]> git.zerfleddert.de Git - proxmark3-svn/blame_incremental - armsrc/epa.c
FIX: 'hf 14a sim x' - this fixes the error with using moebius attack and sim. Updat...
[proxmark3-svn] / armsrc / epa.c
... / ...
CommitLineData
1//-----------------------------------------------------------------------------
2// Frederik Möllers - August 2012
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// Routines to support the German electronic "Personalausweis" (ID card)
9// Note that the functions which do not implement USB commands do NOT initialize
10// the card (with iso14443a_select_card etc.). If You want to use these
11// functions, You need to do the setup before calling them!
12//-----------------------------------------------------------------------------
13#include "epa.h"
14
15// Protocol and Parameter Selection Request for ISO 14443 type A cards
16// use regular (1x) speed in both directions
17// CRC is already included
18static const uint8_t pps[] = {0xD0, 0x11, 0x00, 0x52, 0xA6};
19
20// APDUs for communication with German Identification Card
21
22// General Authenticate (request encrypted nonce) WITHOUT the Le at the end
23static const uint8_t apdu_general_authenticate_pace_get_nonce[] = {
24 0x10, // CLA
25 0x86, // INS
26 0x00, // P1
27 0x00, // P2
28 0x02, // Lc
29 0x7C, // Type: Dynamic Authentication Data
30 0x00, // Length: 0 bytes
31};
32
33// MSE: Set AT (only CLA, INS, P1 and P2)
34static const uint8_t apdu_mse_set_at_start[] = {
35 0x00, // CLA
36 0x22, // INS
37 0xC1, // P1
38 0xA4, // P2
39};
40
41// SELECT BINARY with the ID for EF.CardAccess
42static const uint8_t apdu_select_binary_cardaccess[] = {
43 0x00, // CLA
44 0xA4, // INS
45 0x02, // P1
46 0x0C, // P2
47 0x02, // Lc
48 0x01, // ID
49 0x1C // ID
50};
51
52// READ BINARY
53static const uint8_t apdu_read_binary[] = {
54 0x00, // CLA
55 0xB0, // INS
56 0x00, // P1
57 0x00, // P2
58 0x38 // Le
59};
60
61
62// the leading bytes of a PACE OID
63static const uint8_t oid_pace_start[] = {
64 0x04, // itu-t, identified-organization
65 0x00, // etsi
66 0x7F, // reserved
67 0x00, // etsi-identified-organization
68 0x07, // bsi-de
69 0x02, // protocols
70 0x02, // smartcard
71 0x04 // id-PACE
72};
73
74// APDUs for replaying:
75// MSE: Set AT (initiate PACE)
76static uint8_t apdu_replay_mse_set_at_pace[41];
77// General Authenticate (Get Nonce)
78static uint8_t apdu_replay_general_authenticate_pace_get_nonce[8];
79// General Authenticate (Map Nonce)
80static uint8_t apdu_replay_general_authenticate_pace_map_nonce[75];
81// General Authenticate (Mutual Authenticate)
82static uint8_t apdu_replay_general_authenticate_pace_mutual_authenticate[75];
83// General Authenticate (Perform Key Agreement)
84static uint8_t apdu_replay_general_authenticate_pace_perform_key_agreement[18];
85// pointers to the APDUs (for iterations)
86static struct {
87 uint8_t len;
88 uint8_t *data;
89} const apdus_replay[] = {
90 {sizeof(apdu_replay_mse_set_at_pace), apdu_replay_mse_set_at_pace},
91 {sizeof(apdu_replay_general_authenticate_pace_get_nonce), apdu_replay_general_authenticate_pace_get_nonce},
92 {sizeof(apdu_replay_general_authenticate_pace_map_nonce), apdu_replay_general_authenticate_pace_map_nonce},
93 {sizeof(apdu_replay_general_authenticate_pace_mutual_authenticate), apdu_replay_general_authenticate_pace_mutual_authenticate},
94 {sizeof(apdu_replay_general_authenticate_pace_perform_key_agreement), apdu_replay_general_authenticate_pace_perform_key_agreement}
95};
96
97// lengths of the replay APDUs
98static uint8_t apdu_lengths_replay[5];
99
100// type of card (ISO 14443 A or B)
101static char iso_type;
102
103//-----------------------------------------------------------------------------
104// Wrapper for sending APDUs to type A and B cards
105//-----------------------------------------------------------------------------
106int EPA_APDU(uint8_t *apdu, size_t length, uint8_t *response)
107{
108 switch(iso_type)
