iso7816 0.0.3

data/lib/emv/crypto/crypto.rb

@@ -0,0 +1,108 @@
+autoload :OpenSSL, 'openssl'
+
+module EMV
+module Crypto
+  
+  # Generate Session keys according to CPS 5.3 
+  def self.generate_session_key ic_card_key, seq, type
+    seq         = check_and_convert("seq", seq, 2)
+    ic_card_key = check_and_convert("ic_card_key", ic_card_key, 16)
+    
+    derivation_data = case type
+            when :enc
+              "\x01\x82"
+            when :mac
+              "\x01\x01"
+            when :dek
+              "\x01\x81"
+            else
+              raise "invalid type of key: #{type}"
+            end
+
+    derivation_data += seq + ISO7816.s2b("000000000000000000000000")
+
+    cipher = OpenSSL::Cipher::Cipher.new("des-ede-cbc").encrypt
+    cipher.key = ic_card_key
+    cipher.update derivation_data
+  end
+  
+  # encrypt ecb according to CPS 5.5.1
+  def self.encrypt_ecb key, data
+    cipher = OpenSSL::Cipher::Cipher.new("des-ede").encrypt
+    cipher.key = key
+    cipher.update(data)
+  end
+
+  #encrypt cbc accroding to CPS 5.5.2
+  def self.encrypt_cbc key, data
+    cipher = OpenSSL::Cipher::Cipher.new("des-ede-cbc").encrypt
+    cipher.key = key
+    data = pad(data)
+    cipher.update data
+  end
+  
+  # Mac calculation according to CPS 5.4.1. 
+  def self.mac_for_personalization key, input
+    key = check_and_convert "key", key, 16
+    input = pad(input)
+    cipher = OpenSSL::Cipher::Cipher.new("des-ede-cbc").encrypt
+    cipher.key = key
+    mac = ""
+    input.scan(/.{8}/m) {|block|
+      mac = cipher.update block
+    }
+    mac
+  end
+  
+  # calculate ISO 9797-1 "Retail Mac"
+  # (MAC Algorithm 3 with output transformation 3,
+  # without truncation) : 
+  # DES with final TDES.
+  #
+  # Padding is added if data is not a multiple of 8
+  def self.retail_mac key, data
+    cipher      = OpenSSL::Cipher::Cipher.new("des-cbc").encrypt
+    cipher.key  = key[0,8]
+
+    data = pad(data) 
+
+    single_data = data[0,data.length-8]
+    # Single DES with XOR til the last block
+    if single_data && single_data.length > 0
+      mac_ = cipher.update(single_data)
+      mac_ = mac_[mac_.length-8, 8]
+    else # length of data was <= 8
+      mac_ = "\x00"*8
+    end
+
+    triple_data = data[data.length-8, 8]
+    mac = ""
+    0.upto(7) { |i|
+      mac << (mac_[i] ^ triple_data[i])
+    }
+    # Final Round of TDES
+    cipher      = OpenSSL::Cipher::Cipher.new("des-ede").encrypt
+    cipher.key  = key
+    cipher.update(mac)
+  end
+
+  def self.pad input
+
+    input += "\x80"
+    while (input.length % 8) != 0
+      input << 0x00
+    end
+    input
+  end
+
+  def self.check_and_convert mes, data, length_in_bytes
+    raise "`#{mes}` may not be nil" unless data
+    unless data.length == length_in_bytes || data.length == length_in_bytes*2
+      raise "invalid length for '#{mes}'. Should be #{length_in_bytes}" 
+    end
+    data = ISO7816.s2b(data) if data.length == length_in_bytes*2
+    data
+  end
+
+end #module Crypto
+end #module EMV

data/lib/emv/data/cps_ini_update.rb

@@ -0,0 +1,15 @@
+require 'tlv'
+
+module EMV
+module Data
+  class InitializeUpdateData < TLV::TLV
+    b 6*8, "Identifier of the KMC", :kmc_id
+    b 4*8, "Chip Serial Number", :csn
+    b 8,   "Version Number of Master key (KMC)", :kmc_version
+    b 8,   "Identifier of Secure Channel Protocol", :sec_channel_proto_id
+    b 2*8, "Sequence Counter", :sequence_counter
+    b 6*8, "Card challenge (r card)", :challenge
+    b 8*8, "Card Cryptogram", :cryptogram
+  end
+end #module DATA
+end #module EMV

