mirror of
https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC.git
synced 2024-12-22 12:30:16 +02:00
Merge remote-tracking branch 'origin/authJWT' into MOB-42
This commit is contained in:
commit
44469b8533
@ -30,47 +30,43 @@ import javax.crypto.spec.IvParameterSpec;
|
|||||||
import javax.crypto.spec.SecretKeySpec;
|
import javax.crypto.spec.SecretKeySpec;
|
||||||
|
|
||||||
public class Comms {
|
public class Comms {
|
||||||
private static final byte[] master = { // select Main AID
|
|
||||||
0, -92, 4, 12, 16, -96, 0, 0, 0, 119, 1, 8, 0, 7, 0, 0, -2, 0, 0, 1, 0
|
|
||||||
};
|
|
||||||
|
|
||||||
private static final byte[] MSESetAT = { // manage security environment: set authentication template
|
private static final byte[] selectMaster = Hex.decode("00a4040c10a000000077010800070000fe00000100");
|
||||||
0, 34, -63, -92, 15, -128, 10, 4, 0, 127, 0, 7, 2, 2, 4, 2, 4, -125, 1, 2, 0
|
|
||||||
};
|
|
||||||
|
|
||||||
private static final byte[] GAGetNonce = { // general authenticate: get nonce
|
private static final byte[] MSESetAT = Hex.decode("0022c1a40f800a04007f0007020204020483010200");
|
||||||
16, -122, 0, 0, 2, 124, 0, 0
|
|
||||||
};
|
|
||||||
|
|
||||||
private static final byte[] GAMapNonceIncomplete = {
|
private static final byte[] GAGetNonce = Hex.decode("10860000027c0000");
|
||||||
16, -122, 0, 0, 69, 124, 67, -127, 65
|
|
||||||
};
|
|
||||||
|
|
||||||
private static final byte[] GAKeyAgreementIncomplete = {
|
private static final byte[] GAMapNonceIncomplete = Hex.decode("10860000457c438141");
|
||||||
16, -122, 0, 0, 69, 124, 67, -125, 65
|
|
||||||
};
|
|
||||||
|
|
||||||
private static final byte[] GAMutualAuthenticationIncomplete = {
|
private static final byte[] GAKeyAgreementIncomplete = Hex.decode("10860000457c438341");
|
||||||
0, -122, 0, 0, 12, 124, 10, -123, 8
|
|
||||||
};
|
|
||||||
|
|
||||||
private static final byte[] dataForMACIncomplete = {
|
private static final byte[] GAMutualAuthenticationIncomplete = Hex.decode("008600000c7c0a8508");
|
||||||
127, 73, 79, 6, 10, 4, 0, 127, 0, 7, 2, 2, 4, 2, 4, -122, 65
|
|
||||||
};
|
|
||||||
|
|
||||||
private static final byte[] masterSec = {
|
private static final byte[] dataForMACIncomplete = Hex.decode("7f494f060a04007f000702020402048641");
|
||||||
12, -92, 4, 12, 45, -121, 33, 1
|
|
||||||
};
|
|
||||||
|
|
||||||
private static final byte[] personal = { // select personal data DF
|
private static final byte[] selectFile = Hex.decode("0ca4010c1d871101");
|
||||||
12, -92, 1, 12, 29, -121, 17, 1
|
|
||||||
};
|
|
||||||
|
|
||||||
private static final byte[] read = { // read binary
|
private static final byte[] readFile = Hex.decode("0cb000000d970100");
|
||||||
12, -80, 0, 0, 13, -105, 1, 0
|
|
||||||
};
|
|
||||||
|
|
||||||
private IsoDep idCard;
|
private static final byte[] verifyPIN1 = Hex.decode("0c2000011d871101");
|
||||||
|
|
||||||
|
private static final byte[] verifyPIN2 = Hex.decode("0c2000851d871101");
|
||||||
|
|
||||||
|
private static final byte[] MSESetEnv = Hex.decode("0c2241A41d871101");
|
||||||
|
|
||||||
|
private static final byte[] Env = Hex.decode("8004FF200800840181");
|
||||||
|
|
||||||
|
private static final byte[] InternalAuthenticate = Hex.decode("0c8800001d871101");
|
||||||
|
|
||||||
|
private static final byte[] IASECCFID = {0x3f, 0x00};
|
||||||
|
private static final byte[] personalDF = {0x50, 0x00};
|
||||||
|
private static final byte[] AWP = {(byte) 0xad, (byte) 0xf1};
|
||||||
|
private static final byte[] QSCD = {(byte) 0xad, (byte) 0xf2};
|
||||||
|
private static final byte[] authCert = {0x34, 0x01};
|
||||||
|
private static final byte[] signCert = {0x34, 0x1f};
|
||||||
|
|
||||||
|
private final IsoDep idCard;
|
||||||
private final byte[] keyEnc;
|
private final byte[] keyEnc;
|
||||||
private final byte[] keyMAC;
|
private final byte[] keyMAC;
|
||||||
private byte ssc; // Send sequence counter.
