npm - @trustchex/react-native-sdk - Versions diffs - 1.381.0 → 1.464.0 - Mend

@trustchex/react-native-sdk 1.381.0 → 1.464.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (204) hide show

package/src/Shared/EIDReader/paceKeySpec.ts ADDED Viewed

@@ -0,0 +1,56 @@
+import type { AccessKeySpec } from './accessKeySpec';
+import { EID_CONSTANTS } from './constants/eidConstants';
+/**
+ * A key specification for PACE authentication.
+ * Supports MRZ, CAN, PIN, and PUK key types.
+ */
+export class PACEKeySpec implements AccessKeySpec {
+  private key: string;
+  private keyReference: number;
+  constructor(key: string, keyReference: number) {
+    this.key = key;
+    this.keyReference = keyReference;
+  }
+  public getAlgorithm(): string {
+    return 'PACE';
+  }
+  public getKey(): string {
+    return this.key;
+  }
+  public getKeyReference(): number {
+    return this.keyReference;
+  }
+  /**
+   * Creates a PACE key from a Card Access Number (CAN).
+   */
+  public static createCANKey(can: string): PACEKeySpec {
+    return new PACEKeySpec(can, EID_CONSTANTS.CAN_PACE_KEY_REFERENCE);
+  }
+  /**
+   * Creates a PACE key from a PIN.
+   */
+  public static createPINKey(pin: string): PACEKeySpec {
+    return new PACEKeySpec(pin, EID_CONSTANTS.PIN_PACE_KEY_REFERENCE);
+  }
+  /**
+   * Creates a PACE key from a PUK.
+   */
+  public static createPUKKey(puk: string): PACEKeySpec {
+    return new PACEKeySpec(puk, EID_CONSTANTS.PUK_PACE_KEY_REFERENCE);
+  }
+  /**
+   * Creates an MRZ-based PACE key from BAC key seed bytes.
+   */
+  public static createMRZKey(keySeed: string): PACEKeySpec {
+    return new PACEKeySpec(keySeed, EID_CONSTANTS.MRZ_PACE_KEY_REFERENCE);
+  }
+}

