1 /** 2 * --------- 3 * |.##> <##.| Open Smart Card Development Platform (www.openscdp.org) 4 * |# #| 5 * |# #| Copyright (c) 1999-2018 CardContact Software & System Consulting 6 * |'##> <##'| Andreas Schwier, 32429 Minden, Germany (www.cardcontact.de) 7 * --------- 8 * 9 * This file is part of OpenSCDP. 10 * 11 * OpenSCDP is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 * 15 * OpenSCDP is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with OpenSCDP; if not, write to the Free Software 22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 * 24 * @fileoverview Implementation of ISO 7816-4 APDU processing 25 */ 26 27 28 29 /** 30 * Create an APDU 31 * 32 * <p>This constructor supports the signatures</p> 33 * <ul> 34 * <li>APDU(ByteString command)</li> 35 * <li>APDU(Number cla, Number ins, Number p1, Number p2)</li> 36 * <li>APDU(Number cla, Number ins, Number p1, Number p2, data)</li> 37 * <li>APDU(Number cla, Number ins, Number p1, Number p2, data, Ne)</li> 38 * </ul> 39 * @class Class implementing support for command and response APDUs 40 * @constructor 41 * @param {ByteString} command the command APDU 42 * @param {Number} cla the class byte 43 * @param {Number} ins the instruction byte 44 * @param {Number} p1 the first parameter 45 * @param {Number} p2 the second parameter 46 * @param {ByteString} data the data field (optional) 47 * @param {Number} Ne the number of expected bytes (optional) 48 */ 49 function APDU() { 50 if (arguments.length > 0) { 51 var arg = arguments[0]; 52 if (arg instanceof ByteString) { 53 if (arguments.length != 1) { 54 throw new GPError("APDU", GPError.INVALID_ARGUMENTS, APDU.SW_GENERALERROR, "Only one argument of type ByteString expected"); 55 } 56 this.fromByteString(arg); 57 } else { 58 if ((arguments.length < 4) || (arguments.length > 6)) { 59 throw new GPError("APDU", GPError.INVALID_ARGUMENTS, APDU.SW_GENERALERROR, "4 to 6 arguments expected"); 60 } 61 62 for (var i = 0; i < 4; i++) { 63 if (typeof(arguments[i]) != "number") { 64 throw new GPError("APDU", GPError.INVALID_TYPE, APDU.SW_GENERALERROR, "Argument must be of type Number"); 65 } 66 } 67 this.cla = arguments[0]; 68 this.ins = arguments[1]; 69 this.p1 = arguments[2]; 70 this.p2 = arguments[3]; 71 72 var i = 4; 73 if (arguments.length > i) { 74 if (arguments[i] instanceof ByteString) { 75 this.cdata = arguments[i]; 76 i++; 77 } 78 } 79 80 if (arguments.length > i) { 81 if (typeof(arguments[i]) != "number") { 82 throw new GPError("APDU", GPError.INVALID_TYPE, APDU.SW_GENERALERROR, "Argument must be of type Number"); 83 } 84 this.ne = arguments[i]; 85 } 86 } 87 } 88 this.rapdu = null; 89 this.SW = APDU.SW_GENERALERROR; 90 } 91 92 exports.APDU = APDU; 93 94 95 96 APDU.INS_DEACTIVATE = 0x04; 97 APDU.INS_VERIFY = 0x20; 98 APDU.INS_MANAGE_SE = 0x22; 99 APDU.INS_CHANGE_REFERENCE_DATA = 0x24; 100 APDU.INS_PSO = 0x2A; 101 APDU.INS_RESET_RETRY_COUNTER = 0x2C; 102 APDU.INS_ACTIVATE = 0x44; 103 APDU.INS_GENERATE_KEY_PAIR = 0x46; 104 APDU.INS_INITIALIZE_UPDATE = 0x50; 105 APDU.INS_EXTERNAL_AUTHENTICATE = 0x82; 106 APDU.INS_GET_CHALLENGE = 0x84; 107 APDU.INS_GENERAL_AUTHENTICATE = 0x86; 108 APDU.INS_COMPUTE_DIGITAL_SIGN = 0x9E; 109 APDU.INS_SELECT = 0xA4; 110 APDU.INS_READBINARY = 0xB0; 111 APDU.INS_READ_BINARY = 0xB0; 112 APDU.INS_READ_RECORD = 0xB2; 113 APDU.INS_VERIFY_CERTIFICATE = 0xBE; 114 APDU.INS_UPDATE_BINARY = 0xD6; 115 APDU.INS_TERMINATE = 0xE6; 116 117 APDU.SW_OK = 0x9000; /* Process completed */ 118 119 APDU.SW_TIMEOUT = 0x6401; /* Exec error: Command timeout */ 120 121 APDU.SW_OKMOREDATA = 0x6100; /*-Process completed, more data available*/ 122 APDU.SW_WARNING = 0x6200; /*-Warning: NV-Ram not changed */ 123 APDU.SW_WARNING1 = 0x6201; /*-Warning: NV-Ram not changed 1 */ 124 APDU.SW_DATAINV = 0x6281; /*-Warning: Part of data corrupted */ 125 APDU.SW_EOF = 0x6282; /*-Warning: End of file reached */ 126 APDU.SW_INVFILE = 0x6283; /* Warning: Invalidated file */ 127 APDU.SW_INVFORMAT = 0x6284; /* Warning: Invalid file control */ 128 APDU.SW_WARNINGNVCHG = 0x6300; /*-Warning: NV-Ram changed */ 129 APDU.SW_WARNINGCOUNT = 0x63C0; /*-Warning: Warning with counter */ 130 APDU.SW_WARNING0LEFT = 0x63C0; /*-Warning: Verify fail, no try left */ 131 APDU.SW_WARNING1LEFT = 0x63C1; /*-Warning: Verify fail, 1 try left */ 132 APDU.SW_WARNING2LEFT = 0x63C2; /*-Warning: Verify fail, 2 tries left*/ 133 APDU.SW_WARNING3LEFT = 0x63C3; /*-Warning: Verify fail, 3 tries left*/ 134 APDU.SW_EXECERR = 0x6400; /*-Exec error: NV-Ram not changed */ 135 APDU.SW_MEMERR = 0x6501; /*-Exec error: Memory failure */ 136 APDU.SW_MEMERRWRITE = 0x6581; /*-Exec error: Memory failure */ 137 APDU.SW_WRONGLENGTH = 0x6700; /*-Checking error: Wrong length */ 138 139 APDU.SW_CLANOTSUPPORTED = 0x6800; /*-Checking error: Function in CLA byte not supported */ 140 APDU.SW_LCNOTSUPPORTED = 0x6881; /*-Checking error: Logical channel not supported */ 141 APDU.SW_SMNOTSUPPORTED = 0x6882; /*-Checking error: Secure Messaging not supported */ 142 APDU.SW_LASTCMDEXPECTED = 0x6883; /*-Checking error: Last command of the chain expected */ 143 APDU.SW_CHAINNOTSUPPORTED = 0x6884; /*-Checking error: Command chaining not supported */ 144 145 APDU.SW_COMNOTALLOWED = 0x6900; /*-Checking error: Command not allowed */ 146 APDU.SW_COMINCOMPATIBLE = 0x6981; /*-Checking error: Command incompatible with file structure */ 147 APDU.SW_SECSTATNOTSAT = 0x6982; /*-Checking error: Security condition not satisfied */ 148 APDU.SW_AUTHMETHLOCKED = 0x6983; /*-Checking error: Authentication method locked */ 149 APDU.SW_REFDATANOTUSABLE = 0x6984; /*-Checking error: Reference data not usable */ 150 APDU.SW_CONDOFUSENOTSAT = 0x6985; /*-Checking error: Condition of use not satisfied */ 151 APDU.SW_COMNOTALLOWNOEF = 0x6986; /*-Checking error: Command not allowed (no current EF) */ 152 APDU.SW_SMOBJMISSING = 0x6987; /*-Checking error: Expected secure messaging object missing */ 153 APDU.SW_INCSMDATAOBJECT = 0x6988; /*-Checking error: Incorrect secure messaging data object */ 154 155 APDU.SW_INVPARA = 0x6A00; /*-Checking error: Wrong parameter P1-P2 */ 156 APDU.SW_INVDATA = 0x6A80; /*-Checking error: Incorrect parameter in the command data field*/ 157 APDU.SW_FUNCNOTSUPPORTED = 0x6A81; /*-Checking error: Function