puck/xenid
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Initial commit.

Browse source
This commit is contained in:
puck 2025-12-05 11:19:20 +00:00
commit 62d6a66cd0
12 changed files with 4342 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
/target

287
COPYING Normal file
View file

@ -0,0 +1,287 @@
EUROPEAN UNION PUBLIC LICENCE v. 1.2
EUPL © the European Union 2007, 2016
This European Union Public Licence (the EUPL) applies to the Work (as defined
below) which is provided under the terms of this Licence. Any use of the Work,
other than as authorised under this Licence is prohibited (to the extent such
use is covered by a right of the copyright holder of the Work).
The Work is provided under the terms of this Licence when the Licensor (as
defined below) has placed the following notice immediately following the
copyright notice for the Work:
Licensed under the EUPL
or has expressed by any other means his willingness to license under the EUPL.
1. Definitions
In this Licence, the following terms have the following meaning:
- The Licence: this Licence.
- The Original Work: the work or software distributed or communicated by the
Licensor under this Licence, available as Source Code and also as Executable
Code as the case may be.
- Derivative Works: the works or software that could be created by the
Licensee, based upon the Original Work or modifications thereof. This Licence
does not define the extent of modification or dependence on the Original Work
required in order to classify a work as a Derivative Work; this extent is
determined by copyright law applicable in the country mentioned in Article 15.
- The Work: the Original Work or its Derivative Works.
- The Source Code: the human-readable form of the Work which is the most
convenient for people to study and modify.
- The Executable Code: any code which has generally been compiled and which is
meant to be interpreted by a computer as a program.
- The Licensor: the natural or legal person that distributes or communicates
the Work under the Licence.
- Contributor(s): any natural or legal person who modifies the Work under the
Licence, or otherwise contributes to the creation of a Derivative Work.
- The Licensee or You: any natural or legal person who makes any usage of
the Work under the terms of the Licence.
- Distribution or Communication: any act of selling, giving, lending,
renting, distributing, communicating, transmitting, or otherwise making
available, online or offline, copies of the Work or providing access to its
essential functionalities at the disposal of any other natural or legal
person.
2. Scope of the rights granted by the Licence
The Licensor hereby grants You a worldwide, royalty-free, non-exclusive,
sublicensable licence to do the following, for the duration of copyright vested
in the Original Work:
- use the Work in any circumstance and for all usage,
- reproduce the Work,
- modify the Work, and make Derivative Works based upon the Work,
- communicate to the public, including the right to make available or display
the Work or copies thereof to the public and perform publicly, as the case may
be, the Work,
- distribute the Work or copies thereof,
- lend and rent the Work or copies thereof,
- sublicense rights in the Work or copies thereof.
Those rights can be exercised on any media, supports and formats, whether now
known or later invented, as far as the applicable law permits so.
In the countries where moral rights apply, the Licensor waives his right to
exercise his moral right to the extent allowed by law in order to make effective
the licence of the economic rights here above listed.
The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to
any patents held by the Licensor, to the extent necessary to make use of the
rights granted on the Work under this Licence.
3. Communication of the Source Code
The Licensor may provide the Work either in its Source Code form, or as
Executable Code. If the Work is provided as Executable Code, the Licensor
provides in addition a machine-readable copy of the Source Code of the Work
along with each copy of the Work that the Licensor distributes or indicates, in
a notice following the copyright notice attached to the Work, a repository where
the Source Code is easily and freely accessible for as long as the Licensor
continues to distribute or communicate the Work.
4. Limitations on copyright
Nothing in this Licence is intended to deprive the Licensee of the benefits from
any exception or limitation to the exclusive rights of the rights owners in the
Work, of the exhaustion of those rights or of other applicable limitations
thereto.
5. Obligations of the Licensee
The grant of the rights mentioned above is subject to some restrictions and
obligations imposed on the Licensee. Those obligations are the following:
Attribution right: The Licensee shall keep intact all copyright, patent or
trademarks notices and all notices that refer to the Licence and to the
disclaimer of warranties. The Licensee must include a copy of such notices and a
copy of the Licence with every copy of the Work he/she distributes or
communicates. The Licensee must cause any Derivative Work to carry prominent
notices stating that the Work has been modified and the date of modification.
Copyleft clause: If the Licensee distributes or communicates copies of the
Original Works or Derivative Works, this Distribution or Communication will be
done under the terms of this Licence or of a later version of this Licence
unless the Original Work is expressly distributed only under this version of the
Licence — for example by communicating EUPL v. 1.2 only. The Licensee
(becoming Licensor) cannot offer or impose any additional terms or conditions on
the Work or Derivative Work that alter or restrict the terms of the Licence.
Compatibility clause: If the Licensee Distributes or Communicates Derivative
Works or copies thereof based upon both the Work and another work licensed under
a Compatible Licence, this Distribution or Communication can be done under the
terms of this Compatible Licence. For the sake of this clause, Compatible
Licence refers to the licences listed in the appendix attached to this Licence.
Should the Licensee's obligations under the Compatible Licence conflict with
his/her obligations under this Licence, the obligations of the Compatible
Licence shall prevail.
Provision of Source Code: When distributing or communicating copies of the Work,
the Licensee will provide a machine-readable copy of the Source Code or indicate
a repository where this Source will be easily and freely available for as long
as the Licensee continues to distribute or communicate the Work.
Legal Protection: This Licence does not grant permission to use the trade names,
trademarks, service marks, or names of the Licensor, except as required for
reasonable and customary use in describing the origin of the Work and
reproducing the content of the copyright notice.
6. Chain of Authorship
The original Licensor warrants that the copyright in the Original Work granted
hereunder is owned by him/her or licensed to him/her and that he/she has the
power and authority to grant the Licence.
Each Contributor warrants that the copyright in the modifications he/she brings
to the Work are owned by him/her or licensed to him/her and that he/she has the
power and authority to grant the Licence.
Each time You accept the Licence, the original Licensor and subsequent
Contributors grant You a licence to their contributions to the Work, under the
terms of this Licence.
7. Disclaimer of Warranty
The Work is a work in progress, which is continuously improved by numerous
Contributors. It is not a finished work and may therefore contain defects or
bugs inherent to this type of development.
For the above reason, the Work is provided under the Licence on an as is basis
and without warranties of any kind concerning the Work, including without
limitation merchantability, fitness for a particular purpose, absence of defects
or errors, accuracy, non-infringement of intellectual property rights other than
copyright as stated in Article 6 of this Licence.
This disclaimer of warranty is an essential part of the Licence and a condition
for the grant of any rights to the Work.
8. Disclaimer of Liability
Except in the cases of wilful misconduct or damages directly caused to natural
persons, the Licensor will in no event be liable for any direct or indirect,
material or moral, damages of any kind, arising out of the Licence or of the use
of the Work, including without limitation, damages for loss of goodwill, work
stoppage, computer failure or malfunction, loss of data or any commercial
damage, even if the Licensor has been advised of the possibility of such damage.
However, the Licensor will be liable under statutory product liability laws as
far such laws apply to the Work.
9. Additional agreements
While distributing the Work, You may choose to conclude an additional agreement,
defining obligations or services consistent with this Licence. However, if
accepting obligations, You may act only on your own behalf and on your sole
responsibility, not on behalf of the original Licensor or any other Contributor,
and only if You agree to indemnify, defend, and hold each Contributor harmless
for any liability incurred by, or claims asserted against such Contributor by
the fact You have accepted any warranty or additional liability.
10. Acceptance of the Licence
The provisions of this Licence can be accepted by clicking on an icon I agree
placed under the bottom of a window displaying the text of this Licence or by
affirming consent in any other similar way, in accordance with the rules of
applicable law. Clicking on that icon indicates your clear and irrevocable
acceptance of this Licence and all of its terms and conditions.
Similarly, you irrevocably accept this Licence and all of its terms and
conditions by exercising any rights granted to You by Article 2 of this Licence,
such as the use of the Work, the creation by You of a Derivative Work or the
Distribution or Communication by You of the Work or copies thereof.
11. Information to the public
In case of any Distribution or Communication of the Work by means of electronic
communication by You (for example, by offering to download the Work from a
remote location) the distribution channel or media (for example, a website) must
at least provide to the public the information requested by the applicable law
regarding the Licensor, the Licence and the way it may be accessible, concluded,
stored and reproduced by the Licensee.
12. Termination of the Licence
The Licence and the rights granted hereunder will terminate automatically upon
any breach by the Licensee of the terms of the Licence.
Such a termination will not terminate the licences of any person who has
received the Work from the Licensee under the Licence, provided such persons
remain in full compliance with the Licence.
13. Miscellaneous
Without prejudice of Article 9 above, the Licence represents the complete
agreement between the Parties as to the Work.
If any provision of the Licence is invalid or unenforceable under applicable
law, this will not affect the validity or enforceability of the Licence as a
whole. Such provision will be construed or reformed so as necessary to make it
valid and enforceable.
The European Commission may publish other linguistic versions or new versions of
this Licence or updated versions of the Appendix, so far this is required and
reasonable, without reducing the scope of the rights granted by the Licence. New
versions of the Licence will be published with a unique version number.
All linguistic versions of this Licence, approved by the European Commission,
have identical value. Parties can take advantage of the linguistic version of
their choice.
14. Jurisdiction
Without prejudice to specific agreement between parties,
- any litigation resulting from the interpretation of this License, arising
between the European Union institutions, bodies, offices or agencies, as a
Licensor, and any Licensee, will be subject to the jurisdiction of the Court
of Justice of the European Union, as laid down in article 272 of the Treaty on
the Functioning of the European Union,
- any litigation arising between other parties and resulting from the
interpretation of this License, will be subject to the exclusive jurisdiction
of the competent court where the Licensor resides or conducts its primary
business.
15. Applicable Law
Without prejudice to specific agreement between parties,
- this Licence shall be governed by the law of the European Union Member State
where the Licensor has his seat, resides or has his registered office,
- this licence shall be governed by Belgian law if the Licensor has no seat,
residence or registered office inside a European Union Member State.
Appendix
Compatible Licences according to Article 5 EUPL are:
- GNU General Public License (GPL) v. 2, v. 3
- GNU Affero General Public License (AGPL) v. 3
- Open Software License (OSL) v. 2.1, v. 3.0
- Eclipse Public License (EPL) v. 1.0
- CeCILL v. 2.0, v. 2.1
- Mozilla Public Licence (MPL) v. 2
- GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3
- Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for
works other than software
- European Union Public Licence (EUPL) v. 1.1, v. 1.2
- Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong
Reciprocity (LiLiQ-R+).
The European Commission may update this Appendix to later versions of the above
licences without producing a new version of the EUPL, as long as they provide
the rights granted in Article 2 of this Licence and protect the covered Source
Code from exclusive appropriation.
All other changes or additions to this Appendix require the production of a new
EUPL version.

