]> git.zerfleddert.de Git - proxmark3-svn/blame - armsrc/epa.c
Re-submitting Midnitesnake's Mifare Ultralight Patch
[proxmark3-svn] / armsrc / epa.c
CommitLineData
5acd09bd 1//-----------------------------------------------------------------------------
2// Frederik Möllers - August 2012
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// Routines to support the German eletronic "Personalausweis" (ID card)
9// Note that the functions which do not implement USB commands do NOT initialize
10// the card (with iso14443a_select_card etc.). If You want to use these
11// functions, You need to do the setup before calling them!
12//-----------------------------------------------------------------------------
13
14#include "iso14443a.h"
5acd09bd 15#include "epa.h"
902cb3c0 16#include "cmd.h"
5acd09bd 17
18// Protocol and Parameter Selection Request
19// use regular (1x) speed in both directions
20// CRC is already included
21static const uint8_t pps[] = {0xD0, 0x11, 0x00, 0x52, 0xA6};
22
23// APDUs for communication with German Identification Card
24
25// General Authenticate (request encrypted nonce) WITHOUT the Le at the end
26static const uint8_t apdu_general_authenticate_pace_get_nonce[] = {
27 0x10, // CLA
28 0x86, // INS
29 0x00, // P1
30 0x00, // P2
31 0x02, // Lc
32 0x7C, // Type: Dynamic Authentication Data
33 0x00, // Length: 0 bytes
34};
35
36// MSE: Set AT (only CLA, INS, P1 and P2)
37static const uint8_t apdu_mse_set_at_start[] = {
38 0x00, // CLA
39 0x22, // INS
40 0xC1, // P1
41 0xA4, // P2
42};
43
44// SELECT BINARY with the ID for EF.CardAccess
45static const uint8_t apdu_select_binary_cardaccess[] = {
46 0x00, // CLA
47 0xA4, // INS
48 0x02, // P1
49 0x0C, // P2
50 0x02, // Lc
51 0x01, // ID
52 0x1C // ID
53};
54
55// READ BINARY
56static const uint8_t apdu_read_binary[] = {
57 0x00, // CLA
58 0xB0, // INS
59 0x00, // P1
60 0x00, // P2
61 0x38 // Le
62};
63
64
65// the leading bytes of a PACE OID
66static const uint8_t oid_pace_start[] = {
67 0x04, // itu-t, identified-organization
68 0x00, // etsi
69 0x7F, // reserved
70 0x00, // etsi-identified-organization
71 0x07, // bsi-de
72 0x02, // protocols
73 0x02, // smartcard
74 0x04 // id-PACE
75};
76
77//-----------------------------------------------------------------------------
78// Closes the communication channel and turns off the field
79//-----------------------------------------------------------------------------
80void EPA_Finish()
81{
82 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
83 LEDsoff();
84}
85
86//-----------------------------------------------------------------------------
87// Parses DER encoded data, e.g. from EF.CardAccess and fills out the given
88// structs. If a pointer is 0, it is ignored.
89// The function returns 0 on success and if an error occured, it returns the
90// offset where it occured.
91//
92// TODO: This function can access memory outside of the given data if the DER
93// encoding is broken
94// TODO: Support skipping elements with a length > 0x7F
95// TODO: Support OIDs with a length > 7F
96// TODO: Support elements with long tags (tag is longer than 1 byte)
97// TODO: Support proprietary PACE domain parameters
98//-----------------------------------------------------------------------------
99size_t EPA_Parse_CardAccess(uint8_t *data,
100 size_t length,
101 pace_version_info_t *pace_info)
102{
103 size_t index = 0;
104
105 while (index <= length - 2) {
106 // determine type of element
107 // SET or SEQUENCE
108 if (data[index] == 0x31 || data[index] == 0x30) {
109 // enter the set (skip tag + length)
110 index += 2;
111 // extended length
112 if ((data[index - 1] & 0x80) != 0) {
113 index += (data[index] & 0x7F);
114 }
115 }
116 // OID
117 else if (data[index] == 0x06) {
118 // is this a PACE OID?
