Example #1
0
    def mutual_authenticate(self, p1, p2, mutual_challenge):
        """
        Takes an encrypted challenge in the form 
        'Terminal Challenge | Card Challenge | Card number'
        and checks it for validity. If the challenge is successful
        the card encrypts 'Card Challenge | Terminal challenge' and
        returns this value
        """

        key = self._get_referenced_key(p1, p2)
        card_number = self.get_card_number()

        if (key == None):
            raise SwError(SW["ERR_INCORRECTP1P2"])
        if p1 == 0x00:  #No information given
            cipher = get_referenced_cipher(self.cipher)
        else:
            cipher = get_referenced_cipher(p1)

        if (cipher == None):
            raise SwError(SW["ERR_INCORRECTP1P2"])

        plain = vsCrypto.decrypt(cipher, key, mutual_challenge)
        last_challenge_len = len(self.last_challenge)
        terminal_challenge = plain[:last_challenge_len - 1]
        card_challenge = plain[last_challenge_len:-len(card_number) - 1]
        serial_number = plain[-len(card_number):]

        if terminal_challenge != self.last_challenge:
            raise SwError(SW["WARN_NOINFO63"])
        elif serial_number != card_number:
            raise SwError(SW["WARN_NOINFO63"])

        result = card_challenge + terminal_challenge
        return SW["NORMAL"], vsCrypto.encrypt(cipher, key, result)
Example #2
0
    def mutual_authenticate(self, p1, p2, mutual_challenge):   
        """
        Takes an encrypted challenge in the form 
        'Terminal Challenge | Card Challenge | Card number'
        and checks it for validity. If the challenge is successful
        the card encrypts 'Card Challenge | Terminal challenge' and
        returns this value
        """
        
        key = self._get_referenced_key(p1, p2)
        card_number = self.get_card_number()

        if (key == None):
            raise SwError(SW["ERR_INCORRECTP1P2"])
        if p1 == 0x00: #No information given
            cipher = get_referenced_cipher(self.cipher)   
        else:
            cipher = get_referenced_cipher(p1)
        
        if (cipher == None):
            raise SwError(SW["ERR_INCORRECTP1P2"])

        plain = vsCrypto.decrypt(cipher, key, mutual_challenge)
        last_challenge_len = len(self.last_challenge)
        terminal_challenge = plain[:last_challenge_len-1]
        card_challenge = plain[last_challenge_len:-len(card_number)-1]
        serial_number = plain[-len(card_number):]
        
        if terminal_challenge != self.last_challenge:
            raise SwError(SW["WARN_NOINFO63"])
        elif serial_number != card_number:
            raise SwError(SW["WARN_NOINFO63"])
        
        result = card_challenge + terminal_challenge
        return SW["NORMAL"], vsCrypto.encrypt(cipher, key, result)
Example #3
0
 def encipher(self, p1, p2, data):
     """
     Encipher data using key, algorithm, IV and Padding specified
     by the current Security environment.
     
     :returns: raw data (no TLV coding).
     """
     algo = self.ct.algorithm
     key = self.ct.key
     if key == None or algo == None:
         raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])
     else:
         padded = vsCrypto.append_padding(vsCrypto.get_cipher_blocklen(algo), data)
         crypted = vsCrypto.encrypt(algo, key, padded, self.ct.iv)
         return crypted
Example #4
0
 def encipher(self, p1, p2, data):
     """
     Encipher data using key, algorithm, IV and Padding specified
     by the current Security environment.
     
     :returns: raw data (no TLV coding).
     """
     algo = self.ct.algorithm
     key = self.ct.key
     if key == None or algo == None:
         raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])
     else:
         padded = vsCrypto.append_padding(vsCrypto.get_cipher_blocklen(algo), data)
         crypted = vsCrypto.encrypt(algo, key, padded, self.ct.iv)
         return crypted
Example #5
0
    def verify_cryptographic_checksum(self, p1, p2, data):
        """
        Verify the cryptographic checksum contained in the data field.
        Data field must contain a cryptographic checksum (tag 0x8E) and a plain
        value (tag 0x80)
        """
        plain = ""
        cct = ""

        algo = self.cct.algorithm
        key = self.cct.key
        iv = self.cct.iv
        if algo == None or key == None:
            raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])

        structure = unpack(data)
        for tag, length, value in structure:
            if tag == 0x80:
                plain = value
            elif tag == 0x8E:
                cct = value
        if plain == "" or cct == "":
            raise SwError(SW["ERR_SECMESSOBJECTSMISSING"])
        else:
            my_cct = vsCrypto.crypto_checksum(algo, key, plain, iv)
            if my_cct == cct:
                return ""
            else:
                raise SwError["ERR_SECMESSOBJECTSINCORRECT"]
Example #6
0
    def __init__(self, PIN, cardNumber, mf=None, cardSecret=None, default_se=Security_Environment):

