[proxmark3-svn] / armsrc / epa.c

//-----------------------------------------------------------------------------
// Frederik Möllers - August 2012
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Routines to support the German eletronic "Personalausweis" (ID card)
// Note that the functions which do not implement USB commands do NOT initialize
// the card (with iso14443a_select_card etc.). If You want to use these
// functions, You need to do the setup before calling them!
//-----------------------------------------------------------------------------

#include "iso14443a.h"
#include "epa.h"
#include "../common/cmd.h"

// Protocol and Parameter Selection Request
// use regular (1x) speed in both directions
// CRC is already included
static const uint8_t pps[] = {0xD0, 0x11, 0x00, 0x52, 0xA6};

// APDUs for communication with German Identification Card

// General Authenticate (request encrypted nonce) WITHOUT the Le at the end
static const uint8_t apdu_general_authenticate_pace_get_nonce[] = {
	0x10, // CLA
	0x86, // INS
	0x00, // P1
	0x00, // P2
	0x02, // Lc
	0x7C, // Type: Dynamic Authentication Data
	0x00, // Length: 0 bytes
};

// MSE: Set AT (only CLA, INS, P1 and P2)
static const uint8_t apdu_mse_set_at_start[] = {
	0x00, // CLA
	0x22, // INS
	0xC1, // P1
	0xA4, // P2
};

// SELECT BINARY with the ID for EF.CardAccess
static const uint8_t apdu_select_binary_cardaccess[] = {
	0x00, // CLA
	0xA4, // INS
	0x02, // P1
	0x0C, // P2
	0x02, // Lc
	0x01, // ID
	0x1C  // ID
};

// READ BINARY
static const uint8_t apdu_read_binary[] = {
	0x00, // CLA
	0xB0, // INS
	0x00, // P1
	0x00, // P2
	0x38  // Le
};


// the leading bytes of a PACE OID
static const uint8_t oid_pace_start[] = {
    0x04, // itu-t, identified-organization
    0x00, // etsi
    0x7F, // reserved
    0x00, // etsi-identified-organization
    0x07, // bsi-de
    0x02, // protocols
    0x02, // smartcard
    0x04 // id-PACE
};

//-----------------------------------------------------------------------------
// Closes the communication channel and turns off the field
//-----------------------------------------------------------------------------
void EPA_Finish()
{
	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
	LEDsoff();
}

//-----------------------------------------------------------------------------
// Parses DER encoded data, e.g. from EF.CardAccess and fills out the given
// structs. If a pointer is 0, it is ignored.
// The function returns 0 on success and if an error occured, it returns the
// offset where it occured.
//
// TODO: This function can access memory outside of the given data if the DER
//       encoding is broken
// TODO: Support skipping elements with a length > 0x7F
// TODO: Support OIDs with a length > 7F
// TODO: Support elements with long tags (tag is longer than 1 byte)
// TODO: Support proprietary PACE domain parameters
//-----------------------------------------------------------------------------
size_t EPA_Parse_CardAccess(uint8_t *data,
                            size_t length,
                            pace_version_info_t *pace_info)
{
	size_t index = 0;
	
	while (index <= length - 2) {
		// determine type of element
		// SET or SEQUENCE
		if (data[index] == 0x31 || data[index] == 0x30) {
			// enter the set (skip tag + length)
			index += 2;
			// extended length
			if ((data[index - 1] & 0x80) != 0) {
				index += (data[index] & 0x7F);
			}
		}
		// OID
		else if (data[index] == 0x06) {
			// is this a PACE OID?
			if (data[index + 1] == 0x0A // length matches
			    && memcmp(data + index + 2,
			              oid_pace_start,
			              sizeof(oid_pace_start)) == 0 // content matches
			    && pace_info != NULL)
			{
				// first, clear the pace_info struct
				memset(pace_info, 0, sizeof(pace_version_info_t));
				memcpy(pace_info->oid, data + index + 2, sizeof(pace_info->oid));
				// a PACE OID is followed by the version
				index += data[index + 1] + 2;
				if (data[index] == 02 && data[index + 1] == 01) {
					pace_info->version = data[index + 2];
					index += 3;
				}
				else {
					return index;
				}
				// after that there might(!) be the parameter ID
				if (data[index] == 02 && data[index + 1] == 01) {
					pace_info->parameter_id = data[index + 2];
					index += 3;
				}
			}
			else {
				// skip this OID
				index += 2 + data[index + 1];
			}
		}
		// if the length is 0, something is wrong
		// TODO: This needs to be extended to support long tags
		else if (data[index + 1] == 0) {
			return index;
		}
		else {
			// skip this part
			// TODO: This needs to be extended to support long tags
			// TODO: This needs to be extended to support unknown elements with
			//       a size > 0x7F
			index += 2 + data[index + 1];
		}
	}
	
