Beispiel #1
0
def pack(tlv_data, recalculate_length=False):
    result = b""

    for data in tlv_data:
        tag, length, value = data[:3]
        if tag in (0xff, 0x00):
            result = result + inttostring(tag)
            continue

        if not isinstance(value, bytes):
            value = pack(value, recalculate_length)

        if recalculate_length:
            length = len(value)

        t = b""
        while tag > 0:
            t = inttostring(tag & 0xff) + t
            tag = tag >> 8

        if length < 0x7F:
            l = inttostring(length)
        else:
            l = b""
            while length > 0:
                l = inttostring(length & 0xff) + l
                length = length >> 8
            assert len(l) < 0x7f
            l = inttostring(0x80 | len(l)) + l

        result = result + t
        result = result + l
        result = result + value

    return b"".join(result)
Beispiel #2
0
def pack(tlv_data, recalculate_length=False):
    result = []

    for data in tlv_data:
        tag, length, value = data[:3]
        if tag in (0xff, 0x00):
            result = result + inttostring(tag)
            continue

        if not isinstance(value, bytes):
            value = pack(value, recalculate_length)

        if recalculate_length:
            length = len(value)

        t = b""
        while tag > 0:
            t = inttostring(tag & 0xff) + t
            tag = tag >> 8

        if length < 0x7F:
            l = inttostring(length)
        else:
            l = b""
            while length > 0:
                l = inttostring(length & 0xff) + l
                length = length >> 8
            assert len(l) < 0x7f
            l = inttostring(0x80 | len(l)) + l

        result.append(t)
        result.append(l)
        result.append(value)

    return b"".join(result)
    def __init__(self, mf, sam, ins2handler=None, extended_length=False):
        self.mf = mf
        self.SAM = sam

        if not ins2handler:
            self.ins2handler = {
                0x0c: self.mf.eraseRecord,
                0x0e: self.mf.eraseBinaryPlain,
                0x0f: self.mf.eraseBinaryEncapsulated,
                0x2a: self.SAM.perform_security_operation,
                0x20: self.SAM.verify,
                0x22: self.SAM.manage_security_environment,
                0x24: self.SAM.change_reference_data,
                0x46: self.SAM.generate_public_key_pair,
                0x82: self.SAM.external_authenticate,
                0x84: self.SAM.get_challenge,
                0x88: self.SAM.internal_authenticate,
                0xa0: self.mf.searchBinaryPlain,
                0xa1: self.mf.searchBinaryEncapsulated,
                0xa4: self.mf.selectFile,
                0xb0: self.mf.readBinaryPlain,
                0xb1: self.mf.readBinaryEncapsulated,
                0xb2: self.mf.readRecordPlain,
                0xb3: self.mf.readRecordEncapsulated,
                0xc0: self.getResponse,
                0xca: self.mf.getDataPlain,
                0xcb: self.mf.getDataEncapsulated,
                0xd0: self.mf.writeBinaryPlain,
                0xd1: self.mf.writeBinaryEncapsulated,
                0xd2: self.mf.writeRecord,
                0xd6: self.mf.updateBinaryPlain,
                0xd7: self.mf.updateBinaryEncapsulated,
                0xda: self.mf.putDataPlain,
                0xdb: self.mf.putDataEncapsulated,
                0xdc: self.mf.updateRecordPlain,
                0xdd: self.mf.updateRecordEncapsulated,
                0xe0: self.mf.createFile,
                0xe2: self.mf.appendRecord,
                0xe4: self.mf.deleteFile,
            }
        else:
            self.ins2handler = ins2handler

        if extended_length:
            self.maxle = MAX_EXTENDED_LE
        else:
            self.maxle = MAX_SHORT_LE

        self.lastCommandOffcut = b""
        self.lastCommandSW = SW["NORMAL"]
        el = extended_length  # only needed to keep following line short
        tsft = Iso7816OS.makeThirdSoftwareFunctionTable(extendedLe=el)
        card_capabilities = self.mf.firstSFT + self.mf.secondSFT + tsft
        self.atr = Iso7816OS.makeATR(
            T=1,
            directConvention=True,
            TA1=0x13,
            histChars=inttostring(0x80) +
            inttostring(0x70 + len(card_capabilities)) + card_capabilities)
Beispiel #4
0
    def generate_public_key_pair(self, p1, p2, data):
        """
        In the Cryptoflex card this command only supports RSA keys.

        :param data:
            Contains the public exponent used for key generation
        :param p1:
            The key number. Can be used later to refer to the generated key
        :param p2:
            Used to specify the key length. The mapping is: 0x40 => 256 Bit,
            0x60 => 512 Bit, 0x80 => 1024
        """
        from Crypto.PublicKey import RSA
        from Crypto.Util.randpool import RandomPool

        keynumber = p1  # TODO: Check if key exists

        keylength_dict = {0x40: 256, 0x60: 512, 0x80: 1024}

        if p2 not in keylength_dict:
            raise SwError(SW["ERR_INCORRECTP1P2"])
        else:
            keylength = keylength_dict[p2]

        rnd = RandomPool()
        PublicKey = RSA.generate(keylength, rnd.get_bytes)
        self.dst.key = PublicKey

        e_in = struct.unpack("<i", data)
        if e_in[0] != 65537:
            logging.warning("Warning: Exponents different from 65537 are " +
                            "ignored! The Exponent given is %i" % e_in[0])

        # Encode Public key
        n = PublicKey.__getstate__()['n']
        n_str = inttostring(n)
        n_str = n_str[::-1]
        e = PublicKey.__getstate__()['e']
        e_str = inttostring(e, 4)
        e_str = e_str[::-1]
        pad = 187 * '\x30'  # We don't have CRT components, so we need to pad
        pk_n = TLVutils.bertlv_pack(((0x81, len(n_str), n_str),
                                     (0x01, len(pad), pad),
                                     (0x82, len(e_str), e_str)))
        # Private key
        d = PublicKey.__getstate__()['d']

        # Write result to FID 10 12 EF-PUB-KEY
        df = self.mf.currentDF()
        ef_pub_key = df.select("fid", 0x1012)
        ef_pub_key.writebinary([0], [pk_n])
        data = ef_pub_key.getenc('data')

        # Write private key to FID 00 12 EF-PRI-KEY (not necessary?)
        # How to encode the private key?
        ef_priv_key = df.select("fid", 0x0012)
        ef_priv_key.writebinary([0], [inttostring(d)])
        data = ef_priv_key.getenc('data')
        return PublicKey
Beispiel #5
0
    def generate_public_key_pair(self, p1, p2, data):
        """
        In the Cryptoflex card this command only supports RSA keys.

        :param data:
            Contains the public exponent used for key generation
        :param p1:
            The key number. Can be used later to refer to the generated key
        :param p2:
            Used to specify the key length. The mapping is: 0x40 => 256 Bit,
            0x60 => 512 Bit, 0x80 => 1024
        """
        from Crypto.PublicKey import RSA
        from Crypto.Util.randpool import RandomPool

        keynumber = p1  # TODO: Check if key exists

        keylength_dict = {0x40: 256, 0x60: 512, 0x80: 1024}

        if p2 not in keylength_dict:
            raise SwError(SW["ERR_INCORRECTP1P2"])
        else:
            keylength = keylength_dict[p2]

        rnd = RandomPool()
        PublicKey = RSA.generate(keylength, rnd.get_bytes)
        self.dst.key = PublicKey

        e_in = struct.unpack("<i", data)
        if e_in[0] != 65537:
            logging.warning("Warning: Exponents different from 65537 are " +
                            "ignored! The Exponent given is %i" % e_in[0])

        # Encode Public key
        n = PublicKey.__getstate__()['n']
        n_str = inttostring(n)
        n_str = n_str[::-1]
        e = PublicKey.__getstate__()['e']
        e_str = inttostring(e, 4)
        e_str = e_str[::-1]
        pad = 187 * '\x30'  # We don't have CRT components, so we need to pad
        pk_n = TLVutils.bertlv_pack(
            ((0x81, len(n_str), n_str), (0x01, len(pad), pad),
             (0x82, len(e_str), e_str)))
        # Private key
        d = PublicKey.__getstate__()['d']

        # Write result to FID 10 12 EF-PUB-KEY
        df = self.mf.currentDF()
        ef_pub_key = df.select("fid", 0x1012)
        ef_pub_key.writebinary([0], [pk_n])
        data = ef_pub_key.getenc('data')

        # Write private key to FID 00 12 EF-PRI-KEY (not necessary?)
        # How to encode the private key?
        ef_priv_key = df.select("fid", 0x0012)
        ef_priv_key.writebinary([0], [inttostring(d)])
        data = ef_priv_key.getenc('data')
        return PublicKey
    def __init__(self, mf, sam, ins2handler=None, extended_length=False):
        self.mf = mf
        self.SAM = sam

        if not ins2handler:
            self.ins2handler = {
                    0x0c: self.mf.eraseRecord,
                    0x0e: self.mf.eraseBinaryPlain,
                    0x0f: self.mf.eraseBinaryEncapsulated,
                    0x2a: self.SAM.perform_security_operation,
                    0x20: self.SAM.verify,
                    0x22: self.SAM.manage_security_environment,
                    0x24: self.SAM.change_reference_data,
                    0x46: self.SAM.generate_public_key_pair,
                    0x82: self.SAM.external_authenticate,
                    0x84: self.SAM.get_challenge,
                    0x88: self.SAM.internal_authenticate,
                    0xa0: self.mf.searchBinaryPlain,
                    0xa1: self.mf.searchBinaryEncapsulated,
                    0xa4: self.mf.selectFile,
                    0xb0: self.mf.readBinaryPlain,
                    0xb1: self.mf.readBinaryEncapsulated,
                    0xb2: self.mf.readRecordPlain,
                    0xb3: self.mf.readRecordEncapsulated,
                    0xc0: self.getResponse,
                    0xca: self.mf.getDataPlain,
                    0xcb: self.mf.getDataEncapsulated,
                    0xd0: self.mf.writeBinaryPlain,
                    0xd1: self.mf.writeBinaryEncapsulated,
                    0xd2: self.mf.writeRecord,
                    0xd6: self.mf.updateBinaryPlain,
                    0xd7: self.mf.updateBinaryEncapsulated,
                    0xda: self.mf.putDataPlain,
                    0xdb: self.mf.putDataEncapsulated,
                    0xdc: self.mf.updateRecordPlain,
                    0xdd: self.mf.updateRecordEncapsulated,
                    0xe0: self.mf.createFile,
                    0xe2: self.mf.appendRecord,
                    0xe4: self.mf.deleteFile,
                    }
        else:
            self.ins2handler = ins2handler

        if extended_length:
            self.maxle = MAX_EXTENDED_LE
        else:
            self.maxle = MAX_SHORT_LE

        self.lastCommandOffcut = b""
        self.lastCommandSW = SW["NORMAL"]
        el = extended_length  # only needed to keep following line short
        tsft = Iso7816OS.makeThirdSoftwareFunctionTable(extendedLe=el)
        card_capabilities = self.mf.firstSFT + self.mf.secondSFT + tsft
        self.atr = Iso7816OS.makeATR(T=1, directConvention=True, TA1=0x13,
                                     histChars=inttostring(0x80) +
                                     inttostring(0x70 + len(card_capabilities)) +
                                     card_capabilities)
Beispiel #7
0
    def formatResult(self, seekable, le, data, sw, sm):
        if seekable:
            # when le = 0 then we want to have 0x9000. here we only have the
            # effective le, which is either MAX_EXTENDED_LE or MAX_SHORT_LE,
            # depending on the APDU. Note that the following distinguisher has
            # one false positive
            if le > len(data) and le != MAX_EXTENDED_LE and le != MAX_SHORT_LE:
                sw = SW["WARN_EOFBEFORENEREAD"]

        if le != None:
            result = data[:le]
        else:
            result = data[:0]
        if sm:
            try:
                sw, result = self.SAM.protect_result(sw, result)
            except SwError as e:
                logging.info(e.message)
                import traceback
                traceback.print_exception(*sys.exc_info())
                sw = e.sw
                result = ""
                answer = self.formatResult(False, 0, result, sw, False)

        return R_APDU(result, inttostring(sw)).render()
Beispiel #8
0
def tlv_unpack(data):
    ber_class = (data[0] & 0xC0) >> 6
    # 0 = primitive, 0x20 = constructed
    constructed = (data[0] & 0x20) != 0
    tag = data[0]
    data = data[1:]
    if (tag & 0x1F) == 0x1F:
        tag = (tag << 8) | data[0]
        while data[0] & 0x80 == 0x80:
            data = data[1:]
            tag = (tag << 8) | data[0]
        data = data[1:]

    length = data[0]
    if length < 0x80:
        data = data[1:]
    elif length & 0x80 == 0x80:
        length_ = 0
        data = data[1:]
        for i in range(0, length & 0x7F):
            length_ = length_ * 256 + data[0]
            data = data[1:]
        length = length_

    value = b"".join(inttostring(i) for i in data[:length])
    rest = data[length:]

    return ber_class, constructed, tag, length, value, rest
Beispiel #9
0
def tlv_unpack(data):
    ber_class = (data[0] & 0xC0) >> 6
    # 0 = primitive, 0x20 = constructed
    constructed = (data[0] & 0x20) != 0
    tag = data[0]
    data = data[1:]
    if (tag & 0x1F) == 0x1F:
        tag = (tag << 8) | data[0]
        while data[0] & 0x80 == 0x80:
            data = data[1:]
            tag = (tag << 8) | data[0]
        data = data[1:]

    length = data[0]
    if length < 0x80:
        data = data[1:]
    elif length & 0x80 == 0x80:
        length_ = 0
        data = data[1:]
        for i in range(0, length & 0x7F):
            length_ = length_ * 256 + data[0]
            data = data[1:]
        length = length_

    value = b"".join(inttostring(i) for i in data[:length])
    rest = data[length:]

    return ber_class, constructed, tag, length, value, rest
Beispiel #10
0
    def formatResult(self, seekable, le, data, sw, sm):
        if seekable:
            # when le = 0 then we want to have 0x9000. here we only have the
            # effective le, which is either MAX_EXTENDED_LE or MAX_SHORT_LE,
            # depending on the APDU. Note that the following distinguisher has
            # one false positive
            if le > len(data) and le != MAX_EXTENDED_LE and le != MAX_SHORT_LE:
                sw = SW["WARN_EOFBEFORENEREAD"]

        if le != None:
            result = data[:le]
        else:
            result = data[:0]
        if sm:
            try:
                sw, result = self.SAM.protect_result(sw, result)
            except SwError as e:
                logging.info(e.message)
                import traceback
                traceback.print_exception(*sys.exc_info())
                sw = e.sw
                result = ""
                answer = self.formatResult(False, 0, result, sw, False)

        return R_APDU(result, inttostring(sw)).render()
Beispiel #11
0
    def formatResult(self, ins, le, data, sw):
        if le == 0 and len(data):
            # cryptoflex does not inpterpret le==0 as maxle
            self.lastCommandSW = sw
            self.lastCommandOffcut = data
            r = R_APDU(inttostring(SW["ERR_WRONGLENGTH"] + min(0xFF, len(data)))).render()
        else:
            if ins == 0xA4 and len(data):
                # get response should be followed by select file
                self.lastCommandSW = sw
                self.lastCommandOffcut = data
                r = R_APDU(inttostring(SW["NORMAL_REST"] + min(0xFF, len(data)))).render()
            else:
                r = Iso7816OS.formatResult(self, Iso7816OS.seekable(ins), le, data, sw, False)

        return r
Beispiel #12
0
    def generate_public_key_pair(self, p1, p2, data):
        """
        The GENERATE PUBLIC-KEY PAIR command either initiates the generation
        and storing of a key pair, i.e., a public key and a private key, in the
        card, or accesses a key pair previously generated in the card.