109 {
110 case 'a':
111 return iso14_apdu(apdu, (uint16_t) length, response);
112 break;
113 case 'b':
114 return iso14443b_apdu(apdu, length, response);
115 break;
116 default:
117 return 0;
118 break;
119 }
120}
121
122//-----------------------------------------------------------------------------
123// Closes the communication channel and turns off the field
124//-----------------------------------------------------------------------------
125void EPA_Finish()
126{
127 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
128 LEDsoff();
129 iso_type = 0;
130}
131
132//-----------------------------------------------------------------------------
133// Parses DER encoded data, e.g. from EF.CardAccess and fills out the given
134// structs. If a pointer is 0, it is ignored.
135// The function returns 0 on success and if an error occured, it returns the
136// offset where it occured.
137//
138// TODO: This function can access memory outside of the given data if the DER
139// encoding is broken
140// TODO: Support skipping elements with a length > 0x7F
141// TODO: Support OIDs with a length > 7F
142// TODO: Support elements with long tags (tag is longer than 1 byte)
143// TODO: Support proprietary PACE domain parameters
144//-----------------------------------------------------------------------------
145size_t EPA_Parse_CardAccess(uint8_t *data,
146 size_t length,
147 pace_version_info_t *pace_info)
148{
149 size_t index = 0;
150
151 while (index <= length - 2) {
152 // determine type of element
153 // SET or SEQUENCE
154 if (data[index] == 0x31 || data[index] == 0x30) {
155 // enter the set (skip tag + length)
156 index += 2;
157 // check for extended length
158 if ((data[index - 1] & 0x80) != 0) {
159 index += (data[index-1] & 0x7F);
160 }
161 }
162 // OID
163 else if (data[index] == 0x06) {
164 // is this a PACE OID?
165 if (data[index + 1] == 0x0A // length matches
166 && memcmp(data + index + 2,
167 oid_pace_start,
168 sizeof(oid_pace_start)) == 0 // content matches
169 && pace_info != NULL)
170 {
171 // first, clear the pace_info struct
172 memset(pace_info, 0, sizeof(pace_version_info_t));
173 memcpy(pace_info->oid, data + index + 2, sizeof(pace_info->oid));
174 // a PACE OID is followed by the version
175 index += data[index + 1] + 2;
176 if (data[index] == 02 && data[index + 1] == 01) {
177 pace_info->version = data[index + 2];
178 index += 3;
179 }
180 else {
181 return index;
182 }
183 // after that there might(!) be the parameter ID
184 if (data[index] == 02 && data[index + 1] == 01) {
185 pace_info->parameter_id = data[index + 2];
186 index += 3;
187 }
188 }
189 else {
190 // skip this OID
191 index += 2 + data[index + 1];
192 }
193 }
194 // if the length is 0, something is wrong
195 // TODO: This needs to be extended to support long tags
196 else if (data[index + 1] == 0) {
197 return index;
198 }
199 else {
200 // skip this part
201 // TODO: This needs to be extended to support long tags
202 // TODO: This needs to be extended to support unknown elements with
203 // a size > 0x7F
204 index += 2 + data[index + 1];
205 }
206 }
207
208 // TODO: We should check whether we reached the end in error, but for that
209 // we need a better parser (e.g. with states like IN_SET or IN_PACE_INFO)
210 return 0;
211}
212
213//-----------------------------------------------------------------------------
214// Read the file EF.CardAccess and save it into a buffer (at most max_length bytes)
215// Returns -1 on failure or the length of the data on success
216// TODO: for the moment this sends only 1 APDU regardless of the requested length
217//-----------------------------------------------------------------------------
218int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
219{
220 // the response APDU of the card
221 // since the card doesn't always care for the expected length we send it,
222 // we reserve 262 bytes here just to be safe (256-byte APDU + SW + ISO frame)