2289
Cargo.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

22
Cargo.toml Normal file
View file

@ -0,0 +1,22 @@
[package]
name = "xenid"
version = "0.1.0"
edition = "2024"
[dependencies]
base64 = "0.22.1"
bitflags = "2.10.0"
der = { version = "0.7.10", features = ["alloc", "bytes", "oid", "std", "derive"] }
gtk = { package = "gtk4", version = "0.10.3", features = ["v4_20"] }
adw = { package = "libadwaita", version = "0.8.1", features = ["gtk_v4_20", "v1_8"] }
openssl = { version = "0.10.75" }
pcsc = "2.9.0"
reqwest = { version = "0.12.24", features = ["json"] }
serde = { version = "1.0.228", features = ["derive"] }
serde_json = "1.0.145"
sha2 = "0.10.9"
tokio = { version = "1.48.0", features = ["full"] }
url = "2.5.7"
gdk = { package = "gdk4", version = "0.10.3", features = ["v4_20"] }
async-channel = "2.5.0"
glib = { version = "0.21.5", features = ["v2_86"] }

7
data/moe.puck.XeniD.desktop Normal file
View file

@ -0,0 +1,7 @@
[Desktop Entry]
Type=Application
Comment=DigiD eID client for Linux
Name=XeniD
Exec=xenid %u
StartupNotify=true
MimeType=x-scheme-handler/digid-app-wid;

214
src/digid_api.rs Normal file
View file

@ -0,0 +1,214 @@
use std::collections::HashMap;
use serde::{Deserialize, Serialize, de::DeserializeOwned};
#[derive(serde::Serialize)]
pub struct Version {
pub major: usize,
pub minor: usize,
}
#[derive(serde::Serialize)]
pub struct Header {
#[serde(rename = "sessionId")]
pub session_id: String,
#[serde(rename = "supportedAPIVersion")]
pub supported_api_version: Version,
}
#[derive(serde::Serialize)]
pub struct BaseRequest<T: Serialize> {
pub header: Header,
#[serde(rename = "messageData")]
pub data: T,
}
#[derive(serde::Serialize)]
pub struct Init {
#[serde(rename = "userConsentType")]
pub user_consent_type: String, // "PP" or "PIP", hard-coded as "PIP" rn?
#[serde(rename = "documentType")]
pub document_type: String, // base64-encoded AID. ignored for NIK?
}
#[derive(serde::Deserialize)]
pub struct BaseResponse<T> {
pub status: String,
#[serde(rename = "sessionId")]
pub session_id: Option<String>,
#[serde(rename = "responseData")]
pub data: T,
}
#[derive(serde::Deserialize)]
pub struct APDUsResponse {
pub apdus: Vec<String>,
#[serde(rename = "ephemeralPKey")]
pub ephemeral_key: String,
}
#[derive(serde::Serialize)]
pub struct APDURequest {
pub counter: isize,
pub apdu: String,
}
#[derive(serde::Deserialize)]
pub struct PreparePCAResponse {
pub apdus: Vec<String>,
}
#[derive(serde::Deserialize)]
pub struct PolyDataResponse {
pub result: String,
}
pub async fn wid_init(session_id: &str) -> ClientContext {
let client = reqwest::Client::new();
let init_req = client
.post("https://app.digid.nl/apps/wid/new")
.json(&serde_json::json!({"app_session_id": session_id.to_owned() }))
.header("API-Version", "3")
.header("App-Version", "6.16.3")
.header("OS-Type", "Android")
.header("OS-Version", "28")
.header("Release-Type", "Productie")
.header("User-Agent", "eidkitty")
.send()
.await
.unwrap()
.json::<HashMap<String, String>>()
.await
.unwrap();
println!("{:?}", init_req);
let wid_session_id = init_req.get("session_id").unwrap().to_owned();
client
.post("https://app.digid.nl/apps/wid/confirm")
.json(&serde_json::json!({"app_session_id": session_id.to_owned() }))
.header("API-Version", "3")
.header("App-Version", "6.16.3")
.header("OS-Type", "Android")
.header("OS-Version", "28")
.header("Release-Type", "Productie")
.header("User-Agent", "eidkitty")
.send()
.await
.unwrap()
.json::<HashMap<String, String>>()
.await
.unwrap();
ClientContext {
host: init_req.get("url").unwrap().to_owned(),
session: wid_session_id,
service: init_req.get("webservice").unwrap().to_owned(),
}
}
pub struct ClientContext {
pub host: String,
pub session: String,
pub service: String,
}
impl ClientContext {
async fn send<T: Serialize, R: DeserializeOwned>(
&self,
path: &str,
data: &T,
) -> reqwest::Result<R> {
let client = reqwest::Client::new();
let resp: BaseResponse<R> = client
.post(format!("{}{}", self.host, path))
.json(&BaseRequest {
header: Header {
session_id: self.session.clone(),
supported_api_version: Version { major: 1, minor: 1 },
},
data,
})
.header("User-Agent", "meowmeow")
.send()
.await?
.json()
.await?;
Ok(resp.data)
}
pub async fn start(&self) {
self.send::<_, serde_json::Value>(
"/v1/nik/start",
&Init {
user_consent_type: String::from("PIP"),
document_type: String::from("oAAAAkcQAQ=="),
},
)
.await
.unwrap();
}
pub async fn prepare_eac(
&self,
ef_cvca: &[u8],
dg14: &[u8],
ef_sod: &[u8],
pace_icc: &[u8],
) -> (Vec<Vec<u8>>, Vec<u8>) {
let resp: APDUsResponse = self
.send(
"/v1/nik/prepareeac",
&serde_json::json!({
"efCvca": base64::encode(ef_cvca),
"dg14": base64::encode(dg14),
"efSOd": base64::encode(ef_sod),
"paceIcc": base64::encode(pace_icc),
}),
)
.await
.unwrap();
(
resp.apdus
.into_iter()
.map(|f| base64::decode(f).unwrap())
.collect(),
base64::decode(resp.ephemeral_key).unwrap(),
)
}
pub async fn prepare_pca(&self, counter: isize, last_apdu: &[u8]) -> Vec<Vec<u8>> {
let resp: PreparePCAResponse = self
.send(
"/v1/nik/preparepca",
&APDURequest {
counter,
apdu: base64::encode(last_apdu),
},
)
.await
.unwrap();
resp.apdus
.into_iter()
.map(|f| base64::decode(f).unwrap())
.collect()
}
pub async fn get_polymorphic_data(&self, counter: isize, last_apdu: &[u8]) -> String {
let resp: PolyDataResponse = self
.send(
"/v1/nik/polymorph/data",
&APDURequest {
counter,
apdu: base64::encode(last_apdu),
},
)
.await
.unwrap();
resp.result
}
}