        :param p1: should be 0x00 (generate new key)
        :param p2: '00' (no information provided) or reference of the key to
                   be generated
        :param data: One or more CRTs associated to the key generation if
                     P1-P2 different from '0000'
        """

        from Crypto.PublicKey import RSA, DSA

        cipher = self.ct.algorithm

        c_class = locals().get(cipher, None)
        if c_class is None:
            raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])

        if p1 & 0x01 == 0x00:  # Generate key
            PublicKey = c_class.generate(self.dst.keylength)
            self.dst.key = PublicKey
        else:
            pass  # Read key

        # Encode keys
        if cipher == "RSA":
            # Public key
            n = inttostring(PublicKey.n)
            e = inttostring(PublicKey.e)
            pk = ((0x81, len(n), n), (0x82, len(e), e))
            result = bertlv_pack(pk)
            # Private key
            d = PublicKey.d
        elif cipher == "DSA":
            # DSAParams
            p = inttostring(PublicKey.p)
            q = inttostring(PublicKey.q)
            g = inttostring(PublicKey.g)
            # Public key
            y = inttostring(PublicKey.y)
            pk = ((0x81, len(p), p), (0x82, len(q), q), (0x83, len(g), g),
                  (0x84, len(y), y))
            # Private key
            x = inttostring(PublicKey.x)
        # Add more algorithms here
        # elif cipher = "ECDSA":
        else:
            raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])

        result = bertlv_pack([[0x7F49, len(pk), pk]])
        # TODO: Internally store key pair

        if p1 & 0x02 == 0x02:
            # We do not support extended header lists yet
            raise SwError["ERR_NOTSUPPORTED"]
        else:
            return SW["NORMAL"], result
Beispiel #13
0
    def formatResult(self, ins, le, data, sw):
        if le == 0 and len(data):
            # cryptoflex does not inpterpret le==0 as maxle
            self.lastCommandSW = sw
            self.lastCommandOffcut = data
            r = R_APDU(inttostring(SW["ERR_WRONGLENGTH"] +\
                    min(0xff, len(data)))).render()
        else:
            if ins == 0xa4 and len(data):
                # get response should be followed by select file
                self.lastCommandSW = sw
                self.lastCommandOffcut = data
                r = R_APDU(inttostring(SW["NORMAL_REST"] +\
                    min(0xff, len(data)))).render()
            else:
                r = Iso7816OS.formatResult(self, Iso7816OS.seekable(ins), le, data, sw, False)

        return r
    def run(self):
        """
        Main loop of the vpicc. Receives command APDUs via a socket from the
        vpcd, dispatches them to the emulated smartcard and sends the resulting
        respsonse APDU back to the vpcd.
        """
        while True:
            try:
                (size, msg) = self.__recvFromVPICC()
            except socket.error as e:
                if not self.host:
                    logging.info("Waiting for vpcd on port " + str(self.port))
                    (self.sock, address) = self.server_sock.accept()
                    continue
                else:
                    sys.exit()

            if not size:
                logging.warning("Error in communication protocol (missing \
                                size parameter)")
            elif size == VPCD_CTRL_LEN:
                if msg == inttostring(VPCD_CTRL_OFF):
                    logging.info("Power Down")
                    self.os.powerDown()
                elif msg == inttostring(VPCD_CTRL_ON):
                    logging.info("Power Up")
                    self.os.powerUp()
                elif msg == inttostring(VPCD_CTRL_RESET):
                    logging.info("Reset")
                    self.os.reset()
                elif msg == inttostring(VPCD_CTRL_ATR):
                    self.__sendToVPICC(self.os.getATR())
                else:
                    logging.warning("unknown control command")
            else:
                if size != len(msg):
                    logging.warning("Expected %u bytes, but received only %u",
                                    size, len(msg))

                answer = self.os.execute(msg)
                logging.info("Response APDU (%d bytes):\n  %s\n", len(answer),
                             hexdump(answer, indent=2))
                self.__sendToVPICC(answer)
Beispiel #15
0
    def __replace_tag(self, tag, data):
        """
        Adjust the config string using a given tag, value combination. If the
        config string already contains a tag, value pair for the given tag,
        replace it. Otherwise append tag, length and value to the config string.
        """
        position = 0
        while position < len(self.__config_string) and \
                self.__config_string[position] != tag:    
            length = stringtoint(self.__config_string[position+1])
            position += length + 3

        if position < len(self.__config_string): #Replace Tag
            length = stringtoint(self.__config_string[position+1])
            self.__config_string = self.__config_string[:position] +\
                                   chr(tag) + inttostring(len(data)) + data +\
                                   self.__config_string[position+2+length:]
        else: #Add new tag
            self.__config_string += chr(tag) + inttostring(len(data)) + data
    def run(self):
        """
        Main loop of the vpicc. Receives command APDUs via a socket from the
        vpcd, dispatches them to the emulated smartcard and sends the resulting
        respsonse APDU back to the vpcd.
        """
        while True:
            try:
                (size, msg) = self.__recvFromVPICC()
            except socket.error as e:
                if not self.host:
                    logging.info("Waiting for vpcd on port " + str(self.port))
                    (self.sock, address) = self.server_sock.accept()
                    continue
                else:
                    sys.exit()

            if not size:
                logging.warning("Error in communication protocol (missing \
                                size parameter)")
            elif size == VPCD_CTRL_LEN:
                if msg == inttostring(VPCD_CTRL_OFF):
                    logging.info("Power Down")
                    self.os.powerDown()
                elif msg == inttostring(VPCD_CTRL_ON):
                    logging.info("Power Up")
                    self.os.powerUp()
                elif msg == inttostring(VPCD_CTRL_RESET):
                    logging.info("Reset")
                    self.os.reset()
                elif msg == inttostring(VPCD_CTRL_ATR):
                    self.__sendToVPICC(self.os.getATR())
                else:
                    logging.warning("unknown control command")
            else:
                if size != len(msg):
                    logging.warning("Expected %u bytes, but received only %u",
                                    size, len(msg))

                answer = self.os.execute(msg)
                logging.info("Response APDU (%d bytes):\n  %s\n", len(answer),
                             hexdump(answer, indent=2))
                self.__sendToVPICC(answer)
Beispiel #17
0
    def __replace_tag(self, tag, data):
        """
        Adjust the config string using a given tag, value combination. If the
        config string already contains a tag, value pair for the given tag,
        replace it. Otherwise append tag, length and value to the config string.
        """
        position = 0
        while position < len(self.__config_string) and \
                self.__config_string[position] != tag:
            length = stringtoint(self.__config_string[position + 1])
            position += length + 3

        if position < len(self.__config_string):  #Replace Tag
            length = stringtoint(self.__config_string[position + 1])
            self.__config_string = self.__config_string[:position] +\
                                   chr(tag) + inttostring(len(data)) + data +\
                                   self.__config_string[position+2+length:]
        else:  #Add new tag
            self.__config_string += chr(tag) + inttostring(len(data)) + data
Beispiel #18
0
    def formatResult(self, seekable, le, data, sw, sm):
        if seekable:
            # when le = 0 then we want to have 0x9000. here we only have the
            # effective le, which is either MAX_EXTENDED_LE or MAX_SHORT_LE,
            # depending on the APDU. Note that the following distinguisher has
            # one false positive
            if le > len(data) and le != MAX_EXTENDED_LE and le != MAX_SHORT_LE:
                sw = SW["WARN_EOFBEFORENEREAD"]

        result = data[:le]
        if sm:
            sw, result = self.SAM.protect_result(sw, result)

        return R_APDU(result, inttostring(sw)).render()
Beispiel #19
0
    def formatResult(self, seekable, le, data, sw, sm):
        if not seekable:
            self.lastCommandOffcut = data[le:]
            l = len(self.lastCommandOffcut)
            if l == 0:
                self.lastCommandSW = SW["NORMAL"]
            else:
                self.lastCommandSW = sw
                sw = SW["NORMAL_REST"] + min(0xff, l)
        else:
            if le > len(data):
                sw = SW["WARN_EOFBEFORENEREAD"]

        result = data[:le]
        if sm:
            sw, result = self.SAM.protect_result(sw, result)

        return R_APDU(result, inttostring(sw)).render()
Beispiel #20
0
    def formatResult(self, seekable, le, data, sw, sm):
        if not seekable:
            self.lastCommandOffcut = data[le:]
            l = len(self.lastCommandOffcut)
            if l == 0:
                self.lastCommandSW = SW["NORMAL"]
            else:
                self.lastCommandSW = sw
                sw = SW["NORMAL_REST"] + min(0xff, l)
        else:
            if le > len(data):
                sw = SW["WARN_EOFBEFORENEREAD"]

        result = data[:le]
        if sm:
            sw, result = self.SAM.protect_result(sw, result)

        return R_APDU(result, inttostring(sw)).render()
Beispiel #21
0
 def makeThirdSoftwareFunctionTable(commandChainging=False,
         extendedLe=False, assignLogicalChannel=0, maximumChannels=0):  
     """
     Returns a byte according to the third software function table from the
     historical bytes of the card capabilities.
     """
     tsft = 0
     if commandChainging:
         tsft |= 1 << 7
     if extendedLe:
         tsft |= 1 << 6
     if assignLogicalChannel:
         if not (0<=assignLogicalChannel and assignLogicalChannel<=3):
             raise ValueError
         tsft |= assignLogicalChannel << 3
     if maximumChannels:
         if not (0<=maximumChannels and maximumChannels<=7):
             raise ValueError
         tsft |= maximumChannels
     return inttostring(tsft)
Beispiel #22
0
    def internal_authenticate(self, p1, p2, data):
        """
        Authenticate card to terminal. Encrypt the challenge of the terminal
        to prove key posession
        """

        if p1 == 0x00:  #No information given
            cipher = get_referenced_cipher(self.cipher)
        else:
            cipher = get_referenced_cipher(p1)

        if cipher == "RSA" or cipher == "DSA":
            crypted_challenge = self.asym_key.sign(data, "")
            crypted_challenge = crypted_challenge[0]
            crypted_challenge = inttostring(crypted_challenge)
        else:
            key = self._get_referenced_key(p1, p2)
            crypted_challenge = vsCrypto.encrypt(cipher, key, data)

        return SW["NORMAL"], crypted_challenge
Beispiel #23
0
    def internal_authenticate(self, p1, p2, data):
        """
        Authenticate card to terminal. Encrypt the challenge of the terminal
        to prove key posession
        """
        
        if p1 == 0x00: #No information given
            cipher = get_referenced_cipher(self.cipher)   
        else:
            cipher = get_referenced_cipher(p1)

        if cipher == "RSA" or cipher == "DSA":
            crypted_challenge = self.asym_key.sign(data,"")
            crypted_challenge = crypted_challenge[0]
            crypted_challenge = inttostring(crypted_challenge)
        else:
            key = self._get_referenced_key(p1, p2)
            crypted_challenge = vsCrypto.encrypt(cipher, key, data)
        
        return SW["NORMAL"], crypted_challenge
Beispiel #24
0
 def makeThirdSoftwareFunctionTable(commandChainging=False,
         extendedLe=False, assignLogicalChannel=0, maximumChannels=0):  
     """
     Returns a byte according to the third software function table from the
     historical bytes of the card capabilities.
     """
     tsft = 0
     if commandChainging:
         tsft |= 1 << 7
     if extendedLe:
         tsft |= 1 << 6
     if assignLogicalChannel:
         if not (0<=assignLogicalChannel and assignLogicalChannel<=3):
             raise ValueError
         tsft |= assignLogicalChannel << 3
     if maximumChannels:
         if not (0<=maximumChannels and maximumChannels<=7):
             raise ValueError
         tsft |= maximumChannels
     return inttostring(tsft)
Beispiel #25
0
    def protect_response(self, sw, result):
        """
        This method protects a response APDU using secure messaging mechanisms

        :returns: the protected data and the SW bytes
        """

        return_data = b""

        if result:
            # Encrypt the data included in the RAPDU
            encrypted = self.encipher(0x82, 0x80, result)
            encrypted = b"\x01" + encrypted
            encrypted_tlv = bertlv_pack([
                (SM_Class["CRYPTOGRAM_PADDING_INDICATOR_ODD"], len(encrypted),
                 encrypted)
            ])
            return_data += encrypted_tlv

        sw_str = inttostring(sw)
        length = len(sw_str)
        tag = SM_Class["PLAIN_PROCESSING_STATUS"]
        tlv_sw = bertlv_pack([(tag, length, sw_str)])
        return_data += tlv_sw

        if self.cct.algorithm is None:
            raise SwError(SW["CONDITIONSNOTSATISFIED"])
        elif self.cct.algorithm == "CC":
            tag = SM_Class["CHECKSUM"]
            padded = vsCrypto.append_padding(self.cct.blocklength, return_data)
            auth = self.compute_cryptographic_checksum(0x8E, 0x80, padded)
            length = len(auth)
            return_data += bertlv_pack([(tag, length, auth)])
        elif self.cct.algorithm == "SIGNATURE":
            tag = SM_Class["DIGITAL_SIGNATURE"]
            hash = self.hash(0x90, 0x80, return_data)
            auth = self.compute_digital_signature(0x9E, 0x9A, hash)
            length = len(auth)
            return_data += bertlv_pack([(tag, length, auth)])

        return sw, return_data
Beispiel #26
0
    def protect_response(self, sw, result):
        """
        This method protects a response APDU using secure messaging mechanisms
        
        :returns: the protected data and the SW bytes
        """

        return_data = ""

        if result != "":
            # Encrypt the data included in the RAPDU
            encrypted = self.encipher(0x82, 0x80, result)
            encrypted = "\x01" + encrypted
            encrypted_tlv = bertlv_pack([(
                                SM_Class["CRYPTOGRAM_PADDING_INDICATOR_ODD"],
                                len(encrypted),
                                encrypted)])
            return_data += encrypted_tlv 

        sw_str = inttostring(sw)
        length = len(sw_str) 
        tag = SM_Class["PLAIN_PROCESSING_STATUS"]
        tlv_sw = bertlv_pack([(tag, length, sw_str)])
        return_data += tlv_sw
        
        if self.cct.algorithm == None:
            raise SwError(SW["CONDITIONSNOTSATISFIED"])
        elif self.cct.algorithm == "CC":
            tag = SM_Class["CHECKSUM"]
            padded = vsCrypto.append_padding(self.cct.blocklength, return_data)
            auth = self.compute_cryptographic_checksum(0x8E, 0x80, padded)
            length = len(auth)
            return_data += bertlv_pack([(tag, length, auth)])
        elif self.cct.algorithm == "SIGNATURE":
            tag = SM_Class["DIGITAL_SIGNATURE"]
            hash = self.hash(0x90, 0x80, return_data)
            auth = self.compute_digital_signature(0x9E, 0x9A, hash)
            length = len(auth)
            return_data += bertlv_pack([(tag, length, auth)])
        
        return sw, return_data
Beispiel #27
0
def crypto_checksum(algo, key, data, iv=None, ssc=None):
    """
    Compute various types of cryptographic checksums.
    
    :param algo:
        A string specifying the algorithm to use. Currently supported
        algorithms are \"MAX\" \"HMAC\" and \"CC\" (Meaning a cryptographic
        checksum as used by the ICAO passports)
    :param key:  They key used to computed the cryptographic checksum
    :param data: The data for which to calculate the checksum
    :param iv:
        Optional. An initialization vector. Only used by the \"MAC\" algorithm
    :param ssc:
        Optional. A send sequence counter to be prepended to the data.
        Only used by the \"CC\" algorithm
    
    """
    
    if algo not in ("HMAC", "MAC", "CC"):
        raise ValueError("Unknown Algorithm %s" % algo)
    
    if algo == "MAC":
        checksum = calculate_MAC(key, data, iv)
    elif algo == "HMAC":
        hmac = HMAC.new(key, data)
        checksum = hmac.hexdigest()
        del hmac
    elif algo == "CC":
        if ssc != None:
            data = inttostring(ssc) + data        
        a = cipher(True, "des-cbc", key[:8], data)
        b = cipher(False, "des-ecb", key[8:16], a[-8:])
        c = cipher(True, "des-ecb", key[:8], b)
        checksum = c
    
    return checksum
Beispiel #28
0
def crypto_checksum(algo, key, data, iv=None, ssc=None):
    """
    Compute various types of cryptographic checksums.