|
private byte ssc; // Send sequence counter.
|
||||||
@ -84,21 +80,12 @@ public class Comms {
|
|||||||
public Comms(IsoDep idCard, String CAN) throws IOException, NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
|
public Comms(IsoDep idCard, String CAN) throws IOException, NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
|
||||||
|
|
||||||
idCard.connect();
|
idCard.connect();
|
||||||
|
|
||||||
this.idCard = idCard;
|
this.idCard = idCard;
|
||||||
|
byte[][] keys = PACE(CAN.getBytes(StandardCharsets.UTF_8));
|
||||||
long start = System.currentTimeMillis();
|
|
||||||
byte[][] keys = PACE(CAN);
|
|
||||||
Log.i("Pace duration", String.valueOf(System.currentTimeMillis() - start));
|
|
||||||
|
|
||||||
keyEnc = keys[0];
|
keyEnc = keys[0];
|
||||||
keyMAC = keys[1];
|
keyMAC = keys[1];
|
||||||
}
|
}
|
||||||
|
|
||||||
public byte[] getAuthenticationCertificate() {
|
|
||||||
return new byte[0];
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Calculates the message authentication code
|
* Calculates the message authentication code
|
||||||
*
|
*
|
||||||
@ -151,40 +138,51 @@ public class Comms {
|
|||||||
* @param CAN the card access number provided by the user
|
* @param CAN the card access number provided by the user
|
||||||
* @return the decrypted nonce
|
* @return the decrypted nonce
|
||||||
*/
|
*/
|
||||||
private byte[] decryptNonce(byte[] encryptedNonce, String CAN) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
|
private byte[] decryptNonce(byte[] encryptedNonce, byte[] CAN) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
|
||||||
byte[] decryptionKey = createKey(CAN.getBytes(StandardCharsets.UTF_8), (byte) 3);
|
byte[] decryptionKey = createKey(CAN, (byte) 3);
|
||||||
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
|
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
|
||||||
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryptionKey, "AES"), new IvParameterSpec(new byte[16]));
|
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryptionKey, "AES"), new IvParameterSpec(new byte[16]));
|
||||||
return cipher.doFinal(encryptedNonce);
|
return cipher.doFinal(encryptedNonce);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Communicates with the card and logs the response
|
||||||
|
*
|
||||||
|
* @param APDU The command
|
||||||
|
* @param log Information for logging
|
||||||
|
* @return The response
|
||||||
|
*/
|
||||||
|
private byte[] getResponse(byte[] APDU, String log) throws IOException {
|
||||||
|
byte[] response = idCard.transceive(APDU);
|
||||||
|
if (response[response.length - 2] != (byte) 0x90 || response[response.length - 1] != 0x00) {
|
||||||
|
throw new RuntimeException(String.format("%s failed.", log));
|
||||||
|
}
|
||||||
|
Log.i(log, Hex.toHexString(response));
|
||||||
|
return response;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Attempts to use the PACE protocol to create a secure channel with an Estonian ID-card