        self.PIN = PIN
        self.mf = mf
        self.cardNumber = cardNumber

        self.last_challenge = None #Will contain non-readable binary string
        self.counter = 3 #Number of tries for PIN validation

        self.cipher = 0x01
        self.asym_key = None
        
        keylen = vsCrypto.get_cipher_keylen(get_referenced_cipher(self.cipher))
        if cardSecret is None: #Generate a random card secret
            self.cardSecret = urandom(keylen)
        else:
            if len(cardSecret) != keylen:
                raise ValueError("cardSecret has the wrong key length for: " +\
                    get_referenced_cipher(self.cipher))
            else:
                self.cardSecret = cardSecret  

        #Security Environments may be saved to/retrieved from this dictionary
        self.saved_SEs = {} 
        self.default_se = default_se
        self.current_SE = default_se(self.mf, self)
Example #7
0
    def verify_cryptographic_checksum(self, p1, p2, data):
        """
        Verify the cryptographic checksum contained in the data field.
        Data field must contain a cryptographic checksum (tag 0x8E) and a plain
        value (tag 0x80)
        """
        plain = ""
        cct = ""

        algo = self.cct.algorithm
        key = self.cct.key
        iv = self.cct.iv
        if algo == None or key == None:
            raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])

        structure = unpack(data)
        for tag, length, value in structure:
            if tag == 0x80:
                plain = value
            elif tag == 0x8E:
                cct = value
        if plain == "" or cct == "":
            raise SwError(SW["ERR_SECMESSOBJECTSMISSING"])
        else:
            my_cct = vsCrypto.crypto_checksum(algo, key, plain, iv)
            if my_cct == cct:
                return ""
            else:
                raise SwError["ERR_SECMESSOBJECTSINCORRECT"]
Example #8
0
    def __init__(self,
                 PIN,
                 cardNumber,
                 mf=None,
                 cardSecret=None,
                 default_se=Security_Environment):

        self.PIN = PIN
        self.mf = mf
        self.cardNumber = cardNumber

        self.last_challenge = None  #Will contain non-readable binary string
        self.counter = 3  #Number of tries for PIN validation

        self.cipher = 0x01
        self.asym_key = None

        keylen = vsCrypto.get_cipher_keylen(get_referenced_cipher(self.cipher))
        if cardSecret is None:  #Generate a random card secret
            self.cardSecret = urandom(keylen)
        else:
            if len(cardSecret) != keylen:
                raise ValueError("cardSecret has the wrong key length for: " +\
                    get_referenced_cipher(self.cipher))
            else:
                self.cardSecret = cardSecret

        #Security Environments may be saved to/retrieved from this dictionary
        self.saved_SEs = {}
        self.default_se = default_se
        self.current_SE = default_se(self.mf, self)
Example #9
0
    def encipher(self, p1, p2, data):
        padded = vsCrypto.append_padding(self.cct.blocklength, data)
        cipher = eac.EAC_encrypt(self.eac_ctx, padded)
        if not cipher:
            eac.print_ossl_err()
            raise SwError(SW["ERR_NOINFO69"])

        return cipher
Example #10
0
    def encipher(self, p1, p2, data):
        padded = vsCrypto.append_padding(self.cct.blocklength, data)
        cipher = eac.EAC_encrypt(self.eac_ctx, padded)
        if not cipher:
            eac.print_ossl_err()
            raise SwError(SW["ERR_NOINFO69"]) 

        return cipher
Example #11
0
    def external_authenticate(self, p1, p2, resp_data):
        """Performs the basic access control protocol as defined in
        the ICAO MRTD standard"""
        rnd_icc = self.last_challenge

        # Receive Mutual Authenticate APDU from terminal
        # Decrypt data and check MAC
        Eifd = resp_data[:-8]
        padded_Eifd = vsCrypto.append_padding(self.current_SE.cct.blocklength,
                                              Eifd)
        Mifd = vsCrypto.crypto_checksum("CC", self.KMac, padded_Eifd)
        # Check the MAC
        if not Mifd == resp_data[-8:]:
            raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
        # Decrypt the data
        plain = vsCrypto.decrypt("DES3-CBC", self.KEnc, resp_data[:-8])
        if plain[8:16] != rnd_icc:
            raise SwError(SW["WARN_NOINFO63"])
        # Extract keying material from IFD, generate ICC keying material
        Kifd = plain[16:]
        rnd_ifd = plain[:8]
        Kicc = urandom(16)
        # Generate Answer
        data = plain[8:16] + plain[:8] + Kicc
        Eicc = vsCrypto.encrypt("DES3-CBC", self.KEnc, data)
        padded_Eicc = vsCrypto.append_padding(self.current_SE.cct.blocklength,
                                              Eicc)
        Micc = vsCrypto.crypto_checksum("CC", self.KMac, padded_Eicc)
        # Derive the final keys and set the current SE
        KSseed = vsCrypto.operation_on_string(Kicc, Kifd, lambda a, b: a ^ b)
        self.current_SE.ct.key = self.derive_key(KSseed, 1)
        self.current_SE.cct.key = self.derive_key(KSseed, 2)
        self.current_SE.ssc = stringtoint(rnd_icc[-4:] + rnd_ifd[-4:])
        return SW["NORMAL"], Eicc + Micc
Example #12
0
    def compute_cryptographic_checksum(self, p1, p2, data):
        """
        Compute a cryptographic checksum (e.g. MAC) for the given data.
        Algorithm and key are specified in the current SE
        """
        if p1 != 0x8E or p2 != 0x80:
            raise SwError(SW["ERR_INCORRECTP1P2"])
        if self.cct.key is None:
            raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])