    :param algo:
        A string specifying the algorithm to use. Currently supported
        algorithms are \"MAX\" \"HMAC\" and \"CC\" (Meaning a cryptographic
        checksum as used by the ICAO passports)
    :param key:  They key used to computed the cryptographic checksum
    :param data: The data for which to calculate the checksum
    :param iv:
        Optional. An initialization vector. Only used by the \"MAC\" algorithm
    :param ssc:
        Optional. A send sequence counter to be prepended to the data.
        Only used by the \"CC\" algorithm

    """

    if algo not in ("HMAC", "MAC", "CC"):
        raise ValueError("Unknown Algorithm %s" % algo)

    if algo == "MAC":
        checksum = calculate_MAC(key, data, iv)
    elif algo == "HMAC":
        hmac = HMAC.new(key, data)
        checksum = hmac.hexdigest()
        del hmac
    elif algo == "CC":
        if ssc is not None:
            data = inttostring(ssc) + data
        a = cipher(True, "des-cbc", key[:8], data)
        b = cipher(False, "des-ecb", key[8:16], a[-8:])
        c = cipher(True, "des-ecb", key[:8], b)
        checksum = c

    return checksum
Beispiel #29
0
def simpletlv_pack(tlv_data, recalculate_length=False):
    result = b""

    for tag, length, value in tlv_data:
        if tag >= 0xff or tag <= 0x00:
            # invalid
            continue

        if recalculate_length:
            length = len(value)
        if length > 0xffff or length < 0:
            # invalid
            continue

        if length < 0xff:
            result += inttostring(tag) + inttostring(length) + value
        else:
            result += inttostring(tag) + inttostring(0xff) + inttostring(length >> 8) + \
                      inttostring(length & 0xff) + value

    return result
Beispiel #30
0
def simpletlv_pack(tlv_data, recalculate_length=False):
    result = b""

    for tag, length, value in tlv_data:
        if tag >= 0xff or tag <= 0x00:
            # invalid
            continue

        if recalculate_length:
            length = len(value)
        if length > 0xffff or length < 0:
            # invalid
            continue

        if length < 0xff:
            result += inttostring(tag) + inttostring(length) + value
        else:
            result += inttostring(tag) + inttostring(0xff) + inttostring(length >> 8) + \
                      inttostring(length & 0xff) + value

    return result
    def __generate_nPA(self):
        from virtualsmartcard.cards.nPA import nPA_SAM
        mappings = [
            (b'\x04\x00\x7f\x00\x07\x02\x02\x04', range(1, 5), range(1, 5),
             "PACE"),
            (b'\x04\x00\x7f\x00\x07\x02\x02\x02', range(1, 3), range(1, 6),
             "TA"),
            (b'\x04\x00\x7f\x00\x07\x02\x02\x02', [1], [6], "TA"),
            (b'\x04\x00\x7f\x00\x07\x02\x02\x03', range(1, 3), range(1, 5),
             "CA"),
            (b'\x04\x00\x7f\x00\x07\x02\x02\x05', range(1, 3), range(1, 6),
             "RI"),
        ]
        for oid_base, x_list, y_list, algo in mappings:
            for oid in [oid_base + inttostring(x) + inttostring(y)
                    for x in x_list for y in y_list]:
                ALGO_MAPPING[oid] = algo
        ALGO_MAPPING[b"\x04\x00\x7f\x00\x07\x03\x01\x04\x03"] = "CommunityID"
        ALGO_MAPPING[b"\x04\x00\x7f\x00\x07\x03\x01\x04\x02"] = "DateOfExpiry"
        ALGO_MAPPING[b"\x04\x00\x7f\x00\x07\x03\x01\x04\x01"] = "DateOfBirth"

        self.mf = MF()

        card_access = b"\x31\x81\xb3\x30\x0d\x06\x08\x04\x00\x7f\x00\x07\x02"\
                      b"\x02\x02\x02\x01\x02\x30\x12\x06\x0a\x04\x00\x7f\x00"\
                      b"\x07\x02\x02\x03\x02\x02\x02\x01\x02\x02\x01\x41\x30"\
                      b"\x12\x06\x0a\x04\x00\x7f\x00\x07\x02\x02\x03\x02\x02"\
                      b"\x02\x01\x02\x02\x01\x45\x30\x12\x06\x0a\x04\x00\x7f"\
                      b"\x00\x07\x02\x02\x04\x02\x02\x02\x01\x02\x02\x01\x0d"\
                      b"\x30\x1c\x06\x09\x04\x00\x7f\x00\x07\x02\x02\x03\x02"\
                      b"\x30\x0c\x06\x07\x04\x00\x7f\x00\x07\x01\x02\x02\x01"\
                      b"\x0d\x02\x01\x41\x30\x1c\x06\x09\x04\x00\x7f\x00\x07"\
                      b"\x02\x02\x03\x02\x30\x0c\x06\x07\x04\x00\x7f\x00\x07"\
                      b"\x01\x02\x02\x01\x0d\x02\x01\x45\x30\x2a\x06\x08\x04"\
                      b"\x00\x7f\x00\x07\x02\x02\x06\x16\x1e\x68\x74\x74\x70"\
                      b"\x3a\x2f\x2f\x62\x73\x69\x2e\x62\x75\x6e\x64\x2e\x64"\
                      b"\x65\x2f\x63\x69\x66\x2f\x6e\x70\x61\x2e\x78\x6d\x6c"
        self.mf.append(TransparentStructureEF(parent=self.mf, fid=0x011c,
                       shortfid=0x1c, data=card_access))
        card_security = b"\x30\x82\x05\xA0\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01"\
                        b"\x07\x02\xA0\x82\x05\x91\x30\x82\x05\x8D\x02\x01\x03"\
                        b"\x31\x0F\x30\x0D\x06\x09\x60\x86\x48\x01\x65\x03\x04"\
                        b"\x02\x01\x05\x00\x30\x82\x01\x48\x06\x08\x04\x00\x7F"\
                        b"\x00\x07\x03\x02\x01\xA0\x82\x01\x3A\x04\x82\x01\x36"\
                        b"\x31\x82\x01\x32\x30\x0D\x06\x08\x04\x00\x7F\x00\x07"\
                        b"\x02\x02\x02\x02\x01\x02\x30\x12\x06\x0A\x04\x00\x7F"\
                        b"\x00\x07\x02\x02\x03\x02\x02\x02\x01\x02\x02\x01\x41"\
                        b"\x30\x12\x06\x0A\x04\x00\x7F\x00\x07\x02\x02\x04\x02"\
                        b"\x02\x02\x01\x02\x02\x01\x0D\x30\x17\x06\x0A\x04\x00"\
                        b"\x7F\x00\x07\x02\x02\x05\x02\x03\x30\x09\x02\x01\x01"\
                        b"\x02\x01\x43\x01\x01\xFF\x30\x17\x06\x0A\x04\x00\x7F"\
                        b"\x00\x07\x02\x02\x05\x02\x03\x30\x09\x02\x01\x01\x02"\
                        b"\x01\x44\x01\x01\x00\x30\x19\x06\x09\x04\x00\x7F\x00"\
                        b"\x07\x02\x02\x05\x02\x30\x0C\x06\x07\x04\x00\x7F\x00"\
                        b"\x07\x01\x02\x02\x01\x0D\x30\x1C\x06\x09\x04\x00\x7F"\
                        b"\x00\x07\x02\x02\x03\x02\x30\x0C\x06\x07\x04\x00\x7F"\
                        b"\x00\x07\x01\x02\x02\x01\x0D\x02\x01\x41\x30\x2A\x06"\
                        b"\x08\x04\x00\x7F\x00\x07\x02\x02\x06\x16\x1E\x68\x74"\
                        b"\x74\x70\x3A\x2F\x2F\x62\x73\x69\x2E\x62\x75\x6E\x64"\
                        b"\x2E\x64\x65\x2F\x63\x69\x66\x2F\x6E\x70\x61\x2E\x78"\
                        b"\x6D\x6C\x30\x62\x06\x09\x04\x00\x7F\x00\x07\x02\x02"\
                        b"\x01\x02\x30\x52\x30\x0C\x06\x07\x04\x00\x7F\x00\x07"\
                        b"\x01\x02\x02\x01\x0D\x03\x42\x00\x04\x92\x5D\xB4\xE1"\
                        b"\x7A\xDE\x58\x20\x9F\x96\xFA\xA0\x7F\x1F\x8A\x22\x3F"\
                        b"\x82\x3F\x96\xCC\x5D\x78\xCB\xEF\x5D\x17\x42\x20\x88"\
                        b"\xFD\xD5\x8E\x56\xBC\x42\x50\xDE\x33\x46\xB3\xC8\x32"\
                        b"\xCA\xE4\x86\x35\xFB\x6C\x43\x78\x9D\xE8\xB3\x10\x2F"\
                        b"\x43\x93\xB4\x18\xE2\x4A\x13\xD9\x02\x01\x41\xA0\x82"\
                        b"\x03\x1C\x30\x82\x03\x18\x30\x82\x02\xBC\xA0\x03\x02"\
                        b"\x01\x02\x02\x02\x01\x5C\x30\x0C\x06\x08\x2A\x86\x48"\
                        b"\xCE\x3D\x04\x03\x02\x05\x00\x30\x4F\x31\x0B\x30\x09"\
                        b"\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x0D\x30\x0B"\
                        b"\x06\x03\x55\x04\x0A\x0C\x04\x62\x75\x6E\x64\x31\x0C"\
                        b"\x30\x0A\x06\x03\x55\x04\x0B\x0C\x03\x62\x73\x69\x31"\
                        b"\x0C\x30\x0A\x06\x03\x55\x04\x05\x13\x03\x30\x31\x33"\
                        b"\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0C\x0C\x63\x73"\
                        b"\x63\x61\x2D\x67\x65\x72\x6D\x61\x6E\x79\x30\x1E\x17"\
                        b"\x0D\x31\x30\x31\x30\x30\x35\x31\x31\x30\x37\x35\x32"\
                        b"\x5A\x17\x0D\x32\x31\x30\x34\x30\x35\x30\x38\x33\x39"\
                        b"\x34\x37\x5A\x30\x47\x31\x0B\x30\x09\x06\x03\x55\x04"\
                        b"\x06\x13\x02\x44\x45\x31\x1D\x30\x1B\x06\x03\x55\x04"\
                        b"\x0A\x0C\x14\x42\x75\x6E\x64\x65\x73\x64\x72\x75\x63"\
                        b"\x6B\x65\x72\x65\x69\x20\x47\x6D\x62\x48\x31\x0C\x30"\
                        b"\x0A\x06\x03\x55\x04\x05\x13\x03\x30\x37\x34\x31\x0B"\
                        b"\x30\x09\x06\x03\x55\x04\x03\x0C\x02\x44\x53\x30\x82"\
                        b"\x01\x13\x30\x81\xD4\x06\x07\x2A\x86\x48\xCE\x3D\x02"\
                        b"\x01\x30\x81\xC8\x02\x01\x01\x30\x28\x06\x07\x2A\x86"\
                        b"\x48\xCE\x3D\x01\x01\x02\x1D\x00\xD7\xC1\x34\xAA\x26"\
                        b"\x43\x66\x86\x2A\x18\x30\x25\x75\xD1\xD7\x87\xB0\x9F"\
                        b"\x07\x57\x97\xDA\x89\xF5\x7E\xC8\xC0\xFF\x30\x3C\x04"\
                        b"\x1C\x68\xA5\xE6\x2C\xA9\xCE\x6C\x1C\x29\x98\x03\xA6"\
                        b"\xC1\x53\x0B\x51\x4E\x18\x2A\xD8\xB0\x04\x2A\x59\xCA"\
                        b"\xD2\x9F\x43\x04\x1C\x25\x80\xF6\x3C\xCF\xE4\x41\x38"\
                        b"\x87\x07\x13\xB1\xA9\x23\x69\xE3\x3E\x21\x35\xD2\x66"\
                        b"\xDB\xB3\x72\x38\x6C\x40\x0B\x04\x39\x04\x0D\x90\x29"\
                        b"\xAD\x2C\x7E\x5C\xF4\x34\x08\x23\xB2\xA8\x7D\xC6\x8C"\
                        b"\x9E\x4C\xE3\x17\x4C\x1E\x6E\xFD\xEE\x12\xC0\x7D\x58"\
                        b"\xAA\x56\xF7\x72\xC0\x72\x6F\x24\xC6\xB8\x9E\x4E\xCD"\
                        b"\xAC\x24\x35\x4B\x9E\x99\xCA\xA3\xF6\xD3\x76\x14\x02"\
                        b"\xCD\x02\x1D\x00\xD7\xC1\x34\xAA\x26\x43\x66\x86\x2A"\
                        b"\x18\x30\x25\x75\xD0\xFB\x98\xD1\x16\xBC\x4B\x6D\xDE"\
                        b"\xBC\xA3\xA5\xA7\x93\x9F\x02\x01\x01\x03\x3A\x00\x04"\
                        b"\x3D\x6A\x7C\x2A\x6F\x20\x5F\x83\x9B\x04\x14\xEC\x58"\
                        b"\xC6\xC7\x1B\x75\xF5\x15\xDE\xC3\xAE\x73\x3B\x5F\x47"\
                        b"\x88\xDD\xC8\x15\xF0\x5B\xC1\xF6\x53\x8F\xD9\x69\x54"\
                        b"\xE1\xF8\x40\xA2\xE2\x18\x99\x62\xCC\xAA\x14\x90\x08"\
                        b"\x24\xC7\xDD\xB9\xA3\x81\xD1\x30\x81\xCE\x30\x0E\x06"\
                        b"\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x07\x80"\
                        b"\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14"\
                        b"\x60\x44\xF2\x45\xF2\xE0\x71\xD4\xD5\x64\xF4\xE5\x77"\
                        b"\xD6\x36\x69\xDB\xEB\x18\x59\x30\x41\x06\x03\x55\x1D"\
                        b"\x20\x04\x3A\x30\x38\x30\x36\x06\x09\x04\x00\x7F\x00"\
                        b"\x07\x03\x01\x01\x01\x30\x29\x30\x27\x06\x08\x2B\x06"\
                        b"\x01\x05\x05\x07\x02\x01\x16\x1B\x68\x74\x74\x70\x3A"\
                        b"\x2F\x2F\x77\x77\x77\x2E\x62\x73\x69\x2E\x62\x75\x6E"\
                        b"\x64\x2E\x64\x65\x2F\x63\x73\x63\x61\x30\x2B\x06\x09"\
                        b"\x2A\x86\x48\x86\xF7\x0D\x01\x09\x15\x04\x1E\x04\x1C"\
                        b"\x31\x2E\x32\x2E\x32\x37\x36\x2E\x30\x2E\x38\x30\x2E"\
                        b"\x31\x2E\x31\x32\x2E\x30\x2E\x32\x30\x2E\x35\x2E\x31"\
                        b"\x2E\x30\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22"\
                        b"\x80\x0F\x32\x30\x31\x30\x31\x30\x30\x35\x31\x31\x30"\
                        b"\x37\x35\x32\x5A\x81\x0F\x32\x30\x31\x31\x30\x32\x30"\
                        b"\x35\x30\x39\x33\x39\x34\x37\x5A\x30\x0C\x06\x08\x2A"\
                        b"\x86\x48\xCE\x3D\x04\x03\x02\x05\x00\x03\x48\x00\x30"\
                        b"\x45\x02\x20\x13\xE9\xE1\x7A\x9E\xFE\x8B\xD7\xD7\x27"\
                        b"\x62\x92\x30\x5B\xCC\xC3\x2B\x70\xC2\xB7\x60\x40\xF4"\
                        b"\x88\x30\x66\x62\x26\xCD\x6A\x4B\xF4\x02\x21\x00\x87"\
                        b"\xF4\x71\xE2\x44\x35\xB4\xC3\x4A\xF3\x57\x30\x94\xFB"\
                        b"\x1F\x1C\x2A\x48\xB1\x3E\xE5\xED\x67\xF1\x72\x6D\xCF"\
                        b"\x56\xE3\x84\xE3\x6F\x31\x82\x01\x09\x30\x82\x01\x05"\
                        b"\x02\x01\x01\x30\x55\x30\x4F\x31\x0B\x30\x09\x06\x03"\
                        b"\x55\x04\x06\x13\x02\x44\x45\x31\x0D\x30\x0B\x06\x03"\
                        b"\x55\x04\x0A\x0C\x04\x62\x75\x6E\x64\x31\x0C\x30\x0A"\
                        b"\x06\x03\x55\x04\x0B\x0C\x03\x62\x73\x69\x31\x0C\x30"\
                        b"\x0A\x06\x03\x55\x04\x05\x13\x03\x30\x31\x33\x31\x15"\
                        b"\x30\x13\x06\x03\x55\x04\x03\x0C\x0C\x63\x73\x63\x61"\
                        b"\x2D\x67\x65\x72\x6D\x61\x6E\x79\x02\x02\x01\x5C\x30"\
                        b"\x0D\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05"\
                        b"\x00\xA0\x4A\x30\x17\x06\x09\x2A\x86\x48\x86\xF7\x0D"\
                        b"\x01\x09\x03\x31\x0A\x06\x08\x04\x00\x7F\x00\x07\x03"\
                        b"\x02\x01\x30\x2F\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01"\
                        b"\x09\x04\x31\x22\x04\x20\xEF\x0F\xDA\x94\x2E\x5A\x0F"\
                        b"\x6F\xC9\xC5\x46\xEE\x01\xF9\x10\x31\x43\x64\x30\xF7"\
                        b"\x5E\x9D\x36\x54\xD3\x69\x30\x9E\x8B\xE7\x17\x48\x30"\
                        b"\x0C\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x02\x05\x00"\
                        b"\x04\x40\x30\x3E\x02\x1D\x00\x89\x75\x92\x5B\xE1\x31"\
                        b"\xB7\x7C\x95\x8C\x3E\xCB\x2A\x5C\x67\xFC\x5C\xE3\x1C"\
                        b"\xBD\x01\x41\xE3\x4B\xC7\xF0\xA4\x47\x02\x1D\x00\xCC"\
                        b"\x65\xE6\x2D\xDC\xF2\x93\x96\x4B\x22\xD7\xB5\x10\xD7"\
                        b"\x81\x88\x07\xC8\x95\x96\xBD\x34\xD8\xF9\xBB\x4C\x05"\
                        b"\x27"
        self.mf.append(TransparentStructureEF(parent=self.mf, fid=0x011d,
                       shortfid=0x1d, data=card_security))
        ef_dir = b"\x61\x32\x4F\x0F\xE8\x28\xBD\x08\x0F\xA0\x00\x00\x01\x67"\
                 b"\x45\x53\x49\x47\x4E\x50\x0F\x43\x49\x41\x20\x7A\x75\x20"\
                 b"\x44\x46\x2E\x65\x53\x69\x67\x6E\x51\x00\x73\x0C\x4F\x0A"\
                 b"\xA0\x00\x00\x01\x67\x45\x53\x49\x47\x4E\x61\x09\x4F\x07"\
                 b"\xA0\x00\x00\x02\x47\x10\x01\x61\x0B\x4F\x09\xE8\x07\x04"\
                 b"\x00\x7F\x00\x07\x03\x02\x61\x0C\x4F\x0A\xA0\x00\x00\x01"\
                 b"\x67\x45\x53\x49\x47\x4E"
        self.mf.append(TransparentStructureEF(parent=self.mf, fid=0x2f00,
                       shortfid=30, data=ef_dir))