	// TODO: We should check whether we reached the end in error, but for that
	//       we need a better parser (e.g. with states like IN_SET or IN_PACE_INFO)
	return 0;
}

//-----------------------------------------------------------------------------
// Read the file EF.CardAccess and save it into a buffer (at most max_length bytes)
// Returns -1 on failure or the length of the data on success
// TODO: for the moment this sends only 1 APDU regardless of the requested length
//-----------------------------------------------------------------------------
int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
{
	// the response APDU of the card
	// since the card doesn't always care for the expected length we send it,
	// we reserve 262 bytes here just to be safe (256-byte APDU + SW + ISO frame)
	uint8_t response_apdu[262];
	int rapdu_length = 0;
	
	// select the file EF.CardAccess
	rapdu_length = iso14_apdu((uint8_t *)apdu_select_binary_cardaccess,
	                          sizeof(apdu_select_binary_cardaccess),
	                          response_apdu);
	if (rapdu_length != 6
	    || response_apdu[rapdu_length - 4] != 0x90
	    || response_apdu[rapdu_length - 3] != 0x00)
	{
		Dbprintf("epa - no select cardaccess");
		return -1;
	}
	
	// read the file
	rapdu_length = iso14_apdu((uint8_t *)apdu_read_binary,
	                          sizeof(apdu_read_binary),
	                          response_apdu);
	if (rapdu_length <= 6
	    || response_apdu[rapdu_length - 4] != 0x90
	    || response_apdu[rapdu_length - 3] != 0x00)
	{
		Dbprintf("epa - no read cardaccess");
		return -1;
	}
	
	// copy the content into the buffer
	// length of data available: apdu_length - 4 (ISO frame) - 2 (SW)
	size_t to_copy = rapdu_length - 6;
	to_copy = to_copy < max_length ? to_copy : max_length;
	memcpy(buffer, response_apdu+2, to_copy);
	return to_copy;
}

//-----------------------------------------------------------------------------
// Abort helper function for EPA_PACE_Collect_Nonce
// sets relevant data in ack, sends the response
//-----------------------------------------------------------------------------
static void EPA_PACE_Collect_Nonce_Abort(uint8_t step, int func_return)
{
//	// step in which the failure occured
//	ack->arg[0] = step;
//	// last return code
//	ack->arg[1] = func_return;

	// power down the field
	EPA_Finish();
	
	// send the USB packet
	cmd_send(CMD_ACK,step,func_return,0,0,0);
}

//-----------------------------------------------------------------------------
// Acquire one encrypted PACE nonce
//-----------------------------------------------------------------------------
void EPA_PACE_Collect_Nonce(UsbCommand *c)
{
	/*
	 * ack layout:
	 * 	arg:
	 * 		1. element
	 *           step where the error occured or 0 if no error occured
     *       2. element
     *           return code of the last executed function
	 * 	d:
	 * 		Encrypted nonce
	 */

	// return value of a function
	int func_return = 0;

//	// initialize ack with 0s
//	memset(ack->arg, 0, 12);
//	memset(ack->d.asBytes, 0, 48);
	
	// set up communication
	func_return = EPA_Setup();
	if (func_return != 0) {	
		EPA_PACE_Collect_Nonce_Abort(1, func_return);
		Dbprintf("epa: setup fucked up! %d", func_return);
		return;
	}

	// increase the timeout (at least some cards really do need this!)
	iso14a_set_timeout(0x0002FFFF);
	Dbprintf("epa: Epic!");
	
	// read the CardAccess file
	// this array will hold the CardAccess file
	uint8_t card_access[256] = {0};
	int card_access_length = EPA_Read_CardAccess(card_access, 256);
	// the response has to be at least this big to hold the OID
	if (card_access_length < 18) {
		Dbprintf("epa: Too small!");
		EPA_PACE_Collect_Nonce_Abort(2, card_access_length);
		return;
	}

	Dbprintf("epa: foo!");
	
	// this will hold the PACE info of the card
	pace_version_info_t pace_version_info;
	// search for the PACE OID
	func_return = EPA_Parse_CardAccess(card_access,
	                                   card_access_length,
	                                   &pace_version_info);
	if (func_return != 0 || pace_version_info.version == 0) {
		EPA_PACE_Collect_Nonce_Abort(3, func_return);
		return;
	}
	
	Dbprintf("epa: bar!");
	
	// initiate the PACE protocol
	// use the CAN for the password since that doesn't change
	func_return = EPA_PACE_MSE_Set_AT(pace_version_info, 2);
	
