@ukeyfe/react-native-nfc-litecard 1.0.6 → 1.0.8

package/dist/nfc-core.js

@@ -1,375 +0,0 @@
-"use strict";
-/**
- * Core NFC communication layer – shared by reader and writer.
- *
- * Provides:
- *   - A single global operation lock (prevents reader/writer concurrency)
- *   - Page-cleanup cancellation flags
- *   - Low-level transceive with platform-aware retries
- *   - NFC technology request / release
- *   - AES 3-pass mutual authentication (MF0AES(H)20 §8.6.1)
- *   - PIN retry-counter helpers (session-level read/write)
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.passwordToAesKey = void 0;
-exports.acquireNfcLock = acquireNfcLock;
-exports.releaseNfcLock = releaseNfcLock;
-exports.isNfcOperationLocked = isNfcOperationLocked;
-exports.releaseNfcOperationLock = releaseNfcOperationLock;
-exports.markNfcOperationCancelledByCleanup = markNfcOperationCancelledByCleanup;
-exports.consumeNfcOperationCancelledByCleanup = consumeNfcOperationCancelledByCleanup;
-exports.getNfcOperationCancelledByCleanupTimestamp = getNfcOperationCancelledByCleanupTimestamp;
-exports.clearNfcOperationCancelledByCleanup = clearNfcOperationCancelledByCleanup;
-exports.clearCmacSession = clearCmacSession;
-exports.transceive = transceive;
-exports.requestNfcTech = requestNfcTech;
-exports.releaseNfcTech = releaseNfcTech;
-exports.authenticate = authenticate;
-exports.readUserMemory = readUserMemory;
-exports.decrementRetryCountInSession = decrementRetryCountInSession;
-exports.writeRetryCountInSession = writeRetryCountInSession;
-const react_native_nfc_manager_1 = __importStar(require("react-native-nfc-manager"));
-const react_native_1 = require("react-native");
-const constants_1 = require("./constants");
-const crypto_1 = require("./crypto");
-Object.defineProperty(exports, "passwordToAesKey", { enumerable: true, get: function () { return crypto_1.passwordToAesKey; } });
-// ===========================================================================
-// Global NFC operation lock (single instance for both reader & writer)
-// ===========================================================================
-let nfcOperationLock = false;
-/**
- * Acquire the NFC operation lock.
- * If another operation is in progress, polls every 100 ms for up to 10 s.
- */
-async function acquireNfcLock() {
-    const maxWait = 10000;
-    const interval = 100;
-    let waited = 0;
-    while (nfcOperationLock) {
-        if (waited >= maxWait)
-            throw new Error('NFC_LOCK_TIMEOUT');
-        await new Promise(r => setTimeout(r, interval));
-        waited += interval;
-    }
-    nfcOperationLock = true;
-    clearNfcOperationCancelledByCleanup();
-}
-function releaseNfcLock() {
-    nfcOperationLock = false;
-}
-function isNfcOperationLocked() {
-    return nfcOperationLock;
-}
-function releaseNfcOperationLock() {
-    releaseNfcLock();
-}
-// ===========================================================================
-// Page-cleanup cancellation flag
-// ===========================================================================
-let nfcCancelledByCleanup = false;
-let nfcCancelledByCleanupTimestamp = 0;
-function markNfcOperationCancelledByCleanup() {
-    nfcCancelledByCleanup = true;
-    nfcCancelledByCleanupTimestamp = Date.now();
-}
-function consumeNfcOperationCancelledByCleanup() {
-    const cancelled = nfcCancelledByCleanup;
-    nfcCancelledByCleanup = false;
-    nfcCancelledByCleanupTimestamp = 0;
-    return cancelled;
-}
-function getNfcOperationCancelledByCleanupTimestamp() {
-    return nfcCancelledByCleanupTimestamp;
-}
-function clearNfcOperationCancelledByCleanup() {
-    nfcCancelledByCleanup = false;
-    nfcCancelledByCleanupTimestamp = 0;
-}
-// ===========================================================================
-// CMAC secure messaging session state
-// ===========================================================================
-let cmacSessionKey = null;
-let cmacCmdCtr = 0;
-/** Clear CMAC session state. Called on NFC release. */
-function clearCmacSession() {
-    cmacSessionKey = null;
-    cmacCmdCtr = 0;
-}
-/**
- * Compute the 8-byte truncated CMAC for an NFC command.