        eid = DF(parent=self.mf, fid=0xffff,
                 dfname=b'\xe8\x07\x04\x00\x7f\x00\x07\x03\x02')
        eid.extra_fci_data = b"\xab\x75\x84\x01\xa4\xaf\x70\xa0\x10\xb4\x06"\
                             b"\x95\x01\x20\x83\x01\x04\xb4\x06\x95\x01\x20"\
                             b"\x83\x01\x06\xa0\x54\xa4\x14\x95\x01\x80\x7f"\
                             b"\x4c\x0e\x06\x09\x04\x00\x7f\x00\x07\x03\x01"\
                             b"\x02\x01\x53\x01\x00\xaf\x22\xa4\x18\x95\x01"\
                             b"\x80\x7f\x4c\x12\x06\x09\x04\x00\x7f\x00\x07"\
                             b"\x03\x01\x02\x02\x53\x05\x00\x00\x00\x00\x00"\
                             b"\xa4\x06\x95\x01\x80\x83\x01\x47\xa4\x18\x95"\
                             b"\x01\x80\x7f\x4c\x12\x06\x09\x04\x00\x7f\x00"\
                             b"\x07\x03\x01\x02\x02\x53\x05\x00\x00\x00\x00"\
                             b"\x10\x7a\x06\x8a\x01\x05\x9e\x01\x03"
        # FIXME access control for eid application

        DocumentType = self.datagroups["DocumentType"] if "DocumentType" in \
            self.datagroups else 'ID'
        IssuingState = self.datagroups["IssuingState"] if "IssuingState" in \
            self.datagroups else 'D'
        DateOfExpiry = self.datagroups["DateOfExpiry"] if "DateOfExpiry" in \
            self.datagroups else '20201031'
        GivenNames = self.datagroups["GivenNames"] if "GivenNames" in \
            self.datagroups else 'ERIKA'
        FamilyNames = self.datagroups["FamilyNames"] if "FamilyNames" in \
            self.datagroups else 'MUSTERMANN'
        ReligiousArtisticName = self.datagroups["ReligiousArtisticName"] if \
            "ReligiousArtisticName" in self.datagroups else ''
        AcademicTitle = self.datagroups["AcademicTitle"] if \
            "AcademicTitle" in self.datagroups else ''
        DateOfBirth = self.datagroups["DateOfBirth"] if "DateOfBirth" in \
            self.datagroups else '19640812'
        PlaceOfBirth = self.datagroups["PlaceOfBirth"] if "PlaceOfBirth" in \
            self.datagroups else 'BERLIN'
        Nationality = self.datagroups["Nationality"] if "Nationality" in \
            self.datagroups else 'DE'
        Sex = self.datagroups["Sex"] if "Sex" in self.datagroups else 'F'
        BirthName = self.datagroups["BirthName"] if "BirthName" in \
            self.datagroups else 'Mein Geburtsname'
        # PlaceOfResidence variable is only a helper to get a switch for
        # <NotOnChip>
        PlaceOfResidence = self.datagroups["PlaceOfResidence"] if \
            "PlaceOfResidence" in self.datagroups else ''
        Country = self.datagroups["Country"] if "Country" in self.datagroups \
            else 'D'
        City = self.datagroups["City"] if "City" in self.datagroups else \
            'KOLN'
        ZIP = self.datagroups["ZIP"] if "ZIP" in self.datagroups else '51147'
        Street = self.datagroups["Street"] if "Street" in \
            self.datagroups else 'HEIDESTRASSE 17'
        CommunityID = self.datagroups["CommunityID"] if "CommunityID" in \
            self.datagroups else '02760378900276'
        if (CommunityID.rstrip() != "<NotOnChip>"):
            # the plain CommunityID integer value has to be translated into
            # its binary representation. '0276...' will be '\x02\x76\...'
            CommunityID_Binary = binascii.unhexlify(CommunityID)
        # ResidencePermit1 and ResidencePermit2 are part of eAT only
        ResidencePermit1 = self.datagroups["ResidencePermit1"] if \
            "ResidencePermit1" in self.datagroups else \
            'ResidencePermit1 field up to 750 characters'
        ResidencePermit2 = self.datagroups["ResidencePermit2"] if \
            "ResidencePermit2" in self.datagroups else \
            'ResidencePermit1 field up to 250 characters'

        # Currently, those data groups are for further usage:
        dg12_param = self.datagroups["dg12"] if "dg12" in \
            self.datagroups else ''
        dg14_param = self.datagroups["dg14"] if "dg14" in \
            self.datagroups else ''
        dg15_param = self.datagroups["dg15"] if "dg15" in \
            self.datagroups else ''
        dg16_param = self.datagroups["dg16"] if "dg16" in \
            self.datagroups else ''
        dg21_param = self.datagroups["dg21"] if "dg21" in \
            self.datagroups else ''

        # "Attribute not on Chip" makes sence only for ReligiousArtisticName,
        # Nationality, BirthName, ResidencePermit1 and ResidencePermit2, refer
        # to BSI TR-03127
        if (DocumentType.rstrip() != "<NotOnChip>"):
            dg1 = pack([(0x61, 0, [(0x13, 0, DocumentType)])], True)
        else:
            dg1 = None
        if (IssuingState.rstrip() != "<NotOnChip>"):
            dg2 = pack([(0x62, 0, [(0x13, 0, IssuingState)])], True)
        else:
            dg2 = None
        if (DateOfExpiry.rstrip() != "<NotOnChip>"):
            dg3 = pack([(0x63, 0, [(0x12, 0, DateOfExpiry)])], True)
        else:
            dg3 = None
        if (GivenNames.rstrip() != "<NotOnChip>"):
            dg4 = pack([(0x64, 0, [(0x0C, 0, GivenNames)])], True)
        else:
            dg4 = None
        if (FamilyNames.rstrip() != "<NotOnChip>"):
            dg5 = pack([(0x65, 0, [(0x0C, 0, FamilyNames)])], True)
        else:
            dg5 = None
        if (ReligiousArtisticName.rstrip() != "<NotOnChip>"):
            dg6 = pack([(0x66, 0, [(0x0C, 0, ReligiousArtisticName)])], True)
        else:
            dg6 = None
        if (AcademicTitle.rstrip() != "<NotOnChip>"):
            dg7 = pack([(0x67, 0, [(0x0C, 0, AcademicTitle)])], True)
        else:
            dg7 = None
        if (DateOfBirth.rstrip() != "<NotOnChip>"):
            dg8 = pack([(0x68, 0, [(0x12, 0, DateOfBirth)])], True)
        else:
            dg8 = None
        if (PlaceOfBirth.rstrip() != "<NotOnChip>"):
            dg9 = pack([(0x69, 0, [(0xA1, 0, [(0x0C, 0, PlaceOfBirth)])])],
                       True)
        else:
            dg9 = None
        if (Nationality.rstrip() != "<NotOnChip>"):
            dg10 = pack([(0x6A, 0, [(0x13, 0, Nationality)])], True)
        else:
            dg10 = None
        if (Sex.rstrip() != "<NotOnChip>"):
            dg11 = pack([(0x6B, 0, [(0x13, 0, Sex)])], True)
        else:
            dg11 = None
        if (dg12_param.rstrip() != "<NotOnChip>"):
            dg12 = dg12_param
        else:
            dg12 = None
        if (BirthName.rstrip() != "<NotOnChip>"):
            dg13 = pack([(0x6D, 0, [(0x0C, 0, BirthName)])], True)
        else:
            dg13 = None
        if (dg14_param.rstrip() != "<NotOnChip>"):
            dg14 = dg14_param
        else:
            dg14 = None
        if (dg15_param.rstrip() != "<NotOnChip>"):
            dg15 = dg15_param
        else:
            dg15 = None
        if (dg16_param.rstrip() != "<NotOnChip>"):
            dg16 = dg16_param
        else:
            dg16 = None
        if (PlaceOfResidence.rstrip() != "<NotOnChip>"):
            dg17 = pack([(0x71, 0, [(0x30, 0, [
                    (0xAA, 0, [(0x0C, 0, Street)]),
                    (0xAB, 0, [(0x0C, 0, City)]),
                    (0xAD, 0, [(0x13, 0, Country)]),
                    (0xAE, 0, [(0x13, 0, ZIP)])
                    ])])], True)
        else:
            dg17 = None
        if (CommunityID.rstrip() != "<NotOnChip>"):
            dg18 = pack([(0x72, 0, [(0x04, 0, CommunityID_Binary)])], True)
        else:
            dg18 = None
        if (ResidencePermit1.rstrip() != "<NotOnChip>"):
            dg19 = pack([(0x73, 0, [(0xA1, 0,
                                    [(0x0C, 0, ResidencePermit1)])])], True)
        else:
            dg19 = None
        if (ResidencePermit1.rstrip() != "<NotOnChip>"):
            dg20 = pack([(0x74, 0, [(0xA1, 0,
                                    [(0x0C, 0, ResidencePermit2)])])], True)
        else:
            dg20 = None
        if (dg21_param.rstrip() != "<NotOnChip>"):
            dg21 = dg21_param
        else:
            dg21 = None

        # If eid.append is not done for a DG, it results into required
        # SwError() with FileNotFound "6A82" APDU return code
        if dg1:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0101,
                       shortfid=0x01, data=dg1))
        if dg2:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0102,
                       shortfid=0x02, data=dg2))
        if dg3:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0103,
                       shortfid=0x03, data=dg3))
        if dg4:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0104,
                       shortfid=0x04, data=dg4))
        if dg5:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0105,
                       shortfid=0x05, data=dg5))
        if dg6:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0106,
                       shortfid=0x06, data=dg6))
        if dg7:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0107,
                       shortfid=0x07, data=dg7))
        if dg8:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0108,
                       shortfid=0x08, data=dg8))
        if dg9:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0109,
                       shortfid=0x09, data=dg9))
        if dg10:
            eid.append(TransparentStructureEF(parent=eid, fid=0x010a,
                       shortfid=0x0a, data=dg10))
        if dg11:
            eid.append(TransparentStructureEF(parent=eid, fid=0x010b,
                       shortfid=0x0b, data=dg11))
        if dg12:
            eid.append(TransparentStructureEF(parent=eid, fid=0x010c,
                       shortfid=0x0c, data=dg12))
        if dg13:
            eid.append(TransparentStructureEF(parent=eid, fid=0x010d,
                       shortfid=0x0d, data=dg13))
        if dg14:
            eid.append(TransparentStructureEF(parent=eid, fid=0x010e,
                       shortfid=0x0e, data=dg14))
        if dg15:
            eid.append(TransparentStructureEF(parent=eid, fid=0x010f,
                       shortfid=0x0f, data=dg15))
        if dg16:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0110,
                       shortfid=0x10, data=dg16))
        if dg17:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0111,
                       shortfid=0x11, data=dg17))
        if dg18:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0112,
                       shortfid=0x12, data=dg18))
        if dg19:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0113,
                       shortfid=0x13, data=dg19))
        if dg20:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0114,
                       shortfid=0x14, data=dg20))
        if dg21:
            eid.append(TransparentStructureEF(parent=eid, fid=0x0115,
                       shortfid=0x15, data=dg21))
        self.mf.append(eid)

        # DF.CIA
        cia = DF(parent=self.mf, fid=0xfffe,
                 dfname=b'\xE8\x28\xBD\x08\x0F\xA0\x00\x00\x01\x67\x45\x53\x49'
                        b'\x47\x4E')
        # EF.OD / EF.ODF
        cia.append(TransparentStructureEF(parent=cia, fid=0x5031,
                                          shortfid=0x11,
                                          data=b'\xa0\x060\x04\x04\x02D\x00\xa4'
                                          b'\x060\x04\x04\x02D\x04\xa8\x060\x04'
                                          b'\x04\x02D\x08'))
        # EF.CIAInfo / EF.TokenInfo
        cia.append(TransparentStructureEF(parent=cia, fid=0x5032,
                                          shortfid=0x12,
                                          data=b'06\x02\x01\x01\x80\x11eSign '
                                          b'Application\x03\x02\x06\xc0\xa2'
                                          b'\x1a0\x18\x02\x01\x01\x02\x02\x10A'
                                          b'\x05\x00\x03\x02\x06@\x06\t\x04\x00'
                                          b'\x7f\x00\x07\x01\x01\x04\x01'))
        # EF.PrKD / EF.PrKDF
        cia.append(TransparentStructureEF(parent=cia, fid=0x4400,
                                          data=b'\xa080\x17\x0c\x0bPrK.ICC.QES'
                                          b'\x03\x02\x07\x80\x04\x01\x01\x02'
                                          b'\x01\x010\x15\x04\x01F\x03\x03\x06'
                                          b'\x00@\x03\x02\x03\xb8\x02\x02\x00'
                                          b'\x84\xa1\x03\x02\x01\x01\xa1\x060'
                                          b'\x040\x02\x04\x00'))
        # EF.PuKD / EF.PuKDF
        cia.append(TransparentStructureEF(parent=cia, fid=0x4404,
                                          data=b'050!\x0c\x1fZertifikat des ZDA'
                                          b' f\xc3\xbcr die QES0\x06\x04\x01E'
                                          b'\x01\x01\xff\xa1\x080\x060\x04\x04'
                                          b'\x02\xc0\x000:0&\x0c$Zertifikat des'
                                          b' Inhabers f\xc3\xbcr die QES0\x06'
                                          b'\x04\x01F\x01\x01\x00\xa1\x080\x060'
                                          b'\x04\x04\x02\xc0\x01'))
        # EF.AOD / EF.AODF
        cia.append(TransparentStructureEF(parent=cia, fid=0x4408,
                                          data=b'0/0\x0f\x0c\teSign-PIN\x03\x02'
                                          b'\x06@0\x03\x04\x01\x01\xa1\x170\x15'
                                          b'\x03\x03\x02H\x1c\n\x01\x01\x02\x01'
                                          b'\x06\x02\x01\x00\x80\x01\x810\x02'
                                          b'\x04\x00'))
        self.mf.append(cia)