|
* Attempts to use the PACE protocol to create a secure channel with an Estonian ID-card
|
||||||
*
|
*
|
||||||
* @param CAN the card access number
|
* @param CAN the card access number
|
||||||
*/
|
*/
|
||||||
private byte[][] PACE(String CAN) throws IOException, NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException {
|
private byte[][] PACE(byte[] CAN) throws IOException, NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException {
|
||||||
|
|
||||||
// select the ECC applet on the chip
|
// select the IAS-ECC application on the chip
|
||||||
byte[] response = idCard.transceive(master);
|
getResponse(selectMaster, "Select the master application");
|
||||||
Log.i("Select applet", Hex.toHexString(response));
|
|
||||||
|
|
||||||
// initiate PACE
|
// initiate PACE
|
||||||
response = idCard.transceive(MSESetAT);
|
getResponse(MSESetAT, "Set authentication template");
|
||||||
Log.i("Authentication template", Hex.toHexString(response));
|
|
||||||
|
|
||||||
// get nonce
|
// get nonce
|
||||||
response = idCard.transceive(GAGetNonce);
|
byte[] response = getResponse(GAGetNonce, "Get nonce");
|
||||||
Log.i("Get nonce", Hex.toHexString(response));
|
|
||||||
byte[] decryptedNonce = decryptNonce(Arrays.copyOfRange(response, 4, response.length - 2), CAN);
|
byte[] decryptedNonce = decryptNonce(Arrays.copyOfRange(response, 4, response.length - 2), CAN);
|
||||||
|
|
||||||
// generate an EC keypair and exchange public keys with the chip
|
// generate an EC keypair and exchange public keys with the chip
|
||||||
ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec("secp256r1");
|
ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec("secp256r1");
|
||||||
BigInteger privateKey = new BigInteger(255, new SecureRandom()).add(BigInteger.ONE); // should be in [1, spec.getN()-1], but this is good enough for this application
|
BigInteger privateKey = new BigInteger(255, new SecureRandom()).add(BigInteger.ONE); // should be in [1, spec.getN()-1], but this is good enough for this application
|
||||||
ECPoint publicKey = spec.getG().multiply(privateKey).normalize();
|
ECPoint publicKey = spec.getG().multiply(privateKey).normalize();
|
||||||
byte[] APDU = createAPDU(GAMapNonceIncomplete, publicKey.getEncoded(false), 66);
|
response = getResponse(createAPDU(GAMapNonceIncomplete, publicKey.getEncoded(false), 66), "Map nonce");
|
||||||
response = idCard.transceive(APDU);
|
|
||||||
Log.i("Map nonce", Hex.toHexString(response));
|
|
||||||
ECPoint cardPublicKey = spec.getCurve().decodePoint(Arrays.copyOfRange(response, 4, 69));
|
ECPoint cardPublicKey = spec.getCurve().decodePoint(Arrays.copyOfRange(response, 4, 69));
|
||||||
|
|
||||||
// calculate the new base point, use it to generate a new keypair, and exchange public keys
|
// calculate the new base point, use it to generate a new keypair, and exchange public keys
|
||||||
@ -192,35 +190,41 @@ public class Comms {
|
|||||||
