card

package
v0.1.0-testnet Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 10, 2022 License: MPL-2.0 Imports: 31 Imported by: 2

Documentation

Index

Constants

View Source 
const (

	// instructions
	InsIdentifyCard       = 0x14
	InsLoadCert           = 0x15
	InsVerifyPIN          = 0x20
	InsChangePIN          = 0x21
	InsCreatePhonon       = 0x30
	InsSetDescriptor      = 0x31
	InsListPhonons        = 0x32
	InsGetPhononPubKey    = 0x33
	InsDestroyPhonon      = 0x34
	InsSendPhonons        = 0x35
	InsRecvPhonons        = 0x36
	InsSetRecvList        = 0x37
	InsTransactionAck     = 0x38
	InsInitCardPairing    = 0x50
	InsCardPair           = 0x51
	InsCardPair2          = 0x52
	InsFinalizeCardPair   = 0x53
	InsGenerateInvoice    = 0x54
	InsGetFriendlyName    = 0x56
	InsSetFriendlyName    = 0x57
	InsReceiveInvoice     = 0x55
	InsGetAvailableMemory = 0x99
	InsMineNativePhonon   = 0x41

	// tags
	TagSelectAppInfo           = 0xA4
	TagCardUID                 = 0x8F
	TagCardSecureChannelPubKey = 0x80
	TagAppVersion              = 0x02
	TagPairingSlots            = 0x03
	TagAppCapability           = 0x8D

	TagPhononKeyCollection = 0x40
	TagKeyIndex            = 0x41
	TagPhononPubKey        = 0x80
	TagPhononPrivKey       = 0x81

	TagPhononFilter        = 0x60
	TagValueFilterLessThan = 0x84
	TagValueFilterMoreThan = 0x85

	TagPhononCollection      = 0x52
	TagPhononDescriptor      = 0x50
	TagPhononDenomBase       = 0x83
	TagPhononDenomExp        = 0x86
	TagCurrencyType          = 0x82
	TagCurveType             = 0x87
	TagSchemaVersion         = 0x88
	TagExtendedSchemaVersion = 0x89

	TagPhononKeyIndexList       = 0x42
	TagTransferPhononPacket     = 0x43
	TagPhononPrivateDescription = 0x44

	TagPhononPubKeyList = 0x7F

	TagCardCertificate = 0x90
	TagECCPublicKey    = 0x80 //TODO: resolve redundancy around 0x80 tag
	TagSalt            = 0x91
	TagAesIV           = 0x92
	TagECDSASig        = 0x93
	TagPairingIndex    = 0x94
	TagAESKey          = 0x95

	TagInvoiceID = 0x96

	//extended tags
	TagChainID = 0x20

	//ISO7816 Standard Responses
	SW_APPLET_SELECT_FAILED           = 0x6999
	SW_BYTES_REMAINING_00             = 0x6100
	SW_CLA_NOT_SUPPORTED              = 0x6E00
	SW_COMMAND_CHAINING_NOT_SUPPORTED = 0x6884
	SW_COMMAND_NOT_ALLOWED            = 0x6986
	SW_CONDITIONS_NOT_SATISFIED       = 0x6985
	SW_CORRECT_LENGTH_00              = 0x6C00
	SW_DATA_INVALID                   = 0x6984
	SW_FILE_FULL                      = 0x6A84
	SW_FILE_INVALID                   = 0x6983
	SW_FILE_NOT_FOUND                 = 0x6A82
	SW_FUNC_NOT_SUPPORTED             = 0x6A81
	SW_INCORRECT_P1P2                 = 0x6A86
	SW_INS_NOT_SUPPORTED              = 0x6D00
	SW_LAST_COMMAND_EXPECTED          = 0x6883
	SW_LOGICAL_CHANNEL_NOT_SUPPORTED  = 0x6881
	SW_NO_ERROR                       = 0x9000
	SW_RECORD_NOT_FOUND               = 0x6A83
	SW_SECURE_MESSAGING_NOT_SUPPORTED = 0x6882
	SW_SECURITY_STATUS_NOT_SATISFIED  = 0x6982
	SW_UNKNOWN                        = 0x6F00
	SW_WARNING_STATE_UNCHANGED        = 0x6200
	SW_WRONG_DATA                     = 0x6A80
	SW_WRONG_LENGTH                   = 0x6700
	SW_WRONG_P1P2                     = 0x6B00
	SW_MINING_FAILED                  = 0x9001
	SW_PIN_VERIFY_FAILED              = 0x63c
)
View Source 
const (
	StatusSuccess         = 0x9000
	StatusPhononTableFull = 0x6A84
	StatusKeyIndexInvalid = 0x6983
	StatusOutOfMemory     = 0x6F00
	StatusPINNotEntered   = 0x6985
)
View Source 
const StandardSchemaSupportedVersions uint8 = 0