119 if (data[index + 1] == 0x0A // length matches
120 && memcmp(data + index + 2,
121 oid_pace_start,
122 sizeof(oid_pace_start)) == 0 // content matches
123 && pace_info != NULL)
124 {
125 // first, clear the pace_info struct
126 memset(pace_info, 0, sizeof(pace_version_info_t));
127 memcpy(pace_info->oid, data + index + 2, sizeof(pace_info->oid));
128 // a PACE OID is followed by the version
129 index += data[index + 1] + 2;
130 if (data[index] == 02 && data[index + 1] == 01) {
131 pace_info->version = data[index + 2];
132 index += 3;
133 }
134 else {
135 return index;
136 }
137 // after that there might(!) be the parameter ID
138 if (data[index] == 02 && data[index + 1] == 01) {
139 pace_info->parameter_id = data[index + 2];
140 index += 3;
141 }
142 }
143 else {
144 // skip this OID
145 index += 2 + data[index + 1];
146 }
147 }
148 // if the length is 0, something is wrong
149 // TODO: This needs to be extended to support long tags
150 else if (data[index + 1] == 0) {
151 return index;
152 }
153 else {
154 // skip this part
155 // TODO: This needs to be extended to support long tags
156 // TODO: This needs to be extended to support unknown elements with
157 // a size > 0x7F
158 index += 2 + data[index + 1];
159 }
160 }
161
162 // TODO: We should check whether we reached the end in error, but for that
163 // we need a better parser (e.g. with states like IN_SET or IN_PACE_INFO)
164 return 0;
165}
166
167//-----------------------------------------------------------------------------
168// Read the file EF.CardAccess and save it into a buffer (at most max_length bytes)
169// Returns -1 on failure or the length of the data on success
170// TODO: for the moment this sends only 1 APDU regardless of the requested length
171//-----------------------------------------------------------------------------
172int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
173{
174 // the response APDU of the card
175 // since the card doesn't always care for the expected length we send it,
176 // we reserve 262 bytes here just to be safe (256-byte APDU + SW + ISO frame)
177 uint8_t response_apdu[262];
178 int rapdu_length = 0;
179
180 // select the file EF.CardAccess
181 rapdu_length = iso14_apdu((uint8_t *)apdu_select_binary_cardaccess,
182 sizeof(apdu_select_binary_cardaccess),
183 response_apdu);
184 if (rapdu_length != 6
185 || response_apdu[rapdu_length - 4] != 0x90
186 || response_apdu[rapdu_length - 3] != 0x00)
187 {
188 return -1;
189 }
190
191 // read the file
192 rapdu_length = iso14_apdu((uint8_t *)apdu_read_binary,
193 sizeof(apdu_read_binary),
194 response_apdu);
195 if (rapdu_length <= 6
196 || response_apdu[rapdu_length - 4] != 0x90
197 || response_apdu[rapdu_length - 3] != 0x00)
198 {
199 return -1;
200 }
201
202 // copy the content into the buffer
203 // length of data available: apdu_length - 4 (ISO frame) - 2 (SW)
204 size_t to_copy = rapdu_length - 6;
205 to_copy = to_copy < max_length ? to_copy : max_length;
206 memcpy(buffer, response_apdu+2, to_copy);
207 return to_copy;
208}
209
210//-----------------------------------------------------------------------------
211// Abort helper function for EPA_PACE_Collect_Nonce
212// sets relevant data in ack, sends the response
213//-----------------------------------------------------------------------------
902cb3c0 214static void EPA_PACE_Collect_Nonce_Abort(uint8_t step, int func_return)
