5acd09bd |
1 | //----------------------------------------------------------------------------- |
2 | // Frederik Möllers - August 2012 |
3 | // |
4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, |
5 | // at your option, any later version. See the LICENSE.txt file for the text of |
6 | // the license. |
7 | //----------------------------------------------------------------------------- |
8 | // Routines to support the German eletronic "Personalausweis" (ID card) |
9 | // Note that the functions which do not implement USB commands do NOT initialize |
10 | // the card (with iso14443a_select_card etc.). If You want to use these |
11 | // functions, You need to do the setup before calling them! |
12 | //----------------------------------------------------------------------------- |
13 | |
14 | #include "iso14443a.h" |
5acd09bd |
15 | #include "epa.h" |
902cb3c0 |
16 | #include "cmd.h" |
5acd09bd |
17 | |
18 | // Protocol and Parameter Selection Request |
19 | // use regular (1x) speed in both directions |
20 | // CRC is already included |
21 | static const uint8_t pps[] = {0xD0, 0x11, 0x00, 0x52, 0xA6}; |
22 | |
23 | // APDUs for communication with German Identification Card |
24 | |
25 | // General Authenticate (request encrypted nonce) WITHOUT the Le at the end |
26 | static const uint8_t apdu_general_authenticate_pace_get_nonce[] = { |
27 | 0x10, // CLA |
28 | 0x86, // INS |
29 | 0x00, // P1 |
30 | 0x00, // P2 |
31 | 0x02, // Lc |
32 | 0x7C, // Type: Dynamic Authentication Data |
33 | 0x00, // Length: 0 bytes |
34 | }; |
35 | |
36 | // MSE: Set AT (only CLA, INS, P1 and P2) |
37 | static const uint8_t apdu_mse_set_at_start[] = { |
38 | 0x00, // CLA |
39 | 0x22, // INS |
40 | 0xC1, // P1 |
41 | 0xA4, // P2 |
42 | }; |
43 | |
44 | // SELECT BINARY with the ID for EF.CardAccess |
45 | static const uint8_t apdu_select_binary_cardaccess[] = { |
46 | 0x00, // CLA |
47 | 0xA4, // INS |
48 | 0x02, // P1 |
49 | 0x0C, // P2 |
50 | 0x02, // Lc |
51 | 0x01, // ID |
52 | 0x1C // ID |
53 | }; |
54 | |
55 | // READ BINARY |
56 | static const uint8_t apdu_read_binary[] = { |
57 | 0x00, // CLA |
58 | 0xB0, // INS |
59 | 0x00, // P1 |
60 | 0x00, // P2 |
61 | 0x38 // Le |
62 | }; |
63 | |
64 | |
65 | // the leading bytes of a PACE OID |
66 | static const uint8_t oid_pace_start[] = { |
67 | 0x04, // itu-t, identified-organization |
68 | 0x00, // etsi |
69 | 0x7F, // reserved |
70 | 0x00, // etsi-identified-organization |
71 | 0x07, // bsi-de |
72 | 0x02, // protocols |
73 | 0x02, // smartcard |
74 | 0x04 // id-PACE |
75 | }; |
76 | |
77 | //----------------------------------------------------------------------------- |
78 | // Closes the communication channel and turns off the field |
79 | //----------------------------------------------------------------------------- |
80 | void EPA_Finish() |
81 | { |
82 | FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); |
83 | LEDsoff(); |
84 | } |
85 | |
86 | //----------------------------------------------------------------------------- |
87 | // Parses DER encoded data, e.g. from EF.CardAccess and fills out the given |
88 | // structs. If a pointer is 0, it is ignored. |
89 | // The function returns 0 on success and if an error occured, it returns the |
90 | // offset where it occured. |
91 | // |
92 | // TODO: This function can access memory outside of the given data if the DER |
93 | // encoding is broken |
94 | // TODO: Support skipping elements with a length > 0x7F |
95 | // TODO: Support OIDs with a length > 7F |
96 | // TODO: Support elements with long tags (tag is longer than 1 byte) |
97 | // TODO: Support proprietary PACE domain parameters |
98 | //----------------------------------------------------------------------------- |
99 | size_t EPA_Parse_CardAccess(uint8_t *data, |
100 | size_t length, |
101 | pace_version_info_t *pace_info) |
102 | { |
103 | size_t index = 0; |
104 | |
105 | while (index <= length - 2) { |
106 | // determine type of element |
107 | // SET or SEQUENCE |
108 | if (data[index] == 0x31 || data[index] == 0x30) { |
109 | // enter the set (skip tag + length) |
110 | index += 2; |