Variables

View Source 
var (
	ErrMiningFailed       = errors.New("native phonon mine attempt failed")
	ErrInvalidPhononIndex = errors.New("invalid phonon index")
	ErrDefault            = errors.New("unspecified error for command")
)
View Source 
var (
	ErrCardUninitialized = errors.New("card uninitialized")
	ErrPhononTableFull   = errors.New("phonon table full")
	ErrKeyIndexInvalid   = errors.New("key index out of valid range")
	ErrOutOfMemory       = errors.New("card out of memory")
	ErrPINNotEntered     = errors.New("valid PIN required")
	ErrUnknown           = errors.New("unknown error")
)
View Source 
var ErrInvalidResponseMAC = errors.New("invalid response MAC")

Functions

func DeriveNativePhononPubKey 

func DeriveNativePhononPubKey(salt []byte) *model.NativePubKey

Takes a 32 byte salt as input to generate and return a sha512 hash of it. This is the process for deriving a native phonon hash, which is stored as its pubKey in the phonon table

func ParseIdentifyCardResponse 

func ParseIdentifyCardResponse(resp []byte) (cardPubKey *ecdsa.PublicKey, sig *util.ECDSASignature, err error)

func ParsePairStep1Response 

func ParsePairStep1Response(resp []byte) (salt []byte, cardCert cert.CardCertificate, pairingSig []byte, err error)

Replacement for original parsing logic which did not retrieve full certificate

func ParsePhononDescriptor 

func ParsePhononDescriptor(description []byte) (*model.Phonon, error)

func ParseResponseWithErrCheck 

func ParseResponseWithErrCheck(cmd *Command, plainData []byte) (*apdu.Response, error)

func QuickSecureConnection 

func QuickSecureConnection(readerIndex int, isStatic bool) (cs model.PhononCard, err error)

QuickSecureConnection is a convenience function which establishes a connection to the card attached to the readerIndex given and immediately attempts to open a secure channel with it. Equivalent to running SELECT, PAIR, OPEN_SECURE_CHANNEL. Does not handle the details of uninitialized cards

func TLVDecodePublicPhononFields 

func TLVDecodePublicPhononFields(phononTLV tlv.TLVCollection) (*model.Phonon, error)

Decodes the public phonon fields typically returned from a card Excludes PubKey and KeyIndex

func TLVEncodePhononDescriptor 

func TLVEncodePhononDescriptor(p *model.Phonon) ([]byte, error)

TLV Encodes the phonon standard schema used for setting it's descriptor. Must be extended with additional fields to suit the various commands that deal with phonons. Excludes fields KeyIndex, PubKey, and CurveType which are already known by the card at the time of creation Includes fields SchemaVersion, ExtendedSchemaVersion, CurrencyType, Denomination, and ExtendedTLVs

Types

type APDUDebugFormatter 

type APDUDebugFormatter struct{}

func (*APDUDebugFormatter) Format 

func (f *APDUDebugFormatter) Format(entry *log.Entry) ([]byte, error)