not supported */ 158 APDU.SW_NOAPPL = 0x6A82; /*-Checking error: File not found */ 159 APDU.SW_FILENOTFOUND = 0x6A82; /*-Checking error: File not found */ 160 APDU.SW_RECORDNOTFOUND = 0x6A83; /*-Checking error: Record not found */ 161 APDU.SW_OUTOFMEMORY = 0x6A84; /*-Checking error: Not enough memory space in the file */ 162 APDU.SW_INVLCTLV = 0x6A85; /*-Checking error: Nc inconsistent with TLV structure */ 163 APDU.SW_INVACC = 0x6A85; /*-Checking error: Access cond. n/f */ 164 APDU.SW_INCP1P2 = 0x6A86; /*-Checking error: Incorrect P1-P2 */ 165 APDU.SW_INVLC = 0x6A87; /*-Checking error: Lc inconsistent with P1-P2 */ 166 APDU.SW_RDNOTFOUND = 0x6A88; /*-Checking error: Reference data not found*/ 167 APDU.SW_FILEEXISTS = 0x6A89; /*-Checking error: File already exists */ 168 APDU.SW_DFNAMEEXISTS = 0x6A8A; /*-Checking error: DF name already exists */ 169 170 APDU.SW_INVP1P2 = 0x6B00; /*-Checking error: Wrong parameter P1-P2 */ 171 APDU.SW_INVLE = 0x6C00; /*-Checking error: Invalid Le */ 172 APDU.SW_INVINS = 0x6D00; /*-Checking error: Wrong instruction */ 173 APDU.SW_INVCLA = 0x6E00; /*-Checking error: Class not supported */ 174 APDU.SW_ACNOTSATISFIED = 0x9804; /* Access conditions not satisfied */ 175 APDU.SW_NOMORESTORAGE = 0x9210; /* No more storage available */ 176 APDU.SW_GENERALERROR = 0x6F00; /*-Checking error: No precise diagnosis */ 177 178 179 /** 180 * Create an APDU object from the encoded form (Called internally) 181 * 182 * @param {ByteString} bs 183 */ 184 APDU.prototype.fromByteString = function(bs) { 185 if (bs.length < 4) { 186 throw new GPError("APDU", GPError.INVALID_DATA, APDU.SW_GENERALERROR, "Command APDU must be at least 4 bytes long"); 187 } 188 this.cla = bs.byteAt(0); 189 this.ins = bs.byteAt(1); 190 this.p1 = bs.byteAt(2); 191 this.p2 = bs.byteAt(3); 192 193 if (bs.length > 4) { 194 var extended = false; 195 196 var i = 4; 197 var l = bs.length - i; 198 var n = bs.byteAt(i++); 199 l--; 200 201 if ((n == 0) && (l > 0)) { 202 extended = true; 203 if (l < 2) { 204 throw new GPError("APDU", GPError.INVALID_DATA, APDU.SW_WRONGLENGTH, "Extended length APDU too short"); 205 } 206 n = (bs.byteAt(i) << 8) + bs.byteAt(i + 1); 207 i += 2; 208 l -= 2; 209 } 210 211 if (l > 0) { // Case 3s / Case 3e / Case 4s / Case 4e 212 if (l < n) { 213 throw new GPError("APDU", GPError.INVALID_DATA, APDU.SW_WRONGLENGTH, "Invalid Lc in APDU"); 214 } 215 this.cdata = bs.bytes(i, n); 216 i += n; 217 l -= n; 218 219 if (l > 0) { // Case 4s / Case 4e 220 n = bs.byteAt(i++); 221 l--; 222 if (extended) { 223 if (l < 1) { 224 throw new GPError("APDU", GPError.INVALID_DATA, APDU.SW_WRONGLENGTH, "Invalid Le in extended APDU"); 225 } 226 n = (n << 8) + bs.byteAt(i++); 227 l--; 228 } 229 this.ne = (extended && (n == 0) ? 65536 : n); 230 } 231 } else { 232 this.ne = (extended && (n == 0) ? 