ECPoint mappedECBasePoint = spec.getG().multiply(new BigInteger(1, decryptedNonce)).add(sharedSecret).normalize();
|
ECPoint mappedECBasePoint = spec.getG().multiply(new BigInteger(1, decryptedNonce)).add(sharedSecret).normalize();
|
||||||
privateKey = new BigInteger(255, new SecureRandom()).add(BigInteger.ONE);
|
privateKey = new BigInteger(255, new SecureRandom()).add(BigInteger.ONE);
|
||||||
publicKey = mappedECBasePoint.multiply(privateKey).normalize();
|
publicKey = mappedECBasePoint.multiply(privateKey).normalize();
|
||||||
APDU = createAPDU(GAKeyAgreementIncomplete, publicKey.getEncoded(false), 66);
|
response = getResponse(createAPDU(GAKeyAgreementIncomplete, publicKey.getEncoded(false), 66), "Key agreement");
|
||||||
response = idCard.transceive(APDU);
|
|
||||||
Log.i("Key agreement", Hex.toHexString(response));
|
|
||||||
cardPublicKey = spec.getCurve().decodePoint(Arrays.copyOfRange(response, 4, 69));
|
cardPublicKey = spec.getCurve().decodePoint(Arrays.copyOfRange(response, 4, 69));
|
||||||
|
|
||||||
// generate the session keys and exchange MACs to verify them
|
// generate the session keys and exchange MACs to verify them
|
||||||
sharedSecret = cardPublicKey.multiply(privateKey).normalize();
|
byte[] secret = cardPublicKey.multiply(privateKey).normalize().getAffineXCoord().getEncoded();
|
||||||
byte[] encodedSecret = sharedSecret.getAffineXCoord().getEncoded();
|
byte[] keyEnc = createKey(secret, (byte) 1);
|
||||||
byte[] keyEnc = createKey(encodedSecret, (byte) 1);
|
byte[] keyMAC = createKey(secret, (byte) 2);
|
||||||
byte[] keyMAC = createKey(encodedSecret, (byte) 2);
|
byte[] MAC = getMAC(createAPDU(dataForMACIncomplete, cardPublicKey.getEncoded(false), 65), keyMAC);
|
||||||
APDU = createAPDU(dataForMACIncomplete, cardPublicKey.getEncoded(false), 65);
|
response = getResponse(createAPDU(GAMutualAuthenticationIncomplete, MAC, 9), "Mutual authentication");
|
||||||
byte[] MAC = getMAC(APDU, keyMAC);
|
|
||||||
APDU = createAPDU(GAMutualAuthenticationIncomplete, MAC, 9);
|
|
||||||
response = idCard.transceive(APDU);
|
|
||||||
Log.i("Mutual authentication", Hex.toHexString(response));
|
|
||||||
|
|
||||||
// if the chip-side verification fails, crash and burn
|
// verify chip's MAC and return session keys
|
||||||
if (response.length == 2) throw new RuntimeException("Invalid CAN.");
|
MAC = getMAC(createAPDU(dataForMACIncomplete, publicKey.getEncoded(false), 65), keyMAC);
|
||||||
|
|
||||||
// otherwise verify chip's MAC and return session keys
|
|
||||||
APDU = createAPDU(dataForMACIncomplete, publicKey.getEncoded(false), 65);
|
|
||||||
MAC = getMAC(APDU, keyMAC);
|
|
||||||
if (!Hex.toHexString(response, 4, 8).equals(Hex.toHexString(MAC))) {
|
if (!Hex.toHexString(response, 4, 8).equals(Hex.toHexString(MAC))) {
|
||||||
throw new RuntimeException("Could not verify chip's MAC."); // Should never happen.
|
throw new RuntimeException("Could not verify chip's MAC."); // *Should* never happen.