type CmdErrTable 

type CmdErrTable map[int]error

type Command 

type Command struct {
	ApduCmd      *apdu.Command
	PossibleErrs CmdErrTable
}

func NewCommandCardPair 

func NewCommandCardPair(data []byte) *Command

func NewCommandCardPair2 

func NewCommandCardPair2(data []byte) *Command

func NewCommandChangePIN 

func NewCommandChangePIN(pin string) *Command

func NewCommandCreatePhonon 

func NewCommandCreatePhonon(curveType byte) *Command

func NewCommandDestroyPhonon 

func NewCommandDestroyPhonon(data []byte) *Command

func NewCommandFinalizeCardPair 

func NewCommandFinalizeCardPair(data []byte) *Command

func NewCommandGenerateInvoice 

func NewCommandGenerateInvoice() *Command

func NewCommandGetAvailableMemory 

func NewCommandGetAvailableMemory() *Command

func NewCommandGetFriendlyName 

func NewCommandGetFriendlyName() *Command

func NewCommandGetPhononPubKey 

func NewCommandGetPhononPubKey(data []byte) *Command

func NewCommandIdentifyCard 

func NewCommandIdentifyCard(nonce []byte) *Command

NewCommandIdentifyCard takes a 32 byte nonce value and sends it along with the IDENTIFY_CARD APDU As a response it receives the card's public key and and a signature on the salt to prove posession of the private key

func NewCommandInit 

func NewCommandInit(data []byte) *Command

func NewCommandInitCardPairing 

func NewCommandInitCardPairing(data []byte) *Command

func NewCommandInstallCert 

func NewCommandInstallCert(data []byte) *Command

func NewCommandListPhonons 

func NewCommandListPhonons(p1 byte, p2 byte, data []byte) *Command

func NewCommandMineNativePhonon 

func NewCommandMineNativePhonon(difficulty uint8) *Command

func NewCommandMutualAuthenticate 

func NewCommandMutualAuthenticate(data []byte) *Command

func NewCommandOpenSecureChannel 

func NewCommandOpenSecureChannel(index uint8, publicKey []byte) *Command

func NewCommandPairStep1 

func NewCommandPairStep1(salt []byte, pairingPubKey *ecdsa.PublicKey) *Command

func NewCommandPairStep2 

func NewCommandPairStep2(cryptogram [32]byte) *Command

func NewCommandReceiveInvoice 

func NewCommandReceiveInvoice() *Command

func NewCommandReceivePhonons 

func NewCommandReceivePhonons(phononTransferPacket []byte) *Command

Receives a TLV encoded Phonon Transfer Packet Payload in encrypted form and passes it on directly to a card

func NewCommandSelectPhononApplet 

func NewCommandSelectPhononApplet() *Command

func NewCommandSendPhonons 

func NewCommandSendPhonons(data []byte, p2Length byte, extendedRequest bool) *Command

func NewCommandSetDescriptor 

func NewCommandSetDescriptor(data []byte) *Command

func NewCommandSetFriendlyName 

func NewCommandSetFriendlyName(name string) *Command

func NewCommandSetReceiveList 

func NewCommandSetReceiveList(data []byte) *Command

func NewCommandTransactionAck 

func NewCommandTransactionAck(data []byte) *Command

func NewCommandUnpair 

func NewCommandUnpair(index uint8) *Command

func NewCommandVerifyPIN 

func NewCommandVerifyPIN(pin string) *Command

func (*Command) HumanReadableErr 

func (cmd *Command) HumanReadableErr(res *apdu.Response) error

type Invoice 

type Invoice struct {
	ID  string //32 length
	Key []byte //32 length
}

type MockCard 

type MockCard struct {
	Phonons []*MockPhonon

	IdentityPubKey *ecdsa.PublicKey
	IdentityCert   cert.CardCertificate
	// contains filtered or unexported fields
}

func NewMockCard 

func NewMockCard(isInitialized bool, isStatic bool) (*MockCard, error)

func (*MockCard) CardPair 

func (c *MockCard) CardPair(initCardPairingData []byte) (cardPairingData []byte, err error)

func (*MockCard) CardPair2 

func (c *MockCard) CardPair2(cardPairData []byte) (cardPair2Data []byte, err error)

func (*MockCard) ChangePIN 

func (c *MockCard) ChangePIN(pin string) error

func (*MockCard) CreatePhonon 

func (c *MockCard) CreatePhonon(curveType model.CurveType) (keyIndex uint16, pubKey model.PhononPubKey, err error)

func (*MockCard) DestroyPhonon 

func (c *MockCard) DestroyPhonon(keyIndex uint16) (privKey *ecdsa.PrivateKey, err error)

func (*MockCard) FinalizeCardPair 

func (c *MockCard) FinalizeCardPair(cardPair2Data []byte) (err error)