        # DF.eSign
        esign = DF(parent=self.mf, fid=0xfffd,
                   dfname=b'\xA0\x00\x00\x01\x67\x45\x53\x49\x47\x4E')

        # ZDA certificate
        esign.append(TransparentStructureEF(parent=esign, fid=0xC000, data=b''))
        # User's certificate
        esign.append(TransparentStructureEF(parent=esign, fid=0xC001, data=b''))
        self.mf.append(esign)

        self.sam = nPA_SAM(eid_pin="111111".encode('ascii'), can="222222".encode('ascii'),
                           mrz="IDD<<T220001293<<<<<<<<<<<<<<<6408125<2010315D"
                           "<<<<<<<<<<<<<<MUSTERMANN<<ERIKA<<<<<<<<<<<<<".encode('ascii'),
                           puk="3333333333".encode('ascii'), qes_pin="444444".encode('ascii'), mf=self.mf)
        # FIXME: add CVCA for inspection systems and signature terminals. Here
        #        we only add the eID CVCA.
        self.sam.current_SE.cvca = b"\x7f\x21\x82\x01\xb6\x7f\x4e\x82\x01\x6e"\
                                   b"\x5f\x29\x01\x00\x42\x0e\x44\x45\x43\x56"\
                                   b"\x43\x41\x65\x49\x44\x30\x30\x31\x30\x32"\
                                   b"\x7f\x49\x82\x01\x1d\x06\x0a\x04\x00\x7f"\
                                   b"\x00\x07\x02\x02\x02\x02\x03\x81\x20\xa9"\
                                   b"\xfb\x57\xdb\xa1\xee\xa9\xbc\x3e\x66\x0a"\
                                   b"\x90\x9d\x83\x8d\x72\x6e\x3b\xf6\x23\xd5"\
                                   b"\x26\x20\x28\x20\x13\x48\x1d\x1f\x6e\x53"\
                                   b"\x77\x82\x20\x7d\x5a\x09\x75\xfc\x2c\x30"\
                                   b"\x57\xee\xf6\x75\x30\x41\x7a\xff\xe7\xfb"\
                                   b"\x80\x55\xc1\x26\xdc\x5c\x6c\xe9\x4a\x4b"\
                                   b"\x44\xf3\x30\xb5\xd9\x83\x20\x26\xdc\x5c"\
                                   b"\x6c\xe9\x4a\x4b\x44\xf3\x30\xb5\xd9\xbb"\
                                   b"\xd7\x7c\xbf\x95\x84\x16\x29\x5c\xf7\xe1"\
                                   b"\xce\x6b\xcc\xdc\x18\xff\x8c\x07\xb6\x84"\
                                   b"\x41\x04\x8b\xd2\xae\xb9\xcb\x7e\x57\xcb"\
                                   b"\x2c\x4b\x48\x2f\xfc\x81\xb7\xaf\xb9\xde"\
                                   b"\x27\xe1\xe3\xbd\x23\xc2\x3a\x44\x53\xbd"\
                                   b"\x9a\xce\x32\x62\x54\x7e\xf8\x35\xc3\xda"\
                                   b"\xc4\xfd\x97\xf8\x46\x1a\x14\x61\x1d\xc9"\
                                   b"\xc2\x77\x45\x13\x2d\xed\x8e\x54\x5c\x1d"\
                                   b"\x54\xc7\x2f\x04\x69\x97\x85\x20\xa9\xfb"\
                                   b"\x57\xdb\xa1\xee\xa9\xbc\x3e\x66\x0a\x90"\
                                   b"\x9d\x83\x8d\x71\x8c\x39\x7a\xa3\xb5\x61"\
                                   b"\xa6\xf7\x90\x1e\x0e\x82\x97\x48\x56\xa7"\
                                   b"\x86\x41\x04\x33\x47\xec\xf9\x6f\xfb\x4b"\
                                   b"\xd9\xb8\x55\x4e\xfb\xcc\xfc\x7d\x0b\x24"\
                                   b"\x2f\x10\x71\xe2\x9b\x4c\x9c\x62\x2c\x79"\
                                   b"\xe3\x39\xd8\x40\xaf\x67\xbe\xb9\xb9\x12"\
                                   b"\x69\x22\x65\xd9\xc1\x6c\x62\x57\x3f\x45"\
                                   b"\x79\xff\xd4\xde\x2d\xe9\x2b\xab\x40\x9d"\
                                   b"\xd5\xc5\xd4\x82\x44\xa9\xf7\x87\x01\x01"\
                                   b"\x5f\x20\x0e\x44\x45\x43\x56\x43\x41\x65"\
                                   b"\x49\x44\x30\x30\x31\x30\x32\x7f\x4c\x12"\
                                   b"\x06\x09\x04\x00\x7f\x00\x07\x03\x01\x02"\
                                   b"\x02\x53\x05\xfe\x0f\x01\xff\xff\x5f\x25"\
                                   b"\x06\x01\x00\x01\x00\x01\x08\x5f\x24\x06"\
                                   b"\x01\x03\x01\x00\x01\x08\x5f\x37\x40\x50"\
                                   b"\x67\x14\x5c\x68\xca\xe9\x52\x0f\x5b\xb3"\
                                   b"\x48\x17\xf1\xca\x9c\x43\x59\x3d\xb5\x64"\
                                   b"\x06\xc6\xa3\xb0\x06\xcb\xf3\xf3\x14\xe7"\
                                   b"\x34\x9a\xcf\x0c\xc6\xbf\xeb\xcb\xde\xfd"\
                                   b"\x10\xb4\xdc\xf0\xf2\x31\xda\x56\x97\x7d"\
                                   b"\x88\xf9\xf9\x01\x82\xd1\x99\x07\x6a\x56"\
                                   b"\x50\x64\x51"
Beispiel #32
0
 def get_card_number(self):
     return SW["NORMAL"], inttostring(self.cardNumber)
Beispiel #33
0
    def generate_public_key_pair(self, p1, p2, data):
        """
        The GENERATE PUBLIC-KEY PAIR command either initiates the generation
        and storing of a key pair, i.e., a public key and a private key, in the
        card, or accesses a key pair previously generated in the card.

        :param p1: should be 0x00 (generate new key)
        :param p2: '00' (no information provided) or reference of the key to
                   be generated
        :param data: One or more CRTs associated to the key generation if
                     P1-P2 different from '0000'
        """

        from Crypto.PublicKey import RSA, DSA
        from Crypto.Util.randpool import RandomPool
        rnd = RandomPool()

        cipher = self.ct.algorithm

        c_class = locals().get(cipher, None)
        if c_class is None:
            raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])

        if p1 & 0x01 == 0x00:  # Generate key
            PublicKey = c_class.generate(self.dst.keylength, rnd.get_bytes)
            self.dst.key = PublicKey
        else:
            pass  # Read key

        # Encode keys
        if cipher == "RSA":
            # Public key
            n = inttostring(PublicKey.__getstate__()['n'])
            e = inttostring(PublicKey.__getstate__()['e'])
            pk = ((0x81, len(n), n), (0x82, len(e), e))
            result = bertlv_pack(pk)
            # Private key
            d = PublicKey.__getstate__()['d']
        elif cipher == "DSA":
            # DSAParams
            p = inttostring(PublicKey.__getstate__()['p'])
            q = inttostring(PublicKey.__getstate__()['q'])
            g = inttostring(PublicKey.__getstate__()['g'])
            # Public key
            y = inttostring(PublicKey.__getstate__()['y'])
            pk = ((0x81, len(p), p), (0x82, len(q), q), (0x83, len(g), g),
                  (0x84, len(y), y))
            # Private key
            x = inttostring(PublicKey.__getstate__()['x'])
        # Add more algorithms here
        # elif cipher = "ECDSA":
        else:
            raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])

        result = bertlv_pack([[0x7F49, len(pk), pk]])
        # TODO: Internally store key pair

        if p1 & 0x02 == 0x02:
            # We do not support extended header lists yet
            raise SwError["ERR_NOTSUPPORTED"]
        else:
            return SW["NORMAL"], result
Beispiel #34
0
    def __generate_ePass(self):
        """Generate the MF and SAM of an ICAO passport. This method is
        responsible for generating the filesystem and filling it with content.
        Therefore it must interact with the user by prompting for the MRZ and
        optionally for the path to a photo."""
        from PIL import Image
        from virtualsmartcard.cards.ePass import PassportSAM

        # TODO: Sanity checks
        MRZ = raw_input("Please enter the MRZ as one string: ")

        readline.set_completer_delims("")
        readline.parse_and_bind("tab: complete")

        picturepath = raw_input("Please enter the path to an image: ")
        picturepath = picturepath.strip()

        # MRZ1 = "P<UTOERIKSSON<<ANNA<MARIX<<<<<<<<<<<<<<<<<<<"
        # MRZ2 = "L898902C<3UTO6908061F9406236ZE184226B<<<<<14"
        # MRZ = MRZ1 + MRZ2

        try:
            im = Image.open(picturepath)
            pic_width, pic_height = im.size
            fd = open(picturepath, "rb")
            picture = fd.read()
            fd.close()
        except IOError:
            logging.warning("Failed to open file: " + picturepath)
            pic_width = 0
            pic_height = 0
            picture = None

        mf = MF()

        # We need a MF with Application DF \xa0\x00\x00\x02G\x10\x01
        df = DF(parent=mf, fid=4, dfname='\xa0\x00\x00\x02G\x10\x01',
                bertlv_data=[])

        # EF.COM
        COM = pack([(0x5F01, 4, "0107"), (0x5F36, 6, "040000"),
                    (0x5C, 2, "6175")])
        COM = pack(((0x60, len(COM), COM),))
        df.append(TransparentStructureEF(parent=df, fid=0x011E,
                  filedescriptor=0, data=COM))

        # EF.DG1
        DG1 = pack([(0x5F1F, len(MRZ), MRZ)])
        DG1 = pack([(0x61, len(DG1), DG1)])
        df.append(TransparentStructureEF(parent=df, fid=0x0101,
                  filedescriptor=0, data=DG1))

        # EF.DG2
        if picture is not None:
            IIB = "\x00\x01" + inttostring(pic_width, 2) +\
                    inttostring(pic_height, 2) + 6 * "\x00"
            length = 32 + len(picture)  # 32 is the length of IIB + FIB
            FIB = inttostring(length, 4) + 16 * "\x00"
            FRH = "FAC" + "\x00" + "010" + "\x00" +\
                  inttostring(14 + length, 4) + inttostring(1, 2)
            picture = FRH + FIB + IIB + picture
            DG2 = pack([(0xA1, 8, "\x87\x02\x01\x01\x88\x02\x05\x01"),
                       (0x5F2E, len(picture), picture)])
            DG2 = pack([(0x02, 1, "\x01"), (0x7F60, len(DG2), DG2)])
            DG2 = pack([(0x7F61, len(DG2), DG2)])
        else:
            DG2 = ""
        df.append(TransparentStructureEF(parent=df, fid=0x0102,
                  filedescriptor=0, data=DG2))

        # EF.SOD
        df.append(TransparentStructureEF(parent=df, fid=0x010D,
                  filedescriptor=0, data=""))

        mf.append(df)

        self.mf = mf
        self.sam = PassportSAM(self.mf)
Beispiel #35
0
    def selectFile(self, p1, p2, data):
        """
        Function for instruction 0xa4. Takes the parameter bytes 'p1', 'p2' as
        integers and 'data' as binary string. Returns the status bytes as two
        byte long integer and the response data as binary string.
        """
        P2_FCI = 0
        P2_FCP = 1 << 2
        P2_FMD = 2 << 2
        P2_NONE = 3 << 2
        file = self._selectFile(p1, p2, data)

        if isinstance(file, EF):
            # File size (body only)
            size = inttostring(min(0xffff, len(file.getenc('data'))), 2)
            extra = bytes(0)  # RFU
            if (isinstance(file, RecordStructureEF) and
                    file.hasFixedRecordSize() and not file.isCyclic()):
                # Length of records
                extra += bytes(0) + bytes(min(file.records, 0xff))
        elif isinstance(file, DF):
            # Number of unused EEPROM bytes available in the DF
            size = inttostring(0xffff, 2)
            efcount = 0
            dfcount = 0
            chv1 = None
            chv2 = None
            chv1lifecycle = 0
            chv2lifecycle = 0
            for f in self.content:
                if f.fid == 0x0000:
                    chv1 = f
                    chv1lifecycle = f.lifecycle & 1
                if f.fid == 0x0100:
                    chv2 = f
                    chv2lifecycle = f.lifecycle & 1
                if isinstance(f, EF):
                    efcount += 1
                if isinstance(f, DF):
                    dfcount += 1
            if chv1:
                extra = bytes(1)  # TODO LSB correct?
            else:
                extra = bytes(0)  # TODO LSB correct?
            extra += bytes(efcount)
            extra += bytes(dfcount)
            extra += bytes(0)  # TODO Number of PINs and unblock CHV PINs
            extra += bytes(0)  # RFU
            if chv1:
                extra += bytes(0)  # TODO remaining CHV1 attempts
                extra += bytes(0)  # TODO remaining unblock CHV1 attempts
                if chv2:
                    extra += bytes(0)  # TODO CHV2 key status
                    extra += bytes(0)  # TODO CHV2 unblocking key status

        data = inttostring(0, 2)  # RFU
        data += size
        data += inttostring(file.fid, 2)
        data += inttostring(file.filedescriptor)  # File type
        data += inttostring(0, 4)  # ACs TODO
        data += bytes(file.lifecycle & 1)  # File status
        data += bytes(len(extra))
        data += extra

        self.current = file

        return SW["NORMAL"], data
Beispiel #36
0
 def get_card_number(self):
     return SW["NORMAL"], inttostring(self.cardNumber)
Beispiel #37
0
    def __generate_nPA(self):
        from virtualsmartcard.cards.nPA import nPA_SAM
        mappings = [
            (b'\x04\x00\x7f\x00\x07\x02\x02\x04', range(1,
                                                        5), range(1,
                                                                  5), "PACE"),
            (b'\x04\x00\x7f\x00\x07\x02\x02\x02', range(1, 3), range(1,
                                                                     6), "TA"),
            (b'\x04\x00\x7f\x00\x07\x02\x02\x02', [1], [6], "TA"),
            (b'\x04\x00\x7f\x00\x07\x02\x02\x03', range(1, 3), range(1,
                                                                     5), "CA"),
            (b'\x04\x00\x7f\x00\x07\x02\x02\x05', range(1, 3), range(1,
                                                                     6), "RI"),
        ]
        for oid_base, x_list, y_list, algo in mappings:
            for oid in [
                    oid_base + inttostring(x) + inttostring(y) for x in x_list
                    for y in y_list
            ]:
                ALGO_MAPPING[oid] = algo
        ALGO_MAPPING[b"\x04\x00\x7f\x00\x07\x03\x01\x04\x03"] = "CommunityID"
        ALGO_MAPPING[b"\x04\x00\x7f\x00\x07\x03\x01\x04\x02"] = "DateOfExpiry"
        ALGO_MAPPING[b"\x04\x00\x7f\x00\x07\x03\x01\x04\x01"] = "DateOfBirth"

        self.mf = MF()