        checksum = vsCrypto.crypto_checksum(self.cct.algorithm, self.cct.key, data, self.cct.iv)
        return checksum
Example #13
0
 def external_authenticate(self, p1, p2, data):
     """
     Authenticate the terminal to the card. Check whether Terminal correctly
     encrypted the given challenge or not
     """
     if self.last_challenge is None:
         raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])
     
     key = self._get_referenced_key(p1, p2) 
     if p1 == 0x00: #No information given
         cipher = get_referenced_cipher(self.cipher)   
     else:
         cipher = get_referenced_cipher(p1)     
     
     reference = vsCrypto.append_padding(cipher, self.last_challenge)
     reference = vsCrypto.encrypt(cipher, key, reference)
     if(reference == data):
         #Invalidate last challenge
         self.last_challenge = None
         return SW["NORMAL"], ""
     else:
         raise SwError(SW["WARN_NOINFO63"])
Example #14
0
    def compute_cryptographic_checksum(self, p1, p2, data):
        """
        Compute a cryptographic checksum (e.g. MAC) for the given data.
        The ePass uses a Send Sequence Counter for MAC calculation
        """
        if p1 != 0x8E or p2 != 0x80:
            raise SwError(SW["ERR_INCORRECTP1P2"])

        self.ssc += 1
        checksum = vsCrypto.crypto_checksum(self.cct.algorithm, self.cct.key,
                                            data, self.cct.iv, self.ssc)

        return checksum
Example #15
0
    def compute_cryptographic_checksum(self, p1, p2, data):
        """
        Compute a cryptographic checksum (e.g. MAC) for the given data.
        Algorithm and key are specified in the current SE
        """
        if p1 != 0x8E or p2 != 0x80:
            raise SwError(SW["ERR_INCORRECTP1P2"])
        if self.cct.key == None:
            raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])

        checksum = vsCrypto.crypto_checksum(self.cct.algorithm, self.cct.key,
                                            data, self.cct.iv)
        return checksum
Example #16
0
 def external_authenticate(self, p1, p2, data):
     """
     Authenticate the terminal to the card. Check whether Terminal correctly
     encrypted the given challenge or not
     """
     if self.last_challenge is None:
         raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])
     
     key = self._get_referenced_key(p1, p2) 
     if p1 == 0x00: #No information given
         cipher = get_referenced_cipher(self.cipher)   
     else:
         cipher = get_referenced_cipher(p1)     
     
     reference = vsCrypto.append_padding(cipher, self.last_challenge)
     reference = vsCrypto.encrypt(cipher, key, reference)
     if(reference == data):
         #Invalidate last challenge
         self.last_challenge = None
         return SW["NORMAL"], ""
     else:
         raise SwError(SW["WARN_NOINFO63"])
Example #17
0
 def decipher(self, p1, p2, data):
     """
     Decipher data using key, algorithm, IV and Padding specified
     by the current Security environment.
     
     :returns: raw data (no TLV coding). Padding is not removed!!!
     """
     algo = self.ct.algorithm
     key = self.ct.key
     if key == None or algo == None:
         raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])
     else:
         plain = vsCrypto.decrypt(algo, key, data, self.ct.iv)
         return plain
Example #18
0
 def decipher(self, p1, p2, data):
     """
     Decipher data using key, algorithm, IV and Padding specified
     by the current Security environment.
     
     :returns: raw data (no TLV coding). Padding is not removed!!!
     """
     algo = self.ct.algorithm
     key = self.ct.key
     if key == None or algo == None:
         raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])
     else:
         plain = vsCrypto.decrypt(algo, key, data, self.ct.iv)
         return plain
Example #19
0
    def hash(self, p1, p2, data):
        """
        Hash the given data using the algorithm specified by the current 
        Security environment.
        