194
src/gui.rs Normal file
View file

@ -0,0 +1,194 @@
use std::cell::{RefCell, RefMut};
use std::rc::Rc;
use adw::{Clamp, ToolbarView, prelude::*};
use adw::{ActionRow, Application, ApplicationWindow, HeaderBar};
use gtk::{
Box, Button, CssProvider, Grid, GridLayout, Label, ListBox, Orientation, PasswordEntry,
SelectionMode,
};
use crate::pipe;
use glib::clone;
fn build_ui(
app: &Application,
ctg_pipe: async_channel::Receiver<crate::pipe::CardToGUI>,
gtc_pipe: async_channel::Sender<crate::pipe::GUIToCard>,
) {
let main_box = Box::builder().orientation(Orientation::Vertical).build();
let password_grid = Grid::new();
let password_mask: Vec<Button> = (0..5)
.map(|f| {
Button::builder()
.name(format!("button_{}", f))
.icon_name("")
.can_focus(false)
.can_target(false)
.hexpand(true)
.css_classes(&["cell"][..])
.build()
})
.collect();
for i in 0..5 {
password_grid.attach(&password_mask[i], i as i32, 0, 1, 1);
}
let password_field = PasswordEntry::builder()
.margin_bottom(12)
.width_request(5)
.width_chars(0)
.css_classes(&["invisible"][..])
.build();
password_grid.attach(&password_field, 0, 0, 5, 1);
password_field.connect_changed(move |v| {
let count = v.text().len();
for i in 0..5 {
password_mask[i].set_icon_name(if count > i {
"window-close-symbolic"
} else {
""
});
}
if count > 5 {
v.delete_text(5, -1);
}
});
let info_label = Label::builder()
.label("...Processing")
.margin_bottom(12)
.build();
let button = Button::builder().label("Next").sensitive(false).build();
main_box.append(&info_label);
main_box.append(&password_grid);
main_box.append(&button);
let headerbar = HeaderBar::new();
let toolbar_view = ToolbarView::new();
toolbar_view.add_top_bar(&headerbar);
let c = Clamp::builder()
.child(&main_box)
.margin_end(16)
.margin_start(16)
.margin_end(16)
.build();
toolbar_view.set_content(Some(&c));
let window = ApplicationWindow::builder()
.application(app)
.title("Log in with DigiD")
.default_width(350)
// add content to window
.content(&toolbar_view)
.build();
password_field.connect_activate(clone!(
#[weak]
button,
move |_| {
button.emit_clicked();
}
));
button.connect_clicked(clone!(
#[weak]
password_field,
move |btn| {
btn.set_sensitive(false);
let pass = password_field.text().to_string();
gtc_pipe.send_blocking(pipe::GUIToCard::PIN(pass)).unwrap();
}
));
gdk::glib::spawn_future_local(clone!(
#[weak]
info_label,
#[weak]
button,
#[weak]
window,
#[weak]
app,
#[weak]
password_field,
async move {
while let Ok(msg) = ctg_pipe.recv().await {
match msg {
pipe::CardToGUI::AuthenticationTarget { target } => {
info_label.set_text(&format!("Enter your PIN to log in to {}", target));
}
pipe::CardToGUI::WaitForCard => {
button.set_sensitive(false);
button.set_label("Place your card on the reader.");
}
pipe::CardToGUI::ReadyForPIN { message } => {
let no_special = message.is_none();
button.set_label(&message.unwrap_or_else(|| String::from("Next")));
button.set_sensitive(true);
if no_special && password_field.text().len() == 5 {
button.emit_clicked();
}
}
pipe::CardToGUI::ProcessingStep { step: _ } => {}
pipe::CardToGUI::ProcessingMessage { message } => {
button.set_label(&message);
}
pipe::CardToGUI::Done => {
window.close();
app.quit();
}
}
}
}
));
window.connect_has_focus_notify(move |f| {
if f.has_focus() {
password_field.grab_focus();
}
});
window.present();
}
pub fn run_gui(
ctg_pipe_r: async_channel::Receiver<crate::pipe::CardToGUI>,
gtc_pipe_s: async_channel::Sender<crate::pipe::GUIToCard>,
) {
let application = Application::builder()
.application_id("moe.puck.XeniD")
.build();
let ctg_pipe_r = RefCell::new(Some(ctg_pipe_r));
let gtc_pipe_s = RefCell::new(Some(gtc_pipe_s));
application.connect_activate(move |app| {
let provider = CssProvider::new();
provider
.load_from_string(".cell { margin: 6px; padding: 18px; } .invisible { opacity: 0; }");
gtk::style_context_add_provider_for_display(
&gdk::Display::default().expect("Could not connect to a display."),
&provider,
gtk::STYLE_PROVIDER_PRIORITY_APPLICATION,
);
build_ui(app, ctg_pipe_r.take().unwrap(), gtc_pipe_s.take().unwrap());
});
application.run_with_args::<glib::GString>(&[]);
}