        card_access = b"\x31\x81\xb3\x30\x0d\x06\x08\x04\x00\x7f\x00\x07\x02"\
                      b"\x02\x02\x02\x01\x02\x30\x12\x06\x0a\x04\x00\x7f\x00"\
                      b"\x07\x02\x02\x03\x02\x02\x02\x01\x02\x02\x01\x41\x30"\
                      b"\x12\x06\x0a\x04\x00\x7f\x00\x07\x02\x02\x03\x02\x02"\
                      b"\x02\x01\x02\x02\x01\x45\x30\x12\x06\x0a\x04\x00\x7f"\
                      b"\x00\x07\x02\x02\x04\x02\x02\x02\x01\x02\x02\x01\x0d"\
                      b"\x30\x1c\x06\x09\x04\x00\x7f\x00\x07\x02\x02\x03\x02"\
                      b"\x30\x0c\x06\x07\x04\x00\x7f\x00\x07\x01\x02\x02\x01"\
                      b"\x0d\x02\x01\x41\x30\x1c\x06\x09\x04\x00\x7f\x00\x07"\
                      b"\x02\x02\x03\x02\x30\x0c\x06\x07\x04\x00\x7f\x00\x07"\
                      b"\x01\x02\x02\x01\x0d\x02\x01\x45\x30\x2a\x06\x08\x04"\
                      b"\x00\x7f\x00\x07\x02\x02\x06\x16\x1e\x68\x74\x74\x70"\
                      b"\x3a\x2f\x2f\x62\x73\x69\x2e\x62\x75\x6e\x64\x2e\x64"\
                      b"\x65\x2f\x63\x69\x66\x2f\x6e\x70\x61\x2e\x78\x6d\x6c"
        self.mf.append(
            TransparentStructureEF(parent=self.mf,
                                   fid=0x011c,
                                   shortfid=0x1c,
                                   data=card_access))
        card_security = b"\x30\x82\x05\xA0\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01"\
                        b"\x07\x02\xA0\x82\x05\x91\x30\x82\x05\x8D\x02\x01\x03"\
                        b"\x31\x0F\x30\x0D\x06\x09\x60\x86\x48\x01\x65\x03\x04"\
                        b"\x02\x01\x05\x00\x30\x82\x01\x48\x06\x08\x04\x00\x7F"\
                        b"\x00\x07\x03\x02\x01\xA0\x82\x01\x3A\x04\x82\x01\x36"\
                        b"\x31\x82\x01\x32\x30\x0D\x06\x08\x04\x00\x7F\x00\x07"\
                        b"\x02\x02\x02\x02\x01\x02\x30\x12\x06\x0A\x04\x00\x7F"\
                        b"\x00\x07\x02\x02\x03\x02\x02\x02\x01\x02\x02\x01\x41"\
                        b"\x30\x12\x06\x0A\x04\x00\x7F\x00\x07\x02\x02\x04\x02"\
                        b"\x02\x02\x01\x02\x02\x01\x0D\x30\x17\x06\x0A\x04\x00"\
                        b"\x7F\x00\x07\x02\x02\x05\x02\x03\x30\x09\x02\x01\x01"\
                        b"\x02\x01\x43\x01\x01\xFF\x30\x17\x06\x0A\x04\x00\x7F"\
                        b"\x00\x07\x02\x02\x05\x02\x03\x30\x09\x02\x01\x01\x02"\
                        b"\x01\x44\x01\x01\x00\x30\x19\x06\x09\x04\x00\x7F\x00"\
                        b"\x07\x02\x02\x05\x02\x30\x0C\x06\x07\x04\x00\x7F\x00"\
                        b"\x07\x01\x02\x02\x01\x0D\x30\x1C\x06\x09\x04\x00\x7F"\
                        b"\x00\x07\x02\x02\x03\x02\x30\x0C\x06\x07\x04\x00\x7F"\
                        b"\x00\x07\x01\x02\x02\x01\x0D\x02\x01\x41\x30\x2A\x06"\
                        b"\x08\x04\x00\x7F\x00\x07\x02\x02\x06\x16\x1E\x68\x74"\
                        b"\x74\x70\x3A\x2F\x2F\x62\x73\x69\x2E\x62\x75\x6E\x64"\
                        b"\x2E\x64\x65\x2F\x63\x69\x66\x2F\x6E\x70\x61\x2E\x78"\
                        b"\x6D\x6C\x30\x62\x06\x09\x04\x00\x7F\x00\x07\x02\x02"\
                        b"\x01\x02\x30\x52\x30\x0C\x06\x07\x04\x00\x7F\x00\x07"\
                        b"\x01\x02\x02\x01\x0D\x03\x42\x00\x04\x92\x5D\xB4\xE1"\
                        b"\x7A\xDE\x58\x20\x9F\x96\xFA\xA0\x7F\x1F\x8A\x22\x3F"\
                        b"\x82\x3F\x96\xCC\x5D\x78\xCB\xEF\x5D\x17\x42\x20\x88"\
                        b"\xFD\xD5\x8E\x56\xBC\x42\x50\xDE\x33\x46\xB3\xC8\x32"\
                        b"\xCA\xE4\x86\x35\xFB\x6C\x43\x78\x9D\xE8\xB3\x10\x2F"\
                        b"\x43\x93\xB4\x18\xE2\x4A\x13\xD9\x02\x01\x41\xA0\x82"\
                        b"\x03\x1C\x30\x82\x03\x18\x30\x82\x02\xBC\xA0\x03\x02"\
                        b"\x01\x02\x02\x02\x01\x5C\x30\x0C\x06\x08\x2A\x86\x48"\
                        b"\xCE\x3D\x04\x03\x02\x05\x00\x30\x4F\x31\x0B\x30\x09"\
                        b"\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x0D\x30\x0B"\
                        b"\x06\x03\x55\x04\x0A\x0C\x04\x62\x75\x6E\x64\x31\x0C"\
                        b"\x30\x0A\x06\x03\x55\x04\x0B\x0C\x03\x62\x73\x69\x31"\
                        b"\x0C\x30\x0A\x06\x03\x55\x04\x05\x13\x03\x30\x31\x33"\
                        b"\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0C\x0C\x63\x73"\
                        b"\x63\x61\x2D\x67\x65\x72\x6D\x61\x6E\x79\x30\x1E\x17"\
                        b"\x0D\x31\x30\x31\x30\x30\x35\x31\x31\x30\x37\x35\x32"\
                        b"\x5A\x17\x0D\x32\x31\x30\x34\x30\x35\x30\x38\x33\x39"\
                        b"\x34\x37\x5A\x30\x47\x31\x0B\x30\x09\x06\x03\x55\x04"\
                        b"\x06\x13\x02\x44\x45\x31\x1D\x30\x1B\x06\x03\x55\x04"\
                        b"\x0A\x0C\x14\x42\x75\x6E\x64\x65\x73\x64\x72\x75\x63"\
                        b"\x6B\x65\x72\x65\x69\x20\x47\x6D\x62\x48\x31\x0C\x30"\
                        b"\x0A\x06\x03\x55\x04\x05\x13\x03\x30\x37\x34\x31\x0B"\
                        b"\x30\x09\x06\x03\x55\x04\x03\x0C\x02\x44\x53\x30\x82"\
                        b"\x01\x13\x30\x81\xD4\x06\x07\x2A\x86\x48\xCE\x3D\x02"\
                        b"\x01\x30\x81\xC8\x02\x01\x01\x30\x28\x06\x07\x2A\x86"\
                        b"\x48\xCE\x3D\x01\x01\x02\x1D\x00\xD7\xC1\x34\xAA\x26"\
                        b"\x43\x66\x86\x2A\x18\x30\x25\x75\xD1\xD7\x87\xB0\x9F"\
                        b"\x07\x57\x97\xDA\x89\xF5\x7E\xC8\xC0\xFF\x30\x3C\x04"\
                        b"\x1C\x68\xA5\xE6\x2C\xA9\xCE\x6C\x1C\x29\x98\x03\xA6"\
                        b"\xC1\x53\x0B\x51\x4E\x18\x2A\xD8\xB0\x04\x2A\x59\xCA"\
                        b"\xD2\x9F\x43\x04\x1C\x25\x80\xF6\x3C\xCF\xE4\x41\x38"\
                        b"\x87\x07\x13\xB1\xA9\x23\x69\xE3\x3E\x21\x35\xD2\x66"\
                        b"\xDB\xB3\x72\x38\x6C\x40\x0B\x04\x39\x04\x0D\x90\x29"\
                        b"\xAD\x2C\x7E\x5C\xF4\x34\x08\x23\xB2\xA8\x7D\xC6\x8C"\
                        b"\x9E\x4C\xE3\x17\x4C\x1E\x6E\xFD\xEE\x12\xC0\x7D\x58"\
                        b"\xAA\x56\xF7\x72\xC0\x72\x6F\x24\xC6\xB8\x9E\x4E\xCD"\
                        b"\xAC\x24\x35\x4B\x9E\x99\xCA\xA3\xF6\xD3\x76\x14\x02"\
                        b"\xCD\x02\x1D\x00\xD7\xC1\x34\xAA\x26\x43\x66\x86\x2A"\
                        b"\x18\x30\x25\x75\xD0\xFB\x98\xD1\x16\xBC\x4B\x6D\xDE"\
                        b"\xBC\xA3\xA5\xA7\x93\x9F\x02\x01\x01\x03\x3A\x00\x04"\
                        b"\x3D\x6A\x7C\x2A\x6F\x20\x5F\x83\x9B\x04\x14\xEC\x58"\
                        b"\xC6\xC7\x1B\x75\xF5\x15\xDE\xC3\xAE\x73\x3B\x5F\x47"\
                        b"\x88\xDD\xC8\x15\xF0\x5B\xC1\xF6\x53\x8F\xD9\x69\x54"\
                        b"\xE1\xF8\x40\xA2\xE2\x18\x99\x62\xCC\xAA\x14\x90\x08"\
                        b"\x24\xC7\xDD\xB9\xA3\x81\xD1\x30\x81\xCE\x30\x0E\x06"\
                        b"\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x07\x80"\
                        b"\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14"\
                        b"\x60\x44\xF2\x45\xF2\xE0\x71\xD4\xD5\x64\xF4\xE5\x77"\
                        b"\xD6\x36\x69\xDB\xEB\x18\x59\x30\x41\x06\x03\x55\x1D"\
                        b"\x20\x04\x3A\x30\x38\x30\x36\x06\x09\x04\x00\x7F\x00"\
                        b"\x07\x03\x01\x01\x01\x30\x29\x30\x27\x06\x08\x2B\x06"\
                        b"\x01\x05\x05\x07\x02\x01\x16\x1B\x68\x74\x74\x70\x3A"\
                        b"\x2F\x2F\x77\x77\x77\x2E\x62\x73\x69\x2E\x62\x75\x6E"\
                        b"\x64\x2E\x64\x65\x2F\x63\x73\x63\x61\x30\x2B\x06\x09"\
                        b"\x2A\x86\x48\x86\xF7\x0D\x01\x09\x15\x04\x1E\x04\x1C"\
                        b"\x31\x2E\x32\x2E\x32\x37\x36\x2E\x30\x2E\x38\x30\x2E"\
                        b"\x31\x2E\x31\x32\x2E\x30\x2E\x32\x30\x2E\x35\x2E\x31"\
                        b"\x2E\x30\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22"\
                        b"\x80\x0F\x32\x30\x31\x30\x31\x30\x30\x35\x31\x31\x30"\
                        b"\x37\x35\x32\x5A\x81\x0F\x32\x30\x31\x31\x30\x32\x30"\
                        b"\x35\x30\x39\x33\x39\x34\x37\x5A\x30\x0C\x06\x08\x2A"\
                        b"\x86\x48\xCE\x3D\x04\x03\x02\x05\x00\x03\x48\x00\x30"\
                        b"\x45\x02\x20\x13\xE9\xE1\x7A\x9E\xFE\x8B\xD7\xD7\x27"\
                        b"\x62\x92\x30\x5B\xCC\xC3\x2B\x70\xC2\xB7\x60\x40\xF4"\
                        b"\x88\x30\x66\x62\x26\xCD\x6A\x4B\xF4\x02\x21\x00\x87"\
                        b"\xF4\x71\xE2\x44\x35\xB4\xC3\x4A\xF3\x57\x30\x94\xFB"\
                        b"\x1F\x1C\x2A\x48\xB1\x3E\xE5\xED\x67\xF1\x72\x6D\xCF"\
                        b"\x56\xE3\x84\xE3\x6F\x31\x82\x01\x09\x30\x82\x01\x05"\
                        b"\x02\x01\x01\x30\x55\x30\x4F\x31\x0B\x30\x09\x06\x03"\
                        b"\x55\x04\x06\x13\x02\x44\x45\x31\x0D\x30\x0B\x06\x03"\
                        b"\x55\x04\x0A\x0C\x04\x62\x75\x6E\x64\x31\x0C\x30\x0A"\
                        b"\x06\x03\x55\x04\x0B\x0C\x03\x62\x73\x69\x31\x0C\x30"\
                        b"\x0A\x06\x03\x55\x04\x05\x13\x03\x30\x31\x33\x31\x15"\
                        b"\x30\x13\x06\x03\x55\x04\x03\x0C\x0C\x63\x73\x63\x61"\
                        b"\x2D\x67\x65\x72\x6D\x61\x6E\x79\x02\x02\x01\x5C\x30"\
                        b"\x0D\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05"\
                        b"\x00\xA0\x4A\x30\x17\x06\x09\x2A\x86\x48\x86\xF7\x0D"\
                        b"\x01\x09\x03\x31\x0A\x06\x08\x04\x00\x7F\x00\x07\x03"\
                        b"\x02\x01\x30\x2F\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01"\
                        b"\x09\x04\x31\x22\x04\x20\xEF\x0F\xDA\x94\x2E\x5A\x0F"\
                        b"\x6F\xC9\xC5\x46\xEE\x01\xF9\x10\x31\x43\x64\x30\xF7"\
                        b"\x5E\x9D\x36\x54\xD3\x69\x30\x9E\x8B\xE7\x17\x48\x30"\
                        b"\x0C\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x02\x05\x00"\
                        b"\x04\x40\x30\x3E\x02\x1D\x00\x89\x75\x92\x5B\xE1\x31"\
                        b"\xB7\x7C\x95\x8C\x3E\xCB\x2A\x5C\x67\xFC\x5C\xE3\x1C"\
                        b"\xBD\x01\x41\xE3\x4B\xC7\xF0\xA4\x47\x02\x1D\x00\xCC"\
                        b"\x65\xE6\x2D\xDC\xF2\x93\x96\x4B\x22\xD7\xB5\x10\xD7"\
                        b"\x81\x88\x07\xC8\x95\x96\xBD\x34\xD8\xF9\xBB\x4C\x05"\
                        b"\x27"
        self.mf.append(
            TransparentStructureEF(parent=self.mf,
                                   fid=0x011d,
                                   shortfid=0x1d,
                                   data=card_security))
        ef_dir = b"\x61\x32\x4F\x0F\xE8\x28\xBD\x08\x0F\xA0\x00\x00\x01\x67"\
                 b"\x45\x53\x49\x47\x4E\x50\x0F\x43\x49\x41\x20\x7A\x75\x20"\
                 b"\x44\x46\x2E\x65\x53\x69\x67\x6E\x51\x00\x73\x0C\x4F\x0A"\
                 b"\xA0\x00\x00\x01\x67\x45\x53\x49\x47\x4E\x61\x09\x4F\x07"\
                 b"\xA0\x00\x00\x02\x47\x10\x01\x61\x0B\x4F\x09\xE8\x07\x04"\
                 b"\x00\x7F\x00\x07\x03\x02\x61\x0C\x4F\x0A\xA0\x00\x00\x01"\
                 b"\x67\x45\x53\x49\x47\x4E"
        self.mf.append(
            TransparentStructureEF(parent=self.mf,
                                   fid=0x2f00,
                                   shortfid=30,
                                   data=ef_dir))

        eid = DF(parent=self.mf,
                 fid=0xffff,
                 dfname=b'\xe8\x07\x04\x00\x7f\x00\x07\x03\x02')
        eid.extra_fci_data = b"\xab\x75\x84\x01\xa4\xaf\x70\xa0\x10\xb4\x06"\
                             b"\x95\x01\x20\x83\x01\x04\xb4\x06\x95\x01\x20"\
                             b"\x83\x01\x06\xa0\x54\xa4\x14\x95\x01\x80\x7f"\
                             b"\x4c\x0e\x06\x09\x04\x00\x7f\x00\x07\x03\x01"\
                             b"\x02\x01\x53\x01\x00\xaf\x22\xa4\x18\x95\x01"\
                             b"\x80\x7f\x4c\x12\x06\x09\x04\x00\x7f\x00\x07"\
                             b"\x03\x01\x02\x02\x53\x05\x00\x00\x00\x00\x00"\
                             b"\xa4\x06\x95\x01\x80\x83\x01\x47\xa4\x18\x95"\
                             b"\x01\x80\x7f\x4c\x12\x06\x09\x04\x00\x7f\x00"\
                             b"\x07\x03\x01\x02\x02\x53\x05\x00\x00\x00\x00"\
                             b"\x10\x7a\x06\x8a\x01\x05\x9e\x01\x03"
        # FIXME access control for eid application