65536 : n); 233 } 234 235 if (l > 0) { 236 throw new GPError("APDU", GPError.INVALID_DATA, APDU.SW_WRONGLENGTH, "Too many bytes in APDU"); 237 } 238 } 239 } 240 241 242 243 /** 244 * Get encoded command APDU 245 * 246 * @type ByteString 247 * @return the encoded command APDU 248 */ 249 APDU.prototype.getCommandAPDU = function() { 250 var bb = new ByteBuffer(); 251 252 bb.append(this.cla); 253 bb.append(this.ins); 254 bb.append(this.p1); 255 bb.append(this.p2); 256 257 var hasCData = (typeof(this.cdata) != "undefined"); 258 var hasNe = (typeof(this.ne) != "undefined"); 259 260 var extended = ((hasCData && this.cdata.length > 255) || 261 (hasNe && this.ne > 256)); 262 263 if (extended) { 264 bb.append(0); 265 } 266 267 if (hasCData && this.cdata.length > 0) { 268 if (extended) { 269 bb.append(this.cdata.length >> 8); 270 } 271 bb.append(this.cdata.length & 0xFF); 272 bb.append(this.cdata); 273 } 274 275 if (hasNe) { 276 if (extended) { 277 bb.append(this.ne >> 8); 278 } 279 bb.append(this.ne & 0xFF); 280 } 281 282 return bb.toByteString(); 283 } 284 285 286 287 /** 288 * Get encoded response APDU 289 * 290 * @type ByteString 291 * @return the encoded response APDU 292 */ 293 APDU.prototype.getResponseAPDU = function() { 294 var bb = new ByteBuffer(); 295 296 if (this.rdata) { 297 bb.append(this.rdata); 298 } 299 300 bb.append(this.SW >> 8); 301 bb.append(this.SW & 0xFF); 302 303 return bb.toByteString(); 304 } 305 306 307 308 /** 309 * Gets the class byte 310 * 311 * @type Number 312 * @return the class byte 313 */ 314 APDU.prototype.getCLA = function() { 315 return this.cla; 316 } 317 318 319 320 /** 321 * Sets the class byte, e.g. after a transformation 322 * 323 * @parameter {Number} the new CLA byte 324 */ 325 APDU.prototype.setCLA = function(cla) { 326 this.cla = cla; 327 } 328 329 330 331 /** 332 * Test if command is an ISO command 333 * 334 * @type boolean 335 * @return true if command has ISO class byte 336 */ 337 APDU.prototype.isISO = function() { 338 return (this.cla & 0x80) == 0x00; 339 } 340 341 342 343 /** 344 * Test if command chaining is indicated 345 * 346 * @type boolean 347 * @return true if chaining bit is set 348 */ 349 APDU.prototype.isChained = function() { 350 return (this.cla & 0x10) == 0x10; 351 } 352 353 354 355 /** 356 * Test if command is send using secure messaging 357 * 358 * @type boolean 359 * @return true if secure messaging is indicated in CLA byte 360 */ 361 APDU.prototype.isSecureMessaging = function() { 362 return (this.cla & 0x08) == 0x08; 363 } 364 365 366 367 /** 368 * Test if command is send using secure messaging 369 * 370 * @type boolean 371 * @return true if secure messaging is using an authenticated header 372 */ 373 APDU.prototype.isAuthenticatedHeader = function() { 374 return (this.cla & 0x0C) == 0x0C; 375 } 376 377 378 379 /** 380 * Gets the instruction byte 381 * 382 * @type Number 383 * @return the instruction byte 384 */ 385 APDU.prototype.getINS = function() { 386 return this.ins; 387 } 388 389 390 391 /** 392 * Gets the P1 byte 393 * 394 * @type Number 395 * @return the P1 byte 396 */ 397 APDU.prototype.getP1 = function() { 398 return this.p1; 399 } 400 401 402 403 /** 404 * Gets the P2 byte 405 * 406 * @type Number 407 * @return the P2 byte 408 */ 409 APDU.prototype.getP2 = function() { 410 return this.p2; 411 } 412 413 414 415 /** 416 * Set the command data 417 * 418 * @param {ByteString} cdata the