	// now get the nonce
	uint8_t nonce[256] = {0};
	uint8_t requested_size = (uint8_t)c->arg[0];
	func_return = EPA_PACE_Get_Nonce(requested_size, nonce);
	// check if the command succeeded
	if (func_return < 0)
	{
		EPA_PACE_Collect_Nonce_Abort(4, func_return);
		return;
	}
  
  // all done, return
	EPA_Finish();
	
	// save received information
//	ack->arg[1] = func_return;
//	memcpy(ack->d.asBytes, nonce, func_return);
	cmd_send(CMD_ACK,0,func_return,0,nonce,func_return);
}

//-----------------------------------------------------------------------------
// Performs the "Get Nonce" step of the PACE protocol and saves the returned
// nonce. The caller is responsible for allocating enough memory to store the
// nonce. Note that the returned size might be less or than or greater than the
// requested size!
// Returns the actual size of the nonce on success or a less-than-zero error
// code on failure.
//-----------------------------------------------------------------------------
int EPA_PACE_Get_Nonce(uint8_t requested_length, uint8_t *nonce)
{
	// build the APDU
	uint8_t apdu[sizeof(apdu_general_authenticate_pace_get_nonce) + 1];
	// copy the constant part
	memcpy(apdu,
	       apdu_general_authenticate_pace_get_nonce,
	       sizeof(apdu_general_authenticate_pace_get_nonce));
	// append Le (requested length + 2 due to tag/length taking 2 bytes) in RAPDU
	apdu[sizeof(apdu_general_authenticate_pace_get_nonce)] = requested_length + 4;
	
	// send it
	uint8_t response_apdu[262];
	int send_return = iso14_apdu(apdu,
	                             sizeof(apdu),
	                             response_apdu);
	// check if the command succeeded
	if (send_return < 6
		|| response_apdu[send_return - 4] != 0x90
		|| response_apdu[send_return - 3] != 0x00)
	{
		return -1;
	}
	
	// if there is no nonce in the RAPDU, return here
	if (send_return < 10)
	{
		// no error
		return 0;
	}
	// get the actual length of the nonce
	uint8_t nonce_length = response_apdu[5];
	if (nonce_length > send_return - 10)
	{
		nonce_length = send_return - 10;
	}
	// copy the nonce
	memcpy(nonce, response_apdu + 6, nonce_length);
	
	return nonce_length;
}

//-----------------------------------------------------------------------------
// Initializes the PACE protocol by performing the "MSE: Set AT" step
// Returns 0 on success or a non-zero error code on failure
//-----------------------------------------------------------------------------
int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password)
{
	// create the MSE: Set AT APDU
	uint8_t apdu[23];
	// the minimum length (will be increased as more data is added)
	size_t apdu_length = 20;
	// copy the constant part
	memcpy(apdu,
	       apdu_mse_set_at_start,
	       sizeof(apdu_mse_set_at_start));
	// type: OID
	apdu[5] = 0x80;
	// length of the OID
	apdu[6] = sizeof(pace_version_info.oid);
	// copy the OID
	memcpy(apdu + 7,
	       pace_version_info.oid,
	       sizeof(pace_version_info.oid));
	// type: password
	apdu[17] = 0x83;
	// length: 1
	apdu[18] = 1;
	// password
	apdu[19] = password;
	// if standardized domain parameters are used, copy the ID
	if (pace_version_info.parameter_id != 0) {
		apdu_length += 3;
		// type: domain parameter
		apdu[20] = 0x84;
		// length: 1
		apdu[21] = 1;
		// copy the parameter ID
		apdu[22] = pace_version_info.parameter_id;
	}
	// now set Lc to the actual length
	apdu[4] = apdu_length - 5;
	// send it
	uint8_t response_apdu[6];
	int send_return = iso14_apdu(apdu,
	                             apdu_length,
	                             response_apdu);
	// check if the command succeeded
	if (send_return != 6
		|| response_apdu[send_return - 4] != 0x90
		|| response_apdu[send_return - 3] != 0x00)
	{
		return 1;
	}
	return 0;
}

//-----------------------------------------------------------------------------
// Set up a communication channel (Card Select, PPS)
// Returns 0 on success or a non-zero error code on failure
//-----------------------------------------------------------------------------
int EPA_Setup()
{
	// return code
	//int return_code = 0;
	
	// card UID
	//uint8_t uid[10] = {0x00};
	
	// power up the field
	iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
	iso14a_clear_trace();
	iso14a_set_tracing(TRUE);
	iso14a_set_timeout(10500);
	
	// card select information
	byte_t cardbuf[USB_CMD_DATA_SIZE];
	memset(cardbuf,0,USB_CMD_DATA_SIZE);
	iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
	