|
||||||
}
|
}
|
||||||
return new byte[][]{keyEnc, keyMAC};
|
return new byte[][]{keyEnc, keyMAC};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Selects a file and reads its contents
|
||||||
|
*
|
||||||
|
* @param FID file identifier of the required file
|
||||||
|
* @param info string for logging
|
||||||
|
* @return decrypted file contents
|
||||||
|
*/
|
||||||
|
private byte[] readFile(byte[] FID, String info) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, IOException {
|
||||||
|
selectFile(FID, info);
|
||||||
|
byte[] response = getResponse(new byte[0], readFile, "Read binary");
|
||||||
|
if (response[response.length - 2] != (byte) 0x90 || response[response.length - 1] != 0x00) {
|
||||||
|
throw new RuntimeException(String.format("Could not read %s", info));
|
||||||
|
}
|
||||||
|
return encryptDecryptData(Arrays.copyOfRange(response, 3, 19), Cipher.DECRYPT_MODE);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Encrypts or decrypts the APDU data
|
* Encrypts or decrypts the APDU data
|
||||||
*
|
*
|
||||||
@ -255,74 +259,180 @@ public class Comms {
|
|||||||
byte[] macData = new byte[data.length > 0 ? 48 + length : 48];
|
byte[] macData = new byte[data.length > 0 ? 48 + length : 48];
|
||||||
macData[15] = ssc; // first block contains the ssc
|
macData[15] = ssc; // first block contains the ssc
|
||||||
System.arraycopy(incomplete, 0, macData, 16, 4); // second block has the command
|
System.arraycopy(incomplete, 0, macData, 16, 4); // second block has the command
|
||||||
macData[20] = -128; // elements are terminated by 0x80 and zero-padded to the next block
|
macData[20] = (byte) 0x80; // elements are terminated by 0x80 and zero-padded to the next block
|
||||||
System.arraycopy(incomplete, 5, macData, 32, 3); // third block contains appropriately encapsulated data/Le
|
System.arraycopy(incomplete, 5, macData, 32, 3); // third block contains appropriately encapsulated data/Le
|
||||||
if (data.length > 0) { // if the APDU has data, add padding and encrypt it
|
if (data.length > 0) { // if the APDU has data, add padding and encrypt it
|
||||||
byte[] paddedData = Arrays.copyOf(data, length);
|
byte[] paddedData = Arrays.copyOf(data, length);
|
||||||
paddedData[data.length] = -128;
|
paddedData[data.length] = (byte) 0x80;
|
||||||
encryptedData = encryptDecryptData(paddedData, Cipher.ENCRYPT_MODE);
|
encryptedData = encryptDecryptData(paddedData, Cipher.ENCRYPT_MODE);
|
||||||
System.arraycopy(encryptedData, 0, macData, 35, encryptedData.length);
|
System.arraycopy(encryptedData, 0, macData, 35, encryptedData.length);
|
||||||
}
|
}
|
||||||
macData[35 + encryptedData.length] = -128;
|
macData[35 + encryptedData.length] = (byte) 0x80;
|
||||||
byte[] MAC = getMAC(macData, keyMAC);
|
byte[] MAC = getMAC(macData, keyMAC);
|
||||||
|
|
||||||
// construct the APDU using the encrypted data and the MAC
|
// construct the APDU using the encrypted data and the MAC
|
||||||
byte[] APDU = new byte[incomplete.length + encryptedData.length + MAC.length + 3];
|
byte[] APDU = Arrays.copyOf(incomplete, incomplete.length + encryptedData.length + MAC.length + 3);
|
||||||
System.arraycopy(incomplete, 0, APDU, 0, incomplete.length);
|
|
||||||
if (encryptedData.length > 0) {
|
if (encryptedData.length > 0) {
|
||||||
System.arraycopy(encryptedData, 0, APDU, incomplete.length, encryptedData.length);
|
System.arraycopy(encryptedData, 0, APDU, incomplete.length, encryptedData.length);
|
||||||
}
|
}
|
||||||
System.arraycopy(new byte[]{-114, 8}, 0, APDU, incomplete.length + encryptedData.length, 2); // MAC is encapsulated using the tag 0x8E
|
