smartcard 0.4.1-x86-mswin32-60 → 0.4.3-x86-mswin32-60

data/CHANGELOG

@@ -1,3 +1,7 @@
+v0.4.3. Fixed gem manifest to state dependency on rubyzip.
+
+v0.4.2. GlobalPlatform applet instalation.
+
 v0.4.1. Workaround ATR resend bug in JCOP simulator 3.2.7.
 
 v0.4.0. High-level functionality for ISO7816 cards.

data/Manifest

@@ -1,5 +1,9 @@
 BUILD
 CHANGELOG
+LICENSE
+Manifest
+README
+Rakefile
 ext/smartcard_pcsc/extconf.rb
 ext/smartcard_pcsc/pcsc.h
 ext/smartcard_pcsc/pcsc_card.c
@@ -13,6 +17,10 @@ ext/smartcard_pcsc/pcsc_namespace.c
 ext/smartcard_pcsc/pcsc_reader_states.c
 ext/smartcard_pcsc/pcsc_surrogate_reader.h
 ext/smartcard_pcsc/pcsc_surrogate_wintypes.h
+lib/smartcard.rb
+lib/smartcard/gp/asn1_ber.rb
+lib/smartcard/gp/cap_loader.rb
+lib/smartcard/gp/des.rb
 lib/smartcard/gp/gp_card_mixin.rb
 lib/smartcard/iso/auto_configurator.rb
 lib/smartcard/iso/iso_card_mixin.rb
@@ -22,13 +30,12 @@ lib/smartcard/iso/jcop_remote_transport.rb
 lib/smartcard/iso/pcsc_transport.rb
 lib/smartcard/iso/transport.rb
 lib/smartcard/pcsc/pcsc_exception.rb
-lib/smartcard.rb
-LICENSE
-Manifest
-Rakefile
-README
-smartcard.gemspec
+test/gp/asn1_ber_test.rb
+test/gp/cap_loader_test.rb
+test/gp/des_test.rb
 test/gp/gp_card_mixin_test.rb
+test/gp/hello.apdu
+test/gp/hello.cap
 test/iso/auto_configurator_test.rb
 test/iso/iso_card_mixin_test.rb
 test/iso/jcop_remote_test.rb

data/Rakefile

@@ -9,14 +9,16 @@ Echoe.new('smartcard') do |p|
   p.email = 'victor@costan.us'
   p.summary = 'Interface with ISO 7816 smart cards.'
   p.url = 'http://www.costan.us/smartcard'
+  p.dependencies = ['rubyzip >=0.9.1']
   
-  p.need_tar_gz = !Platform.windows?
-  p.need_zip = !Platform.windows?
+  p.need_tar_gz = !Gem.win_platform?
+  p.need_zip = !Gem.win_platform?
   p.clean_pattern += ['ext/**/*.manifest', 'ext/**/*_autogen.h']
-  p.rdoc_pattern = /^(lib|bin|tasks|ext)|^BUILD|^README|^CHANGELOG|^TODO|^LICENSE|^COPYING$/
+  p.rdoc_pattern =
+      /^(lib|bin|tasks|ext)|^BUILD|^README|^CHANGELOG|^TODO|^LICENSE|^COPYING$/
   
   p.eval = proc do |p|
-    if Platform.windows?
+    if Gem.win_platform?
       p.files += ['lib/smartcard/pcsc.so']
       p.platform = Gem::Platform::CURRENT
 