	// select the card
	// if (!iso14443a_select_card(uid, &card_info, NULL)) {
		// Dbprintf("Epa: Can't select card");
		// return -1;
	// }
	
	uint8_t wupa[]     = { 0x26 };  // 0x26 - REQA  0x52 - WAKE-UP
	uint8_t sel_all[]  = { 0x93,0x20 };
	uint8_t sel_uid[]  = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
	uint8_t rats[]       = { 0xE0,0x81,0x00,0x00 }; // FSD=256, FSDI=8, CID=1
	
	uint8_t *resp = ((uint8_t *)BigBuf) + RECV_RESP_OFFSET;
	uint8_t *resp_par = ((uint8_t *)BigBuf) + RECV_RESP_PAR_OFFSET;
	
	byte_t uid_resp[4];
	size_t uid_resp_len = 4;

	uint8_t sak = 0x04; // cascade uid
	int len;
	 
	// Broadcast for a card, WUPA (0x52) will force response from all cards in the field
    ReaderTransmitBitsPar(wupa,7,0, NULL);
	
	// Receive the ATQA
	if(!ReaderReceive(resp, resp_par)) return -1;
  
    // SELECT_ALL
    ReaderTransmit(sel_all,sizeof(sel_all), NULL);
    if (!ReaderReceive(resp, resp_par)) return -1;
	
	// uid response from tag
	memcpy(uid_resp,resp,uid_resp_len);

	// Construct SELECT UID command
	// transmitting a full UID (1 Byte cmd, 1 Byte NVB, 4 Byte UID, 1 Byte BCC, 2 Bytes CRC)
    memcpy(sel_uid+2,uid_resp,4);										// the UID
	sel_uid[6] = sel_uid[2] ^ sel_uid[3] ^ sel_uid[4] ^ sel_uid[5];  	// calculate and add BCC
    AppendCrc14443a(sel_uid,7);											// calculate and add CRC
    ReaderTransmit(sel_uid,sizeof(sel_uid), NULL);

    // Receive the SAK
    if (!ReaderReceive(resp, resp_par)) return -1;
    sak = resp[0];
	
	// Request for answer to select
	AppendCrc14443a(rats, 2);
	ReaderTransmit(rats, sizeof(rats), NULL);

	if ( !(len = ReaderReceive(resp, resp_par) )) return -1;

	// populate the collected data.
    memcpy( card->uid, uid_resp, uid_resp_len);
    card->uidlen += uid_resp_len;
    card->sak = sak;
    card->ats_len = len;
    memcpy(card->ats, resp, sizeof(card->ats));
	
	
	// send the PPS request
	// ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
	// uint8_t pps_response[3];
	// uint8_t pps_response_par[1];
	// return_code = ReaderReceive(pps_response,pps_response_par);
	// if (return_code != 3 || pps_response[0] != 0xD0) {
		// return return_code == 0 ? 2 : return_code;
	// }
	