        DocumentType = self.datagroups["DocumentType"] if "DocumentType" in \
            self.datagroups else 'ID'
        IssuingState = self.datagroups["IssuingState"] if "IssuingState" in \
            self.datagroups else 'D'
        DateOfExpiry = self.datagroups["DateOfExpiry"] if "DateOfExpiry" in \
            self.datagroups else '20201031'
        GivenNames = self.datagroups["GivenNames"] if "GivenNames" in \
            self.datagroups else 'ERIKA'
        FamilyNames = self.datagroups["FamilyNames"] if "FamilyNames" in \
            self.datagroups else 'MUSTERMANN'
        ReligiousArtisticName = self.datagroups["ReligiousArtisticName"] if \
            "ReligiousArtisticName" in self.datagroups else ''
        AcademicTitle = self.datagroups["AcademicTitle"] if \
            "AcademicTitle" in self.datagroups else ''
        DateOfBirth = self.datagroups["DateOfBirth"] if "DateOfBirth" in \
            self.datagroups else '19640812'
        PlaceOfBirth = self.datagroups["PlaceOfBirth"] if "PlaceOfBirth" in \
            self.datagroups else 'BERLIN'
        Nationality = self.datagroups["Nationality"] if "Nationality" in \
            self.datagroups else 'DE'
        Sex = self.datagroups["Sex"] if "Sex" in self.datagroups else 'F'
        BirthName = self.datagroups["BirthName"] if "BirthName" in \
            self.datagroups else 'Mein Geburtsname'
        # PlaceOfResidence variable is only a helper to get a switch for
        # <NotOnChip>
        PlaceOfResidence = self.datagroups["PlaceOfResidence"] if \
            "PlaceOfResidence" in self.datagroups else ''
        Country = self.datagroups["Country"] if "Country" in self.datagroups \
            else 'D'
        City = self.datagroups["City"] if "City" in self.datagroups else \
            'KOLN'
        ZIP = self.datagroups["ZIP"] if "ZIP" in self.datagroups else '51147'
        Street = self.datagroups["Street"] if "Street" in \
            self.datagroups else 'HEIDESTRASSE 17'
        CommunityID = self.datagroups["CommunityID"] if "CommunityID" in \
            self.datagroups else '02760378900276'
        if (CommunityID.rstrip() != "<NotOnChip>"):
            # the plain CommunityID integer value has to be translated into
            # its binary representation. '0276...' will be '\x02\x76\...'
            CommunityID_Binary = binascii.unhexlify(CommunityID)
        # ResidencePermit1 and ResidencePermit2 are part of eAT only
        ResidencePermit1 = self.datagroups["ResidencePermit1"] if \
            "ResidencePermit1" in self.datagroups else \
            'ResidencePermit1 field up to 750 characters'
        ResidencePermit2 = self.datagroups["ResidencePermit2"] if \
            "ResidencePermit2" in self.datagroups else \
            'ResidencePermit1 field up to 250 characters'

        # Currently, those data groups are for further usage:
        dg12_param = self.datagroups["dg12"] if "dg12" in \
            self.datagroups else ''
        dg14_param = self.datagroups["dg14"] if "dg14" in \
            self.datagroups else ''
        dg15_param = self.datagroups["dg15"] if "dg15" in \
            self.datagroups else ''
        dg16_param = self.datagroups["dg16"] if "dg16" in \
            self.datagroups else ''
        dg21_param = self.datagroups["dg21"] if "dg21" in \
            self.datagroups else ''

        # "Attribute not on Chip" makes sence only for ReligiousArtisticName,
        # Nationality, BirthName, ResidencePermit1 and ResidencePermit2, refer
        # to BSI TR-03127
        if (DocumentType.rstrip() != "<NotOnChip>"):
            dg1 = pack([(0x61, 0, [(0x13, 0, DocumentType)])], True)
        else:
            dg1 = None
        if (IssuingState.rstrip() != "<NotOnChip>"):
            dg2 = pack([(0x62, 0, [(0x13, 0, IssuingState)])], True)
        else:
            dg2 = None
        if (DateOfExpiry.rstrip() != "<NotOnChip>"):
            dg3 = pack([(0x63, 0, [(0x12, 0, DateOfExpiry)])], True)
        else:
            dg3 = None
        if (GivenNames.rstrip() != "<NotOnChip>"):
            dg4 = pack([(0x64, 0, [(0x0C, 0, GivenNames)])], True)
        else:
            dg4 = None
        if (FamilyNames.rstrip() != "<NotOnChip>"):
            dg5 = pack([(0x65, 0, [(0x0C, 0, FamilyNames)])], True)
        else:
            dg5 = None
        if (ReligiousArtisticName.rstrip() != "<NotOnChip>"):
            dg6 = pack([(0x66, 0, [(0x0C, 0, ReligiousArtisticName)])], True)
        else:
            dg6 = None
        if (AcademicTitle.rstrip() != "<NotOnChip>"):
            dg7 = pack([(0x67, 0, [(0x0C, 0, AcademicTitle)])], True)
        else:
            dg7 = None
        if (DateOfBirth.rstrip() != "<NotOnChip>"):
            dg8 = pack([(0x68, 0, [(0x12, 0, DateOfBirth)])], True)
        else:
            dg8 = None
        if (PlaceOfBirth.rstrip() != "<NotOnChip>"):
            dg9 = pack([(0x69, 0, [(0xA1, 0, [(0x0C, 0, PlaceOfBirth)])])],
                       True)
        else:
            dg9 = None
        if (Nationality.rstrip() != "<NotOnChip>"):
            dg10 = pack([(0x6A, 0, [(0x13, 0, Nationality)])], True)
        else:
            dg10 = None
        if (Sex.rstrip() != "<NotOnChip>"):
            dg11 = pack([(0x6B, 0, [(0x13, 0, Sex)])], True)
        else:
            dg11 = None
        if (dg12_param.rstrip() != "<NotOnChip>"):
            dg12 = dg12_param
        else:
            dg12 = None
        if (BirthName.rstrip() != "<NotOnChip>"):
            dg13 = pack([(0x6D, 0, [(0x0C, 0, BirthName)])], True)
        else:
            dg13 = None
        if (dg14_param.rstrip() != "<NotOnChip>"):
            dg14 = dg14_param
        else:
            dg14 = None
        if (dg15_param.rstrip() != "<NotOnChip>"):
            dg15 = dg15_param
        else:
            dg15 = None
        if (dg16_param.rstrip() != "<NotOnChip>"):
            dg16 = dg16_param
        else:
            dg16 = None
        if (PlaceOfResidence.rstrip() != "<NotOnChip>"):
            dg17 = pack(
                [(0x71, 0, [(0x30, 0, [(0xAA, 0, [(0x0C, 0, Street)]),
                                       (0xAB, 0, [(0x0C, 0, City)]),
                                       (0xAD, 0, [(0x13, 0, Country)]),
                                       (0xAE, 0, [(0x13, 0, ZIP)])])])], True)
        else:
            dg17 = None
        if (CommunityID.rstrip() != "<NotOnChip>"):
            dg18 = pack([(0x72, 0, [(0x04, 0, CommunityID_Binary)])], True)
        else:
            dg18 = None
        if (ResidencePermit1.rstrip() != "<NotOnChip>"):
            dg19 = pack(
                [(0x73, 0, [(0xA1, 0, [(0x0C, 0, ResidencePermit1)])])], True)
        else:
            dg19 = None
        if (ResidencePermit1.rstrip() != "<NotOnChip>"):
            dg20 = pack(
                [(0x74, 0, [(0xA1, 0, [(0x0C, 0, ResidencePermit2)])])], True)
        else:
            dg20 = None
        if (dg21_param.rstrip() != "<NotOnChip>"):
            dg21 = dg21_param
        else:
            dg21 = None

        # If eid.append is not done for a DG, it results into required
        # SwError() with FileNotFound "6A82" APDU return code
        if dg1:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0101,
                                       shortfid=0x01,
                                       data=dg1))
        if dg2:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0102,
                                       shortfid=0x02,
                                       data=dg2))
        if dg3:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0103,
                                       shortfid=0x03,
                                       data=dg3))
        if dg4:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0104,
                                       shortfid=0x04,
                                       data=dg4))
        if dg5:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0105,
                                       shortfid=0x05,
                                       data=dg5))
        if dg6:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0106,
                                       shortfid=0x06,
                                       data=dg6))
        if dg7:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0107,
                                       shortfid=0x07,
                                       data=dg7))
        if dg8:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0108,
                                       shortfid=0x08,
                                       data=dg8))
        if dg9:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0109,
                                       shortfid=0x09,
                                       data=dg9))
        if dg10:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x010a,
                                       shortfid=0x0a,
                                       data=dg10))
        if dg11:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x010b,
                                       shortfid=0x0b,
                                       data=dg11))
        if dg12:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x010c,
                                       shortfid=0x0c,
                                       data=dg12))
        if dg13:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x010d,
                                       shortfid=0x0d,
                                       data=dg13))
        if dg14:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x010e,
                                       shortfid=0x0e,
                                       data=dg14))
        if dg15:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x010f,
                                       shortfid=0x0f,
                                       data=dg15))
        if dg16:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0110,
                                       shortfid=0x10,
                                       data=dg16))
        if dg17:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0111,
                                       shortfid=0x11,
                                       data=dg17))
        if dg18:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0112,
                                       shortfid=0x12,
                                       data=dg18))
        if dg19:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0113,
                                       shortfid=0x13,
                                       data=dg19))
        if dg20:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0114,
                                       shortfid=0x14,
                                       data=dg20))
        if dg21:
            eid.append(
                TransparentStructureEF(parent=eid,
                                       fid=0x0115,
                                       shortfid=0x15,
                                       data=dg21))
        self.mf.append(eid)

        # DF.CIA
        cia = DF(parent=self.mf,
                 fid=0xfffe,
                 dfname=b'\xE8\x28\xBD\x08\x0F\xA0\x00\x00\x01\x67\x45\x53\x49'
                 b'\x47\x4E')
        # EF.OD / EF.ODF
        cia.append(
            TransparentStructureEF(parent=cia,
                                   fid=0x5031,
                                   shortfid=0x11,
                                   data=b'\xa0\x060\x04\x04\x02D\x00\xa4'
                                   b'\x060\x04\x04\x02D\x04\xa8\x060\x04'
                                   b'\x04\x02D\x08'))
        # EF.CIAInfo / EF.TokenInfo
        cia.append(
            TransparentStructureEF(parent=cia,
                                   fid=0x5032,
                                   shortfid=0x12,
                                   data=b'06\x02\x01\x01\x80\x11eSign '
                                   b'Application\x03\x02\x06\xc0\xa2'
                                   b'\x1a0\x18\x02\x01\x01\x02\x02\x10A'
                                   b'\x05\x00\x03\x02\x06@\x06\t\x04\x00'
                                   b'\x7f\x00\x07\x01\x01\x04\x01'))
        # EF.PrKD / EF.PrKDF
        cia.append(
            TransparentStructureEF(parent=cia,
                                   fid=0x4400,
                                   data=b'\xa080\x17\x0c\x0bPrK.ICC.QES'
                                   b'\x03\x02\x07\x80\x04\x01\x01\x02'
                                   b'\x01\x010\x15\x04\x01F\x03\x03\x06'
                                   b'\x00@\x03\x02\x03\xb8\x02\x02\x00'
                                   b'\x84\xa1\x03\x02\x01\x01\xa1\x060'
                                   b'\x040\x02\x04\x00'))
        # EF.PuKD / EF.PuKDF
        cia.append(
            TransparentStructureEF(parent=cia,
                                   fid=0x4404,
                                   data=b'050!\x0c\x1fZertifikat des ZDA'
                                   b' f\xc3\xbcr die QES0\x06\x04\x01E'
                                   b'\x01\x01\xff\xa1\x080\x060\x04\x04'
                                   b'\x02\xc0\x000:0&\x0c$Zertifikat des'
                                   b' Inhabers f\xc3\xbcr die QES0\x06'
                                   b'\x04\x01F\x01\x01\x00\xa1\x080\x060'
                                   b'\x04\x04\x02\xc0\x01'))
        # EF.AOD / EF.AODF
        cia.append(
            TransparentStructureEF(parent=cia,
                                   fid=0x4408,
                                   data=b'0/0\x0f\x0c\teSign-PIN\x03\x02'
                                   b'\x06@0\x03\x04\x01\x01\xa1\x170\x15'
                                   b'\x03\x03\x02H\x1c\n\x01\x01\x02\x01'
                                   b'\x06\x02\x01\x00\x80\x01\x810\x02'
                                   b'\x04\x00'))
        self.mf.append(cia)

        # DF.eSign
        esign = DF(parent=self.mf,
                   fid=0xfffd,
                   dfname=b'\xA0\x00\x00\x01\x67\x45\x53\x49\x47\x4E')

        # ZDA certificate
        esign.append(TransparentStructureEF(parent=esign, fid=0xC000,
                                            data=b''))
        # User's certificate
        esign.append(TransparentStructureEF(parent=esign, fid=0xC001,
                                            data=b''))
        self.mf.append(esign)

        self.sam = nPA_SAM(
            eid_pin="111111".encode('ascii'),
            can="222222".encode('ascii'),
            mrz="IDD<<T220001293<<<<<<<<<<<<<<<6408125<2010315D"
            "<<<<<<<<<<<<<<MUSTERMANN<<ERIKA<<<<<<<<<<<<<".encode('ascii'),
            puk="3333333333".encode('ascii'),
            qes_pin="444444".encode('ascii'),
            mf=self.mf)
        # FIXME: add CVCA for inspection systems and signature terminals. Here
        #        we only add the eID CVCA.
        self.sam.current_SE.cvca = b"\x7f\x21\x82\x01\xb6\x7f\x4e\x82\x01\x6e"\
                                   b"\x5f\x29\x01\x00\x42\x0e\x44\x45\x43\x56"\
                                   b"\x43\x41\x65\x49\x44\x30\x30\x31\x30\x32"\
                                   b"\x7f\x49\x82\x01\x1d\x06\x0a\x04\x00\x7f"\
                                   b"\x00\x07\x02\x02\x02\x02\x03\x81\x20\xa9"\
                                   b"\xfb\x57\xdb\xa1\xee\xa9\xbc\x3e\x66\x0a"\
                                   b"\x90\x9d\x83\x8d\x72\x6e\x3b\xf6\x23\xd5"\
                                   b"\x26\x20\x28\x20\x13\x48\x1d\x1f\x6e\x53"\
                                   b"\x77\x82\x20\x7d\x5a\x09\x75\xfc\x2c\x30"\
                                   b"\x57\xee\xf6\x75\x30\x41\x7a\xff\xe7\xfb"\
                                   b"\x80\x55\xc1\x26\xdc\x5c\x6c\xe9\x4a\x4b"\
                                   b"\x44\xf3\x30\xb5\xd9\x83\x20\x26\xdc\x5c"\
                                   b"\x6c\xe9\x4a\x4b\x44\xf3\x30\xb5\xd9\xbb"\
                                   b"\xd7\x7c\xbf\x95\x84\x16\x29\x5c\xf7\xe1"\
                                   b"\xce\x6b\xcc\xdc\x18\xff\x8c\x07\xb6\x84"\
                                   b"\x41\x04\x8b\xd2\xae\xb9\xcb\x7e\x57\xcb"\
                                   b"\x2c\x4b\x48\x2f\xfc\x81\xb7\xaf\xb9\xde"\
                                   b"\x27\xe1\xe3\xbd\x23\xc2\x3a\x44\x53\xbd"\
                                   b"\x9a\xce\x32\x62\x54\x7e\xf8\x35\xc3\xda"\
                                   b"\xc4\xfd\x97\xf8\x46\x1a\x14\x61\x1d\xc9"\
                                   b"\xc2\x77\x45\x13\x2d\xed\x8e\x54\x5c\x1d"\
                                   b"\x54\xc7\x2f\x04\x69\x97\x85\x20\xa9\xfb"\
                                   b"\x57\xdb\xa1\xee\xa9\xbc\x3e\x66\x0a\x90"\
                                   b"\x9d\x83\x8d\x71\x8c\x39\x7a\xa3\xb5\x61"\
                                   b"\xa6\xf7\x90\x1e\x0e\x82\x97\x48\x56\xa7"\
                                   b"\x86\x41\x04\x33\x47\xec\xf9\x6f\xfb\x4b"\
                                   b"\xd9\xb8\x55\x4e\xfb\xcc\xfc\x7d\x0b\x24"\
                                   b"\x2f\x10\x71\xe2\x9b\x4c\x9c\x62\x2c\x79"\
                                   b"\xe3\x39\xd8\x40\xaf\x67\xbe\xb9\xb9\x12"\
                                   b"\x69\x22\x65\xd9\xc1\x6c\x62\x57\x3f\x45"\
                                   b"\x79\xff\xd4\xde\x2d\xe9\x2b\xab\x40\x9d"\
                                   b"\xd5\xc5\xd4\x82\x44\xa9\xf7\x87\x01\x01"\
                                   b"\x5f\x20\x0e\x44\x45\x43\x56\x43\x41\x65"\
                                   b"\x49\x44\x30\x30\x31\x30\x32\x7f\x4c\x12"\
                                   b"\x06\x09\x04\x00\x7f\x00\x07\x03\x01\x02"\
                                   b"\x02\x53\x05\xfe\x0f\x01\xff\xff\x5f\x25"\
                                   b"\x06\x01\x00\x01\x00\x01\x08\x5f\x24\x06"\
                                   b"\x01\x03\x01\x00\x01\x08\x5f\x37\x40\x50"\
                                   b"\x67\x14\x5c\x68\xca\xe9\x52\x0f\x5b\xb3"\
                                   b"\x48\x17\xf1\xca\x9c\x43\x59\x3d\xb5\x64"\
                                   b"\x06\xc6\xa3\xb0\x06\xcb\xf3\xf3\x14\xe7"\
                                   b"\x34\x9a\xcf\x0c\xc6\xbf\xeb\xcb\xde\xfd"\
                                   b"\x10\xb4\xdc\xf0\xf2\x31\xda\x56\x97\x7d"\
                                   b"\x88\xf9\xf9\x01\x82\xd1\x99\x07\x6a\x56"\
                                   b"\x50\x64\x51"
Beispiel #38
0
    def parse_SM_CAPDU(self, CAPDU, authenticate_header):
        """
        This methods parses a data field including Secure Messaging objects.
        SM_header indicates whether or not the header of the message shall be 
        authenticated. It returns an unprotected command APDU
        