223 uint8_t response_apdu[262];
224 int rapdu_length = 0;
225
226 // select the file EF.CardAccess
227 rapdu_length = EPA_APDU((uint8_t *)apdu_select_binary_cardaccess,
228 sizeof(apdu_select_binary_cardaccess),
229 response_apdu);
230 if (rapdu_length < 6
231 || response_apdu[rapdu_length - 4] != 0x90
232 || response_apdu[rapdu_length - 3] != 0x00)
233 {
234 DbpString("Failed to select EF.CardAccess!");
235 return -1;
236 }
237
238 // read the file
239 rapdu_length = EPA_APDU((uint8_t *)apdu_read_binary,
240 sizeof(apdu_read_binary),
241 response_apdu);
242 if (rapdu_length <= 6
243 || response_apdu[rapdu_length - 4] != 0x90
244 || response_apdu[rapdu_length - 3] != 0x00)
245 {
246 Dbprintf("Failed to read EF.CardAccess!");
247 return -1;
248 }
249
250 // copy the content into the buffer
251 // length of data available: apdu_length - 4 (ISO frame) - 2 (SW)
252 size_t to_copy = rapdu_length - 6;
253 to_copy = to_copy < max_length ? to_copy : max_length;
254 memcpy(buffer, response_apdu+2, to_copy);
255 return to_copy;
256}
257
258//-----------------------------------------------------------------------------
259// Abort helper function for EPA_PACE_Collect_Nonce
260// sets relevant data in ack, sends the response
261//-----------------------------------------------------------------------------
262static void EPA_PACE_Collect_Nonce_Abort(uint8_t step, int func_return)
263{
264 // power down the field
265 EPA_Finish();
266
267 // send the USB packet
268 cmd_send(CMD_ACK,step,func_return,0,0,0);
269}
270
271//-----------------------------------------------------------------------------
272// Acquire one encrypted PACE nonce
273//-----------------------------------------------------------------------------
274void EPA_PACE_Collect_Nonce(UsbCommand *c)
275{
276 /*
277 * ack layout:
278 * arg:
279 * 1. element
280 * step where the error occured or 0 if no error occured
281 * 2. element
282 * return code of the last executed function
283 * d:
284 * Encrypted nonce
285 */
286
287 // return value of a function
288 int func_return = 0;
289
290 // set up communication
291 func_return = EPA_Setup();
292 if (func_return != 0) {
293 EPA_PACE_Collect_Nonce_Abort(1, func_return);
294 return;
295 }
296
297 // read the CardAccess file
298 // this array will hold the CardAccess file
299 uint8_t card_access[256] = {0};
300 int card_access_length = EPA_Read_CardAccess(card_access, 256);
301 // the response has to be at least this big to hold the OID
302 if (card_access_length < 18) {
303 EPA_PACE_Collect_Nonce_Abort(2, card_access_length);
304 return;
305 }
306
307 // this will hold the PACE info of the card
308 pace_version_info_t pace_version_info;
309 // search for the PACE OID
310 func_return = EPA_Parse_CardAccess(card_access,
311 card_access_length,
312 &pace_version_info);
313 if (func_return != 0 || pace_version_info.version == 0) {
314 EPA_PACE_Collect_Nonce_Abort(3, func_return);
315 return;
316 }
317
318 // initiate the PACE protocol
319 // use the CAN for the password since that doesn't change
320 func_return = EPA_PACE_MSE_Set_AT(pace_version_info, 2);
321
322 // now get the nonce
323 uint8_t nonce[256] = {0};
324 uint8_t requested_size = (uint8_t)c->arg[0];
325 func_return = EPA_PACE_Get_Nonce(requested_size, nonce);
326 // check if the command succeeded
327 if (func_return < 0)
328 {
329 EPA_PACE_Collect_Nonce_Abort(4, func_return);
330 return;
331 }
332
333 // all done, return
334 EPA_Finish();
335
336 // save received information
337 cmd_send(CMD_ACK,0,func_return,0,nonce,func_return);
338}
339
340//-----------------------------------------------------------------------------
341// Performs the "Get Nonce" step of the PACE protocol and saves the returned
342// nonce. The caller is responsible for allocating enough memory to store the
343// nonce. Note that the returned size might be less or than or greater than the
344// requested size!