        :return: raw data (no TLV coding).
        """
        if p1 != 0x90 or not p2 in (0x80, 0xA0):
            raise SwError(SW["ERR_INCORRECTP1P2"])
        algo = self.ht.algorithm
        if algo == None:
            raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])
        try:
            hash = vsCrypto.hash(algo, data)
        except ValueError:
            raise SwError(SW["ERR_EXECUTION"])

        return hash
Example #20
0
    def hash(self, p1, p2, data):
        """
        Hash the given data using the algorithm specified by the current 
        Security environment.
        
        :return: raw data (no TLV coding).
        """        
        if p1 != 0x90 or not p2 in (0x80, 0xA0):
            raise SwError(SW["ERR_INCORRECTP1P2"])
        algo = self.ht.algorithm
        if algo == None:
            raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])
        try:
            hash = vsCrypto.hash(algo, data)
        except ValueError:
            raise SwError(SW["ERR_EXECUTION"])

        return hash
Example #21
0
    def protect_response(self, sw, result):
        """
        This method protects a response APDU using secure messaging mechanisms

        :returns: the protected data and the SW bytes
        """

        return_data = ""
        # if sw == SW["NORMAL"]:
        #    sw = inttostring(sw)
        #    length = len(sw)
        #    tag = SM_Class["PLAIN_PROCESSING_STATUS"]
        #    tlv_sw = pack([(tag,length,sw)])
        #    return_data += tlv_sw

        if result != "":  # Encrypt the data included in the RAPDU
            encrypted = self.encipher(0x82, 0x80, result)
            encrypted = "\x01" + encrypted
            encrypted_tlv = pack([(
                                SM_Class["CRYPTOGRAM_PADDING_INDICATOR_ODD"],
                                len(encrypted),
                                encrypted)])
            return_data += encrypted_tlv

        if sw == SW["NORMAL"]:
            if self.cct.algorithm is None:
                raise SwError(SW["CONDITIONSNOTSATISFIED"])
            elif self.cct.algorithm == "CC":
                tag = SM_Class["CHECKSUM"]
                padded = vsCrypto.append_padding(self.cct.blocklength,
                                                 return_data)
                auth = self.compute_cryptographic_checksum(0x8E, 0x80, padded)
                length = len(auth)
                return_data += pack([(tag, length, auth)])
            elif self.cct.algorithm == "SIGNATURE":
                tag = SM_Class["DIGITAL_SIGNATURE"]
                hash = self.hash(0x90, 0x80, return_data)
                auth = self.compute_digital_signature(0x9E, 0x9A, hash)
                length = len(auth)
                return_data += pack([(tag, length, auth)])

        return sw, return_data
Example #22
0
    def protect_response(self, sw, result):
        """
        This method protects a response APDU using secure messaging mechanisms
        
        :returns: the protected data and the SW bytes
        """

        return_data = ""
        #if sw == SW["NORMAL"]:
        #    sw = inttostring(sw)
        #    length = len(sw)
        #    tag = SM_Class["PLAIN_PROCESSING_STATUS"]
        #    tlv_sw = pack([(tag,length,sw)])
        #    return_data += tlv_sw

        if result != "":  # Encrypt the data included in the RAPDU
            encrypted = self.encipher(0x82, 0x80, result)
            encrypted = "\x01" + encrypted
            encrypted_tlv = pack([
                (SM_Class["CRYPTOGRAM_PADDING_INDICATOR_ODD"], len(encrypted),
                 encrypted)
            ])
            return_data += encrypted_tlv

        if sw == SW["NORMAL"]:
            if self.cct.algorithm == None:
                raise SwError(SW["CONDITIONSNOTSATISFIED"])
            elif self.cct.algorithm == "CC":
                tag = SM_Class["CHECKSUM"]
                padded = vsCrypto.append_padding(self.cct.blocklength,
                                                 return_data)
                auth = self.compute_cryptographic_checksum(0x8E, 0x80, padded)
                length = len(auth)
                return_data += pack([(tag, length, auth)])
            elif self.cct.algorithm == "SIGNATURE":
                tag = SM_Class["DIGITAL_SIGNATURE"]
                hash = self.hash(0x90, 0x80, return_data)
                auth = self.compute_digital_signature(0x9E, 0x9A, hash)
                length = len(auth)
                return_data += pack([(tag, length, auth)])

        return sw, return_data
Example #23
0
    def internal_authenticate(self, p1, p2, data):
        """
        Authenticate card to terminal. Encrypt the challenge of the terminal
        to prove key posession
        """
        
        if p1 == 0x00: #No information given
            cipher = get_referenced_cipher(self.cipher)   
        else:
            cipher = get_referenced_cipher(p1)

        if cipher == "RSA" or cipher == "DSA":
            crypted_challenge = self.asym_key.sign(data,"")
            crypted_challenge = crypted_challenge[0]
            crypted_challenge = inttostring(crypted_challenge)
        else:
            key = self._get_referenced_key(p1, p2)
            crypted_challenge = vsCrypto.encrypt(cipher, key, data)
        
