F34')
self.key_ac = auth.gen_udk(self.key_ac, tag5A, tag5F34)
self.key_mac = auth.gen_udk(self.key_mac, tag5A, tag5F34)
self.key_enc = auth.gen_udk(self.key_enc, tag5A, tag5F34)
tag9F36 = self.get_tag('9F36')
tagD5 = self.get_tag('D5')
left_input = ''
right_input = ''
if int(tagD5[1]) & 0x02 == 0x02:
#SKD
tag9F37 = terminal.get_terminal('9F37')
left_input = tag9F36 + 'F000' + tag9F37
right_input = tag9F36 + '0F00' + tag9F37
else:
#CSK
left_input = tag9F36 + 'F00000000000'
right_input = tag9F36 + '0F0000000000'
self.session_key_ac = self.key_ac
self.session_key_enc = algorithm.des3_encrypt(
self.key_enc, left_input) + algorithm.des3_encrypt(
self.key_enc, right_input)
self.session_key_mac = algorithm.des3_encrypt(
self.key_mac, left_input) + algorithm.des3_encrypt(
self.key_mac, right_input)
def check_idn(trans_obj):
tag9F36 = trans_obj.get_tag(PROCESS_STEP.FIRST_GAC,'9F36')
tag9F4C = terminal.get_terminal('9F4C')
idn_input = tag9F36 + '000000000000'
idn = algorithm.des3_encrypt(trans_obj.idn_key,idn_input)
if idn == tag9F4C:
return CR.OK
return CR.ERROR
def first_gac_cda(self):
tag8C = self.get_tag(PROCESS_STEP.READ_RECORD, '8C')
if not tag8C:
Log.error('first gac cda faild since tag8C is tempty')
return False
tls = utils.parse_tl(tag8C)
data = ''
self.unpredicatble_number = ''
for tl in tls:
data += terminal.get_terminal(tl.tag, tl.len)
if tl.tag == '9F37':
self.unpredicatble_number = terminal.get_terminal(
tl.tag, tl.len)
resp = super().gac(Crypto_Type.TC_CDA, data)
if resp.sw != 0x9000:
Log.error('send first gac command failed. SW:%04X', resp.sw)
return
tlvs = utils.parse_tlv(resp.response)
tools.output_apdu_info(resp)
self.store_tag_group(PROCESS_STEP.FIRST_GAC, tlvs)
def __init__(self):
super().__init__()
self.idn_key = terminal.get_terminal(App_Master_Key.IDN_KEY)
self.cvc3_key = terminal.get_terminal(App_Master_Key.CVC3_KEY)