1 /** 2 * --------- 3 * |.##> <##.| Open Smart Card Development Platform (www.openscdp.org) 4 * |# #| 5 * |# #| Copyright (c) 1999-2018 CardContact Software & System Consulting 6 * |'##> <##'| Andreas Schwier, 32429 Minden, Germany (www.cardcontact.de) 7 * --------- 8 * 9 * This file is part of OpenSCDP. 10 * 11 * OpenSCDP is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 * 15 * OpenSCDP is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with OpenSCDP; if not, write to the Free Software 22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 * 24 * @fileoverview Implementation of a secure messaging channel as defined in ISO 7814-4 and eSign-K 25 */ 26 27 var APDU = require('scsh/cardsim/APDU').APDU; 28 var SecureMessagingCommandAPDUDecoder = require('scsh/cardsim/SecureMessagingCommandAPDUDecoder').SecureMessagingCommandAPDUDecoder; 29 30 31 32 /** 33 * Create a secure channel 34 * 35 * @class Class implementing a secure messaging channel 36 * @constructor 37 * @param {Crypto} crypto the crypto provider 38 */ 39 function SecureChannelHandler(crypto) { 40 this.crypto = crypto; 41 this.policy = IsoSecureChannel.SSC_DEFAULT_POLICY; 42 } 43 44 exports.SecureChannelHandler = SecureChannelHandler; 45 46 47 48 /** 49 * Sets the policy for handling send sequence counters 50 * 51 * See IsoSecureChannel for details 52 * 53 * @param {Number} policy one of IsoSecureChannel.SSC_DEFAULT_POLICY, SSC_SYNC_POLICY or SSC_SYNC_ENC_POLICY 54 */ 55 SecureChannelHandler.prototype.setSendSequenceCounterPolicy = function(policy) { 56 this.policy = policy; 57 } 58 59 60 61 /** 62 * Sets the key used for encryption 63 * 64 * @param {Key} key the encryption key 65 */ 66 SecureChannelHandler.prototype.setEncKey = function(key) { 67 this.encKey = key; 68 69 if (key.getComponent(Key.AES)) { 70 this.encBlockSize = 16; 71 this.encMechanism = Crypto.AES_CBC; 72 this.iv = new ByteString("00000000000000000000000000000000", HEX); 73 } else { 74 this.encBlockSize = 8; 75 this.encMechanism = Crypto.DES_CBC; 76 this.iv = new ByteString("0000000000000000", HEX); 77 } 78 } 79 80 81 82 /** 83 * Sets the key used for message authentication 84 * 85 * @param {Key} key the message authentication key 86 */ 87 SecureChannelHandler.prototype.setMacKey = function(key) { 88 this.macKey = key; 89 90 if (key.getComponent(Key.AES)) { 91 this.macBlockSize = 16; 92 this.macMechanism = Crypto.AES_CMAC; 93 } else { 94 this.macBlockSize = 8; 95 this.macMechanism = Crypto.DES_MAC_EMV; 96 } 97 } 98 99 100 101 /** 102 * Set the send sequence counter for MAC calculation 103 * 104 * @param {ByteString} ssc the send sequence counter 105 */ 106 SecureChannelHandler.prototype.setMACSendSequenceCounter = function(ssc) { 107 this.macSendSequenceCounter = ssc; 108 } 109 110 111 112 /** 113 * Set the send sequence counter for encryption calculation 114 * 115 * @param {ByteString} ssc the send sequence counter 116 */ 117 SecureChannelHandler.prototype.setEncSendSequenceCounter = function(ssc) { 118 this.encSendSequenceCounter = ssc; 119 } 120 121 122 123 /** 124 * Return an initialisation vector based on the defined policy 125 * 126 * @type ByteString 127 * @return the IV 128 */ 129 SecureChannelHandler.prototype.getIV = function() { 130 var iv = this.iv; 131 if (this.policy == IsoSecureChannel.SSC_SYNC_ENC_POLICY) { 132 iv = this.crypto.encrypt(this.encKey, this.encMechanism, this.macSendSequenceCounter, iv); 133 } else if (this.policy == IsoSecureChannel.SSC_SYNC_POLICY) { 134 iv = this.macSendSequenceCounter; 135 } else { 136 if (typeof(this.encSendSequenceCounter) != "undefined") { 137 iv = this.encSendSequenceCounter 138 } 139 } 140 return iv; 141 } 142 143 144 145 /** 146 * Unwrap a secure messaging APDU recovering the content 147 * 148 * @param {APDU} apdu the APDU to unwrap 149 */ 150 SecureChannelHandler.prototype.unwrap = function(apdu) { 151 var decoder = new SecureMessagingCommandAPDUDecoder(this, apdu); 152 if (!decoder.verifyMAC(this.macKey)) { 153 throw new GPError("SecureChannelHandler", GPError.CRYPTO_FAILED, APDU.SW_INCSMDATAOBJECT, "MAC verification failed"); 154 } 155 156 var le = decoder.getLe(); 157 if (le >= 0) { 158 apdu.ne = le; 159 } else { 160 apdu.ne = undefined; 161 } 162 163 var plain = decoder.decryptBody(this.encKey); 164 apdu.setCData(plain); 165 } 166 167 168 169 /** 170 * Wrap an APDU for secure messaging 171 * 172 * @param {APDU} apdu the APDU to wrap 173 */ 174 SecureChannelHandler.prototype.wrap = function(apdu) { 175 var rdata = new ByteBuffer(); 176 177 var macinp = new ByteBuffer(); 178 179 if (typeof(this.macSendSequenceCounter) != "undefined") { 180 var ssc = this.macSendSequenceCounter.add(1); 181 this.macSendSequenceCounter = ssc; 182 macinp.append(ssc); 183 } 184 185 if (apdu.hasRData()) { 186 var padbuff = new ByteBuffer(apdu.getRData()); 187 SecureMessagingCommandAPDUDecoder.pad(padbuff, this.encBlockSize); 188 var iv = this.getIV(); 189 var cryptogram = this.crypto.encrypt(this.encKey, this.encMechanism, padbuff.toByteString(), iv); 190 var padind = new ByteString("01", HEX); 191 192 var do87 = new TLV(0x87, padind.concat(cryptogram), TLV.EMV); 193 rdata.append(do87.getTLV()); 194 } 195 196 rdata.append(0x99); 197 rdata.append(2); 198 rdata.append(apdu.getSW() >> 8); 199 rdata.append(apdu.getSW() & 0xFF); 200 201 macinp.append(rdata); 202 203 SecureMessagingCommandAPDUDecoder.pad(macinp, this.macBlockSize); 204 var mac = this.crypto.sign(this.macKey, this.macMechanism, macinp.toByteString()); 205 206 rdata.append(0x8E); 207 rdata.append(0x08); 208 rdata.append(mac.left(8)); 209 210 apdu.setRData(rdata.toByteString()); 211 } 212