System.arraycopy(new byte[]{(byte) 0x8E, 0x08}, 0, APDU, incomplete.length + encryptedData.length, 2); // MAC is encapsulated using the tag 0x8E
|
||||||
System.arraycopy(MAC, 0, APDU, incomplete.length + encryptedData.length + 2, MAC.length);
|
System.arraycopy(MAC, 0, APDU, incomplete.length + encryptedData.length + 2, MAC.length);
|
||||||
|
|
||||||
ssc++;
|
ssc++;
|
||||||
return APDU;
|
return APDU;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the contents of the personal data dedicated file
|
* Selects a FILE by its identifier
|
||||||
*
|
|
||||||
* @param FID the last bytes of file identifiers being requested
|
|
||||||
* @return array containing the data strings
|
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public String[] readPersonalData(byte[] FID) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, IOException {
|
private void selectFile(byte[] FID, String info) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, IOException {
|
||||||
|
byte[] response = getResponse(FID, selectFile, String.format("Select %s", info));
|
||||||
|
if (response[response.length - 2] != (byte) 0x90 || response[response.length - 1] != 0x00) {
|
||||||
|
throw new RuntimeException(String.format("Could not select %s", info));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
String[] personalData = new String[FID.length];
|
/**
|
||||||
byte[] data;
|
* Gets the contents of the personal data dedicated file
|
||||||
byte[] APDU;
|
*
|
||||||
byte[] response;
|
* @param lastBytes the last bytes of the personal data file identifiers (0 < x < 16)
|
||||||
|
* @return array containing the corresponding data strings
|
||||||
|
*/
|
||||||
|
public String[] readPersonalData(byte[] lastBytes) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, IOException {
|
||||||
|
|
||||||
|
String[] personalData = new String[lastBytes.length];
|
||||||
|
int stringIndex = 0;
|
||||||
|
|
||||||
|
// select the master application
|
||||||
|
selectFile(IASECCFID, "the master application");
|
||||||
|
|
||||||
// select the personal data dedicated file
|
// select the personal data dedicated file
|
||||||
data = new byte[]{80, 0}; // personal data DF FID
|
selectFile(personalDF, "the personal data DF");
|
||||||
APDU = createSecureAPDU(data, personal);
|
|
||||||
response = idCard.transceive(APDU);
|
|
||||||
Log.i("Select personal data DF", Hex.toHexString(response));
|
|
||||||
|
|
||||||
// select and read the first 8 elementary files in the DF
|
byte[] FID = Arrays.copyOf(personalDF, personalDF.length);
|
||||||
for (int i = 0; i < FID.length; i++) {
|
// select and read the personal data elementary files
|
||||||
|
for (byte index : lastBytes) {
|
||||||
|
|
||||||
byte index = FID[i];
|
|
||||||
if (index > 15 || index < 1) throw new RuntimeException("Invalid personal data FID.");
|
if (index > 15 || index < 1) throw new RuntimeException("Invalid personal data FID.");
|
||||||
|
FID[1] = index;
|
||||||
data[1] = index;
|
|
||||||
APDU = createSecureAPDU(data, personal);
|
|
||||||
response = idCard.transceive(APDU);
|
|
||||||
Log.i(String.format("Select EF 500%d", index), Hex.toHexString(response));
|
|
||||||
|
|
||||||
APDU = createSecureAPDU(new byte[0], read);
|
|
||||||
response = idCard.transceive(APDU);
|
|
||||||
Log.i(String.format("Read binary EF 500%d", index), Hex.toHexString(response));
|
|
||||||
|
|
||||||
// store the decrypted datum
|
// store the decrypted datum
|
||||||
byte[] raw = encryptDecryptData(Arrays.copyOfRange(response, 3, 19), Cipher.DECRYPT_MODE);
|
byte[] response = readFile(FID, "a personal data EF");
|
||||||
int indexOfTerminator = Hex.toHexString(raw).lastIndexOf("80") / 2;