	return -1;
}
Commit	Line	Data
5acd09bd	1	//-----------------------------------------------------------------------------
	2	// Frederik Möllers - August 2012
	3	//
	4	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	5	// at your option, any later version. See the LICENSE.txt file for the text of
	6	// the license.
	7	//-----------------------------------------------------------------------------
	8	// Routines to support the German eletronic "Personalausweis" (ID card)
	9	// Note that the functions which do not implement USB commands do NOT initialize
	10	// the card (with iso14443a_select_card etc.). If You want to use these
	11	// functions, You need to do the setup before calling them!
	12	//-----------------------------------------------------------------------------
	13
	14	#include "iso14443a.h"
5acd09bd	15	#include "epa.h"
f38a1528	16	#include "../common/cmd.h"
5acd09bd	17
	18	// Protocol and Parameter Selection Request
	19	// use regular (1x) speed in both directions
	20	// CRC is already included
	21	static const uint8_t pps[] = {0xD0, 0x11, 0x00, 0x52, 0xA6};
	22
	23	// APDUs for communication with German Identification Card
	24
	25	// General Authenticate (request encrypted nonce) WITHOUT the Le at the end
	26	static const uint8_t apdu_general_authenticate_pace_get_nonce[] = {
	27	0x10, // CLA
	28	0x86, // INS
	29	0x00, // P1
	30	0x00, // P2
	31	0x02, // Lc
	32	0x7C, // Type: Dynamic Authentication Data
	33	0x00, // Length: 0 bytes
	34	};
	35
	36	// MSE: Set AT (only CLA, INS, P1 and P2)
	37	static const uint8_t apdu_mse_set_at_start[] = {
	38	0x00, // CLA
	39	0x22, // INS
	40	0xC1, // P1
	41	0xA4, // P2
	42	};
	43
	44	// SELECT BINARY with the ID for EF.CardAccess
	45	static const uint8_t apdu_select_binary_cardaccess[] = {
	46	0x00, // CLA
	47	0xA4, // INS
	48	0x02, // P1
	49	0x0C, // P2
	50	0x02, // Lc
	51	0x01, // ID
	52	0x1C // ID
	53	};
	54
	55	// READ BINARY
	56	static const uint8_t apdu_read_binary[] = {
	57	0x00, // CLA
	58	0xB0, // INS
	59	0x00, // P1
	60	0x00, // P2
	61	0x38 // Le
	62	};
	63
	64
	65	// the leading bytes of a PACE OID
	66	static const uint8_t oid_pace_start[] = {
	67	0x04, // itu-t, identified-organization
	68	0x00, // etsi
	69	0x7F, // reserved
	70	0x00, // etsi-identified-organization
	71	0x07, // bsi-de
	72	0x02, // protocols
	73	0x02, // smartcard
	74	0x04 // id-PACE
	75	};
	76
	77	//-----------------------------------------------------------------------------
	78	// Closes the communication channel and turns off the field
	79	//-----------------------------------------------------------------------------
	80	void EPA_Finish()
81	{
82	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
83	LEDsoff();
84	}
85
86	//-----------------------------------------------------------------------------
87	// Parses DER encoded data, e.g. from EF.CardAccess and fills out the given
88	// structs. If a pointer is 0, it is ignored.
89	// The function returns 0 on success and if an error occured, it returns the
90	// offset where it occured.
91	//
92	// TODO: This function can access memory outside of the given data if the DER
93	// encoding is broken
94	// TODO: Support skipping elements with a length > 0x7F
95	// TODO: Support OIDs with a length > 7F
96	// TODO: Support elements with long tags (tag is longer than 1 byte)
97	// TODO: Support proprietary PACE domain parameters
98	//-----------------------------------------------------------------------------
99	size_t EPA_Parse_CardAccess(uint8_t *data,
100	size_t length,
101	pace_version_info_t *pace_info)
102	{
103	size_t index = 0;
104
105	while (index <= length - 2) {
106	// determine type of element
107	// SET or SEQUENCE
108	if (data[index] == 0x31 \|\| data[index] == 0x30) {
109	// enter the set (skip tag + length)
110	index += 2;
111	// extended length
112	if ((data[index - 1] & 0x80) != 0) {
113	index += (data[index] & 0x7F);
114	}
115	}
116	// OID
117	else if (data[index] == 0x06) {
118	// is this a PACE OID?
119	if (data[index + 1] == 0x0A // length matches
120	&& memcmp(data + index + 2,
121	oid_pace_start,
122	sizeof(oid_pace_start)) == 0 // content matches
123	&& pace_info != NULL)
124	{
125	// first, clear the pace_info struct
126	memset(pace_info, 0, sizeof(pace_version_info_t));
127	memcpy(pace_info->oid, data + index + 2, sizeof(pace_info->oid));
128	// a PACE OID is followed by the version