package/src/Shared/EIDReader/protocol/paceAPDUSender.ts ADDED Viewed

@@ -0,0 +1,163 @@
+import type { APDULevelPACECapable } from '../apduLevelPACECapable';
+import type { APDUWrapper } from '../smartcards/apduWrapper';
+import { Buffer } from 'buffer';
+import { CardService } from '../cardService';
+import { CommandAPDU } from '../smartcards/commandAPDU';
+import { ISO7816_CLA, ISO7816_INS, ISO7816_SW } from '../smartcards/iso7816';
+import { SecureMessagingAPDUSender } from './secureMessagingAPDUSender';
+import TLVUtil from '../tlv/tlv.utils';
+const INS_PACE_GENERAL_AUTHENTICATE = 0x86;
+/**
+ * Low-level APDU sender to support the PACE protocol.
+ */
+export class PACEAPDUSender implements APDULevelPACECapable {
+  private secureMessagingSender: SecureMessagingAPDUSender;
+  constructor(service: CardService) {
+    this.secureMessagingSender = new SecureMessagingAPDUSender(service);
+  }
+  public async sendMSESetATMutualAuth(
+    wrapper: APDUWrapper | null,
+    oid: string,
+    refPublicKeyOrSecretKey: number,
+    refPrivateKeyOrForComputingSessionKey: number[] | null
+  ): Promise<void> {
+    if (oid == null) {
+      throw new Error('OID cannot be null');
+    }
+    const oidBytes = PACEAPDUSender.toOIDBytes(oid);
+    // 0x83: Reference of a public key / secret key
+    const refBytes = Array.from(
+      TLVUtil.wrapDO(0x83, [refPublicKeyOrSecretKey])
+    );
+    // Build data
+    const data: number[] = [...oidBytes, ...refBytes];
+    // 0x84: Reference of a private key / Reference for computing a session key (optional)
+    if (refPrivateKeyOrForComputingSessionKey != null) {
+      const refPrivateBytes = Array.from(
+        TLVUtil.wrapDO(0x84, refPrivateKeyOrForComputingSessionKey)
+      );
+      data.push(...refPrivateBytes);
+    }
+    const commandAPDU = new CommandAPDU(
+      ISO7816_CLA.ISO7816,
+      ISO7816_INS.MSE,
+      0xc1,
+      0xa4,
+      Uint8Array.from(data),
+      0,
+      data.length,
+      -1
+    );
+    const responseAPDU = await this.secureMessagingSender.transmit(
+      wrapper,
+      commandAPDU
+    );
+    const sw = responseAPDU.getSW();
+    if (sw !== ISO7816_SW.NO_ERROR) {
+      throw new Error(
+        `Sending MSE AT failed, SW = ${sw.toString(16).padStart(4, '0')}`
+      );
+    }
+  }
+  public async sendGeneralAuthenticate(
+    wrapper: APDUWrapper | null,
+    data: number[],
+    le: number,
+    isLast: boolean
+  ): Promise<number[]> {
+    // Wrap data in 0x7C
+    const commandData = Array.from(TLVUtil.wrapDO(0x7c, data));
+    const cla = isLast ? ISO7816_CLA.ISO7816 : ISO7816_CLA.COMMAND_CHAINING;
+    const commandAPDU = new CommandAPDU(
+      cla,
+      INS_PACE_GENERAL_AUTHENTICATE,
+      0x00,
+      0x00,
+      Uint8Array.from(commandData),
+      0,
+      commandData.length,
+      le
+    );
+    console.debug(
+      `[PACE APDU] >> CLA=${cla.toString(16)} INS=86 Lc=${commandData.length} Le=${le} data(first32)=${Buffer.from(commandData.slice(0, 32)).toString('hex')}`
+    );
+    const responseAPDU = await this.secureMessagingSender.transmit(
+      wrapper,
+      commandAPDU
+    );
+    const sw = responseAPDU.getSW();
+    console.debug(
+      `[PACE APDU] << SW=${sw.toString(16).padStart(4, '0')} dataLen=${responseAPDU.getData()?.length ?? 0}`
+    );
+    if (sw !== ISO7816_SW.NO_ERROR) {
+      throw new Error(
+        `Sending general authenticate failed, SW = ${sw.toString(16).padStart(4, '0')}`
+      );
+    }
+    const responseData = responseAPDU.getData();
+    if (responseData == null || responseData.length === 0) {
+      return [];
+    }
+    // Unwrap 0x7C
+    return await TLVUtil.unwrapDO(0x7c, Array.from(responseData));
+  }
+  /**
+   * Encodes an OID string to its ASN.1 byte representation wrapped in tag 0x80.
+   */
+  private static toOIDBytes(oid: string): number[] {
+    const components = oid.split('.').map(Number);
+    if (components.length < 2) {
+      throw new Error(`Invalid OID: ${oid}`);
+    }
+    // First two components encoded as (first * 40 + second)
+    const encodedComponents: number[] = [];
+    const firstByte = components[0] * 40 + components[1];
+    encodedComponents.push(firstByte);
+    // Remaining components use base-128 encoding
+    for (let i = 2; i < components.length; i++) {
+      const value = components[i];
+      if (value < 128) {
+        encodedComponents.push(value);
+      } else {
+        const bytes: number[] = [];
+        let v = value;
+        bytes.push(v & 0x7f);
+        v >>= 7;
+        while (v > 0) {
+          bytes.push((v & 0x7f) | 0x80);
+          v >>= 7;
+        }
+        bytes.reverse();
+        encodedComponents.push(...bytes);
+      }
+    }
+    // Wrap with tag 0x80 (TLV)
+    const oidContent = Uint8Array.from(encodedComponents);
+    const result: number[] = [0x80, oidContent.length, ...oidContent];
+    return result;
+  }
+}