def getPubKey(self, bac_cp, mrz_value):
"""
It uses method from pypassport.doc9303.bac in order to authenticate and establish the session keys
@param bac_cp: A BAC for the authentication and establishment of session keys
@type bac_cp: A pypassport.doc9303.bac.BAC() object
@param mrz_value: A MRZ
@type mrz_value: String value ("PPPPPPPPPPcCCCYYMMDDcSYYMMDDc<<<<<<<<<<<<<<cd")
@return: The public key (DG15)
"""
self.log("Reset conenction")
self._iso7816.rstConnection()
self.log("Generate the MRZ object")
mrz_pass = mrz.MRZ(mrz_value)
self.log("Check the MRZ")
mrz_pass.checkMRZ()
self.log("Authentication and establishment of session keys")
(KSenc, KSmac, ssc) = bac_cp.authenticationAndEstablishmentOfSessionKeys(mrz_pass)
self.log("Encryption key: {0}".format(binToHexRep(KSenc)))
self.log("MAC key: {0}".format(binToHexRep(KSmac)))
self.log("Send Sequence Counter: {0}".format(binToHexRep(ssc)))
sm = SecureMessaging(KSenc, KSmac, ssc)
self._iso7816.setCiphering(sm)
dgReader = datagroup.DataGroupReaderFactory().create(self._iso7816)
tag = converter.toTAG("DG15")
dgFile = dgReader.readDG(tag)
self.log("Get public key")
dg15 = datagroup.DataGroupFactory().create(dgFile)
self.log("Public key: {0}".format(binToHexRep(dg15.body)))
return dg15.body
def create(self, type, issuer, name, surname, nat, sex, passportID, birthDate, expiryDate):
m = mrz.MRZ(None)
forgedMRZ = m.buildMRZ(type, issuer, name, surname, nat, sex, passportID, self._convertDate(birthDate), self._convertDate(expiryDate))
self._dgc.addDataObject("5F1F", forgedMRZ)
return DataGroup1(self._dgc).parse()
def setKseed(self, dg1):
l2 = dg1["5F1F"][44:]
b = bac.BAC(None)
m = mrz.MRZ(l2)
m.checkMRZ()
kseed = binToHexRep(b.mrz_information(m))
toSend = CommandAPDU("10", "A7", "00", "00", "18", kseed, "")
self._iso7816.transmit(toSend, "Set KSeed")
self.log("Kseed set")
def __init__(self, reader, epMrz=None):
"""
This object provide most of the functionnalities described in the EPassport document.
- The basic acces control + secure messaging
- The active authentication
- The passive authentication
- Reading of the various dataGroups
@param reader: It can be a reader or a path to dumps
@type reader: A reader object, then it will use the specified rfid reader.
A string, then the simulator will read the dumps from the specified url.
@param mrz: An object representing the passport MRZ.
@type mrz: An MRZ object
"""
logger.Logger.__init__(self, "EPassport")
if epMrz:
self._mrz = mrz.MRZ(epMrz)
if self._mrz.checkMRZ() == False:
raise EPassportException("Invalid MRZ")
else:
self._mrz = None
self._iso7816 = iso7816.Iso7816(reader)
self._iso7816.register(self._logFct)
self._dgReader = datagroup.DataGroupReaderFactory().create(
self._iso7816)
self._dgReader.register(self._logFct)
self._bac = bac.BAC(self._iso7816)
self._bac.register(self._logFct)
self._openSSL = openssl.OpenSSL()
self._openSSL.register(self._logFct)
self._aa = activeauthentication.ActiveAuthentication(
self._iso7816, self._openSSL)
self._aa.register(self._logFct)
self._pa = passiveauthentication.PassiveAuthentication(self._openSSL)
self._pa.register(self._logFct)
self._CSCADirectory = None
self._selectPassportApp()
def performBAC(self):
try:
if self.mrz.buildMRZ():
self.reset()
self.init()
basic_access_control = bac.BAC(self._iso7816)
(
KSenc, KSmac, ssc
) = basic_access_control.authenticationAndEstablishmentOfSessionKeys(
mrz.MRZ(self.mrz.buildMRZ()))
sm = securemessaging.SecureMessaging(KSenc, KSmac, ssc)
self._iso7816.setCiphering(sm)
self.writeToLog("CIPHERING SET:\n{0}".format(sm))
else:
tkMessageBox.showerror("Error: BAC",
"You have to set the proper MRZ first")
except Exception, msg:
tkMessageBox.showerror("Error: BAC", str(msg))
def genBACKeys(self):
try:
if self.mrz.buildMRZ():
basic_access_control = bac.BAC(self._iso7816)
mrz_to_send = mrz.MRZ(self.mrz.buildMRZ())
mrz_to_send.checkMRZ()
(Kenc, Kmac
) = basic_access_control.derivationOfDocumentBasicAccesKeys(
mrz_to_send)
Kenc = binToHexRep(Kenc)
Kmac = binToHexRep(Kmac)
self.writeToLog(
"GENERATE THE BAC KEYS:\n Kenc: {0}\n Kmac: {1}".format(
Kenc, Kmac))
self.field1Form.delete(0, END)
self.field1Form.insert(0, Kenc)
self.field2Form.delete(0, END)
self.field2Form.insert(0, Kmac)
else:
tkMessageBox.showerror("Error: Generate BAC keys",
"You have to set the proper MRZ first")
except Exception, msg:
tkMessageBox.showerror("Error: BAC", str(msg))
def switchMRZ(self, newMRZ):
currentMRZ = self._mrz
self._mrz = mrz.MRZ(newMRZ)
if self._mrz.checkMRZ() == False:
raise EPassportException("Invalid MRZ")
return str(currentMRZ)