129	index += data[index + 1] + 2;
130	if (data[index] == 02 && data[index + 1] == 01) {
131	pace_info->version = data[index + 2];
132	index += 3;
133	}
134	else {
135	return index;
136	}
137	// after that there might(!) be the parameter ID
138	if (data[index] == 02 && data[index + 1] == 01) {
139	pace_info->parameter_id = data[index + 2];
140	index += 3;
141	}
142	}
143	else {
144	// skip this OID
145	index += 2 + data[index + 1];
146	}
147	}
148	// if the length is 0, something is wrong
149	// TODO: This needs to be extended to support long tags
150	else if (data[index + 1] == 0) {
151	return index;
152	}
153	else {
154	// skip this part
155	// TODO: This needs to be extended to support long tags
156	// TODO: This needs to be extended to support unknown elements with
157	// a size > 0x7F
158	index += 2 + data[index + 1];
159	}
160	}
161
162	// TODO: We should check whether we reached the end in error, but for that
163	// we need a better parser (e.g. with states like IN_SET or IN_PACE_INFO)
164	return 0;
165	}
166
167	//-----------------------------------------------------------------------------
168	// Read the file EF.CardAccess and save it into a buffer (at most max_length bytes)
169	// Returns -1 on failure or the length of the data on success
170	// TODO: for the moment this sends only 1 APDU regardless of the requested length
171	//-----------------------------------------------------------------------------
172	int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
173	{
174	// the response APDU of the card
175	// since the card doesn't always care for the expected length we send it,
176	// we reserve 262 bytes here just to be safe (256-byte APDU + SW + ISO frame)
177	uint8_t response_apdu[262];
178	int rapdu_length = 0;
179
180	// select the file EF.CardAccess
181	rapdu_length = iso14_apdu((uint8_t *)apdu_select_binary_cardaccess,
182	sizeof(apdu_select_binary_cardaccess),
183	response_apdu);
184	if (rapdu_length != 6
185	\|\| response_apdu[rapdu_length - 4] != 0x90
186	\|\| response_apdu[rapdu_length - 3] != 0x00)
187	{
a501c82b	188	Dbprintf("epa - no select cardaccess");
5acd09bd	189	return -1;
	190	}
	191
	192	// read the file
	193	rapdu_length = iso14_apdu((uint8_t *)apdu_read_binary,
	194	sizeof(apdu_read_binary),
	195	response_apdu);
	196	if (rapdu_length <= 6
	197	\|\| response_apdu[rapdu_length - 4] != 0x90
	198	\|\| response_apdu[rapdu_length - 3] != 0x00)
	199	{
a501c82b	200	Dbprintf("epa - no read cardaccess");
5acd09bd	201	return -1;
	202	}
	203
	204	// copy the content into the buffer
	205	// length of data available: apdu_length - 4 (ISO frame) - 2 (SW)
	206	size_t to_copy = rapdu_length - 6;
	207	to_copy = to_copy < max_length ? to_copy : max_length;
	208	memcpy(buffer, response_apdu+2, to_copy);
	209	return to_copy;
	210	}
	211
	212	//-----------------------------------------------------------------------------
	213	// Abort helper function for EPA_PACE_Collect_Nonce
	214	// sets relevant data in ack, sends the response
	215	//-----------------------------------------------------------------------------
902cb3c0	216	static void EPA_PACE_Collect_Nonce_Abort(uint8_t step, int func_return)
5acd09bd	217	{
902cb3c0	218	// // step in which the failure occured
	219	// ack->arg[0] = step;
	220	// // last return code
	221	// ack->arg[1] = func_return;
5acd09bd	222
	223	// power down the field
	224	EPA_Finish();
e5ad43c0	225
e5ad43c0	226	// send the USB packet
a501c82b	227	cmd_send(CMD_ACK,step,func_return,0,0,0);
5acd09bd	228	}
	229
	230	//-----------------------------------------------------------------------------
	231	// Acquire one encrypted PACE nonce
	232	//-----------------------------------------------------------------------------
902cb3c0	233	void EPA_PACE_Collect_Nonce(UsbCommand *c)
5acd09bd	234	{
	235	/*
	236	* ack layout:
	237	* arg:
	238	* 1. element
	239	* step where the error occured or 0 if no error occured
	240	* 2. element
	241	* return code of the last executed function
	242	* d:
	243	* Encrypted nonce
	244	*/
	245
	246	// return value of a function
a501c82b	247	int func_return = 0;
5acd09bd	248
902cb3c0	249	// // initialize ack with 0s
	250	// memset(ack->arg, 0, 12);
	251	// memset(ack->d.asBytes, 0, 48);
5acd09bd	252
	253	// set up communication
	254	func_return = EPA_Setup();
a501c82b	255	if (func_return != 0) {
902cb3c0	256	EPA_PACE_Collect_Nonce_Abort(1, func_return);