data/lib/smartcard/gp/asn1_ber.rb

@@ -0,0 +1,199 @@
+# Encoding and decoding of ASN.1-BER data.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2009 Massachusetts Institute of Technology
+# License:: MIT
+
+# :nodoc: namespace
+module Smartcard::Gp
+  
+
+# Logic for encoding and decoding ASN.1-BER data as specified in X.690-0207.
+module Asn1Ber
+  # Decodes a TLV tag (the data type).
+  #
+  # Args:
+  #   data:: the array to decode from
+  #   offset:: the position of the first byte containing the tag 
+  #
+  # Returns the offset of the first byte after the tag, and the tag information.
+  # Tag information is a hash with the following keys.
+  #   :class:: the tag's class (symbol, named after X690-0207)
+  #   :primitive:: if +false+, the tag's value is a sequence of TLVs
+  #   :number:: the tag's number
+  def self.decode_tag(data, offset)
+    class_bits = data[offset] >> 6 
+    tag_class = [:universal, :application, :context, :private][class_bits]
+    tag_primitive = (data[offset] & 0x20) == 0
+    tag_number = (data[offset] & 0x1F)
+    if tag_number == 0x1F
+      tag_number = 0
+      loop do      
+        offset += 1
+        tag_number <<= 7
+        tag_number |= (data[offset] & 0x7F)
+        break if (data[offset] & 0x80) == 0
+      end
+    end
+    return (offset + 1), { :class => tag_class, :primitive => tag_primitive,
+                           :number => tag_number }
+  end
+
+  # Decodes a TLV length.
+  #
+  # Args:
+  #   data:: the array to decode from
+  #   offset:: the position of the first byte containing the length
+  #
+  # Returns the offset of the first byte after the length, and the length. The
+  # returned value might be +:indefinite+ if the encoding uses the indefinite
+  # length.
+  def self.decode_length(data, offset)
+    return (offset + 1), data[offset] if (data[offset] & 0x80) == 0
+    len_bytes = (data[offset] & 0x7F)
+    return (offset + 1), :indefinite if len_bytes == 0
+    length = 0
+    len_bytes.times do
+      offset += 1
+      length = (length << 8) | data[offset]
+    end
+    return (offset + 1), length
+  end
+  
+  
+  # Decodes a TLV value.
+  #
+  # Args:
+  #   data:: the array to decode from
+  #   offset:: the position of the first byte containing the length
+  #
+  # Returns the offset of the first byte after the value, and the value.
+  def self.decode_value(data, offset, length)    
+    return offset + length, data[offset, length] unless length == :indefinite
+    
+    length = 0
+    loop do
+      raise 'Unterminated data' if offset + length + 2 > data.length
+      break if data[offset + length, 2] == [0, 0]
+      length += 1
+    end
+    return (offset + length + 2), data[offset, length]
+  end
+  
+  # Maps a TLV value with a known tag to a Ruby data type.
+  def self.map_value(value, tag)
+    # TODO(costan): map primitive types if necessary
+    value
+  end
+  
+  # Decodes a TLV (tag-length-value).
+  #
+  # Returns a hash that contains tag and value information. See decode_tag for
+  # the keys containing the tag information. Value information is contained in
+  # the :value: tag.
+  def self.decode_tlv(data, offset)
+    offset, tag = decode_tag data, offset
+    offset, length = decode_length data, offset
+    offset, value = decode_value data, offset, length
+    
+    tag[:value] = tag[:primitive] ? map_value(value, tag) : decode(value)
+    return offset, tag
+  end
+  
+  # Decodes a sequence of TLVs (tag-length-value).
+  #
+  # Returns an array with one element for each TLV in the sequence. See
+  # decode_tlv for the format of each array element.
+  def self.decode(data, offset = 0, length = data.length - offset)
+    sequence = []
+    loop do
+      break if offset >= length
+      offset, tlv = decode_tlv data, offset
+      sequence << tlv
+    end
+    sequence
+  end
+  
+  # Encodes a TLV tag (the data type).
+  #
+  # Args:
+  #   tag:: a hash with the keys produced by decode_tag.
+  #
+  # Returns an array of byte values.
+  def self.encode_tag(tag)
+    tag_classes = { :universal => 0, :application => 1, :context => 2,
+                    :private => 3 } 
+    tag_lead = (tag_classes[tag[:class]] << 6) | (tag[:primitive] ? 0x00 : 0x20)
+    return [tag_lead | tag[:number]] if tag[:number] < 0x1F
+    
+    number_bytes, number = [], tag[:number]
+    first = true
+    while number != 0
+      byte = (number & 0x7F)
+      number >>= 7
+      byte |= 0x80 unless first
+      first = false
+      number_bytes << byte
+    end
+    [tag_lead | 0x1F] + number_bytes.reverse
+  end
+  
+  # Encodes a TLV length (the length of the data).
+  #
+  # Args::
+  #   length:: the length to be encoded (number of :indefinite)
+  #
+  # Returns an array of byte values.
+  def self.encode_length(length)
+    return [0x80] if length == :indefinite
+    return [length] if length < 0x80
+    length_bytes = []
+    while length > 0
+      length_bytes << (length & 0xFF)
+      length >>= 8
+    end
+    [0x80 | length_bytes.length] + length_bytes.reverse
+  end
+  
+  # Encodes a TLV (tag-length-value).
+  #
+  # Args::
+  #   tlv:: hash with tag and value information, to be encoeded as TLV; see
+  #         decode_tlv for the hash keys encoding the tag and value
+  #
+  # Returns an array of byte values.
+  def self.encode_tlv(tlv)
+    value = tlv[:primitive] ? tlv[:value] : encode(tlv[:value])
+    [encode_tag(tlv), encode_length(value.length), value].flatten
+  end
+  
+  # Encodes a sequence of TLVs (tag-length-value).
+  #
+  # Args::
+  #   tlvs:: an array of hashes to be encoded as TLV
+  #
+  # Returns an array of byte values.
+  def self.encode(tlvs)
+    tlvs.map { |tlv| encode_tlv tlv }.flatten
+  end
+  
+  # Visitor pattern for decoded TLVs.
+  #
+  # Args:
+  #   tlvs:: the TLVs to visit
+  #   tag_path:: internal, do not use
+  #
+  # Yields: |tag_path, value| tag_path lists the numeric tags for the current
+  # value's tag, and all the parents' tags.
+  def self.visit(tlvs, tag_path = [], &block)
+    tlvs.each do |tlv|
+      tag_number = encode_tag(tlv).inject { |acc, v| (acc << 8) | v }
+      new_tag_path = tag_path + [tag_number]
+      yield new_tag_path, tlv[:value]
+      next if tlv[:primitive]
+      visit tlv[:value], new_tag_path, &block
+    end
+  end
+end  # module Smartcard::Gp::Asn1Ber
+  
+end  # namespace