152
src/iso7816.rs Normal file
View file

@ -0,0 +1,152 @@
use crate::{Card, CommandChaining, OwnedCommandAPDU, SecureMessaging};
/**
* A card contains a master file.
* Each master file contains DFs, which can contain child DFs.
* EFs contain data.
*
* There may not be an MF but lke. yeah
*/
/*
PCA: A0000007885043 412D654D525444
EF.DIR is EF identifier 2F00 under dedicated file
EF.CardAccess (PACE) is EF identifier 011C under dedicated file
EID: A0000007885043 412D654D525444 *encrypted*
EF.DG14 is EF identifier 010E under dedicated file
(icao doc 9303-10)
EF.SOD is EF identifier 011D under dedicated file
(icao doc 9303-10)
EF.CVCA is EF identifier 011C under dedicated file
(icao doc 9303-11)
*/
#[derive(Copy, Clone, Debug)]
pub enum SelectFile<'a> {
File(&'a [u8]),
ChildDedicatedFile(&'a [u8]),
ElementaryFileUnderDedicatedFile(&'a [u8]),
ParentDedicatedFile,
// AID
DedicatedFileName(&'a [u8]),
PathFromMasterFile(&'a [u8]),
PathFromCurrentDedicatedFile(&'a [u8]),
}
pub mod files {
use crate::iso7816::SelectFile;
pub const EF_DIR: SelectFile<'static> =
SelectFile::ElementaryFileUnderDedicatedFile(&[0x2F, 0x00]);
pub const EF_CARDACCESS: SelectFile<'static> =
SelectFile::ElementaryFileUnderDedicatedFile(&[0x01, 0x1C]);
pub const EF_DG14: SelectFile<'static> =
SelectFile::ElementaryFileUnderDedicatedFile(&[0x01, 0x0E]);
pub const EF_SOD: SelectFile<'static> =
SelectFile::ElementaryFileUnderDedicatedFile(&[0x01, 0x1D]);
// static 36 bytes?
// same ID as EF.CardAccess???
pub const EF_CVCA: SelectFile<'static> =
SelectFile::ElementaryFileUnderDedicatedFile(&[0x01, 0x1C]);
}
#[derive(Copy, Clone, Debug)]
pub enum SelectOccurrence {
First = 0b00,
Last = 0b01,
Next = 0b10,
Previous = 0b11,
}
fn generate_select_apdu(
channel: u8,
file: SelectFile<'_>,
occurrence: SelectOccurrence,
) -> OwnedCommandAPDU {
let (p1, contents) = match file {
SelectFile::File(identifier) => (0b0000_0000, identifier),
SelectFile::ChildDedicatedFile(identifier) => (0b0000_0001, identifier),
SelectFile::ElementaryFileUnderDedicatedFile(identifier) => (0b0000_0010, identifier),
SelectFile::ParentDedicatedFile => (0b0000_0011, &[][..]),
SelectFile::DedicatedFileName(identifier) => (0b0000_0100, identifier),
SelectFile::PathFromMasterFile(identifier) => (0b0000_1000, identifier),
SelectFile::PathFromCurrentDedicatedFile(identifier) => (0b0000_1001, identifier),
};
let p2 = occurrence as u8 | 0x0C;
OwnedCommandAPDU {
class: crate::Class::Standard {
command_chaining: CommandChaining::LastOrOnly,
secure_messaging: SecureMessaging::None,
channel,
},
instruction: 0xA4,
parameter: [p1, p2],
command: contents.to_vec(),
expected_length: Some(0),
}
}
pub async fn select(
card: &mut impl Card,
channel: u8,
file: SelectFile<'_>,
occurrence: SelectOccurrence,
) -> std::io::Result<bool> {
let apdu = generate_select_apdu(channel, file, occurrence);
let res = card.transmit(apdu).await?;
Ok(res.status == 0x9000)
}
pub fn generate_read_binary(channel: u8, offset: u16, amount: u16) -> OwnedCommandAPDU {
assert!(offset & 0x8000 == 0);
OwnedCommandAPDU {
class: crate::Class::Standard {
command_chaining: CommandChaining::LastOrOnly,
secure_messaging: SecureMessaging::None,
channel,
},
instruction: 0xB0,
parameter: offset.to_be_bytes(),
command: Vec::new(),
expected_length: Some(amount as usize),
}
}
pub async fn read_binary(card: &mut impl Card, channel: u8) -> std::io::Result<Option<Vec<u8>>> {
let mut out = Vec::new();
loop {
let buf = card
.transmit(generate_read_binary(channel, out.len() as u16, 0x70))
.await?;
if buf.status == 0x6b00 {
// End of EF
return Ok(Some(out));
}
if buf.status != 0x9000 {
return Ok(None);
}
out.extend_from_slice(&buf.data);
if buf.data.len() < 0x70 {
return Ok(Some(out));
}
}
}