        return SW["NORMAL"], crypted_challenge
Example #24
0
    def internal_authenticate(self, p1, p2, data):
        """
        Authenticate card to terminal. Encrypt the challenge of the terminal
        to prove key posession
        """

        if p1 == 0x00:  #No information given
            cipher = get_referenced_cipher(self.cipher)
        else:
            cipher = get_referenced_cipher(p1)

        if cipher == "RSA" or cipher == "DSA":
            crypted_challenge = self.asym_key.sign(data, "")
            crypted_challenge = crypted_challenge[0]
            crypted_challenge = inttostring(crypted_challenge)
        else:
            key = self._get_referenced_key(p1, p2)
            crypted_challenge = vsCrypto.encrypt(cipher, key, data)

        return SW["NORMAL"], crypted_challenge
Example #25
0
    def _get_referenced_key(self, p1, p2):
        """
        This method returns the key specified by the p2 parameter. The key may
        be stored on the cards filesystem.

        :param p1: Specifies the algorithm to use. Needed to know the keylength.
        :param p2: Specifies a reference to the key to be used for encryption

            == == == == == == == == =============================================
            b8 b7 b6 b5 b4 b3 b2 b1 Meaning
            == == == == == == == == =============================================
            0  0  0  0  0  0  0  0  No information is given
            0  -  -  -  -  -  -  -  Global reference data(e.g. MF specific key)
            1  -  -  -  -  -  -  -  Specific reference data(e.g. DF specific key)
            -  -  -  x  x  x  x  x  Number of the secret
            == == == == == == == == =============================================

            Any other value RFU
        """

        key = None
        qualifier = p2 & 0x1F
        algo = get_referenced_cipher(p1)
        keylength = vsCrypto.get_cipher_keylen(algo)

        if (p2 == 0x00):  #No information given, use the global card key
            key = self.cardSecret
        #We treat global and specific reference data alike
        #elif ((p2 >> 7) == 0x01 or (p2 >> 7) == 0x00):
        else:
            #Interpret qualifier as an short fid (try to read the key from FS)
            if self.mf == None:
                raise SwError(SW["ERR_REFNOTUSABLE"])
            df = self.mf.currentDF()
            fid = df.select("fid", stringtoint(qualifier))
            key = fid.readbinary(keylength)

        if key != None:
            return key
        else:
            raise SwError(SW["ERR_REFNOTUSABLE"])
Example #26
0
    def _get_referenced_key(self, p1, p2):
        """
        This method returns the key specified by the p2 parameter. The key may
        be stored on the cards filesystem.

        :param p1: Specifies the algorithm to use. Needed to know the keylength.
        :param p2: Specifies a reference to the key to be used for encryption

            == == == == == == == == =============================================
            b8 b7 b6 b5 b4 b3 b2 b1 Meaning
            == == == == == == == == =============================================
            0  0  0  0  0  0  0  0  No information is given
            0  -  -  -  -  -  -  -  Global reference data(e.g. MF specific key)
            1  -  -  -  -  -  -  -  Specific reference data(e.g. DF specific key)
            -  -  -  x  x  x  x  x  Number of the secret
            == == == == == == == == =============================================

            Any other value RFU
        """
        
        key = None
        qualifier = p2 & 0x1F
        algo = get_referenced_cipher(p1)        
        keylength = vsCrypto.get_cipher_keylen(algo)

        if (p2 == 0x00): #No information given, use the global card key
            key = self.cardSecret
        #We treat global and specific reference data alike
        #elif ((p2 >> 7) == 0x01 or (p2 >> 7) == 0x00):
        else:		
            #Interpret qualifier as an short fid (try to read the key from FS)
            if self.mf == None:
                raise SwError(SW["ERR_REFNOTUSABLE"])
            df = self.mf.currentDF()
            fid = df.select("fid", stringtoint(qualifier))
            key = fid.readbinary(keylength)

        if key != None:
            return key
        else: 
            raise SwError(SW["ERR_REFNOTUSABLE"])
Example #27
0
if __name__ == "__main__":

    password = "******"

    MyCard = SAM("1234", "1234567890")
    try:
        print(MyCard.verify(0x00, 0x00, "5678"))
    except SwError as e:
        print(e.message)

    print("Counter = " + str(MyCard.counter))
    print(MyCard.verify(0x00,  0x00, "1234"))
    print("Counter = " + str(MyCard.counter))
    sw, challenge = MyCard.get_challenge(0x00, 0x00, "")
    print("Before encryption: " + challenge)
    padded = vsCrypto.append_padding("DES3-ECB", challenge)
    sw, result_data = MyCard.internal_authenticate(0x00, 0x00, padded)
    print("Internal Authenticate status code: %x" % sw)

    try:
        sw, res = MyCard.external_authenticate(0x00, 0x00, result_data)
    except SwError as e:
        print(e.message)
        sw = e.sw
    print("Decryption Status code: %x" % sw)