5acd09bd 215{
902cb3c0 216// // step in which the failure occured
217// ack->arg[0] = step;
218// // last return code
219// ack->arg[1] = func_return;
5acd09bd 220
221 // power down the field
222 EPA_Finish();
e5ad43c0 223
224 // send the USB packet
902cb3c0 225 cmd_send(CMD_ACK,step,func_return,0,0,0);
226//UsbSendPacket((void *)ack, sizeof(UsbCommand));
5acd09bd 227}
228
229//-----------------------------------------------------------------------------
230// Acquire one encrypted PACE nonce
231//-----------------------------------------------------------------------------
902cb3c0 232void EPA_PACE_Collect_Nonce(UsbCommand *c)
5acd09bd 233{
234 /*
235 * ack layout:
236 * arg:
237 * 1. element
238 * step where the error occured or 0 if no error occured
239 * 2. element
240 * return code of the last executed function
241 * d:
242 * Encrypted nonce
243 */
244
245 // return value of a function
246 int func_return;
247
902cb3c0 248// // initialize ack with 0s
249// memset(ack->arg, 0, 12);
250// memset(ack->d.asBytes, 0, 48);
5acd09bd 251
252 // set up communication
253 func_return = EPA_Setup();
254 if (func_return != 0) {
902cb3c0 255 EPA_PACE_Collect_Nonce_Abort(1, func_return);
5acd09bd 256 return;
257 }
258
259 // increase the timeout (at least some cards really do need this!)
260 iso14a_set_timeout(0x0002FFFF);
261
262 // read the CardAccess file
263 // this array will hold the CardAccess file
264 uint8_t card_access[256] = {0};
265 int card_access_length = EPA_Read_CardAccess(card_access, 256);
266 // the response has to be at least this big to hold the OID
267 if (card_access_length < 18) {
902cb3c0 268 EPA_PACE_Collect_Nonce_Abort(2, card_access_length);
5acd09bd 269 return;
270 }
271
272 // this will hold the PACE info of the card
273 pace_version_info_t pace_version_info;
274 // search for the PACE OID
275 func_return = EPA_Parse_CardAccess(card_access,
276 card_access_length,
277 &pace_version_info);
278 if (func_return != 0 || pace_version_info.version == 0) {
902cb3c0 279 EPA_PACE_Collect_Nonce_Abort(3, func_return);
5acd09bd 280 return;
281 }
282
283 // initiate the PACE protocol
284 // use the CAN for the password since that doesn't change
285 func_return = EPA_PACE_MSE_Set_AT(pace_version_info, 2);
286
287 // now get the nonce
288 uint8_t nonce[256] = {0};
289 uint8_t requested_size = (uint8_t)c->arg[0];
290 func_return = EPA_PACE_Get_Nonce(requested_size, nonce);
291 // check if the command succeeded
292 if (func_return < 0)
293 {
902cb3c0 294 EPA_PACE_Collect_Nonce_Abort(4, func_return);
5acd09bd 295 return;
296 }
902cb3c0 297
298 // all done, return
299 EPA_Finish();
5acd09bd 300
301 // save received information
902cb3c0 302// ack->arg[1] = func_return;
303// memcpy(ack->d.asBytes, nonce, func_return);
304// UsbSendPacket((void *)ack, sizeof(UsbCommand));
305 cmd_send(CMD_ACK,0,func_return,0,nonce,func_return);
5acd09bd 306}
307
308//-----------------------------------------------------------------------------
309// Performs the "Get Nonce" step of the PACE protocol and saves the returned
310// nonce. The caller is responsible for allocating enough memory to store the
311// nonce. Note that the returned size might be less or than or greater than the
312// requested size!
313// Returns the actual size of the nonce on success or a less-than-zero error
314// code on failure.