456
src/main.rs Normal file
View file

@ -0,0 +1,456 @@
use std::{env::args, thread, time::Duration};
use der::{Any, Decode, asn1::SetOfVec, oid::ObjectIdentifier};
use openssl::{bn::BigNumContext, ec::PointConversionForm, pkey::PKey};
use tokio::runtime::Runtime;
use url::Url;
use crate::{
pace::{append_do, prepend_do},
pcsc_card::PCSCCard,
pipe::GUIToCard,
};
mod digid_api;
mod gui;
mod iso7816;
mod pace;
mod pcsc_card;
mod pipe;
#[derive(Clone, Debug)]
pub struct ResultAPDU {
pub data: Vec<u8>,
pub status: u16,
}
#[derive(Clone, Debug)]
pub struct OwnedCommandAPDU {
pub class: Class,
pub instruction: u8,
pub parameter: [u8; 2],
pub command: Vec<u8>,
pub expected_length: Option<usize>,
}
#[derive(Copy, Clone, Debug)]
pub enum CommandChaining {
LastOrOnly = 0,
NotLast = 1,
}
#[derive(Copy, Clone, Debug)]
pub enum SecureMessaging {
None = 0b00,
Proprietary = 0b01,
StandardNoHeader = 0b10,
StandardHeaderAuthenticated = 0b11,
}
#[derive(Copy, Clone, Debug)]
pub enum Class {
Proprietary(u8),
Standard {
command_chaining: CommandChaining,
secure_messaging: SecureMessaging,
channel: u8,
},
}
impl Class {
pub fn encode(&self) -> Option<u8> {
match *self {
Class::Proprietary(n) if n < 0x80 => Some(0x80 | n),
Class::Standard {
command_chaining,
secure_messaging,
channel,
} if channel < 4 => {
Some(((command_chaining as u8) << 4) | ((secure_messaging as u8) << 2) | channel)
}
Class::Standard {
command_chaining,
secure_messaging:
secure_messaging @ (SecureMessaging::None | SecureMessaging::StandardNoHeader),
channel,
} if channel < 20 => Some(
0x40 | ((command_chaining as u8) << 4) | ((secure_messaging as u8) << 4) | channel,
),
_ => None,
}
}
}
pub trait Card {
fn transmit(
&mut self,
apdu: OwnedCommandAPDU,
) -> impl Future<Output = std::io::Result<ResultAPDU>> + Send;
fn transmit_raw(
&mut self,
apdu_buf: &[u8],
) -> impl Future<Output = std::io::Result<ResultAPDU>> + Send;
}
async fn run_auth(
session_id: String,
ctg_pipe: async_channel::Sender<crate::pipe::CardToGUI>,
gtc_pipe: async_channel::Receiver<crate::pipe::GUIToCard>,
) -> std::io::Result<()> {
let ctx = if session_id == "test" {
digid_api::ClientContext {
host: String::from("http://localhost"),
session: String::from("test"),
service: String::from("UI Test"),
}
} else {
let ctx = digid_api::wid_init(&session_id).await;
ctx.start().await;
ctx
};
ctg_pipe
.send(pipe::CardToGUI::AuthenticationTarget {
target: ctx.service.clone(),
})
.await;
ctg_pipe.send(pipe::CardToGUI::WaitForCard).await;
let mut crad = loop {
let mut crad = PCSCCard::new();
// Select MF
iso7816::select(
&mut crad,
0,
iso7816::SelectFile::File(&[]),
iso7816::SelectOccurrence::First,
)
.await?;
iso7816::select(
&mut crad,
0,
iso7816::files::EF_DIR,
iso7816::SelectOccurrence::First,
)
.await?;
let ef_dir = iso7816::read_binary(&mut crad, 0).await?;
if ef_dir.is_none()
|| !ef_dir.unwrap().windows(14).any(|w| {
w == [
0xA0, 0x00, 0x00, 0x07, 0x88, 0x50, 0x43, 0x41, 0x2D, 0x65, 0x4D, 0x52, 0x54,
0x44,
]
})
{
ctg_pipe
.send(pipe::CardToGUI::ProcessingMessage {
message: String::from("Card is not eID"),
})
.await;
crad.wait_for_remove();
ctg_pipe.send(pipe::CardToGUI::WaitForCard).await;
continue;
}
break crad;
};
// Select the PCA application
iso7816::select(
&mut crad,
0,
iso7816::SelectFile::DedicatedFileName(&[
0xA0, 0x00, 0x00, 0x07, 0x88, 0x50, 0x43, 0x41, 0x2D, 0x65, 0x4D, 0x52, 0x54, 0x44,
]),
iso7816::SelectOccurrence::First,
)
.await?;
// Select _its_ MF (what?)
iso7816::select(
&mut crad,
0,
iso7816::SelectFile::File(&[]),
iso7816::SelectOccurrence::First,
)
.await?;
iso7816::select(
&mut crad,
0,
iso7816::files::EF_CARDACCESS,
iso7816::SelectOccurrence::First,
)
.await?;
let ef_cardaccess_bytes = iso7816::read_binary(&mut crad, 0).await?.unwrap();
let ef_cardaccess = pace::SecurityInfos::from_der(&ef_cardaccess_bytes).unwrap();
let status = pace::set_authentication_template(
&mut crad,
ef_cardaccess.get(0).unwrap().protocol,
pace::PasswordType::PIN,
)
.await?;
let (msg, can_continue) = match status {
pace::PACEStatus::Okay => (None, true),
pace::PACEStatus::TriesLeft(n) => (Some(format!("{} tries left", n)), true),
pace::PACEStatus::Error(unk) => (Some(format!("Unknown error {:04x}", unk)), false),
pace::PACEStatus::PasswordSuspended => (Some("PIN suspended. Use app.".to_string()), false),
pace::PACEStatus::PasswordBlocked => (Some("PIN blocked. Use app.".to_string()), false),
};
if can_continue {
ctg_pipe
.send(pipe::CardToGUI::ReadyForPIN { message: msg })
.await;
} else {
ctg_pipe
.send(pipe::CardToGUI::ProcessingMessage {
message: msg.unwrap(),
})
.await;
}
let GUIToCard::PIN(pin) = gtc_pipe.recv().await.unwrap();
ctg_pipe
.send(pipe::CardToGUI::ProcessingMessage {
message: String::from("Negotiating with the card..."),
})
.await;
let creds = pace::authenticate_pin(
&mut crad,
pin.as_bytes(),
ef_cardaccess.get(0).unwrap().protocol,
)
.await?;
let apdus;
{
let mut enc_crad = pace::EncryptedCardWrapper::new(&mut crad, creds.clone());
// Select the PCA again
iso7816::select(
&mut enc_crad,
0,
iso7816::SelectFile::DedicatedFileName(&[
0xA0, 0x00, 0x00, 0x07, 0x88, 0x50, 0x43, 0x41, 0x2D, 0x65, 0x4D, 0x52, 0x54, 0x44,
]),
iso7816::SelectOccurrence::First,
)
.await?;
ctg_pipe
.send(pipe::CardToGUI::ProcessingMessage {
message: String::from("Reading EF.DG14..."),
})
.await;
iso7816::select(
&mut enc_crad,
0,
iso7816::files::EF_DG14,
iso7816::SelectOccurrence::First,
)
.await?;
let dg14 = iso7816::read_binary(&mut enc_crad, 0).await?.unwrap();
ctg_pipe
.send(pipe::CardToGUI::ProcessingMessage {
message: String::from("Reading EF.SOD..."),
})
.await;
iso7816::select(
&mut enc_crad,
0,
iso7816::files::EF_SOD,
iso7816::SelectOccurrence::First,
)
.await?;
let ef_sod = iso7816::read_binary(&mut enc_crad, 0).await?.unwrap();
ctg_pipe
.send(pipe::CardToGUI::ProcessingMessage {
message: String::from("Reading EF.CVCA..."),
})
.await;
iso7816::select(
&mut enc_crad,
0,
iso7816::files::EF_CVCA,
iso7816::SelectOccurrence::First,
)
.await?;
let ef_cvca = iso7816::read_binary(&mut enc_crad, 0).await?.unwrap();
ctg_pipe
.send(pipe::CardToGUI::ProcessingMessage {
message: String::from("Provided files for EAC..."),
})
.await;
if ctx.session == "test" {
ctg_pipe
.send(pipe::CardToGUI::ProcessingMessage {
message: String::from("Test done."),
})
.await;
tokio::time::sleep(Duration::from_secs(2)).await;
ctg_pipe.send(pipe::CardToGUI::Done).await;
return Ok(());
}
let (apdus_, remote_ephemeral_pkey_bytes) = ctx
.prepare_eac(&ef_cvca, &dg14, &ef_sod, &creds.card_ephemeral_key)
.await;
apdus = apdus_;
let barely_parsed_dg14_one = Any::from_der(&dg14).unwrap();
let barely_parsed_dg14_contents =
SetOfVec::<Vec<Any>>::from_der(barely_parsed_dg14_one.value()).unwrap();
let ca_info_oid = ObjectIdentifier::new_unwrap("0.4.0.127.0.7.2.2.3");
let mut ca_info = None;
for item in barely_parsed_dg14_contents.into_vec() {
let oid = item
.first()
.unwrap()
.decode_as::<ObjectIdentifier>()
.unwrap();
if oid.as_bytes().starts_with(ca_info_oid.as_bytes()) {
ca_info = Some((oid, item.get(2).map(|f| f.value().to_vec())));
break;
}
}
let ca_info = ca_info.unwrap();
let remote_ephemeral_key_pkey =
PKey::public_key_from_der(&remote_ephemeral_pkey_bytes).unwrap();
let remote_ephemeral_key = remote_ephemeral_key_pkey.ec_key().unwrap();
let remote_ephemeral_key_group = remote_ephemeral_key.group();
let remote_ephemeral_key_point = remote_ephemeral_key.public_key();
let mut bn_ctx = BigNumContext::new().unwrap();
let mut remote_ephemeral_key_bytes = remote_ephemeral_key_point
.to_bytes(
remote_ephemeral_key_group,
PointConversionForm::UNCOMPRESSED,
&mut bn_ctx,
)
.unwrap();
// We send a new SET AT along with a GENERAL AUTHENTICATE for internal/restricted identification.
// This has to be encrypted, for Reasons.
let mut set_at_params = ca_info.0.as_bytes().to_vec();
prepend_do(&mut set_at_params, 0x80);
if let Some(v) = ca_info.1 {
append_do(&mut set_at_params, 0x84, &v);
}
let new_apdu = OwnedCommandAPDU {
class: Class::Standard {
command_chaining: CommandChaining::LastOrOnly,
secure_messaging: SecureMessaging::None,
channel: 0,
},
instruction: 0x22,
parameter: [0x41, 0xA4],
command: set_at_params,
expected_length: Some(0),
};
let resp = enc_crad.transmit(new_apdu).await?;
assert_eq!(resp.status, 0x9000);
prepend_do(&mut remote_ephemeral_key_bytes, 0x80);
prepend_do(&mut remote_ephemeral_key_bytes, 0x7c);
let new_apdu = OwnedCommandAPDU {
class: Class::Standard {
command_chaining: CommandChaining::LastOrOnly,
secure_messaging: SecureMessaging::None,
channel: 0,
},
instruction: 0x86,
parameter: [0x00, 0x00],
command: remote_ephemeral_key_bytes,
expected_length: Some(0x16),
};
let resp = enc_crad.transmit(new_apdu).await?;
assert_eq!(resp.status, 0x9000);
}
ctg_pipe
.send(pipe::CardToGUI::ProcessingMessage {
message: String::from("Running server-sent APDUs... (0/?)"),
})
.await;
let mut counter = -1isize;
let mut last_response = ResultAPDU {
data: Vec::new(),
status: 0,
};
let apdu_count = apdus.len();
for apdu in apdus {
counter += 1;
ctg_pipe
.send(pipe::CardToGUI::ProcessingMessage {
message: format!("Running server-sent APDUs... ({}/{})", counter, apdu_count),
})
.await;
last_response = crad.transmit_raw(&apdu).await?;
if last_response.status != 0x9000 {
break;
}
}
last_response
.data
.extend_from_slice(&last_response.status.to_be_bytes());
let apdus = ctx.prepare_pca(counter, &last_response.data).await;
let apdu_count = apdus.len() as isize + counter;
for apdu in apdus {
counter += 1;
ctg_pipe
.send(pipe::CardToGUI::ProcessingMessage {
message: format!("Running server-sent APDUs... ({}/{})", counter, apdu_count),
})
.await;
last_response = crad.transmit_raw(&apdu).await?;
if last_response.status != 0x9000 {
break;
}
}
last_response
.data
.extend_from_slice(&last_response.status.to_be_bytes());
let result = ctx.get_polymorphic_data(counter, &last_response.data).await;
ctg_pipe
.send(pipe::CardToGUI::ProcessingMessage {
message: format!("Server said: {}", result),
})
.await;
tokio::time::sleep(Duration::from_secs(3)).await;
ctg_pipe.send(pipe::CardToGUI::Done).await;
Ok(())
}
fn main() {
let (ctg_pipe_s, ctg_pipe_r) = async_channel::unbounded();
let (gtc_pipe_s, gtc_pipe_r) = async_channel::unbounded();
let s = args().nth(1).unwrap();
let session_id = s
.split('&')
.next()
.unwrap()
.split('=')
.last()
.unwrap()
.to_owned();
let rt = Runtime::new().unwrap();
rt.spawn(async { run_auth(session_id, ctg_pipe_s, gtc_pipe_r).await.unwrap() });
gui::run_gui(ctg_pipe_r, gtc_pipe_s);
}