|
int indexOfTerminator = Hex.toHexString(response).lastIndexOf("80") / 2;
|
||||||
personalData[i] = new String(Arrays.copyOfRange(raw, 0, indexOfTerminator));
|
personalData[stringIndex++] = new String(Arrays.copyOfRange(response, 0, indexOfTerminator));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return personalData;
|
return personalData;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Attempts to verify the selected PIN
|
||||||
|
*
|
||||||
|
* @param PIN user-provided PIN
|
||||||
|
* @param oneOrTwo true for PIN1, false for PIN2
|
||||||
|
*/
|
||||||
|
private void verifyPIN(byte[] PIN, boolean oneOrTwo) throws NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException, IOException {
|
||||||
|
|
||||||
|
selectFile(IASECCFID, "the master application");
|
||||||
|
if (!oneOrTwo) {
|
||||||
|
selectFile(QSCD, "the application");
|
||||||
|
}
|
||||||
|
|
||||||
|
// pad the PIN and use the chip for verification
|
||||||
|
byte[] paddedPIN = Hex.decode("ffffffffffffffffffffffff");
|
||||||
|
System.arraycopy(PIN, 0, paddedPIN, 0, PIN.length);
|
||||||
|
byte[] response = getResponse(paddedPIN, oneOrTwo ? verifyPIN1 : verifyPIN2, "PIN verification");
|
||||||
|
|
||||||
|
if (response[response.length - 2] != (byte) 0x90 || response[response.length - 1] != 0x00) {
|
||||||
|
if (response[response.length - 2] == 0x69 && response[response.length - 1] == (byte) 0x83) {
|
||||||
|
throw new RuntimeException("Invalid PIN. Authentication method blocked.");
|
||||||
|
} else {
|
||||||
|
throw new RuntimeException(String.format("Invalid PIN. Attempts left: %d.", response[response.length - 1] + 64));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retrieves the authentication or signature certificate from the chip
|
||||||
|
*
|
||||||
|
* @param authOrSign true for auth, false for sign cert
|
||||||
|
* @return the requested certificate
|
||||||
|
*/
|
||||||
|
public byte[] getCertificate(boolean authOrSign) throws NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException, IOException {
|
||||||
|
|
||||||
|
selectFile(IASECCFID, "the master application");
|
||||||
|
|
||||||
|
selectFile(authOrSign ? AWP : QSCD, "the application");
|
||||||
|
|
||||||
|
selectFile(authOrSign ? authCert : signCert, "the certificate");
|
||||||
|
|
||||||
|
byte[] certificate = new byte[0];
|
||||||
|
byte[] readCert = Arrays.copyOf(readFile, readFile.length);
|
||||||
|
// Construct the certificate byte array n=indexOfTerminator bytes at a time
|
||||||
|
for (int i = 0; i < 16; i++) {
|
||||||
|
|
||||||
|
// Set the P1/P2 values to incrementally read the certificate
|
||||||
|
readCert[2] = (byte) (certificate.length / 256);
|
||||||
|
readCert[3] = (byte) (certificate.length % 256);
|
||||||
|
byte[] response = getResponse(new byte[0], readCert, "Read the certificate");
|
||||||
|
if (response[response.length - 2] == 0x6b && response[response.length - 1] == 0x00) {
|
||||||
|
throw new RuntimeException("Wrong read parameters.");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set the range containing a portion of the certificate and decrypt it
|
||||||
|
int start = response[2] == 1 ? 3 : 4;
|
||||||
|
int end = start + (response[start - 2] + 256) % 256 - 1;
|
||||||
|
byte[] decrypted = encryptDecryptData(Arrays.copyOfRange(response, start, end), Cipher.DECRYPT_MODE);
|
||||||
|
int indexOfTerminator = Hex.toHexString(decrypted).lastIndexOf("80") / 2;
|
||||||
|
certificate = Arrays.copyOf(certificate, certificate.length + indexOfTerminator);
|
||||||
|
System.arraycopy(decrypted, 0, certificate, certificate.length - indexOfTerminator, indexOfTerminator);