- * Input: CmdCtr (2 bytes LE) || CmdCode (1 byte) || Arguments
- */
-function computeCommandCmac(sessionKey, cmdCtr, command) {
-    const ctrLo = cmdCtr & 0xff;
-    const ctrHi = (cmdCtr >> 8) & 0xff;
-    const input = new Uint8Array(2 + command.length);
-    input[0] = ctrLo;
-    input[1] = ctrHi;
-    input.set(command, 2);
-    const mac = (0, crypto_1.aesCmac)(sessionKey, input);
-    return truncateCmac(mac);
-}
-/**
- * Truncate a 16-byte CMAC to 8 bytes using the NXP MIFARE convention:
- * select odd-indexed bytes (0-based): MAC[1], MAC[3], MAC[5], ..., MAC[15].
- * NXP docs refer to these as "even-numbered bytes" using 1-based numbering.
- * (First introduced in MIFARE Plus, see NXP AN13452.)
- */
-function truncateCmac(mac) {
-    return new Uint8Array([mac[1], mac[3], mac[5], mac[7], mac[9], mac[11], mac[13], mac[15]]);
-}
-/**
- * Compute the 8-byte truncated CMAC for an NFC response.
- * Input: CmdCtr (2 bytes LE) || ResponseData
- */
-function computeResponseCmac(sessionKey, cmdCtr, responseData) {
-    const ctrLo = cmdCtr & 0xff;
-    const ctrHi = (cmdCtr >> 8) & 0xff;
-    const input = new Uint8Array(2 + responseData.length);
-    input[0] = ctrLo;
-    input[1] = ctrHi;
-    input.set(responseData, 2);
-    const mac = (0, crypto_1.aesCmac)(sessionKey, input);
-    return truncateCmac(mac);
-}
-// ===========================================================================
-// Low-level NFC transceive
-// ===========================================================================
-/**
- * Send a command to the NFC tag and return the response.
- *
- * When CMAC session is active:
- * - Appends 8-byte CMAC to outgoing commands
- * - Verifies and strips 8-byte CMAC from responses
- * - Increments CmdCtr after each command-response pair
- *
- * Retries: Android up to 2 retries (3 total), iOS up to 1 retry (2 total).
- */
-async function transceive(command, _timeoutMs = 2000, retryCount = 0) {
-    // Build the actual command to send
-    let cmdToSend = command;
-    if (cmacSessionKey) {
-        const mac = computeCommandCmac(cmacSessionKey, cmacCmdCtr, command);
-        cmdToSend = [...command, ...Array.from(mac)];
-    }
-    try {
-        const result = react_native_1.Platform.OS === 'ios'
-            ? await react_native_nfc_manager_1.default.sendMifareCommandIOS(cmdToSend)
-            : await react_native_nfc_manager_1.default.nfcAHandler.transceive(cmdToSend);
-        if (cmacSessionKey) {
-            // CmdCtr increments between command and response (datasheet §8.8.3)
-            cmacCmdCtr++;
-        }
-        if (cmacSessionKey && result && result.length >= 8) {
-            // Response has CMAC appended: split data and MAC
-            const dataLen = result.length - 8;
-            const responseData = result.slice(0, dataLen);
-            const responseMac = result.slice(dataLen);
-            // Verify response CMAC with incremented CmdCtr
-            const expectedMac = computeResponseCmac(cmacSessionKey, cmacCmdCtr, responseData);
-            let diff = 0;
-            for (let i = 0; i < 8; i++) {
-                diff |= responseMac[i] ^ expectedMac[i];
-            }
-            if (diff !== 0) {
-                throw new Error('CMAC_VERIFY_FAILED');
-            }
-            return responseData;
-        }
-        return result;
-    }
-    catch (error) {
-        const maxRetries = react_native_1.Platform.OS === 'ios' ? 1 : 2;
-        if (retryCount < maxRetries && error?.message !== 'CMAC_VERIFY_FAILED') {
-            const wait = 200 * (retryCount + 1);
-            await new Promise(r => setTimeout(r, wait));
-            return transceive(command, _timeoutMs, retryCount + 1);
-        }
-        throw error;
-    }
-}
-// ===========================================================================
-// NFC technology connect / disconnect
-// ===========================================================================
-/**
- * Request an NFC technology session (MifareIOS on iOS, NfcA on Android).
- *
- * All prior cleanup must be done by the caller BEFORE invoking this.
- */
-async function requestNfcTech() {
-    await new Promise(r => setTimeout(r, 100));
-    if (react_native_1.Platform.OS === 'ios') {
-        await react_native_nfc_manager_1.default.requestTechnology(react_native_nfc_manager_1.NfcTech.MifareIOS);
-    }
-    else {
-        await react_native_nfc_manager_1.default.requestTechnology(react_native_nfc_manager_1.NfcTech.NfcA);
-    }
-    if (react_native_1.Platform.OS === 'android') {
-        await new Promise(r => setTimeout(r, constants_1.DELAY.ANDROID_POST_TECH));
-    }
-    else {
-        // iOS: probe connection availability
-        try {
-            await react_native_nfc_manager_1.default.sendMifareCommandIOS([constants_1.CMD_READ, 0x00]);
-        }
-        catch (_) {
-            // Non-fatal – continue even if the probe fails
-        }
-    }
-}
-/**
- * Release the NFC technology session.