data/lib/emv/emv.rb

@@ -0,0 +1,5 @@
+
+module EMV
+  # according to EMV 1, 12.2.2
+  PSE_DDF="1PAY.SYS.DDF01"
+end

data/lib/emv/emv_apdu.rb

@@ -0,0 +1,56 @@
+module EMV 
+
+module APDU
+
+class EMV_APDU < ISO7816::APDU::APDU
+  cla "\x80"
+end
+
+def APDU.create_class name, ins, cla="80"
+  cl =  "class #{name} < EMV_APDU\n"
+  cl << "  cla \"\\x#{cla}\"\n" unless cla == "80"
+  cl << "  ins \"\\x#{ins}\"\n"
+  cl << "end"
+
+   eval(cl)
+end
+[
+["APPLICATION_BLOCK", "1E", "84"],
+["APPLICATION_UNBLOCK", "18", "84"],
+["CARD_BLOCK", "16", "84"],
+["GENERATE_APPLICATION_CRYPTOGRAM", "AE"],
+["GET_DATA", "CA"],
+["GET_PROCESSING_OPTIONS", "A8"],
+["PIN_CHANGE_UNBLOCK", "24", "84"],
+].each{|entry|
+  APDU.create_class *entry
+}
+
+
+class EXTERNAL_AUTHENTICATE < ISO7816::APDU::EXTERNAL_AUTHENTICATE
+end
+class GET_CHALLENGE < ISO7816::APDU::GET_CHALLENGE
+end
+class INTERNAL_AUTHENTICATE < ISO7816::APDU::INTERNAL_AUTHENTICATE
+end
+class READ_RECORD < ISO7816::APDU::READ_RECORD
+end
+class SELECT < ISO7816::APDU::SELECT
+  p1 "\x04"
+end
+class VERIFY < ISO7816::APDU::VERIFY
+  def initialize card 
+    super
+    self.plaintext_pin
+  end
+  def plaintext_pin
+    @p2 = ("" << 0x80)
+  end  
+  def enciphered_pin
+    @p2 = ("" << 0x88)
+  end
+end
+
+end # APDU
+
+end #EMV

data/lib/iso7816.rb

@@ -0,0 +1,9 @@
+$:.unshift(File.dirname(__FILE__)) unless
+  $:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
+
+require '7816/card'
+require '7816/atr'
+require '7816/apdu'
+require '7816/iso_apdu'
+require '7816/pcsc_helper'
+

data/lib/iso_7816.rb

@@ -0,0 +1,5 @@
+$:.unshift(File.dirname(__FILE__)) unless
+  $:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
+
+require 'iso7816'
+