func (*MockCard) GenerateInvoice 

func (c *MockCard) GenerateInvoice() (invoiceData []byte, err error)

func (*MockCard) GetAvailableMemory 

func (c *MockCard) GetAvailableMemory() (int, int, int, error)

func (*MockCard) GetFriendlyName 

func (c *MockCard) GetFriendlyName() (string, error)

func (*MockCard) GetPhononPubKey 

func (c *MockCard) GetPhononPubKey(keyIndex uint16, crv model.CurveType) (pubkey model.PhononPubKey, err error)

func (*MockCard) IdentifyCard 

func (c *MockCard) IdentifyCard(nonce []byte) (cardPubKey *ecdsa.PublicKey, cardSig *util.ECDSASignature, err error)

func (*MockCard) Init 

func (c *MockCard) Init(pin string) error

func (*MockCard) InitCardPairing 

func (c *MockCard) InitCardPairing(receiverCert cert.CardCertificate) (initPairingData []byte, err error)

func (*MockCard) InstallCertificate 

func (c *MockCard) InstallCertificate(signKeyFunc func([]byte) ([]byte, error)) error

func (*MockCard) ListPhonons 

func (c *MockCard) ListPhonons(currencyType model.CurrencyType, lessThanValue uint64, greaterThanValue uint64, continues bool) ([]*model.Phonon, error)

func (*MockCard) MineNativePhonon 

func (c *MockCard) MineNativePhonon(difficulty uint8) (uint16, []byte, error)

func (*MockCard) OpenSecureChannel 

func (c *MockCard) OpenSecureChannel() error

func (*MockCard) OpenSecureConnection 

func (c *MockCard) OpenSecureConnection() error

func (*MockCard) Pair 

func (c *MockCard) Pair() (*cert.CardCertificate, error)

func (*MockCard) ReceiveInvoice 

func (c *MockCard) ReceiveInvoice(invoiceData []byte) (err error)

func (*MockCard) ReceivePhonons 

func (c *MockCard) ReceivePhonons(transaction []byte) (err error)

func (*MockCard) Select 

func (c *MockCard) Select() (instanceUID []byte, cardPubKey *ecdsa.PublicKey, cardInitialized bool, err error)

func (*MockCard) SendPhonons 

func (c *MockCard) SendPhonons(keyIndices []uint16, extendedRequest bool) (transferPhononPackets []byte, err error)

func (*MockCard) SetDescriptor 

func (c *MockCard) SetDescriptor(phonon *model.Phonon) error

func (*MockCard) SetFriendlyName 

func (c *MockCard) SetFriendlyName(name string) error

func (*MockCard) SetReceiveList 

func (c *MockCard) SetReceiveList(phononPubKeys []*ecdsa.PublicKey) error

func (*MockCard) TransactionAck 

func (c *MockCard) TransactionAck(keyIndices []uint16) error

func (*MockCard) VerifyPIN 

func (c *MockCard) VerifyPIN(pin string) error

type MockPhonon 

type MockPhonon struct {
	model.Phonon
	PrivateKey []byte
	// contains filtered or unexported fields
}

func (*MockPhonon) Encode 

func (phonon *MockPhonon) Encode() (tlv.TLV, error)

type PhononCommandSet 

type PhononCommandSet struct {
	ApplicationInfo *types.ApplicationInfo
	PairingInfo     *types.PairingInfo
	PhononCACert    []byte
	// contains filtered or unexported fields
}

func Connect 

func Connect(readerIndex int) (*PhononCommandSet, error)

func NewPhononCommandSet 

func NewPhononCommandSet(c types.Channel) *PhononCommandSet

func (*PhononCommandSet) CardPair 

func (cs *PhononCommandSet) CardPair(initPairingData []byte) (cardPairData []byte, err error)