data/lib/smartcard/gp/cap_loader.rb

@@ -0,0 +1,88 @@
+# Loads JavaCard CAP files.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2009 Massachusetts Institute of Technology
+# License:: MIT
+
+require 'zip/zip'
+
+# :nodoc: namespace
+module Smartcard::Gp
+
+
+# Logic for loading JavaCard CAP files.
+module CapLoader
+  # Loads a CAP file.
+  #
+  # Returns a hash mapping component names to component data.
+  def self.load_cap(cap_file)
+    components = {}    
+    Zip::ZipFile.open(cap_file) do |file|
+      file.each do |entry|
+        data = entry.get_input_stream { |io| io.read }
+        offset = 0
+        while offset < data.length          
+          tag = TAG_NAMES[data[offset, 1].unpack('C').first]
+          length = data[offset + 1, 2].unpack('n').first
+          value = data[offset + 3, length]
+          components[tag] = value
+          offset += 3 + length
+        end
+      end
+    end    
+    components
+  end
+  
+  # Serializes CAP components for on-card loading.
+  #
+  # Returns an array of bytes.
+  def self.serialize_components(components)
+    [:header, :directory, :import, :applet, :class, :method, :static_field,
+     :export, :constant_pool, :reference_location].map { |name|
+      tag = TAG_NAMES.keys.find { |k| TAG_NAMES[k] == name }
+      if components[name]
+        length = [components[name].length].pack('n').unpack('C*')
+        data = components[name].unpack('C*')
+        [tag, length, data]
+      else
+        []
+      end
+    }.flatten
+  end
+  
+  # Parses the Applet section in a CAP file, obtaining applet AIDs.
+  #
+  # Returns an array of hashes, one hash per applet. The hash has a key +:aid+
+  # that contains the applet's AID.
+  def self.parse_applets(components)    
+    applets = []
+    return applets unless section = components[:applet]
+    offset = 1
+    section[0].times do
+      aid_length = section[offset]
+      install_method = section[offset + 1 + aid_length, 2].unpack('n').first
+      applets << { :aid => section[offset + 1, aid_length].unpack('C*'),
+                   :install_method => install_method }
+      offset += 3 + aid_length
+    end
+    applets
+  end
+  
+  # Loads a CAP file and serializes its components for on-card loading.
+  #
+  # Returns an array of bytes.
+  def self.cap_load_data(cap_file)
+    components = load_cap cap_file
+    { :data => serialize_components(components),
+      :applets => parse_applets(components) } 
+  end
+    
+  # Maps numeric tags to tag names.
+  TAG_NAMES = {
+    1 => :header, 2 => :directory, 3 => :applet, 4 => :import,
+    5 => :constant_pool, 6 => :class, 7 => :method, 8 => :static_field,
+    9 => :reference_location, 10 => :export, 11 => :descriptor, 12 => :debug
+  }
+end  # module Smartcard::Gp::CapLoader
+
+end  # namespace