    #SE = Security_Environment(None)
    #testvektor = "foobar"
    #print "Testvektor = %s" % testvektor
    #sw, hash = SE.hash(0x90,0x80,testvektor)
    #print "SW after hashing = %s" % sw
Example #28
0
if __name__ == "__main__":

    password = "******"

    MyCard = SAM("1234", "1234567890")
    try:
        print(MyCard.verify(0x00, 0x00, "5678"))
    except SwError as e:
        print(e.message)

    print("Counter = " + str(MyCard.counter))
    print(MyCard.verify(0x00,  0x00, "1234"))
    print("Counter = " + str(MyCard.counter))
    sw, challenge = MyCard.get_challenge(0x00, 0x00, "")
    print("Before encryption: " + challenge)
    padded = vsCrypto.append_padding("DES3-ECB", challenge)
    sw, result_data = MyCard.internal_authenticate(0x00, 0x00, padded)
    print("Internal Authenticate status code: %x" % sw)

    try:
        sw, res = MyCard.external_authenticate(0x00, 0x00, result_data)
    except SwError as e:
        print(e.message)
        sw = e.sw
    print("Decryption Status code: %x" % sw)

    #SE = Security_Environment(None)
    #testvektor = "foobar"
    #print "Testvektor = %s" % testvektor
    #sw, hash = SE.hash(0x90,0x80,testvektor)
    #print "SW after hashing = %s" % sw
Example #29
0
    def parse_SM_CAPDU(self, CAPDU, authenticate_header):
        """
        This methods parses a data field including Secure Messaging objects.
        SM_header indicates whether or not the header of the message shall be 
        authenticated. It returns an unprotected command APDU
        
        :param CAPDU: The protected CAPDU to be parsed
        :param authenticate_header: Whether or not the header should be
            included in authentication mechanisms 
        :returns: Unprotected command APDU
        """

        structure = unpack(CAPDU.data)
        return_data = [
            "",
        ]

        cla = None
        ins = None
        p1 = None
        p2 = None
        le = None

        if authenticate_header:
            to_authenticate = inttostring(CAPDU.cla) + inttostring(CAPDU.ins)+\
                              inttostring(CAPDU.p1) + inttostring(CAPDU.p2)
            to_authenticate = vsCrypto.append_padding(self.cct.blocklength,
                                                      to_authenticate)
        else:
            to_authenticate = ""

        for tlv in structure:
            tag, length, value = tlv

            if tag % 2 == 1:  #Include object in checksum calculation
                to_authenticate += bertlv_pack([[tag, length, value]])

            #SM data objects for encapsulating plain values
            if tag in (SM_Class["PLAIN_VALUE_NO_TLV"],
                       SM_Class["PLAIN_VALUE_NO_TLV_ODD"]):
                return_data.append(value)  #FIXME: Need TLV coding?
            #Encapsulated SM objects. Parse them
            #FIXME: Need to pack value into a dummy CAPDU
            elif tag in (SM_Class["PLAIN_VALUE_TLV_INCULDING_SM"],
                         SM_Class["PLAIN_VALUE_TLV_INCULDING_SM_ODD"]):
                return_data.append(
                    self.parse_SM_CAPDU(value, authenticate_header))
            #Encapsulated plaintext BER-TLV objects
            elif tag in (SM_Class["PLAIN_VALUE_TLV_NO_SM"],
                         SM_Class["PLAIN_VALUE_TLV_NO_SM_ODD"]):
                return_data.append(value)
            elif tag in (SM_Class["Ne"], SM_Class["Ne_ODD"]):
                le = value
            elif tag == SM_Class["PLAIN_COMMAND_HEADER"]:
                if len(value) != 8:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
                else:
                    cla = value[:2]
                    ins = value[2:4]
                    p1 = value[4:6]
                    p2 = value[6:8]