a501c82b	257	Dbprintf("epa: setup fucked up! %d", func_return);
5acd09bd	258	return;
	259	}
	260
	261	// increase the timeout (at least some cards really do need this!)
	262	iso14a_set_timeout(0x0002FFFF);
a501c82b	263	Dbprintf("epa: Epic!");
5acd09bd	264
	265	// read the CardAccess file
	266	// this array will hold the CardAccess file
	267	uint8_t card_access[256] = {0};
	268	int card_access_length = EPA_Read_CardAccess(card_access, 256);
	269	// the response has to be at least this big to hold the OID
	270	if (card_access_length < 18) {
a501c82b	271	Dbprintf("epa: Too small!");
902cb3c0	272	EPA_PACE_Collect_Nonce_Abort(2, card_access_length);
5acd09bd	273	return;
	274	}
	275
a501c82b	276	Dbprintf("epa: foo!");
a501c82b	277
5acd09bd	278	// this will hold the PACE info of the card
	279	pace_version_info_t pace_version_info;
	280	// search for the PACE OID
	281	func_return = EPA_Parse_CardAccess(card_access,
	282	card_access_length,
	283	&pace_version_info);
	284	if (func_return != 0 \|\| pace_version_info.version == 0) {
902cb3c0	285	EPA_PACE_Collect_Nonce_Abort(3, func_return);
5acd09bd	286	return;
	287	}
	288
a501c82b	289	Dbprintf("epa: bar!");
a501c82b	290
5acd09bd	291	// initiate the PACE protocol
	292	// use the CAN for the password since that doesn't change
	293	func_return = EPA_PACE_MSE_Set_AT(pace_version_info, 2);
	294
	295	// now get the nonce
	296	uint8_t nonce[256] = {0};
	297	uint8_t requested_size = (uint8_t)c->arg[0];
	298	func_return = EPA_PACE_Get_Nonce(requested_size, nonce);
	299	// check if the command succeeded
	300	if (func_return < 0)
	301	{
902cb3c0	302	EPA_PACE_Collect_Nonce_Abort(4, func_return);
5acd09bd	303	return;
5acd09bd	304	}
902cb3c0	305
	306	// all done, return
	307	EPA_Finish();
5acd09bd	308
5acd09bd	309	// save received information
902cb3c0	310	// ack->arg[1] = func_return;
902cb3c0	311	// memcpy(ack->d.asBytes, nonce, func_return);
a501c82b	312	cmd_send(CMD_ACK,0,func_return,0,nonce,func_return);
5acd09bd	313	}
	314
	315	//-----------------------------------------------------------------------------
	316	// Performs the "Get Nonce" step of the PACE protocol and saves the returned
	317	// nonce. The caller is responsible for allocating enough memory to store the
	318	// nonce. Note that the returned size might be less or than or greater than the
	319	// requested size!
	320	// Returns the actual size of the nonce on success or a less-than-zero error
	321	// code on failure.
	322	//-----------------------------------------------------------------------------
	323	int EPA_PACE_Get_Nonce(uint8_t requested_length, uint8_t *nonce)
	324	{
	325	// build the APDU
	326	uint8_t apdu[sizeof(apdu_general_authenticate_pace_get_nonce) + 1];
	327	// copy the constant part
	328	memcpy(apdu,
	329	apdu_general_authenticate_pace_get_nonce,
	330	sizeof(apdu_general_authenticate_pace_get_nonce));
	331	// append Le (requested length + 2 due to tag/length taking 2 bytes) in RAPDU
	332	apdu[sizeof(apdu_general_authenticate_pace_get_nonce)] = requested_length + 4;
	333
	334	// send it
	335	uint8_t response_apdu[262];
	336	int send_return = iso14_apdu(apdu,
	337	sizeof(apdu),
	338	response_apdu);
	339	// check if the command succeeded
	340	if (send_return < 6
	341	\|\| response_apdu[send_return - 4] != 0x90
	342	\|\| response_apdu[send_return - 3] != 0x00)
	343	{
	344	return -1;
	345	}
	346
	347	// if there is no nonce in the RAPDU, return here
	348	if (send_return < 10)
	349	{
	350	// no error
	351	return 0;
	352	}
	353	// get the actual length of the nonce
	354	uint8_t nonce_length = response_apdu[5];
	355	if (nonce_length > send_return - 10)
	356	{
	357	nonce_length = send_return - 10;
	358	}
	359	// copy the nonce
	360	memcpy(nonce, response_apdu + 6, nonce_length);
	361
	362	return nonce_length;
	363	}
	364
	365	//-----------------------------------------------------------------------------
	366	// Initializes the PACE protocol by performing the "MSE: Set AT" step
	367	// Returns 0 on success or a non-zero error code on failure
	368	//-----------------------------------------------------------------------------
	369	int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password)
	370	{
	371	// create the MSE: Set AT APDU
	372	uint8_t apdu[23];
	373	// the minimum length (will be increased as more data is added)
	374	size_t apdu_length = 20;
	375	// copy the constant part
	376	memcpy(apdu,