CardPair takes the response from initCardPairing and passes it to the counterparty card for the next step of pairing

func (*PhononCommandSet) CardPair2 

func (cs *PhononCommandSet) CardPair2(cardPairData []byte) (cardPair2Data []byte, err error)

func (*PhononCommandSet) ChangePIN 

func (cs *PhononCommandSet) ChangePIN(pin string) error

func (*PhononCommandSet) CreatePhonon 

func (cs *PhononCommandSet) CreatePhonon(curveType model.CurveType) (keyIndex uint16, pubKey model.PhononPubKey, err error)

func (*PhononCommandSet) DestroyPhonon 

func (cs *PhononCommandSet) DestroyPhonon(keyIndex uint16) (privKey *ecdsa.PrivateKey, err error)

func (*PhononCommandSet) FinalizeCardPair 

func (cs *PhononCommandSet) FinalizeCardPair(cardPair2Data []byte) (err error)

func (*PhononCommandSet) GenerateInvoice 

func (cs *PhononCommandSet) GenerateInvoice() (invoiceData []byte, err error)

func (*PhononCommandSet) GetAvailableMemory 

func (cs *PhononCommandSet) GetAvailableMemory() (persistentMem int, onResetMem int, onDeselectMem int, err error)

func (*PhononCommandSet) GetFriendlyName 

func (cs *PhononCommandSet) GetFriendlyName() (string, error)

func (*PhononCommandSet) GetPhononPubKey 

func (cs *PhononCommandSet) GetPhononPubKey(keyIndex uint16, crv model.CurveType) (pubKey model.PhononPubKey, err error)

func (*PhononCommandSet) IdentifyCard 

func (cs *PhononCommandSet) IdentifyCard(nonce []byte) (cardPubKey *ecdsa.PublicKey, cardSig *util.ECDSASignature, err error)

func (*PhononCommandSet) Init 

func (cs *PhononCommandSet) Init(pin string) error

func (*PhononCommandSet) InitCardPairing 

func (cs *PhononCommandSet) InitCardPairing(receiverCert cert.CardCertificate) (initPairingData []byte, err error)

InitCardPairing tells a card to initialized a pairing with another phonon card Data is passed transparently from card to card since no client processing is necessary

func (*PhononCommandSet) InstallCertificate 

func (cs *PhononCommandSet) InstallCertificate(signKeyFunc func([]byte) ([]byte, error)) (err error)

func (*PhononCommandSet) ListPhonons 

func (cs *PhononCommandSet) ListPhonons(currencyType model.CurrencyType, lessThanValue uint64, greaterThanValue uint64, continuation bool) ([]*model.Phonon, error)

ListPhonons takes a currency type and range bounds and returns a listing of the phonons currently stored on the card Set lessThanValue or greaterThanValue to 0 to ignore the parameter. Returned phonons omit the public key to reduce data transmission After processing, the list client should send GET_PHONON_PUB_KEY to retrieve the corresponding pubkeys if necessary.

func (*PhononCommandSet) MineNativePhonon 

func (cs *PhononCommandSet) MineNativePhonon(difficulty uint8) (keyIndex uint16, hash []byte, err error)

func (*PhononCommandSet) OpenBestConnection 

func (cs *PhononCommandSet) OpenBestConnection() (initialized bool, err error)

func (*PhononCommandSet) OpenSecureChannel 

func (cs *PhononCommandSet) OpenSecureChannel() error

func (*PhononCommandSet) OpenSecureConnection 

func (cs *PhononCommandSet) OpenSecureConnection() error

OpenSecureChannel is a convenience function to perform all of the necessary options to open a card to terminal secure channel in sequence. Runs SELECT, PAIR, OPEN_SECURE_CHANNEL

func (*PhononCommandSet) Pair 

func (cs *PhononCommandSet) Pair() (*cert.CardCertificate, error)

func (*PhononCommandSet) ReceiveInvoice 

func (cs *PhononCommandSet) ReceiveInvoice(invoiceData []byte) (err error)

func (*PhononCommandSet) ReceivePhonons 

func (cs *PhononCommandSet) ReceivePhonons(phononTransfer []byte) error

func (*PhononCommandSet) Select 

func (cs *PhononCommandSet) Select() (instanceUID []byte, cardPubKey *ecdsa.PublicKey, cardInitialized bool, err error)