111 | // extended length |
112 | if ((data[index - 1] & 0x80) != 0) { |
113 | index += (data[index] & 0x7F); |
114 | } |
115 | } |
116 | // OID |
117 | else if (data[index] == 0x06) { |
118 | // is this a PACE OID? |
119 | if (data[index + 1] == 0x0A // length matches |
120 | && memcmp(data + index + 2, |
121 | oid_pace_start, |
122 | sizeof(oid_pace_start)) == 0 // content matches |
123 | && pace_info != NULL) |
124 | { |
125 | // first, clear the pace_info struct |
126 | memset(pace_info, 0, sizeof(pace_version_info_t)); |
127 | memcpy(pace_info->oid, data + index + 2, sizeof(pace_info->oid)); |
128 | // a PACE OID is followed by the version |
129 | index += data[index + 1] + 2; |
130 | if (data[index] == 02 && data[index + 1] == 01) { |
131 | pace_info->version = data[index + 2]; |
132 | index += 3; |
133 | } |
134 | else { |
135 | return index; |
136 | } |
137 | // after that there might(!) be the parameter ID |
138 | if (data[index] == 02 && data[index + 1] == 01) { |
139 | pace_info->parameter_id = data[index + 2]; |
140 | index += 3; |
141 | } |
142 | } |
143 | else { |
144 | // skip this OID |
145 | index += 2 + data[index + 1]; |
146 | } |
147 | } |
148 | // if the length is 0, something is wrong |
149 | // TODO: This needs to be extended to support long tags |
150 | else if (data[index + 1] == 0) { |
151 | return index; |
152 | } |
153 | else { |
154 | // skip this part |
155 | // TODO: This needs to be extended to support long tags |
156 | // TODO: This needs to be extended to support unknown elements with |
157 | // a size > 0x7F |
158 | index += 2 + data[index + 1]; |
159 | } |
160 | } |
161 | |
162 | // TODO: We should check whether we reached the end in error, but for that |
163 | // we need a better parser (e.g. with states like IN_SET or IN_PACE_INFO) |
164 | return 0; |
165 | } |
166 | |
167 | //----------------------------------------------------------------------------- |
168 | // Read the file EF.CardAccess and save it into a buffer (at most max_length bytes) |
169 | // Returns -1 on failure or the length of the data on success |
170 | // TODO: for the moment this sends only 1 APDU regardless of the requested length |
171 | //----------------------------------------------------------------------------- |
172 | int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length) |
173 | { |
174 | // the response APDU of the card |
175 | // since the card doesn't always care for the expected length we send it, |
176 | // we reserve 262 bytes here just to be safe (256-byte APDU + SW + ISO frame) |
177 | uint8_t response_apdu[262]; |
178 | int rapdu_length = 0; |
179 | |
180 | // select the file EF.CardAccess |
181 | rapdu_length = iso14_apdu((uint8_t *)apdu_select_binary_cardaccess, |
182 | sizeof(apdu_select_binary_cardaccess), |
183 | response_apdu); |
184 | if (rapdu_length != 6 |
185 | || response_apdu[rapdu_length - 4] != 0x90 |
186 | || response_apdu[rapdu_length - 3] != 0x00) |
187 | { |
188 | return -1; |
189 | } |
190 | |
191 | // read the file |
192 | rapdu_length = iso14_apdu((uint8_t *)apdu_read_binary, |
193 | sizeof(apdu_read_binary), |
194 | response_apdu); |
195 | if (rapdu_length <= 6 |
196 | || response_apdu[rapdu_length - 4] != 0x90 |
197 | || response_apdu[rapdu_length - 3] != 0x00) |
198 | { |
199 | return -1; |
200 | } |
201 | |
202 | // copy the content into the buffer |
203 | // length of data available: apdu_length - 4 (ISO frame) - 2 (SW) |
204 | size_t to_copy = rapdu_length - 6; |
205 | to_copy = to_copy < max_length ? to_copy : max_length; |
206 | memcpy(buffer, response_apdu+2, to_copy); |
207 | return to_copy; |
208 | } |
209 | |
210 | //----------------------------------------------------------------------------- |
211 | // Abort helper function for EPA_PACE_Collect_Nonce |
212 | // sets relevant data in ack, sends the response |
213 | //----------------------------------------------------------------------------- |
902cb3c0 |
214 | static void EPA_PACE_Collect_Nonce_Abort(uint8_t step, int func_return) |
5acd09bd |
215 | { |
902cb3c0 |
216 | // // step in which the failure occured |
217 | // ack->arg[0] = step; |