            #SM data objects for confidentiality
            if tag in (SM_Class["CRYPTOGRAM_PLAIN_TLV_INCLUDING_SM"],
                       SM_Class["CRYPTOGRAM_PLAIN_TLV_INCLUDING_SM_ODD"]):
                #The cryptogram includes SM objects.
                #We decrypt them and parse the objects.
                plain = self.decipher(tag, 0x80, value)
                #TODO: Need Le = length
                return_data.append(
                    self.parse_SM_CAPDU(plain, authenticate_header))
            elif tag in (SM_Class["CRYPTOGRAM_PLAIN_TLV_NO_SM"],
                         SM_Class["CRYPTOGRAM_PLAIN_TLV_NO_SM_ODD"]):
                #The cryptogram includes BER-TLV encoded plaintext.
                #We decrypt them and return the objects.
                plain = self.decipher(tag, 0x80, value)
                return_data.append(plain)
            elif tag in (SM_Class["CRYPTOGRAM_PADDING_INDICATOR"],
                         SM_Class["CRYPTOGRAM_PADDING_INDICATOR_ODD"]):
                #The first byte of the data field indicates the padding to use:
                """
                Value        Meaning
                '00'     No further indication
                '01'     Padding as specified in 6.2.3.1
                '02'     No padding
                '1X'     One to four secret keys for enciphering information,
                         not keys ('X' is a bitmap with any value from '0' to 'F')
                '11'     indicates the first key (e.g., an "even" control word
                         in a pay TV system)
                '12'     indicates the second key (e.g., an "odd" control word
                         in a pay TV system)
                '13'     indicates the first key followed by the second key
                         (e.g., a pair of control words in a pay TV system)
                '2X'     Secret key for enciphering keys, not information
                         ('X' is a reference with any value from '0' to 'F')
                         (e.g., in a pay TV system, either an operational key
                         for enciphering control words, or a management key for
                         enciphering operational keys)
                '3X'     Private key of an asymmetric key pair ('X' is a
                         reference with any value from '0' to 'F')
                '4X'     Password ('X' is a reference with any value from '0' to
                         'F')
            '80' to '8E' Proprietary
                """
                padding_indicator = stringtoint(value[0])
                plain = self.decipher(tag, 0x80, value[1:])
                plain = vsCrypto.strip_padding(self.ct.blocklength, plain,
                                               padding_indicator)
                return_data.append(plain)

            #SM data objects for authentication
            if tag == SM_Class["CHECKSUM"]:
                auth = vsCrypto.append_padding(self.cct.blocklength,
                                               to_authenticate)
                checksum = self.compute_cryptographic_checksum(
                    0x8E, 0x80, auth)
                if checksum != value:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
            elif tag == SM_Class["DIGITAL_SIGNATURE"]:
                auth = to_authenticate  #FIXME: Need padding?
                signature = self.compute_digital_signature(0x9E, 0x9A, auth)
                if signature != value:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
            elif tag in (SM_Class["HASH_CODE"], SM_Class["HASH_CODE_ODD"]):
                hash = self.hash(p1, p2, to_authenticate)
                if hash != value:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])

        #Form unprotected CAPDU
        if cla == None:
            cla = CAPDU.cla
        if ins == None:
            ins = CAPDU.ins
        if p1 == None:
            p1 = CAPDU.p1
        if p2 == None:
            p2 = CAPDU.p2
        # FIXME
        #if expected != "":
        #raise SwError(SW["ERR_SECMESSOBJECTSMISSING"])

        if isinstance(le, str):
            # FIXME C_APDU only handles le with strings of length 1. Better patch utils.py to support extended length apdus
            le_int = stringtoint(le)
            if le_int == 0 and len(le) > 1:
                le_int = MAX_EXTENDED_LE
            le = le_int

        c = C_APDU(cla=cla,
                   ins=ins,
                   p1=p1,
                   p2=p2,
                   le=le,
                   data="".join(return_data))
        return c
Example #30
0
    def parse_SM_CAPDU(self, CAPDU, authenticate_header):
        """
        This methods parses a data field including Secure Messaging objects.
        SM_header indicates whether or not the header of the message shall be 
        authenticated. It returns an unprotected command APDU
        
        :param CAPDU: The protected CAPDU to be parsed
        :param authenticate_header: Whether or not the header should be
            included in authentication mechanisms 
        :returns: Unprotected command APDU
        """
            
        structure = unpack(CAPDU.data)
        return_data = ["",]
        
        cla = None
        ins = None
        p1 = None
        p2 = None
        le = None
        
        if authenticate_header:
            to_authenticate = inttostring(CAPDU.cla) + inttostring(CAPDU.ins)+\
                              inttostring(CAPDU.p1) + inttostring(CAPDU.p2)
            to_authenticate = vsCrypto.append_padding(self.cct.blocklength, to_authenticate)
        else:
            to_authenticate = ""

        for tlv in structure:
            tag, length, value = tlv
            
            if tag % 2 == 1: #Include object in checksum calculation
                to_authenticate += bertlv_pack([[tag, length, value]])
            