data/lib/smartcard/gp/des.rb

@@ -0,0 +1,68 @@
+# DES and 3DES encryption and MAC logic for GlobalPlatform secure channels.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2009 Massachusetts Institute of Technology
+# License:: MIT
+
+require 'openssl'
+
+# :nodoc: namespace
+module Smartcard::Gp
+  
+
+# DES and 3DES encryption and MAC logic for GlobalPlatform secure channels.
+module Des
+  # Generates random bytes for session nonces.
+  #
+  # Args:
+  #   bytes:: how many bytes are desired
+  #
+  # Returns a string of random bytes.
+  def self.random_bytes(bytes)
+    OpenSSL::Random.random_bytes bytes
+  end
+
+  # Perform DES or 3DES encryption.
+  #
+  # Args:
+  #   key:: the encryption key to be used (8-byte or 16-byte)
+  #   data:: the data to be encrypted or decrypted
+  #   iv:: initialization vector
+  #   decrypt:: if +false+ performs encryption, otherwise performs decryption
+  #
+  # Returns the encrypted / decrypted data.
+  def self.crypt(key, data, iv = nil, decrypt = false)
+    cipher_name = key.length == 8 ? 'DES-CBC' : 'DES-EDE-CBC'
+    cipher = OpenSSL::Cipher::Cipher.new cipher_name
+    decrypt ? cipher.decrypt : cipher.encrypt
+    cipher.key = key
+    cipher.iv = iv || ("\x00" * 8)
+    cipher.padding = 0
+    crypted = cipher.update data
+    crypted += cipher.final
+    crypted
+  end
+  
+  # Computes a MAC using DES mixed with 3DES. 
+  def self.mac_retail(key, data, iv = nil)
+    # Output transformation: add 80, then 00 until it's block-sized.
+    data = data + "\x80"
+    data += "\x00" * (8 - data.length % 8) unless data.length % 8 == 0
+
+    # DES-encrypt everything except for the last block.
+    iv = crypt(key[0, 8], data[0, data.length - 8], iv)[-8, 8]
+    # Take the chained block and supply it to a 3DES-encryption. 
+    crypt(key, data[-8, 8], iv)
+  end
+  
+  def self.mac_3des(key, data)
+    # Output transformation: add 80, then 00 until it's block-sized.
+    data = data + "\x80"
+    data += "\x00" * (8 - data.length % 8) unless data.length % 8 == 0
+    
+    # The MAC is the last block from 3DES-encrypting the data.
+    crypt(key, data)[-8, 8]
+  end
+end  # module Smartcard::Gp::Des
+
+end  # namespace