345// Returns the actual size of the nonce on success or a less-than-zero error
346// code on failure.
347//-----------------------------------------------------------------------------
348int EPA_PACE_Get_Nonce(uint8_t requested_length, uint8_t *nonce)
349{
350 // build the APDU
351 uint8_t apdu[sizeof(apdu_general_authenticate_pace_get_nonce) + 1];
352 // copy the constant part
353 memcpy(apdu,
354 apdu_general_authenticate_pace_get_nonce,
355 sizeof(apdu_general_authenticate_pace_get_nonce));
356 // append Le (requested length + 2 due to tag/length taking 2 bytes) in RAPDU
357 apdu[sizeof(apdu_general_authenticate_pace_get_nonce)] = requested_length + 4;
358
359 // send it
360 uint8_t response_apdu[262];
361 int send_return = EPA_APDU(apdu,
362 sizeof(apdu),
363 response_apdu);
364 // check if the command succeeded
365 if (send_return < 6
366 || response_apdu[send_return - 4] != 0x90
367 || response_apdu[send_return - 3] != 0x00)
368 {
369 return -1;
370 }
371
372 // if there is no nonce in the RAPDU, return here
373 if (send_return < 10)
374 {
375 // no error
376 return 0;
377 }
378 // get the actual length of the nonce
379 uint8_t nonce_length = response_apdu[5];
380 if (nonce_length > send_return - 10)
381 {
382 nonce_length = send_return - 10;
383 }
384 // copy the nonce
385 memcpy(nonce, response_apdu + 6, nonce_length);
386
387 return nonce_length;
388}
389
390//-----------------------------------------------------------------------------
391// Initializes the PACE protocol by performing the "MSE: Set AT" step
392// Returns 0 on success or a non-zero error code on failure
393//-----------------------------------------------------------------------------
394int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password)
395{
396 // create the MSE: Set AT APDU
397 uint8_t apdu[23];
398 // the minimum length (will be increased as more data is added)
399 size_t apdu_length = 20;
400 // copy the constant part
401 memcpy(apdu,
402 apdu_mse_set_at_start,
403 sizeof(apdu_mse_set_at_start));
404 // type: OID
405 apdu[5] = 0x80;
406 // length of the OID
407 apdu[6] = sizeof(pace_version_info.oid);
408 // copy the OID
409 memcpy(apdu + 7,
410 pace_version_info.oid,
411 sizeof(pace_version_info.oid));
412 // type: password
413 apdu[17] = 0x83;
414 // length: 1
415 apdu[18] = 1;
416 // password
417 apdu[19] = password;
418 // if standardized domain parameters are used, copy the ID
419 if (pace_version_info.parameter_id != 0) {
420 apdu_length += 3;
421 // type: domain parameter
422 apdu[20] = 0x84;
423 // length: 1
424 apdu[21] = 1;
425 // copy the parameter ID
426 apdu[22] = pace_version_info.parameter_id;
427 }
428 // now set Lc to the actual length
429 apdu[4] = apdu_length - 5;
430 // send it
431 uint8_t response_apdu[6];
432 int send_return = EPA_APDU(apdu,
433 apdu_length,
434 response_apdu);
435 // check if the command succeeded
436 if (send_return != 6
437 || response_apdu[send_return - 4] != 0x90
438 || response_apdu[send_return - 3] != 0x00)
439 {
440 return 1;
441 }
442 return 0;
443}
444
445//-----------------------------------------------------------------------------
446// Perform the PACE protocol by replaying given APDUs
447//-----------------------------------------------------------------------------