377	apdu_mse_set_at_start,
378	sizeof(apdu_mse_set_at_start));
379	// type: OID
380	apdu[5] = 0x80;
381	// length of the OID
382	apdu[6] = sizeof(pace_version_info.oid);
383	// copy the OID
384	memcpy(apdu + 7,
385	pace_version_info.oid,
386	sizeof(pace_version_info.oid));
387	// type: password
388	apdu[17] = 0x83;
389	// length: 1
390	apdu[18] = 1;
391	// password
392	apdu[19] = password;
393	// if standardized domain parameters are used, copy the ID
394	if (pace_version_info.parameter_id != 0) {
395	apdu_length += 3;
396	// type: domain parameter
397	apdu[20] = 0x84;
398	// length: 1
399	apdu[21] = 1;
400	// copy the parameter ID
401	apdu[22] = pace_version_info.parameter_id;
402	}
403	// now set Lc to the actual length
404	apdu[4] = apdu_length - 5;
405	// send it
406	uint8_t response_apdu[6];
407	int send_return = iso14_apdu(apdu,
408	apdu_length,
409	response_apdu);
410	// check if the command succeeded
411	if (send_return != 6
412	\|\| response_apdu[send_return - 4] != 0x90
413	\|\| response_apdu[send_return - 3] != 0x00)
414	{
415	return 1;
416	}
417	return 0;
418	}
419
420	//-----------------------------------------------------------------------------
421	// Set up a communication channel (Card Select, PPS)
422	// Returns 0 on success or a non-zero error code on failure
423	//-----------------------------------------------------------------------------
424	int EPA_Setup()
425	{
426	// return code
a501c82b	427	//int return_code = 0;
a501c82b	428
5acd09bd	429	// card UID
a501c82b	430	//uint8_t uid[10] = {0x00};
a501c82b	431
5acd09bd	432	// power up the field
7bc95e2e	433	iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
a501c82b	434	iso14a_clear_trace();
	435	iso14a_set_tracing(TRUE);
	436	iso14a_set_timeout(10500);
	437
	438	// card select information
	439	byte_t cardbuf[USB_CMD_DATA_SIZE];
	440	memset(cardbuf,0,USB_CMD_DATA_SIZE);
	441	iso14a_card_select_t card = (iso14a_card_select_t)cardbuf;
	442
5acd09bd	443	// select the card
a501c82b	444	// if (!iso14443a_select_card(uid, &card_info, NULL)) {
	445	// Dbprintf("Epa: Can't select card");
	446	// return -1;
	447	// }
	448
	449	uint8_t wupa[] = { 0x26 }; // 0x26 - REQA 0x52 - WAKE-UP
	450	uint8_t sel_all[] = { 0x93,0x20 };
	451	uint8_t sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
	452	uint8_t rats[] = { 0xE0,0x81,0x00,0x00 }; // FSD=256, FSDI=8, CID=1
	453
	454	uint8_t resp = ((uint8_t )BigBuf) + RECV_RESP_OFFSET;
	455	uint8_t resp_par = ((uint8_t )BigBuf) + RECV_RESP_PAR_OFFSET;
	456
	457	byte_t uid_resp[4];
	458	size_t uid_resp_len = 4;
5acd09bd	459
a501c82b	460	uint8_t sak = 0x04; // cascade uid
	461	int len;
	462
	463	// Broadcast for a card, WUPA (0x52) will force response from all cards in the field
	464	ReaderTransmitBitsPar(wupa,7,0, NULL);
	465
	466	// Receive the ATQA
	467	if(!ReaderReceive(resp, resp_par)) return -1;
	468
	469	// SELECT_ALL
	470	ReaderTransmit(sel_all,sizeof(sel_all), NULL);
	471	if (!ReaderReceive(resp, resp_par)) return -1;
	472
	473	// uid response from tag
	474	memcpy(uid_resp,resp,uid_resp_len);
	475
	476	// Construct SELECT UID command
	477	// transmitting a full UID (1 Byte cmd, 1 Byte NVB, 4 Byte UID, 1 Byte BCC, 2 Bytes CRC)
	478	memcpy(sel_uid+2,uid_resp,4); // the UID
	479	sel_uid[6] = sel_uid[2] ^ sel_uid[3] ^ sel_uid[4] ^ sel_uid[5]; // calculate and add BCC
	480	AppendCrc14443a(sel_uid,7); // calculate and add CRC
	481	ReaderTransmit(sel_uid,sizeof(sel_uid), NULL);
	482
	483	// Receive the SAK
	484	if (!ReaderReceive(resp, resp_par)) return -1;
	485	sak = resp[0];
	486
	487	// Request for answer to select
	488	AppendCrc14443a(rats, 2);
	489	ReaderTransmit(rats, sizeof(rats), NULL);
	490
	491	if ( !(len = ReaderReceive(resp, resp_par) )) return -1;
	492
	493	// populate the collected data.
	494	memcpy( card->uid, uid_resp, uid_resp_len);
	495	card->uidlen += uid_resp_len;
	496	card->sak = sak;
	497	card->ats_len = len;
	498	memcpy(card->ats, resp, sizeof(card->ats));
	499
	500
5acd09bd	501	// send the PPS request
a501c82b	502	// ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
	503	// uint8_t pps_response[3];
	504	// uint8_t pps_response_par[1];
	505	// return_code = ReaderReceive(pps_response,pps_response_par);
	506	// if (return_code != 3 \|\| pps_response[0] != 0xD0) {
	507	// return return_code == 0 ? 2 : return_code;
	508	// }
5acd09bd	509
a501c82b	510	return -1;
5acd09bd	511	}