Selects the phonon applet for further usage

func (PhononCommandSet) Send 

func (cs PhononCommandSet) Send(cmd *Command) (*apdu.Response, error)

func (*PhononCommandSet) SendPhonons 

func (cs *PhononCommandSet) SendPhonons(keyIndices []uint16, extendedRequest bool) (transferPhononPackets []byte, err error)

func (*PhononCommandSet) SetDescriptor 

func (cs *PhononCommandSet) SetDescriptor(p *model.Phonon) error

func (*PhononCommandSet) SetFriendlyName 

func (cs *PhononCommandSet) SetFriendlyName(name string) error

func (*PhononCommandSet) SetReceiveList 

func (cs *PhononCommandSet) SetReceiveList(phononPubKeys []*ecdsa.PublicKey) error

Implemented with support for single

func (*PhononCommandSet) TransactionAck 

func (cs *PhononCommandSet) TransactionAck(keyIndices []uint16) error

func (*PhononCommandSet) Unpair 

func (cs *PhononCommandSet) Unpair(index uint8) error

func (*PhononCommandSet) VerifyPIN 

func (cs *PhononCommandSet) VerifyPIN(pin string) error

type SecureChannel 

type SecureChannel struct {
	// contains filtered or unexported fields
}

func NewSecureChannel 

func NewSecureChannel(c types.Channel) *SecureChannel

func (*SecureChannel) Decrypt 

func (sc *SecureChannel) Decrypt(ciphertext []byte) (data []byte, err error)

Decrypts the response to the last message Encrypted in this channel The init vector is automatically updated to match the iv the response should use after a Decrypt -> Encrypt cycle

func (*SecureChannel) DecryptDirect 

func (sc *SecureChannel) DecryptDirect(ciphertext []byte, iv []byte) (data []byte, err error)

DecryptDirect decrypts a message but does not track iv updates or authenticate the decryption with the MAC Useful for decrypting a message that was just encrypted by the same channel, rather than by a counterparty channel which is keeping the IV in sync. Could also be used to decrypt a message which provides the IV

func (*SecureChannel) Encrypt 

func (sc *SecureChannel) Encrypt(data []byte) (ciphertext []byte, err error)

Encrypt data and return ciphertext directly

func (*SecureChannel) GenerateSecret 

func (sc *SecureChannel) GenerateSecret(cardPubKeyData []byte) error

func (*SecureChannel) GenerateStaticSecret 

func (sc *SecureChannel) GenerateStaticSecret(cardPubKeyData []byte) error

func (*SecureChannel) Init 

func (sc *SecureChannel) Init(iv, encKey, macKey []byte)

func (*SecureChannel) PublicKey 

func (sc *SecureChannel) PublicKey() *ecdsa.PublicKey

func (*SecureChannel) RawPublicKey 

func (sc *SecureChannel) RawPublicKey() []byte

func (*SecureChannel) Reset 

func (sc *SecureChannel) Reset()

func (*SecureChannel) Secret 

func (sc *SecureChannel) Secret() []byte

func (*SecureChannel) Send 

func (sc *SecureChannel) Send(cmd *Command) (resp *apdu.Response, err error)

AES-CBC-256 Symmetric encryption

type SecureChannelPairingDetails 

type SecureChannelPairingDetails struct {
	// contains filtered or unexported fields
}

type StaticPhononCommandSet 

type StaticPhononCommandSet struct {
	*PhononCommandSet
}

Insecure alternative implementation of phonon command set which uses static keys in the card to terminal pairing process in order to allow for debugging with the javacard simulator

func NewStaticPhononCommandSet 

func NewStaticPhononCommandSet(cs *PhononCommandSet) *StaticPhononCommandSet

func (*StaticPhononCommandSet) OpenSecureChannel 

func (cs *StaticPhononCommandSet) OpenSecureChannel() error

func (*StaticPhononCommandSet) OpenSecureConnection 

func (cs *StaticPhononCommandSet) OpenSecureConnection() error

OpenSecureChannel is a convenience function to perform all of the necessary options to open a card to terminal secure channel in sequence. Runs SELECT, PAIR, OPEN_SECURE_CHANNEL

func (*StaticPhononCommandSet) Pair 

func (cs *StaticPhononCommandSet) Pair() (*cert.CardCertificate, error)

func (*StaticPhononCommandSet) Select 

func (cs *StaticPhononCommandSet) Select() (instanceUID []byte, cardPubKey *ecdsa.PublicKey, cardInitialized bool, err error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.