        :param CAPDU: The protected CAPDU to be parsed
        :param authenticate_header: Whether or not the header should be
            included in authentication mechanisms 
        :returns: Unprotected command APDU
        """

        structure = unpack(CAPDU.data)
        return_data = [
            "",
        ]

        cla = None
        ins = None
        p1 = None
        p2 = None
        le = None

        if authenticate_header:
            to_authenticate = inttostring(CAPDU.cla) + inttostring(CAPDU.ins)+\
                              inttostring(CAPDU.p1) + inttostring(CAPDU.p2)
            to_authenticate = vsCrypto.append_padding(self.cct.blocklength,
                                                      to_authenticate)
        else:
            to_authenticate = ""

        for tlv in structure:
            tag, length, value = tlv

            if tag % 2 == 1:  #Include object in checksum calculation
                to_authenticate += bertlv_pack([[tag, length, value]])

            #SM data objects for encapsulating plain values
            if tag in (SM_Class["PLAIN_VALUE_NO_TLV"],
                       SM_Class["PLAIN_VALUE_NO_TLV_ODD"]):
                return_data.append(value)  #FIXME: Need TLV coding?
            #Encapsulated SM objects. Parse them
            #FIXME: Need to pack value into a dummy CAPDU
            elif tag in (SM_Class["PLAIN_VALUE_TLV_INCULDING_SM"],
                         SM_Class["PLAIN_VALUE_TLV_INCULDING_SM_ODD"]):
                return_data.append(
                    self.parse_SM_CAPDU(value, authenticate_header))
            #Encapsulated plaintext BER-TLV objects
            elif tag in (SM_Class["PLAIN_VALUE_TLV_NO_SM"],
                         SM_Class["PLAIN_VALUE_TLV_NO_SM_ODD"]):
                return_data.append(value)
            elif tag in (SM_Class["Ne"], SM_Class["Ne_ODD"]):
                le = value
            elif tag == SM_Class["PLAIN_COMMAND_HEADER"]:
                if len(value) != 8:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
                else:
                    cla = value[:2]
                    ins = value[2:4]
                    p1 = value[4:6]
                    p2 = value[6:8]

            #SM data objects for confidentiality
            if tag in (SM_Class["CRYPTOGRAM_PLAIN_TLV_INCLUDING_SM"],
                       SM_Class["CRYPTOGRAM_PLAIN_TLV_INCLUDING_SM_ODD"]):
                #The cryptogram includes SM objects.
                #We decrypt them and parse the objects.
                plain = self.decipher(tag, 0x80, value)
                #TODO: Need Le = length
                return_data.append(
                    self.parse_SM_CAPDU(plain, authenticate_header))
            elif tag in (SM_Class["CRYPTOGRAM_PLAIN_TLV_NO_SM"],
                         SM_Class["CRYPTOGRAM_PLAIN_TLV_NO_SM_ODD"]):
                #The cryptogram includes BER-TLV encoded plaintext.
                #We decrypt them and return the objects.
                plain = self.decipher(tag, 0x80, value)
                return_data.append(plain)
            elif tag in (SM_Class["CRYPTOGRAM_PADDING_INDICATOR"],
                         SM_Class["CRYPTOGRAM_PADDING_INDICATOR_ODD"]):
                #The first byte of the data field indicates the padding to use:
                """
                Value        Meaning
                '00'     No further indication
                '01'     Padding as specified in 6.2.3.1
                '02'     No padding
                '1X'     One to four secret keys for enciphering information,
                         not keys ('X' is a bitmap with any value from '0' to 'F')
                '11'     indicates the first key (e.g., an "even" control word
                         in a pay TV system)
                '12'     indicates the second key (e.g., an "odd" control word
                         in a pay TV system)
                '13'     indicates the first key followed by the second key
                         (e.g., a pair of control words in a pay TV system)
                '2X'     Secret key for enciphering keys, not information
                         ('X' is a reference with any value from '0' to 'F')
                         (e.g., in a pay TV system, either an operational key
                         for enciphering control words, or a management key for
                         enciphering operational keys)
                '3X'     Private key of an asymmetric key pair ('X' is a
                         reference with any value from '0' to 'F')
                '4X'     Password ('X' is a reference with any value from '0' to
                         'F')
            '80' to '8E' Proprietary
                """
                padding_indicator = stringtoint(value[0])
                plain = self.decipher(tag, 0x80, value[1:])
                plain = vsCrypto.strip_padding(self.ct.blocklength, plain,
                                               padding_indicator)
                return_data.append(plain)

            #SM data objects for authentication
            if tag == SM_Class["CHECKSUM"]:
                auth = vsCrypto.append_padding(self.cct.blocklength,
                                               to_authenticate)
                checksum = self.compute_cryptographic_checksum(
                    0x8E, 0x80, auth)
                if checksum != value:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
            elif tag == SM_Class["DIGITAL_SIGNATURE"]:
                auth = to_authenticate  #FIXME: Need padding?
                signature = self.compute_digital_signature(0x9E, 0x9A, auth)
                if signature != value:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
            elif tag in (SM_Class["HASH_CODE"], SM_Class["HASH_CODE_ODD"]):
                hash = self.hash(p1, p2, to_authenticate)
                if hash != value:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])

        #Form unprotected CAPDU
        if cla == None:
            cla = CAPDU.cla
        if ins == None:
            ins = CAPDU.ins
        if p1 == None:
            p1 = CAPDU.p1
        if p2 == None:
            p2 = CAPDU.p2
        # FIXME
        #if expected != "":
        #raise SwError(SW["ERR_SECMESSOBJECTSMISSING"])

        if isinstance(le, str):
            # FIXME C_APDU only handles le with strings of length 1. Better patch utils.py to support extended length apdus
            le_int = stringtoint(le)
            if le_int == 0 and len(le) > 1:
                le_int = MAX_EXTENDED_LE
            le = le_int

        c = C_APDU(cla=cla,
                   ins=ins,
                   p1=p1,
                   p2=p2,
                   le=le,
                   data="".join(return_data))
        return c
Beispiel #39
0
    def selectFile(self, p1, p2, data):
        """
        Function for instruction 0xa4. Takes the parameter bytes 'p1', 'p2' as
        integers and 'data' as binary string. Returns the status bytes as two
        byte long integer and the response data as binary string.
        """
        P2_FCI = 0
        P2_FCP = 1 << 2
        P2_FMD = 2 << 2
        P2_NONE = 3 << 2
        file = self._selectFile(p1, p2, data)

        if isinstance(file, EF):
            # File size (body only)
            size = inttostring(min(0xffff, len(file.getenc('data'))), 2)
            extra = chr(0)  # RFU
            if (isinstance(file, RecordStructureEF)
                    and file.hasFixedRecordSize() and not file.isCyclic()):
                # Length of records
                extra += chr(0) + chr(min(file.records, 0xff))
        elif isinstance(file, DF):
            # Number of unused EEPROM bytes available in the DF
            size = inttostring(0xffff, 2)
            efcount = 0
            dfcount = 0
            chv1 = None
            chv2 = None
            chv1lifecycle = 0
            chv2lifecycle = 0
            for f in self.content:
                if f.fid == 0x0000:
                    chv1 = f
                    chv1lifecycle = f.lifecycle & 1
                if f.fid == 0x0100:
                    chv2 = f
                    chv2lifecycle = f.lifecycle & 1
                if isinstance(f, EF):
                    efcount += 1
                if isinstance(f, DF):
                    dfcount += 1
            if chv1:
                extra = chr(1)  # TODO LSB correct?
            else:
                extra = chr(0)  # TODO LSB correct?
            extra += chr(efcount)
            extra += chr(dfcount)
            extra += chr(0)  # TODO Number of PINs and unblock CHV PINs
            extra += chr(0)  # RFU
            if chv1:
                extra += chr(0)  # TODO remaining CHV1 attempts
                extra += chr(0)  # TODO remaining unblock CHV1 attempts
                if chv2:
                    extra += chr(0)  # TODO CHV2 key status
                    extra += chr(0)  # TODO CHV2 unblocking key status

        data = inttostring(0, 2)  # RFU
        data += size
        data += inttostring(file.fid, 2)
        data += inttostring(file.filedescriptor)  # File type
        data += inttostring(0, 4)  # ACs TODO
        data += chr(file.lifecycle & 1)  # File status
        data += chr(len(extra))
        data += extra

        self.current = file

        return SW["NORMAL"], data
Beispiel #40
0
    def parse_SM_CAPDU(self, CAPDU, authenticate_header):
        """
        This methods parses a data field including Secure Messaging objects.
        SM_header indicates whether or not the header of the message shall be 
        authenticated. It returns an unprotected command APDU
        
        :param CAPDU: The protected CAPDU to be parsed
        :param authenticate_header: Whether or not the header should be
            included in authentication mechanisms 
        :returns: Unprotected command APDU
        """
            
        structure = unpack(CAPDU.data)
        return_data = ["",]
        
        cla = None
        ins = None
        p1 = None
        p2 = None
        le = None
        
        if authenticate_header:
            to_authenticate = inttostring(CAPDU.cla) + inttostring(CAPDU.ins)+\
                              inttostring(CAPDU.p1) + inttostring(CAPDU.p2)
            to_authenticate = vsCrypto.append_padding(self.cct.blocklength, to_authenticate)
        else:
            to_authenticate = ""

        for tlv in structure:
            tag, length, value = tlv
            
            if tag % 2 == 1: #Include object in checksum calculation
                to_authenticate += bertlv_pack([[tag, length, value]])
            
            #SM data objects for encapsulating plain values
            if tag in (SM_Class["PLAIN_VALUE_NO_TLV"],
                       SM_Class["PLAIN_VALUE_NO_TLV_ODD"]):
                return_data.append(value) #FIXME: Need TLV coding?
            #Encapsulated SM objects. Parse them
            #FIXME: Need to pack value into a dummy CAPDU
            elif tag in (SM_Class["PLAIN_VALUE_TLV_INCULDING_SM"],
                         SM_Class["PLAIN_VALUE_TLV_INCULDING_SM_ODD"]):
                return_data.append(self.parse_SM_CAPDU(value, authenticate_header)) 
            #Encapsulated plaintext BER-TLV objects
            elif tag in (SM_Class["PLAIN_VALUE_TLV_NO_SM"],
                         SM_Class["PLAIN_VALUE_TLV_NO_SM_ODD"]):
                return_data.append(value)
            elif tag in (SM_Class["Ne"], SM_Class["Ne_ODD"]):
                le = value
            elif tag == SM_Class["PLAIN_COMMAND_HEADER"]:
                if len(value) != 8:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
                else:
                    cla = value[:2]
                    ins = value[2:4]
                    p1 = value[4:6]
                    p2 = value[6:8]

            #SM data objects for confidentiality
            if tag in (SM_Class["CRYPTOGRAM_PLAIN_TLV_INCLUDING_SM"],
                       SM_Class["CRYPTOGRAM_PLAIN_TLV_INCLUDING_SM_ODD"]):
                #The cryptogram includes SM objects. 
                #We decrypt them and parse the objects.
                plain = self.decipher(tag, 0x80, value)
                #TODO: Need Le = length
                return_data.append(self.parse_SM_CAPDU(plain, authenticate_header))
            elif tag in (SM_Class["CRYPTOGRAM_PLAIN_TLV_NO_SM"],
                         SM_Class["CRYPTOGRAM_PLAIN_TLV_NO_SM_ODD"]):
                #The cryptogram includes BER-TLV encoded plaintext. 
                #We decrypt them and return the objects.
                plain = self.decipher(tag, 0x80, value)
                return_data.append(plain)
            elif tag in (SM_Class["CRYPTOGRAM_PADDING_INDICATOR"],
                         SM_Class["CRYPTOGRAM_PADDING_INDICATOR_ODD"]):
                #The first byte of the data field indicates the padding to use:
                """
                Value        Meaning
                '00'     No further indication
                '01'     Padding as specified in 6.2.3.1
                '02'     No padding
                '1X'     One to four secret keys for enciphering information,
                         not keys ('X' is a bitmap with any value from '0' to 'F')
                '11'     indicates the first key (e.g., an "even" control word
                         in a pay TV system)
                '12'     indicates the second key (e.g., an "odd" control word
                         in a pay TV system)
                '13'     indicates the first key followed by the second key
                         (e.g., a pair of control words in a pay TV system)
                '2X'     Secret key for enciphering keys, not information
                         ('X' is a reference with any value from '0' to 'F')
                         (e.g., in a pay TV system, either an operational key
                         for enciphering control words, or a management key for
                         enciphering operational keys)
                '3X'     Private key of an asymmetric key pair ('X' is a
                         reference with any value from '0' to 'F')
                '4X'     Password ('X' is a reference with any value from '0' to
                         'F')
            '80' to '8E' Proprietary
                """
                padding_indicator = stringtoint(value[0])
                plain = self.decipher(tag, 0x80, value[1:])
                plain = vsCrypto.strip_padding(self.ct.blocklength, plain,
                                               padding_indicator)
                return_data.append(plain)

            #SM data objects for authentication 
            if tag == SM_Class["CHECKSUM"]:
                auth = vsCrypto.append_padding(self.cct.blocklength, to_authenticate)
                checksum = self.compute_cryptographic_checksum(0x8E,
                                                                   0x80,
                                                                   auth)
                if checksum != value:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
            elif tag == SM_Class["DIGITAL_SIGNATURE"]:
                auth = to_authenticate #FIXME: Need padding?
                signature = self.compute_digital_signature(0x9E, 0x9A, auth)
                if signature != value:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
            elif tag in (SM_Class["HASH_CODE"], SM_Class["HASH_CODE_ODD"]):
                hash = self.hash(p1, p2, to_authenticate)
                if hash != value:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
                
        #Form unprotected CAPDU
        if cla == None:
            cla = CAPDU.cla
        if ins == None:
            ins = CAPDU.ins
        if p1 == None:
            p1 = CAPDU.p1
        if p2 == None:
            p2 = CAPDU.p2
        if le == None:
            le = CAPDU.le
        # FIXME
        #if expected != "":
            #raise SwError(SW["ERR_SECMESSOBJECTSMISSING"])

        if isinstance(le, str):
            # FIXME C_APDU only handles le with strings of length 1. Better patch utils.py to support extended length apdus
            le_int = stringtoint(le)
            if le_int == 0 and len(le) > 1:
                le_int = MAX_EXTENDED_LE
            le = le_int
        
        c = C_APDU(cla=cla, ins=ins, p1=p1, p2=p2, le=le, data="".join(return_data))
        return c