command data 419 */ 420 APDU.prototype.setCData = function(cdata) { 421 this.cdata = cdata; 422 } 423 424 425 426 /** 427 * Gets the command data 428 * 429 * @type ByteString 430 * @return the command data, if any else undefined 431 */ 432 APDU.prototype.getCData = function() { 433 return this.cdata; 434 } 435 436 437 438 /** 439 * Check if APDU has command data 440 * 441 * @type boolean 442 * @return true if command APDU has data field 443 */ 444 APDU.prototype.hasCData = function() { 445 return ((typeof(this.cdata) != "undefined") && (this.cdata != null)); 446 } 447 448 449 450 /** 451 * Gets the command data as a list of TLV objects 452 * 453 * @type TLVList 454 * @return the command data as TLV list, if any else undefined 455 */ 456 APDU.prototype.getCDataAsTLVList = function() { 457 if (typeof(this.cdata) == "undefined") { 458 throw new GPError("APDU", GPError.INVALID_DATA, APDU.SW_INVDATA, "No data in command APDU"); 459 } 460 461 try { 462 var a = new TLVList(this.cdata, TLV.EMV); 463 } 464 catch(e) { 465 throw new GPError("APDU", GPError.INVALID_DATA, APDU.SW_INVDATA, "Invalid TLV data in command APDU"); 466 } 467 468 return a; 469 } 470 471 472 473 /** 474 * Gets the number of expected bytes 475 * 476 * @type Number 477 * @return the number of expected bytes or undefined 478 */ 479 APDU.prototype.getNe = function() { 480 return this.ne; 481 } 482 483 484 485 /** 486 * Check if APDU has Le field 487 * 488 * @type boolean 489 * @return true if command APDU has Le field 490 */ 491 APDU.prototype.hasLe = function() { 492 return typeof(this.ne) != "undefined"; 493 } 494 495 496 497 /** 498 * Set secure channel object to be used in wrap and unwrap methods 499 * 500 * @param {SecureChannel} secureChannel the channel 501 */ 502 APDU.prototype.setSecureChannel = function(secureChannel) { 503 this.secureChannel = secureChannel; 504 } 505 506 507 508 /** 509 * Return the secure channel, if any 510 * 511 * @type SecureChannel 512 * @return the secure channel 513 */ 514 APDU.prototype.getSecureChannel = function() { 515 return this.secureChannel; 516 } 517 518 519 520 /** 521 * Test if a secure channel is defined for this APDU 522 * 523 * @type boolean 524 * @return true, if secure channel is set 525 */ 526 APDU.prototype.hasSecureChannel = function() { 527 return (typeof(this.secureChannel) != "undefined") && (this.secureChannel != null); 528 } 529 530 531 532 /** 533 * Wrap APDU using secure channel 534 */ 535 APDU.prototype.wrap = function() { 536 if (this.hasSecureChannel()) { 537 this.secureChannel.wrap(this); 538 } 539 } 540 541 542 543 /** 544 * Unwrap APDU using secure channel 545 */ 546 APDU.prototype.unwrap = function() { 547 if (this.hasSecureChannel()) { 548 this.secureChannel.unwrap(this); 549 } 550 } 551 552 553 554 /** 555 * Sets the response data field for the response APDU 556 * 557 * @param {ByteString} data the response data field 558 */ 559 APDU.prototype.setRData = function(data) { 560 this.rdata = data; 561 } 562 563 564 565 /** 566 * Get the response data 567 * 568 * @type ByteString 569 * @return the response data 570 */ 571 APDU.prototype.getRData = function() { 572 return this.rdata; 573 } 574 575 576 577 /** 578 * Check if APDU has response data 579 * 580 * @type boolean 581 * @return true if response APDU has data field 582 */ 583 APDU.prototype.hasRData = function() { 584 return ((typeof(this.rdata) != "undefined") && (this.rdata != null)); 585 } 586 587 588 589 /** 590 * Sets the status word for the response ADPU 591 * 592 * @param {Number} sw the status word 593 */ 594 APDU.prototype.setSW = function(sw) { 595 this.SW = sw; 596 } 597 598 599 600 /** 601 * Get the status word 602 * 603 * @type Number 604 * @return the status word 605 */ 606 APDU.prototype.getSW = function() { 607 return this.SW; 608 } 609 610 611 612 /** 613 * Return a human readable form of this object 614 */ 615 APDU.prototype.toString = function() { 616 return this.getCommandAPDU().toString(HEX) + " : " + this.getResponseAPDU().toString(HEX); 617 } 618 619 620 621 /** 622 * Simple unit test 623 */ 624 APDU.test = function() { 625 // Case 1 626 var a = new APDU(0x00, 0xA4, 0x00, 0x0C); 627 print(a); 628 var b = a.getCommandAPDU(); 629 assert(b.toString(HEX) == "00A4000C"); 630 var c = new APDU(b); 631 assert(a.toString() == c.toString()); 632 633 // Case 2 Short 634 var a = new APDU(0x00, 0xA4, 0x00, 0x0C, 0); 635 print(a); 636 var b = a.getCommandAPDU(); 637 assert(b.toString(HEX) == "00A4000C00"); 638 var c = new APDU(b); 639 assert(a.toString() == c.toString()); 640 641 // Case 2 Extended 642 var a = new APDU(0x00, 0xA4, 0x00, 0x0C, 65536); 643 print(a); 644 var b = a.getCommandAPDU(); 645 assert(b.toString(HEX) == "00A4000C000000"); 646 var c = new APDU(b); 647 print(c); 648 assert(a.toString() == c.toString()); 649 650 // Case 3 Short 651 var a = new APDU(0x00, 0xA4, 0x00, 0x0C, new ByteString("3F00", HEX)); 652 print(a); 653 var b = a.getCommandAPDU(); 654 assert(b.toString(HEX) == "00A4000C023F00"); 655 var c = new APDU(b); 656 assert(a.toString() == c.toString()); 657 658 // Case 3 Extended 659 var data = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"; 660 var a = new APDU(0x00, 0xA4, 0x00, 0x0C, new ByteString(data, HEX)); 661 print(a); 662 var b = a.getCommandAPDU(); 663 assert(b.toString(HEX) == "00A4000C000100" + data); 664 var c = new APDU(b); 665 assert(a.toString() == c.toString()); 666 667 // Case 4 Short 668 var a = new APDU(0x00, 0xA4, 0x00, 0x0C, new ByteString("3F00", HEX), 0); 669 print(a); 670 var b = a.getCommandAPDU(); 671 assert(b.toString(HEX) == "00A4000C023F0000"); 672 var c = new APDU(b); 673 assert(a.toString() == c.toString()); 674 675 // Case 4b Extended 676 var a = new APDU(0x00, 0xA4, 0x00, 0x0C, new ByteString(data, HEX), 0); 677 print(a); 678 var b = a.getCommandAPDU(); 679 assert(b.toString(HEX) == "00A4000C000100" + data + "0000"); 680 var c = new APDU(b); 681 assert(a.toString() == c.toString()); 682 683 // Case 4b Extended 684 var a = new APDU(0x00, 0xA4, 0x00, 0x0C, new ByteString("3F00", HEX), 65536); 685 print(a); 686 var b = a.getCommandAPDU(); 687 assert(b.toString(HEX) == "00A4000C0000023F000000"); 688 var c = new APDU(b); 689 assert(a.toString() == c.toString()); 690 691 } 692