data/test/apdu_resp_test.rb

@@ -0,0 +1,63 @@
+require 'test/unit'
+require File.dirname(__FILE__) + '/../lib/iso7816'
+
+class TestResponse < Test::Unit::TestCase
+
+  def setup
+  end
+  
+  def test_resp_basics
+    
+    response = ISO7816::APDU::Response
+
+    r = response.new "\x90\x00"
+    assert r.normal?
+    assert r.data == ""
+
+    r = response.new "blabla\x90\x00", 6
+    assert r.normal?
+
+
+    r = response.new "blabla\x61\xff", 6
+    assert r.normal?
+
+    ["\x62","\x63"].each {|byte|
+      r = response.new "bla#{byte}#{byte}", 3
+      assert r.warning?
+    }
+    
+    ["\x64", "\x65", "\x66"].each_with_index {|byte, i|
+      r= response.new "#{'a'*i}#{byte}\x00", i
+      assert r.execution_err?
+    }
+
+    ["\x67", "\x68", "\x69", "\x6a", "\x6b", "\x6c", "\x6d", "\x6e", "\x6f"].each_with_index { |byte, i|
+      r= response.new "#{'a'*i}#{byte}\x00", i
+      assert r.checking_err?
+      assert r.data  == 'a'*i
+    }
+  end
+  
+  # these are a tad contrived and are only meant to ensure basic coverage...
+  def test_resp_to_s
+    response = ISO7816::APDU::Response
+    r = response.new "\x90\x00"
+    assert r.to_s ==  "APDU Response\n  SW1: 90 (OK: No further qualification)\n  SW2: 00 ()\n"
+
+    r = response.new "blabla\x61\xff"
+    assert r.to_s == "APDU Response\n  SW1: 61 (OK: SW2 indicates the number of response bytes still available)\n  SW2: ff (ff bytes remaining.)\n"
+    
+    r = response.new "bla\x62\62"
+    assert r.to_s == "APDU Response\n  SW1: 62 (WARN: State of non-volatile memory unchanged)\n  SW2: 32 (unknown sw2 for sw1=62: 32)\n"
+    
+    r = response.new "\x63\x81"
+    assert r.to_s == "APDU Response\n  SW1: 63 (WARN: State of non-volatile memory changed)\n  SW2: 81 (File filled up by the last write)\n"
+
+    r = response.new "#{"aa"}\x66\x00", 2
+    assert r.to_s ==  "APDU Response\n  Data(2): 6161\n  SW1: 66 (EXE ERR: Reserved for security-related issues)\n  SW2: 00 (security (undefined))\n"
+    
+    r = response.new "#{"aa"}\x69\x77", 2
+    assert r.to_s == "APDU Response\n  Data(2): 6161\n  SW1: 69 (CHK ERR: Command not allowed)\n  SW2: 77 (unknown sw2 for sw1=69: 77)\n"
+
+  end
+end

data/test/apdu_test.rb

@@ -0,0 +1,128 @@
+require 'test/unit'
+require File.dirname(__FILE__) + '/../lib/iso7816'
+
+class TestAPDU < Test::Unit::TestCase
+
+  def setup
+  end
+  
+  def s2b str
+    ISO7816.s2b str
+  end
+
+  def test_select
+    s = ISO7816::APDU::SELECT.new
+    
+    assert_equal "\x00\xa4\x00\x00", s.to_b 
+    assert_equal "\n|CLA|INS| P1| P2|\n| 00| a4| 00| 00|", s.to_s
+    
+    # add filename
+    
+    s.data = "\x37\x00"
+    assert_equal "\x00\xa4\x00\x00\x02\x37\x00", s.to_b  
+    assert_equal "\n|CLA|INS| P1| P2|| LC|Data| LE|\n| 00| a4| 00| 00|| 02|3700|   |", s.to_s
+  end
+
+  def test_invalid_ins
+    apdu = ISO7816::APDU::APDU.new
+    ["\x90", "\x95", "\x9f", "\x60", "\x65", "\x6f"]. each {|inv|
+      apdu.ins=inv
+      assert_equal false, apdu.ins_valid?
+    }
+    ["\x10", "\x25", "\x3f", "\x40", "\x55", "\xff"]. each {|inv|
+      apdu.ins=inv
+      assert_equal true, apdu.ins_valid?
+    }
+  end
+
+  def test_basics
+    a = ISO7816::APDU::APDU.new "test-card"
+    assert_equal "\x00", a.cla
+    assert_equal "\x00", a.ins
+    assert_equal "\x00", a.p1
+    assert_equal "\x00", a.p2
+    assert_equal "", a.data
+    assert_equal "", a.le
+    assert_equal "test-card", a.card
+
+    assert_nothing_raised {
+      a.to_s
+      a.to_b
+    }
+
+    assert_equal false, a.case_4?
+    a.data = "abc"
+    a.le = 4
+    assert_equal true, a.case_4?
+
+    a = ISO7816::APDU::RandomAPDU.new "test-card"
+    [a.cla, a.ins, a.p1, a.p2].each {|by|
+      assert_not_equal nil, by
+      assert_equal 1, by.length
+    }
+    assert_equal true, a.ins_valid?
+    
+    assert_equal "", a.data
+    assert_equal "test-card", a.card
+    
+    assert_nothing_raised {
+      a.to_s
+      a.to_b
+    }
+  end
+  def test_to_apdu
+    apdu = ISO7816::APDU::APDU.to_apdu(s2b("80b4000008"))
+    assert_equal "\x80", apdu.cla
+    assert_equal "\xb4", apdu.ins
+    assert_equal "\x00", apdu.p1
+    assert_equal "\x00", apdu.p2
+    assert_equal "\x08", apdu.le
+    
+    apdu = ISO7816::APDU::APDU.to_apdu(s2b("8020000008aaaaaaaaaaaaaaaa"))
+    assert_equal "\x80", apdu.cla
+    assert_equal "\x20", apdu.ins
+    assert_equal "\x00", apdu.p1
+    assert_equal "\x00", apdu.p2
+    assert_equal "\x08", apdu.lc
+    assert_equal "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", apdu.data
+
+    assert_raise(RuntimeError){
+      apdu = ISO7816::APDU::APDU.to_apdu(s2b("8020000008aaaaaaaaaaaaaaaaaaaa"))
+    }
+
+    apdu = ISO7816::APDU::APDU.to_apdu(s2b("fefefefefe"))
+    assert_equal "\xfe", apdu.cla
+    assert_equal "\xfe", apdu.ins
+    assert_equal "\xfe", apdu.p1
+    assert_equal "\xfe", apdu.p2
+    assert_equal "\xfe", apdu.le
+    assert_equal "", apdu.lc
+    assert_equal "", apdu.data
+
+  end
+  def test_get_response
+    gr = ISO7816::APDU::GET_RESPONSE.new "dummy-card"
+    assert_equal "dummy-card", gr.card
+    assert_equal "\xc0", gr.ins
+    assert_equal "\x00", gr.cla
+  end
+
+  class DingDong < ISO7816::APDU::APDU
+    cla "\x01"
+    ins "\x02"
+    p1  "\x03"
+    p2  "\x04"
+    le  "\x05"
+  end
+  def test_meta_class
+    assert_equal "\x01", DingDong._cla
+    d = DingDong.new
+    assert_equal "\x01", d.cla
+    assert_equal "\x05", d.le
+    to_strinq=%Q{
+|CLA|INS| P1| P2|| LC|Data| LE|
+| 01| 02| 03| 04||   |    | 05|}
+    assert_equal to_strinq, d.to_s 
+  end
+
+end