448void EPA_PACE_Replay(UsbCommand *c)
449{
450 uint32_t timings[sizeof(apdu_lengths_replay) / sizeof(apdu_lengths_replay[0])] = {0};
451
452 // if an APDU has been passed, save it
453 if (c->arg[0] != 0) {
454 // make sure it's not too big
455 if(c->arg[2] > apdus_replay[c->arg[0] - 1].len)
456 {
457 cmd_send(CMD_ACK, 1, 0, 0, NULL, 0);
458 }
459 memcpy(apdus_replay[c->arg[0] - 1].data + c->arg[1],
460 c->d.asBytes,
461 c->arg[2]);
462 // save/update APDU length
463 if (c->arg[1] == 0) {
464 apdu_lengths_replay[c->arg[0] - 1] = c->arg[2];
465 } else {
466 apdu_lengths_replay[c->arg[0] - 1] += c->arg[2];
467 }
468 cmd_send(CMD_ACK, 0, 0, 0, NULL, 0);
469 return;
470 }
471
472 // return value of a function
473 int func_return;
474
475 // set up communication
476 func_return = EPA_Setup();
477 if (func_return != 0) {
478 EPA_Finish();
479 cmd_send(CMD_ACK, 2, func_return, 0, NULL, 0);
480 return;
481 }
482
483 // increase the timeout (at least some cards really do need this!)/////////////
484 // iso14a_set_timeout(0x0003FFFF);
485
486 // response APDU
487 uint8_t response_apdu[300] = {0};
488
489 // now replay the data and measure the timings
490 for (int i = 0; i < sizeof(apdu_lengths_replay); i++) {
491 StartCountUS();
492 func_return = EPA_APDU(apdus_replay[i].data,
493 apdu_lengths_replay[i],
494 response_apdu);
495 timings[i] = GetCountUS();
496 // every step but the last one should succeed
497 if (i < sizeof(apdu_lengths_replay) - 1
498 && (func_return < 6
499 || response_apdu[func_return - 4] != 0x90
500 || response_apdu[func_return - 3] != 0x00))
501 {
502 EPA_Finish();
503 cmd_send(CMD_ACK, 3 + i, func_return, 0, timings, 20);
504 return;
505 }
506 }
507 EPA_Finish();
508 cmd_send(CMD_ACK,0,0,0,timings,20);
509 return;
510}
511
512//-----------------------------------------------------------------------------
513// Set up a communication channel (Card Select, PPS)
514// Returns 0 on success or a non-zero error code on failure
515//-----------------------------------------------------------------------------
516int EPA_Setup()
517{
518 int return_code = 0;
519 uint8_t uid[10];
520 uint8_t pps_response[3];
521 uint8_t pps_response_par[1];
522 iso14a_card_select_t card_a_info;
523 iso14b_card_select_t card_b_info;
524
525 // first, look for type A cards
526 // power up the field
527 iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
528 // select the card
529 return_code = iso14443a_select_card(uid, &card_a_info, NULL, true, 0);
530 if (return_code == 1) {
531 // send the PPS request
532 ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
533 return_code = ReaderReceive(pps_response, pps_response_par);
534 if (return_code != 3 || pps_response[0] != 0xD0) {
535 return return_code == 0 ? 2 : return_code;
536 }
537 Dbprintf("ISO 14443 Type A");
538 iso_type = 'a';
539 return 0;
540 }
541
542 // if we're here, there is no type A card, so we look for type B
543 // power up the field
544 iso14443b_setup();
545 // select the card
546 return_code = iso14443b_select_card( &card_b_info );
547 if (return_code == 1) {
548 Dbprintf("ISO 14443 Type B");
549 iso_type = 'b';
550 return 0;
551 }
552 Dbprintf("No card found.");
553 return 1;
554}
Impressum, Datenschutz