def getPubKey(self, bac_cp, mrz_value): """ It uses method from pypassport.doc9303.bac in order to authenticate and establish the session keys @param bac_cp: A BAC for the authentication and establishment of session keys @type bac_cp: A pypassport.doc9303.bac.BAC() object @param mrz_value: A MRZ @type mrz_value: String value ("PPPPPPPPPPcCCCYYMMDDcSYYMMDDc<<<<<<<<<<<<<<cd") @return: The public key (DG15) """ self.log("Reset conenction") self._iso7816.rstConnection() self.log("Generate the MRZ object") mrz_pass = mrz.MRZ(mrz_value) self.log("Check the MRZ") mrz_pass.checkMRZ() self.log("Authentication and establishment of session keys") (KSenc, KSmac, ssc) = bac_cp.authenticationAndEstablishmentOfSessionKeys(mrz_pass) self.log("Encryption key: {0}".format(binToHexRep(KSenc))) self.log("MAC key: {0}".format(binToHexRep(KSmac))) self.log("Send Sequence Counter: {0}".format(binToHexRep(ssc))) sm = SecureMessaging(KSenc, KSmac, ssc) self._iso7816.setCiphering(sm) dgReader = datagroup.DataGroupReaderFactory().create(self._iso7816) tag = converter.toTAG("DG15") dgFile = dgReader.readDG(tag) self.log("Get public key") dg15 = datagroup.DataGroupFactory().create(dgFile) self.log("Public key: {0}".format(binToHexRep(dg15.body))) return dg15.body
def create(self, type, issuer, name, surname, nat, sex, passportID, birthDate, expiryDate): m = mrz.MRZ(None) forgedMRZ = m.buildMRZ(type, issuer, name, surname, nat, sex, passportID, self._convertDate(birthDate), self._convertDate(expiryDate)) self._dgc.addDataObject("5F1F", forgedMRZ) return DataGroup1(self._dgc).parse()
def setKseed(self, dg1): l2 = dg1["5F1F"][44:] b = bac.BAC(None) m = mrz.MRZ(l2) m.checkMRZ() kseed = binToHexRep(b.mrz_information(m)) toSend = CommandAPDU("10", "A7", "00", "00", "18", kseed, "") self._iso7816.transmit(toSend, "Set KSeed") self.log("Kseed set")
def __init__(self, reader, epMrz=None): """ This object provide most of the functionnalities described in the EPassport document. - The basic acces control + secure messaging - The active authentication - The passive authentication - Reading of the various dataGroups @param reader: It can be a reader or a path to dumps @type reader: A reader object, then it will use the specified rfid reader. A string, then the simulator will read the dumps from the specified url. @param mrz: An object representing the passport MRZ. @type mrz: An MRZ object """ logger.Logger.__init__(self, "EPassport") if epMrz: self._mrz = mrz.MRZ(epMrz) if self._mrz.checkMRZ() == False: raise EPassportException("Invalid MRZ") else: self._mrz = None self._iso7816 = iso7816.Iso7816(reader) self._iso7816.register(self._logFct) self._dgReader = datagroup.DataGroupReaderFactory().create( self._iso7816) self._dgReader.register(self._logFct) self._bac = bac.BAC(self._iso7816) self._bac.register(self._logFct) self._openSSL = openssl.OpenSSL() self._openSSL.register(self._logFct) self._aa = activeauthentication.ActiveAuthentication( self._iso7816, self._openSSL) self._aa.register(self._logFct) self._pa = passiveauthentication.PassiveAuthentication(self._openSSL) self._pa.register(self._logFct) self._CSCADirectory = None self._selectPassportApp()
def performBAC(self): try: if self.mrz.buildMRZ(): self.reset() self.init() basic_access_control = bac.BAC(self._iso7816) ( KSenc, KSmac, ssc ) = basic_access_control.authenticationAndEstablishmentOfSessionKeys( mrz.MRZ(self.mrz.buildMRZ())) sm = securemessaging.SecureMessaging(KSenc, KSmac, ssc) self._iso7816.setCiphering(sm) self.writeToLog("CIPHERING SET:\n{0}".format(sm)) else: tkMessageBox.showerror("Error: BAC", "You have to set the proper MRZ first") except Exception, msg: tkMessageBox.showerror("Error: BAC", str(msg))
def genBACKeys(self): try: if self.mrz.buildMRZ(): basic_access_control = bac.BAC(self._iso7816) mrz_to_send = mrz.MRZ(self.mrz.buildMRZ()) mrz_to_send.checkMRZ() (Kenc, Kmac ) = basic_access_control.derivationOfDocumentBasicAccesKeys( mrz_to_send) Kenc = binToHexRep(Kenc) Kmac = binToHexRep(Kmac) self.writeToLog( "GENERATE THE BAC KEYS:\n Kenc: {0}\n Kmac: {1}".format( Kenc, Kmac)) self.field1Form.delete(0, END) self.field1Form.insert(0, Kenc) self.field2Form.delete(0, END) self.field2Form.insert(0, Kmac) else: tkMessageBox.showerror("Error: Generate BAC keys", "You have to set the proper MRZ first") except Exception, msg: tkMessageBox.showerror("Error: BAC", str(msg))
def switchMRZ(self, newMRZ): currentMRZ = self._mrz self._mrz = mrz.MRZ(newMRZ) if self._mrz.checkMRZ() == False: raise EPassportException("Invalid MRZ") return str(currentMRZ)