data/test/card_test.rb

@@ -0,0 +1,36 @@
+require 'test/unit'
+require File.dirname(__FILE__) + '/../lib/iso7816'
+
+class TestCard < Test::Unit::TestCase
+  
+  ATR = "\x3b\xd9\x18\x00\x00\x80\x54\x43\x4f\x4c\x44\x82\x90\x00"
+  def setup
+    @server = Thread.start {
+      require 'socket'
+      ssock = TCPServer.open(1024)
+      while (s = ssock.accept)
+        s.send ATR, 0
+      end #while
+      ssock.close
+    }
+  end
+  
+  def teardown
+    @server.exit
+  end
+  
+  def test_connect
+    card = ISO7816::Card::TCPCard.new
+    atr = card.connect
+    assert_equal true, card.connected?
+    assert_equal ATR, atr
+    card.disconnect
+    assert_equal false, card.connected?
+    
+    atr = card.connect {} 
+    assert_equal ATR, atr
+    assert_equal false, card.connected?
+
+
+  end
+end

data/test/cps_test.rb

@@ -0,0 +1,35 @@
+require 'test/unit'
+require File.dirname(__FILE__) + '/../lib/iso7816'
+
+class TestAPDU < Test::Unit::TestCase
+
+  def setup
+  end
+  
+  def s2b str
+    ISO7816.s2b str
+  end
+
+  def test_store_data_security_level
+    mock_ctx = Object.new
+    mock_ctx.class.class_eval{
+      attr_accessor :level
+    }
+
+    [:no_sec, :mac, :enc_and_mac].each {|lev|
+           mock_ctx.level=lev
+           sd = EMV::APDU::CPS::STORE_DATA.new nil, mock_ctx
+           # shouldn't be set
+           assert_equal nil, sd.security_level
+           assert !sd.secure?
+
+           sd.security_level = :no_sec
+           assert !sd.secure? 
+           sd.security_level = :mac
+           assert sd.secure? 
+           sd.security_level = :enc_and_mac
+           assert sd.secure? 
+    }
+    assert true
+  end
+end