315//-----------------------------------------------------------------------------
316int EPA_PACE_Get_Nonce(uint8_t requested_length, uint8_t *nonce)
317{
318 // build the APDU
319 uint8_t apdu[sizeof(apdu_general_authenticate_pace_get_nonce) + 1];
320 // copy the constant part
321 memcpy(apdu,
322 apdu_general_authenticate_pace_get_nonce,
323 sizeof(apdu_general_authenticate_pace_get_nonce));
324 // append Le (requested length + 2 due to tag/length taking 2 bytes) in RAPDU
325 apdu[sizeof(apdu_general_authenticate_pace_get_nonce)] = requested_length + 4;
326
327 // send it
328 uint8_t response_apdu[262];
329 int send_return = iso14_apdu(apdu,
330 sizeof(apdu),
331 response_apdu);
332 // check if the command succeeded
333 if (send_return < 6
334 || response_apdu[send_return - 4] != 0x90
335 || response_apdu[send_return - 3] != 0x00)
336 {
337 return -1;
338 }
339
340 // if there is no nonce in the RAPDU, return here
341 if (send_return < 10)
342 {
343 // no error
344 return 0;
345 }
346 // get the actual length of the nonce
347 uint8_t nonce_length = response_apdu[5];
348 if (nonce_length > send_return - 10)
349 {
350 nonce_length = send_return - 10;
351 }
352 // copy the nonce
353 memcpy(nonce, response_apdu + 6, nonce_length);
354
355 return nonce_length;
356}
357
358//-----------------------------------------------------------------------------
359// Initializes the PACE protocol by performing the "MSE: Set AT" step
360// Returns 0 on success or a non-zero error code on failure
361//-----------------------------------------------------------------------------
362int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password)
363{
364 // create the MSE: Set AT APDU
365 uint8_t apdu[23];
366 // the minimum length (will be increased as more data is added)
367 size_t apdu_length = 20;
368 // copy the constant part
369 memcpy(apdu,
370 apdu_mse_set_at_start,
371 sizeof(apdu_mse_set_at_start));
372 // type: OID
373 apdu[5] = 0x80;
374 // length of the OID
375 apdu[6] = sizeof(pace_version_info.oid);
376 // copy the OID
377 memcpy(apdu + 7,
378 pace_version_info.oid,
379 sizeof(pace_version_info.oid));
380 // type: password
381 apdu[17] = 0x83;
382 // length: 1
383 apdu[18] = 1;
384 // password
385 apdu[19] = password;
386 // if standardized domain parameters are used, copy the ID
387 if (pace_version_info.parameter_id != 0) {
388 apdu_length += 3;
389 // type: domain parameter
390 apdu[20] = 0x84;
391 // length: 1
392 apdu[21] = 1;
393 // copy the parameter ID
394 apdu[22] = pace_version_info.parameter_id;
395 }
396 // now set Lc to the actual length
397 apdu[4] = apdu_length - 5;
398 // send it
399 uint8_t response_apdu[6];
400 int send_return = iso14_apdu(apdu,
401 apdu_length,
402 response_apdu);
403 // check if the command succeeded
404 if (send_return != 6
405 || response_apdu[send_return - 4] != 0x90
406 || response_apdu[send_return - 3] != 0x00)
407 {
408 return 1;
409 }
410 return 0;
411}
412
413//-----------------------------------------------------------------------------
414// Set up a communication channel (Card Select, PPS)
415// Returns 0 on success or a non-zero error code on failure
416//-----------------------------------------------------------------------------
417int EPA_Setup()
418{
419 // return code
420 int return_code = 0;
421 // card UID
422 uint8_t uid[8];
423 // card select information
424 iso14a_card_select_t card_select_info;
425 // power up the field
7bc95e2e 426 iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
5acd09bd 427
428 // select the card
429 return_code = iso14443a_select_card(uid, &card_select_info, NULL);
430 if (return_code != 1) {
431 return 1;
432 }
433
434 // send the PPS request
9492e0b0 435 ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
5acd09bd 436 uint8_t pps_response[3];
437 return_code = ReaderReceive(pps_response);
438 if (return_code != 3 || pps_response[0] != 0xD0) {
439 return return_code == 0 ? 2 : return_code;
440 }
441
442 return 0;
443}
Impressum, Datenschutz