218 | // // last return code |
219 | // ack->arg[1] = func_return; |
5acd09bd |
220 | |
221 | // power down the field |
222 | EPA_Finish(); |
e5ad43c0 |
223 | |
224 | // send the USB packet |
902cb3c0 |
225 | cmd_send(CMD_ACK,step,func_return,0,0,0); |
226 | //UsbSendPacket((void *)ack, sizeof(UsbCommand)); |
5acd09bd |
227 | } |
228 | |
229 | //----------------------------------------------------------------------------- |
230 | // Acquire one encrypted PACE nonce |
231 | //----------------------------------------------------------------------------- |
902cb3c0 |
232 | void EPA_PACE_Collect_Nonce(UsbCommand *c) |
5acd09bd |
233 | { |
234 | /* |
235 | * ack layout: |
236 | * arg: |
237 | * 1. element |
238 | * step where the error occured or 0 if no error occured |
239 | * 2. element |
240 | * return code of the last executed function |
241 | * d: |
242 | * Encrypted nonce |
243 | */ |
244 | |
245 | // return value of a function |
246 | int func_return; |
247 | |
902cb3c0 |
248 | // // initialize ack with 0s |
249 | // memset(ack->arg, 0, 12); |
250 | // memset(ack->d.asBytes, 0, 48); |
5acd09bd |
251 | |
252 | // set up communication |
253 | func_return = EPA_Setup(); |
254 | if (func_return != 0) { |
902cb3c0 |
255 | EPA_PACE_Collect_Nonce_Abort(1, func_return); |
5acd09bd |
256 | return; |
257 | } |
258 | |
259 | // increase the timeout (at least some cards really do need this!) |
260 | iso14a_set_timeout(0x0002FFFF); |
261 | |
262 | // read the CardAccess file |
263 | // this array will hold the CardAccess file |
264 | uint8_t card_access[256] = {0}; |
265 | int card_access_length = EPA_Read_CardAccess(card_access, 256); |
266 | // the response has to be at least this big to hold the OID |
267 | if (card_access_length < 18) { |
902cb3c0 |
268 | EPA_PACE_Collect_Nonce_Abort(2, card_access_length); |
5acd09bd |
269 | return; |
270 | } |
271 | |
272 | // this will hold the PACE info of the card |
273 | pace_version_info_t pace_version_info; |
274 | // search for the PACE OID |
275 | func_return = EPA_Parse_CardAccess(card_access, |
276 | card_access_length, |
277 | &pace_version_info); |
278 | if (func_return != 0 || pace_version_info.version == 0) { |
902cb3c0 |
279 | EPA_PACE_Collect_Nonce_Abort(3, func_return); |
5acd09bd |
280 | return; |
281 | } |
282 | |
283 | // initiate the PACE protocol |
284 | // use the CAN for the password since that doesn't change |
285 | func_return = EPA_PACE_MSE_Set_AT(pace_version_info, 2); |
286 | |
287 | // now get the nonce |
288 | uint8_t nonce[256] = {0}; |
289 | uint8_t requested_size = (uint8_t)c->arg[0]; |
290 | func_return = EPA_PACE_Get_Nonce(requested_size, nonce); |
291 | // check if the command succeeded |
292 | if (func_return < 0) |
293 | { |
902cb3c0 |
294 | EPA_PACE_Collect_Nonce_Abort(4, func_return); |
5acd09bd |
295 | return; |
296 | } |
902cb3c0 |
297 | |
298 | // all done, return |
299 | EPA_Finish(); |
5acd09bd |
300 | |
301 | // save received information |
902cb3c0 |
302 | // ack->arg[1] = func_return; |
303 | // memcpy(ack->d.asBytes, nonce, func_return); |
304 | // UsbSendPacket((void *)ack, sizeof(UsbCommand)); |
305 | cmd_send(CMD_ACK,0,func_return,0,nonce,func_return); |
5acd09bd |
306 | } |
307 | |
308 | //----------------------------------------------------------------------------- |
309 | // Performs the "Get Nonce" step of the PACE protocol and saves the returned |
310 | // nonce. The caller is responsible for allocating enough memory to store the |
311 | // nonce. Note that the returned size might be less or than or greater than the |
312 | // requested size! |
313 | // Returns the actual size of the nonce on success or a less-than-zero error |
314 | // code on failure. |
315 | //----------------------------------------------------------------------------- |
316 | int EPA_PACE_Get_Nonce(uint8_t requested_length, uint8_t *nonce) |
317 | { |
318 | // build the APDU |
319 | uint8_t apdu[sizeof(apdu_general_authenticate_pace_get_nonce) + 1]; |
320 | // copy the constant part |
321 | memcpy(apdu, |
322 | apdu_general_authenticate_pace_get_nonce, |