            #SM data objects for encapsulating plain values
            if tag in (SM_Class["PLAIN_VALUE_NO_TLV"],
                       SM_Class["PLAIN_VALUE_NO_TLV_ODD"]):
                return_data.append(value) #FIXME: Need TLV coding?
            #Encapsulated SM objects. Parse them
            #FIXME: Need to pack value into a dummy CAPDU
            elif tag in (SM_Class["PLAIN_VALUE_TLV_INCULDING_SM"],
                         SM_Class["PLAIN_VALUE_TLV_INCULDING_SM_ODD"]):
                return_data.append(self.parse_SM_CAPDU(value, authenticate_header)) 
            #Encapsulated plaintext BER-TLV objects
            elif tag in (SM_Class["PLAIN_VALUE_TLV_NO_SM"],
                         SM_Class["PLAIN_VALUE_TLV_NO_SM_ODD"]):
                return_data.append(value)
            elif tag in (SM_Class["Ne"], SM_Class["Ne_ODD"]):
                le = value
            elif tag == SM_Class["PLAIN_COMMAND_HEADER"]:
                if len(value) != 8:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
                else:
                    cla = value[:2]
                    ins = value[2:4]
                    p1 = value[4:6]
                    p2 = value[6:8]

            #SM data objects for confidentiality
            if tag in (SM_Class["CRYPTOGRAM_PLAIN_TLV_INCLUDING_SM"],
                       SM_Class["CRYPTOGRAM_PLAIN_TLV_INCLUDING_SM_ODD"]):
                #The cryptogram includes SM objects. 
                #We decrypt them and parse the objects.
                plain = self.decipher(tag, 0x80, value)
                #TODO: Need Le = length
                return_data.append(self.parse_SM_CAPDU(plain, authenticate_header))
            elif tag in (SM_Class["CRYPTOGRAM_PLAIN_TLV_NO_SM"],
                         SM_Class["CRYPTOGRAM_PLAIN_TLV_NO_SM_ODD"]):
                #The cryptogram includes BER-TLV encoded plaintext. 
                #We decrypt them and return the objects.
                plain = self.decipher(tag, 0x80, value)
                return_data.append(plain)
            elif tag in (SM_Class["CRYPTOGRAM_PADDING_INDICATOR"],
                         SM_Class["CRYPTOGRAM_PADDING_INDICATOR_ODD"]):
                #The first byte of the data field indicates the padding to use:
                """
                Value        Meaning
                '00'     No further indication
                '01'     Padding as specified in 6.2.3.1
                '02'     No padding
                '1X'     One to four secret keys for enciphering information,
                         not keys ('X' is a bitmap with any value from '0' to 'F')
                '11'     indicates the first key (e.g., an "even" control word
                         in a pay TV system)
                '12'     indicates the second key (e.g., an "odd" control word
                         in a pay TV system)
                '13'     indicates the first key followed by the second key
                         (e.g., a pair of control words in a pay TV system)
                '2X'     Secret key for enciphering keys, not information
                         ('X' is a reference with any value from '0' to 'F')
                         (e.g., in a pay TV system, either an operational key
                         for enciphering control words, or a management key for
                         enciphering operational keys)
                '3X'     Private key of an asymmetric key pair ('X' is a
                         reference with any value from '0' to 'F')
                '4X'     Password ('X' is a reference with any value from '0' to
                         'F')
            '80' to '8E' Proprietary
                """
                padding_indicator = stringtoint(value[0])
                plain = self.decipher(tag, 0x80, value[1:])
                plain = vsCrypto.strip_padding(self.ct.blocklength, plain,
                                               padding_indicator)
                return_data.append(plain)

            #SM data objects for authentication 
            if tag == SM_Class["CHECKSUM"]:
                auth = vsCrypto.append_padding(self.cct.blocklength, to_authenticate)
                checksum = self.compute_cryptographic_checksum(0x8E,
                                                                   0x80,
                                                                   auth)
                if checksum != value:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
            elif tag == SM_Class["DIGITAL_SIGNATURE"]:
                auth = to_authenticate #FIXME: Need padding?
                signature = self.compute_digital_signature(0x9E, 0x9A, auth)
                if signature != value:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
            elif tag in (SM_Class["HASH_CODE"], SM_Class["HASH_CODE_ODD"]):
                hash = self.hash(p1, p2, to_authenticate)
                if hash != value:
                    raise SwError(SW["ERR_SECMESSOBJECTSINCORRECT"])
                
        #Form unprotected CAPDU
        if cla == None:
            cla = CAPDU.cla
        if ins == None:
            ins = CAPDU.ins
        if p1 == None:
            p1 = CAPDU.p1
        if p2 == None:
            p2 = CAPDU.p2
        if le == None:
            le = CAPDU.le
        # FIXME
        #if expected != "":
            #raise SwError(SW["ERR_SECMESSOBJECTSMISSING"])

        if isinstance(le, str):
            # FIXME C_APDU only handles le with strings of length 1. Better patch utils.py to support extended length apdus
            le_int = stringtoint(le)
            if le_int == 0 and len(le) > 1:
                le_int = MAX_EXTENDED_LE
            le = le_int
        
        c = C_APDU(cla=cla, ins=ins, p1=p1, p2=p2, le=le, data="".join(return_data))
        return c