|
||||||
|
|
||||||
|
if (response[response.length - 2] == (byte) 0x90 && response[response.length - 1] == 0x00) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return certificate;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Signs the authentication token hash
|
||||||
|
*
|
||||||
|
* @param PIN1 PIN1
|
||||||
|
* @param token the token hash to be signed
|
||||||
|
* @return authentication token hash signature
|
||||||
|
*/
|
||||||
|
public byte[] authenticate(String PIN1, byte[] token) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, IOException {
|
||||||
|
|
||||||
|
verifyPIN(PIN1.getBytes(StandardCharsets.UTF_8), true);
|
||||||
|
|
||||||
|
selectFile(AWP, "the AWP application");
|
||||||
|
|
||||||
|
byte[] response = getResponse(Env, MSESetEnv, "Set environment");
|
||||||
|
if (response[response.length - 2] != (byte) 0x90 || response[response.length - 1] != 0x00) {
|
||||||
|
throw new RuntimeException("Setting the environment failed.");
|
||||||
|
}
|
||||||
|
|
||||||
|
InternalAuthenticate[4] = (byte) (0x1d + 16 * (token.length / 16));
|
||||||
|
InternalAuthenticate[6] = (byte) (0x11 + 16 * (token.length / 16));
|
||||||
|
response = getResponse(token, InternalAuthenticate, "Internal Authenticate");
|
||||||
|
if (response[response.length - 2] != (byte) 0x90 || response[response.length - 1] != 0x00) {
|
||||||
|
throw new RuntimeException("Signing the token failed.");
|
||||||
|
}
|
||||||
|
|
||||||
|
byte[] signature = encryptDecryptData(Arrays.copyOfRange(response, 3, 115), Cipher.DECRYPT_MODE);
|
||||||
|
int indexOfTerminator = Hex.toHexString(signature).lastIndexOf("80") / 2;
|
||||||
|
|
||||||
|
return Arrays.copyOf(signature, indexOfTerminator);
|
||||||
|
}
|
||||||
|
|
||||||
|
private byte[] getResponse(byte[] data, byte[] command, String log) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, IOException {
|
||||||
|
byte[] response = idCard.transceive(createSecureAPDU(data, command));
|
||||||
|
Log.i(log, Hex.toHexString(response));
|
||||||
|
return response;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -9,7 +9,7 @@ class Authenticator(val comms : Comms) {
|
|||||||
public fun authenticate(nonce: BigInteger, challengeUrl: String, pin1: String) {
|
public fun authenticate(nonce: BigInteger, challengeUrl: String, pin1: String) {
|
||||||
|
|
||||||
// Ask PIN 1 from the user and get the authentication certificate from the ID card.
|
// Ask PIN 1 from the user and get the authentication certificate from the ID card.
|
||||||
val authenticationCertificate : ByteArray = comms.getAuthenticationCertificate();
|
val authenticationCertificate : ByteArray = comms.getCertificate(true);
|
||||||
|
|
||||||
// Create the authentication token (OpenID X509)
|
// Create the authentication token (OpenID X509)
|
||||||
|
|
||||||
|
@ -9,7 +9,7 @@ buildscript {
|
|||||||
kotlin_version = "1.4.30"
|
kotlin_version = "1.4.30"
|
||||||
}
|
}
|
||||||
dependencies {
|
dependencies {
|
||||||
classpath "com.android.tools.build:gradle:7.0.2"
|
classpath 'com.android.tools.build:gradle:7.0.3'
|
||||||
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:1.5.20"
|
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:1.5.20"
|
||||||
classpath "androidx.navigation:navigation-safe-args-gradle-plugin:$nav_version"
|
classpath "androidx.navigation:navigation-safe-args-gradle-plugin:$nav_version"
|
||||||
// NOTE: Do not place your application dependencies here; they belong
|
// NOTE: Do not place your application dependencies here; they belong
|
||||||
|
Loading…
Reference in New Issue
Block a user