599
src/pace.rs Normal file
View file

@ -0,0 +1,599 @@
use std::collections::HashMap;
use der::{Any, DerOrd, Encode, Reader, asn1::SetOfVec, oid::ObjectIdentifier};
use openssl::{
bn::{BigNum, BigNumContext},
ec::{EcGroup, EcKey, EcPoint, PointConversionForm},
nid::Nid,
symm::{Cipher, Crypter, Mode},
};
use crate::{Card, Class, CommandChaining, OwnedCommandAPDU, SecureMessaging};
pub type SecurityInfos = SetOfVec<SecurityInfo>;
fn decrypt_unpadded(
c: Cipher,
key: &[u8],
iv: Option<&[u8]>,
data: &[u8],
) -> Result<Vec<u8>, openssl::error::ErrorStack> {
let mut crypter = Crypter::new(c, Mode::Decrypt, key, iv)?;
crypter.pad(false);
let mut out = vec![0; data.len() + 64];
let count = crypter.update(data, &mut out)?;
let rest = crypter.finalize(&mut out[count..])?;
out.truncate(count + rest);
Ok(out)
}
fn encrypt_unpadded(
c: Cipher,
key: &[u8],
iv: Option<&[u8]>,
data: &[u8],
) -> Result<Vec<u8>, openssl::error::ErrorStack> {
let mut crypter = Crypter::new(c, Mode::Encrypt, key, iv)?;
crypter.pad(false);
let mut out = vec![0; data.len() + 64];
let count = crypter.update(data, &mut out)?;
let rest = crypter.finalize(&mut out[count..])?;
out.truncate(count + rest);
Ok(out)
}
const BSI_DE: ObjectIdentifier = ObjectIdentifier::new_unwrap("0.4.0.127.0.7");
const ID_PACE: ObjectIdentifier = ObjectIdentifier::new_unwrap("0.4.0.127.0.7.2.2.4");
const ID_PACE_ECDH_GM: ObjectIdentifier = ObjectIdentifier::new_unwrap("0.4.0.127.0.7.2.2.4.2");
const ID_PACE_ECDH_GM_AES_CBC_CMAC_256: ObjectIdentifier =
ObjectIdentifier::new_unwrap("0.4.0.127.0.7.2.2.4.2.4");
#[derive(PartialEq, Eq, PartialOrd, Ord, Clone, Debug)]
pub enum SecurityInfoData {
PACE {
version: u64,
parameter_id: Option<u64>,
},
Other {
required_data: Any,
optional_data: Option<Any>,
},
}
impl DerOrd for SecurityInfoData {
fn der_cmp(&self, other: &Self) -> der::Result<std::cmp::Ordering> {
Ok(self.cmp(other))
}
}
#[derive(PartialEq, Eq, PartialOrd, Ord, Clone, Debug)]
pub struct SecurityInfo {
pub protocol: ObjectIdentifier,
pub data: SecurityInfoData,
}
impl DerOrd for SecurityInfo {
fn der_cmp(&self, other: &Self) -> der::Result<std::cmp::Ordering> {
Ok(self.cmp(other))
}
}
pub struct EncryptedCardWrapper<'a, C: Card + 'a> {
pub card: &'a mut C,
pub counter: [u8; 16],
pub creds: PACECredentials,
}
impl<'a, C: Card + Send + 'a> EncryptedCardWrapper<'a, C> {
pub fn new(card: &'a mut C, creds: PACECredentials) -> Self {
Self {
card,
creds,
counter: [0; 16],
}
}
fn tick_counter(&mut self) {
for i in 0..16 {
let j = 15 - i;
if let Some(ok) = self.counter[j].checked_add(1) {
self.counter[j] = ok;
break;
} else {
self.counter[j] = 0;
}
}
}
}
fn pad_vec(v: &mut Vec<u8>, to: usize) {
v.push(0x80);
while v.len() % to != 0 {
v.push(0x00);
}
}
impl<'a, C: Card + Send + 'a> Card for EncryptedCardWrapper<'a, C> {
async fn transmit(&mut self, mut apdu: OwnedCommandAPDU) -> std::io::Result<crate::ResultAPDU> {
if let Class::Standard {
secure_messaging, ..
} = &mut apdu.class
{
*secure_messaging = SecureMessaging::StandardHeaderAuthenticated;
}
self.tick_counter();
let mut header = vec![
apdu.class.encode().unwrap(),
apdu.instruction,
apdu.parameter[0],
apdu.parameter[1],
];
pad_vec(&mut header, 16);
let mut to_encrypt_data = apdu.command.clone();
pad_vec(&mut to_encrypt_data, 16);
let iv = encrypt_unpadded(
openssl::symm::Cipher::aes_256_cbc(),
&self.creds.k_enc,
Some(&[0; 16]),
&self.counter,
)
.unwrap();
let mut encrypted_data_do = encrypt_unpadded(
Cipher::aes_256_cbc(),
&self.creds.k_enc,
Some(&iv),
&to_encrypt_data,
)
.unwrap();
encrypted_data_do.insert(0, 0x01);
prepend_do(&mut encrypted_data_do, 0x87);
let expected_length_do = if apdu.expected_length != Some(0) {
let mut v = vec![apdu.expected_length.unwrap_or_default() as u8];
prepend_do(&mut v, 0x97);
v
} else {
Vec::new()
};
let mut mac_data = self.counter.to_vec();
mac_data.extend_from_slice(&header);
mac_data.extend_from_slice(&encrypted_data_do);
mac_data.extend_from_slice(&expected_length_do);
pad_vec(&mut mac_data, 16);
let cmac_key =
openssl::pkey::PKey::cmac(&openssl::symm::Cipher::aes_256_cbc(), &self.creds.k_mac[..])
.unwrap();
let mut cmac_signer = openssl::sign::Signer::new_without_digest(&cmac_key).unwrap();
cmac_signer.update(&mac_data).unwrap();
let mut signature = cmac_signer.sign_to_vec().unwrap();
signature.truncate(8);
let mut encoded_data = Vec::new();
encoded_data.extend_from_slice(&encrypted_data_do);
encoded_data.extend_from_slice(&expected_length_do);
append_do(&mut encoded_data, 0x8e, &signature);
apdu.command = encoded_data;
apdu.expected_length = None;
let resp = self.card.transmit(apdu).await?;
if resp.status == 0x6987 || resp.status == 0x6988 {
return Err(std::io::Error::new(
std::io::ErrorKind::InvalidData,
"Secure messaging error.",
));
}
self.tick_counter();
if resp.data.len() < 8 {
return Err(std::io::Error::new(
std::io::ErrorKind::InvalidData,
"Secure messaging error.",
));
}
let mac = &resp.data[resp.data.len() - 8..];
let mut data_to_mac = self.counter.to_vec();
data_to_mac.extend_from_slice(&resp.data[..resp.data.len() - 10]);
pad_vec(&mut data_to_mac, 16);
let cmac_key =
openssl::pkey::PKey::cmac(&openssl::symm::Cipher::aes_256_cbc(), &self.creds.k_mac[..])
.unwrap();
let mut cmac_signer = openssl::sign::Signer::new_without_digest(&cmac_key).unwrap();
cmac_signer.update(&data_to_mac).unwrap();
let mut signature = cmac_signer.sign_to_vec().unwrap();
signature.truncate(8);
if mac != signature {
return Err(std::io::Error::new(
std::io::ErrorKind::InvalidData,
"invalid APDU",
));
}
let mut rest = &resp.data[..];
let mut decrypted_data = Vec::new();
if rest[0] == 0x87 {
let (length, skip) = if rest[1] < 0x80 {
(rest[1] as usize, 2)
} else {
let count = rest[1] as usize - 0x80;
let mut out = 0;
for i in 0..count {
out = (out << 8) | rest[2 + i] as usize;
}
(out, 2 + count)
};
let encrypted_data = rest[skip + 1..skip + length].to_vec();
let iv = encrypt_unpadded(
openssl::symm::Cipher::aes_256_cbc(),
&self.creds.k_enc,
Some(&[0; 16]),
&self.counter,
)
.unwrap();
decrypted_data = decrypt_unpadded(
Cipher::aes_256_cbc(),
&self.creds.k_enc,
Some(&iv),
&encrypted_data,
)
.unwrap();
while decrypted_data.pop() != Some(0x80) {}
rest = &rest[skip + length..];
}
assert_eq!(rest[0], 0x99);
assert_eq!(rest[1], 0x02);
let new_sw1 = rest[2];
let new_sw2 = rest[3];
Ok(crate::ResultAPDU {
data: decrypted_data,
status: (new_sw1 as u16) << 8 | (new_sw2 as u16),
})
}
async fn transmit_raw(&mut self, apdu_buf: &[u8]) -> std::io::Result<crate::ResultAPDU> {
self.card.transmit_raw(apdu_buf).await
}
}
impl SecurityInfo {
fn for_datas(oid: ObjectIdentifier, reqd: Any, opt: Option<Any>) -> der::Result<Self> {
let data = if oid.parent().and_then(|f| f.parent()) == Some(ID_PACE) {
SecurityInfoData::PACE {
version: reqd.decode_as()?,
parameter_id: if let Some(opt) = opt {
Some(opt.decode_as()?)
} else {
None
},
}
} else {
SecurityInfoData::Other {
required_data: reqd,
optional_data: opt,
}
};
Ok(Self {
protocol: oid,
data,
})
}
}
impl<'a> der::Decode<'a> for SecurityInfo {
fn decode<R: der::Reader<'a>>(decoder: &mut R) -> der::Result<Self> {
decoder.sequence(|r| {