323 | sizeof(apdu_general_authenticate_pace_get_nonce)); |
324 | // append Le (requested length + 2 due to tag/length taking 2 bytes) in RAPDU |
325 | apdu[sizeof(apdu_general_authenticate_pace_get_nonce)] = requested_length + 4; |
326 | |
327 | // send it |
328 | uint8_t response_apdu[262]; |
329 | int send_return = iso14_apdu(apdu, |
330 | sizeof(apdu), |
331 | response_apdu); |
332 | // check if the command succeeded |
333 | if (send_return < 6 |
334 | || response_apdu[send_return - 4] != 0x90 |
335 | || response_apdu[send_return - 3] != 0x00) |
336 | { |
337 | return -1; |
338 | } |
339 | |
340 | // if there is no nonce in the RAPDU, return here |
341 | if (send_return < 10) |
342 | { |
343 | // no error |
344 | return 0; |
345 | } |
346 | // get the actual length of the nonce |
347 | uint8_t nonce_length = response_apdu[5]; |
348 | if (nonce_length > send_return - 10) |
349 | { |
350 | nonce_length = send_return - 10; |
351 | } |
352 | // copy the nonce |
353 | memcpy(nonce, response_apdu + 6, nonce_length); |
354 | |
355 | return nonce_length; |
356 | } |
357 | |
358 | //----------------------------------------------------------------------------- |
359 | // Initializes the PACE protocol by performing the "MSE: Set AT" step |
360 | // Returns 0 on success or a non-zero error code on failure |
361 | //----------------------------------------------------------------------------- |
362 | int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password) |
363 | { |
364 | // create the MSE: Set AT APDU |
365 | uint8_t apdu[23]; |
366 | // the minimum length (will be increased as more data is added) |
367 | size_t apdu_length = 20; |
368 | // copy the constant part |
369 | memcpy(apdu, |
370 | apdu_mse_set_at_start, |
371 | sizeof(apdu_mse_set_at_start)); |
372 | // type: OID |
373 | apdu[5] = 0x80; |
374 | // length of the OID |
375 | apdu[6] = sizeof(pace_version_info.oid); |
376 | // copy the OID |
377 | memcpy(apdu + 7, |
378 | pace_version_info.oid, |
379 | sizeof(pace_version_info.oid)); |
380 | // type: password |
381 | apdu[17] = 0x83; |
382 | // length: 1 |
383 | apdu[18] = 1; |
384 | // password |
385 | apdu[19] = password; |
386 | // if standardized domain parameters are used, copy the ID |
387 | if (pace_version_info.parameter_id != 0) { |
388 | apdu_length += 3; |
389 | // type: domain parameter |
390 | apdu[20] = 0x84; |
391 | // length: 1 |
392 | apdu[21] = 1; |
393 | // copy the parameter ID |
394 | apdu[22] = pace_version_info.parameter_id; |
395 | } |
396 | // now set Lc to the actual length |
397 | apdu[4] = apdu_length - 5; |
398 | // send it |
399 | uint8_t response_apdu[6]; |
400 | int send_return = iso14_apdu(apdu, |
401 | apdu_length, |
402 | response_apdu); |
403 | // check if the command succeeded |
404 | if (send_return != 6 |
405 | || response_apdu[send_return - 4] != 0x90 |
406 | || response_apdu[send_return - 3] != 0x00) |
407 | { |
408 | return 1; |
409 | } |
410 | return 0; |
411 | } |
412 | |
413 | //----------------------------------------------------------------------------- |
414 | // Set up a communication channel (Card Select, PPS) |
415 | // Returns 0 on success or a non-zero error code on failure |
416 | //----------------------------------------------------------------------------- |
417 | int EPA_Setup() |
418 | { |
419 | // return code |
420 | int return_code = 0; |
421 | // card UID |
422 | uint8_t uid[8]; |
423 | // card select information |
424 | iso14a_card_select_t card_select_info; |
425 | // power up the field |
7bc95e2e |
426 | iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); |
5acd09bd |
427 | |
428 | // select the card |
429 | return_code = iso14443a_select_card(uid, &card_select_info, NULL); |
430 | if (return_code != 1) { |
431 | return 1; |
432 | } |
433 | |
434 | // send the PPS request |
9492e0b0 |
435 | ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL); |
5acd09bd |
436 | uint8_t pps_response[3]; |
437 | return_code = ReaderReceive(pps_response); |
438 | if (return_code != 3 || pps_response[0] != 0xD0) { |
439 | return return_code == 0 ? 2 : return_code; |
440 | } |
441 | |
442 | return 0; |
443 | } |