let oid = r.decode::<ObjectIdentifier>()?;
let reqd = r.decode::<Any>()?;
let opt = r.decode::<Option<Any>>()?;
SecurityInfo::for_datas(oid, reqd, opt)
})
}
}
pub enum PasswordType {
MRZ = 0x01,
CAN = 0x02,
PIN = 0x03,
PUK = 0x04,
}
#[derive(Debug)]
pub enum PACEStatus {
Okay,
Error(u16),
TriesLeft(u8),
PasswordSuspended,
PasswordBlocked,
}
fn make_set_authentication_template_apdu(
cryptographic_mechanism: ObjectIdentifier,
password: PasswordType,
) -> OwnedCommandAPDU {
let mut buf = Vec::new();
append_do(&mut buf, 0x80, cryptographic_mechanism.as_bytes());
append_do(&mut buf, 0x83, &[password as u8]);
OwnedCommandAPDU {
class: Class::Standard {
command_chaining: crate::CommandChaining::LastOrOnly,
secure_messaging: SecureMessaging::None,
channel: 0,
},
instruction: 0x22,
parameter: [0xC1, 0xA4],
command: buf,
expected_length: Some(0),
}
}
pub async fn set_authentication_template(
card: &mut impl Card,
cryptographic_mechanism: ObjectIdentifier,
password: PasswordType,
) -> std::io::Result<PACEStatus> {
let d = card
.transmit(make_set_authentication_template_apdu(
cryptographic_mechanism,
password,
))
.await?;
Ok(match d.status {
0x9000 => PACEStatus::Okay,
v if v & 0xFFF0 == 0x63C0 => PACEStatus::TriesLeft((v as u8) & 0xF),
0x63C1 => PACEStatus::PasswordSuspended,
0x63C0 => PACEStatus::PasswordBlocked,
v => PACEStatus::Error(v),
})
}
pub async fn step_general_authenticate(
card: &mut impl Card,
chained: bool,
make_data: impl FnOnce(&mut Vec<u8>),
) -> std::io::Result<HashMap<u8, Vec<u8>>> {
let mut buf = Vec::new();
make_data(&mut buf);
prepend_do(&mut buf, 0x7c);
let bbuf = buf.clone();
let res = card
.transmit(OwnedCommandAPDU {
class: Class::Standard {
command_chaining: if chained {
CommandChaining::NotLast
} else {
CommandChaining::LastOrOnly
},
secure_messaging: SecureMessaging::None,
channel: 0,
},
instruction: 0x86,
parameter: [0x00, 0x00],
command: buf,
expected_length: None,
})
.await?;
if !res.data.starts_with(&[0x7c]) || res.status != 0x9000 {
return Ok(HashMap::new());
}
let mut b = &res.data[2..];
let mut out = HashMap::new();
while !b.is_empty() {
let id = b[0];
let len = b[1] as usize;
out.insert(id, b[2..2 + len].to_vec());
b = &b[2 + len..];
}
Ok(out)
}
#[derive(Clone, Debug)]
pub struct PACECredentials {
pub k_mac: [u8; 32],
pub k_enc: [u8; 32],
pub card_ephemeral_key: Vec<u8>,
}
pub async fn authenticate_pin(
card: &mut impl Card,
pin: &[u8],
cryptographic_mechanism: ObjectIdentifier,
) -> std::io::Result<PACECredentials> {
// Step one: Get the encrypted nonce
let mut data = step_general_authenticate(card, true, |_| {}).await?;
let encrypted_nonce = data.remove(&0x80).unwrap();
let mut pin_padded = pin.to_vec();
pin_padded.extend_from_slice(&[0x00, 0x00, 0x00, 0x03]);
let hashed_pin = openssl::sha::sha256(&pin_padded);
let cipher = openssl::symm::Cipher::aes_256_cbc();
let decrypted_nonce =
decrypt_unpadded(cipher, &hashed_pin, Some(&[0; 16]), &encrypted_nonce).unwrap();
let mut bn_ctx = BigNumContext::new().unwrap();
let main_group = EcGroup::from_curve_name(Nid::BRAINPOOL_P320R1).unwrap();
let host_ephemeral_key = EcKey::generate(&main_group).unwrap();
// Step two: provide mapping data to the card.
// In generic mapping, this is an EC point.
let host_ephemeral_key_bytes = host_ephemeral_key
.public_key()
.to_bytes(&main_group, PointConversionForm::UNCOMPRESSED, &mut bn_ctx)
.unwrap();
let data = step_general_authenticate(card, true, |f| {
append_do(f, 0x81, &host_ephemeral_key_bytes)
})
.await?;
let icc_public_key_point =
EcPoint::from_bytes(&main_group, data.get(&0x82).unwrap(), &mut bn_ctx).unwrap();
let mut shared_secret = EcPoint::new(&main_group).unwrap();
shared_secret
.mul(
&main_group,
&icc_public_key_point,
host_ephemeral_key.private_key(),
&bn_ctx,
)
.unwrap();
let mut tmp = EcPoint::new(&main_group).unwrap();
let mut mapped_generator = EcPoint::new(&main_group).unwrap();
tmp.mul_generator(
&main_group,
&BigNum::from_slice(&decrypted_nonce[..]).unwrap(),
&bn_ctx,
)
.unwrap();
mapped_generator
.add(&main_group, &tmp, &shared_secret, &mut bn_ctx)
.unwrap();
let mut mapped_group = EcGroup::from_curve_name(Nid::BRAINPOOL_P320R1).unwrap();
let mut order = BigNum::new().unwrap();
mapped_group.order(&mut order, &mut bn_ctx).unwrap();
let mut cofactor = BigNum::new().unwrap();
mapped_group.cofactor(&mut cofactor, &mut bn_ctx).unwrap();
mapped_group
.set_generator(mapped_generator, order, cofactor)
.unwrap();
let host_ephemeral_mapped_key = EcKey::generate(&mapped_group).unwrap();
let host_ephemeral_mapped_key_bytes = host_ephemeral_mapped_key
.public_key()
.to_bytes(
&mapped_group,
PointConversionForm::UNCOMPRESSED,
&mut bn_ctx,
)
.unwrap();
let data = step_general_authenticate(card, true, |f| {
append_do(f, 0x83, &host_ephemeral_mapped_key_bytes)
})
.await?;
let icc_ephemeral_mapped_key =
EcPoint::from_bytes(&mapped_group, data.get(&0x84).unwrap(), &mut bn_ctx).unwrap();
let mut mapped_shared_secret = EcPoint::new(&mapped_group).unwrap();
mapped_shared_secret
.mul(
&mapped_group,
&icc_ephemeral_mapped_key,
host_ephemeral_mapped_key.private_key(),
&mut bn_ctx,
)
.unwrap();
let mut mapped_shared_secret_x = BigNum::new().unwrap();
let mut mapped_shared_secret_y = BigNum::new().unwrap();
mapped_shared_secret
.affine_coordinates(
&mapped_group,
&mut mapped_shared_secret_x,
&mut mapped_shared_secret_y,
&mut bn_ctx,
)
.unwrap();
let mut shared_secret_bytes = mapped_shared_secret_x.to_vec();
shared_secret_bytes.extend_from_slice(&[0x00, 0x00, 0x00, 0x01]);
let k_enc = openssl::sha::sha256(&shared_secret_bytes);
shared_secret_bytes.pop();
shared_secret_bytes.push(0x02);
let k_mac = openssl::sha::sha256(&shared_secret_bytes);
let mut to_mac = Vec::new();
cryptographic_mechanism.encode_to_vec(&mut to_mac).unwrap();
append_do(
&mut to_mac,
0x86,
&icc_ephemeral_mapped_key
.to_bytes(
&mapped_group,
PointConversionForm::UNCOMPRESSED,
&mut bn_ctx,
)
.unwrap(),
);
prepend_do(&mut to_mac, 0x7F49);
let cmac_key =
openssl::pkey::PKey::cmac(&openssl::symm::Cipher::aes_256_cbc(), &k_mac[..]).unwrap();
let mut cmac_signer = openssl::sign::Signer::new_without_digest(&cmac_key).unwrap();
cmac_signer.update(&to_mac).unwrap();
let mut signature = cmac_signer.sign_to_vec().unwrap();
signature.truncate(8);
let _ = step_general_authenticate(card, false, |f| append_do(f, 0x85, &signature)).await?;
// TODO: verify card
let mut icc_ephemeral_mapped_key_x = BigNum::new().unwrap();
let mut icc_ephemeral_mapped_key_y = BigNum::new().unwrap();
icc_ephemeral_mapped_key
.affine_coordinates(
&mapped_group,
&mut icc_ephemeral_mapped_key_x,
&mut icc_ephemeral_mapped_key_y,
&mut bn_ctx,
)
.unwrap();
Ok(PACECredentials {
k_mac,
k_enc,
card_ephemeral_key: icc_ephemeral_mapped_key_x.to_vec(),
})
}
pub fn prepend_do(v: &mut Vec<u8>, val: u16) {
let l = v.len() as u8;
v.insert(0, l);
if val < 0x100 {
v.insert(0, val as u8);
} else {
v.insert(0, (val >> 8) as u8);
v.insert(1, val as u8);
}
}
pub fn append_do(v: &mut Vec<u8>, val: u16, d: &[u8]) {
let l = d.len() as u8;
if val < 0x100 {
v.push(val as u8);
} else {
v.push((val >> 8) as u8);
v.push(val as u8);
}
v.push(l);
v.extend_from_slice(d);
}

107
src/pcsc_card.rs Normal file
View file

@ -0,0 +1,107 @@
use std::ffi::CString;
use pcsc::{Protocols, ReaderState, State};
use crate::{Card, ResultAPDU};
pub struct PCSCCard {
pub ctx: pcsc::Context,
pub reader: CString,
pub card: pcsc::Card,
pub buf: [u8; 0x10002],
}
impl Card for PCSCCard {
async fn transmit(
&mut self,
apdu: crate::OwnedCommandAPDU,
) -> std::io::Result<crate::ResultAPDU> {
let mut apdu_buf = vec![
apdu.class.encode().unwrap(),
apdu.instruction,
apdu.parameter[0],
apdu.parameter[1],
];
let extended =
apdu.command.len() > 0xFF || apdu.expected_length.map(|f| f > 0xFF) == Some(true);
if extended {
apdu_buf.push(0);
apdu_buf.extend_from_slice(&(apdu.command.len() as u16).to_be_bytes());
} else if !apdu.command.is_empty() {
apdu_buf.push(apdu.command.len() as u8);
}
apdu_buf.extend_from_slice(&apdu.command);
if extended {
apdu_buf.extend_from_slice(
&(apdu.expected_length.unwrap_or_default() as u16).to_be_bytes(),
);
} else if apdu.expected_length != Some(0) {
apdu_buf.push(apdu.expected_length.unwrap_or_default() as u8);
}
let ret_len = self
.card
.transmit(&apdu_buf, &mut self.buf)
.map_err(|f| std::io::Error::new(std::io::ErrorKind::BrokenPipe, f))?
.len();
let data = self.buf[..ret_len - 2].to_vec();
let sw = (self.buf[ret_len - 2] as u16) << 8 | (self.buf[ret_len - 1] as u16);
Ok(ResultAPDU { data, status: sw })
}
async fn transmit_raw(&mut self, apdu_buf: &[u8]) -> std::io::Result<crate::ResultAPDU> {
let ret_len = self
.card
.transmit(apdu_buf, &mut self.buf)
.map_err(|f| std::io::Error::new(std::io::ErrorKind::BrokenPipe, f))?
.len();
let data = self.buf[..ret_len - 2].to_vec();
let sw = (self.buf[ret_len - 2] as u16) << 8 | (self.buf[ret_len - 1] as u16);
Ok(ResultAPDU { data, status: sw })
}
}
impl PCSCCard {
pub fn new() -> Self {
let ctx = pcsc::Context::establish(pcsc::Scope::User).unwrap();
let readers = ctx.list_readers_owned().unwrap();
let reader = readers.first().unwrap();
let mut rs = [ReaderState::new(reader.to_owned(), State::empty())];
loop {
ctx.get_status_change(None, &mut rs[..]).unwrap();
rs[0].sync_current_state();
if rs[0].event_state().contains(State::PRESENT) {
let card = ctx
.connect(reader, pcsc::ShareMode::Shared, Protocols::ANY)
.unwrap();
return Self {
ctx,
reader: reader.to_owned(),
card,
buf: [0; 0x10002],
};
}
}
}
pub fn wait_for_remove(self) {
let mut rs = [ReaderState::new(self.reader, State::empty())];
loop {
self.ctx.get_status_change(None, &mut rs[..]).unwrap();
if rs[0].event_state().contains(State::PRESENT) {
rs[0].sync_current_state();
continue;
}
break;
}
}
}

14
src/pipe.rs Normal file
View file

@ -0,0 +1,14 @@
#[derive(Debug)]
pub enum GUIToCard {
PIN(String),
}
#[derive(Debug)]
pub enum CardToGUI {
AuthenticationTarget { target: String },
WaitForCard,
ReadyForPIN { message: Option<String> },
ProcessingStep { step: usize },
ProcessingMessage { message: String },
Done,
}