- * @param forceLongDelay Use a longer post-release delay (e.g. after timeout / tag-lost).
- */
-async function releaseNfcTech(forceLongDelay = false) {
-    clearCmacSession();
-    try {
-        await react_native_nfc_manager_1.default.cancelTechnologyRequest();
-        const delay = react_native_1.Platform.OS === 'ios'
-            ? (forceLongDelay ? constants_1.DELAY.IOS_POST_RELEASE_FORCED : constants_1.DELAY.IOS_POST_RELEASE)
-            : (forceLongDelay ? constants_1.DELAY.ANDROID_POST_RELEASE_FORCED : constants_1.DELAY.ANDROID_POST_RELEASE);
-        await new Promise(r => setTimeout(r, delay));
-    }
-    catch (error) {
-        console.warn('[nfc-core] releaseNfcTech failed:', error?.message);
-    }
-}
-// ===========================================================================
-// AES 3-pass mutual authentication
-// ===========================================================================
-/**
- * Perform AES 3-pass mutual authentication (MF0AES(H)20 §8.6.1).
- *
- * 1. PCD → PICC : AUTH_PART1 (0x1A) + KeyNo
- * 2. PICC → PCD : 0xAF + ek(RndB)
- * 3. PCD decrypts RndB, generates RndA, computes RndB' = rotateLeft8(RndB)
- * 4. PCD → PICC : AUTH_PART2 (0xAF) + ek(RndA ‖ RndB')
- * 5. PICC → PCD : 0x00 + ek(RndA')
- * 6. PCD verifies RndA' === rotateLeft8(RndA)
- *
- * @throws AUTH_INVALID_RESPONSE / AUTH_WRONG_PASSWORD / AUTH_VERIFY_FAILED
- */
-async function authenticate(key) {
-    // Clear any previous CMAC session before starting auth
-    // (auth commands themselves are never CMAC-protected)
-    clearCmacSession();
-    const iv0 = new Uint8Array(16);
-    // Step 1
-    const response1 = await transceive([constants_1.CMD_AUTH_PART1, constants_1.KEY_NO_DATA_PROT]);
-    if (!response1 || response1.length < 17 || response1[0] !== 0xaf) {
-        throw new Error('AUTH_INVALID_RESPONSE');
-    }
-    // Step 2 – decrypt RndB
-    const ekRndB = new Uint8Array(response1.slice(1, 17));
-    const rndB = (0, crypto_1.aesDecrypt)(key, ekRndB, iv0);
-    // Step 3
-    const rndBRot = (0, crypto_1.rotateLeft8)(rndB);
-    const rndA = (0, crypto_1.generateRandom16)();
-    // Step 4 – encrypt RndA ‖ RndB' (CBC, two 16-byte blocks)
-    const rndAB = new Uint8Array(32);
-    rndAB.set(rndA, 0);
-    rndAB.set(rndBRot, 16);
-    const ekPart1 = (0, crypto_1.aesEncrypt)(key, rndAB.slice(0, 16), iv0);
-    const ekPart2 = (0, crypto_1.aesEncrypt)(key, rndAB.slice(16, 32), ekPart1);
-    const ekRndAB = new Uint8Array(32);
-    ekRndAB.set(ekPart1, 0);
-    ekRndAB.set(ekPart2, 16);
-    // Step 5
-    let response2;
-    try {
-        response2 = await transceive([constants_1.CMD_AUTH_PART2, ...Array.from(ekRndAB)]);
-    }
-    catch (_) {
-        throw new Error('AUTH_WRONG_PASSWORD');
-    }
-    if (response2.length < 17 || response2[0] !== 0x00) {
-        throw new Error('AUTH_WRONG_PASSWORD');
-    }
-    // Step 6 – verify RndA'
-    const ekRndARot = new Uint8Array(response2.slice(1, 17));
-    const rndARot = (0, crypto_1.aesDecrypt)(key, ekRndARot, iv0);
-    const expectedRndARot = (0, crypto_1.rotateLeft8)(rndA);
-    if (!(0, crypto_1.arraysEqual)(rndARot, expectedRndARot)) {
-        throw new Error('AUTH_VERIFY_FAILED');
-    }
-    // Step 7 – derive CMAC session key and enable secure messaging
-    cmacSessionKey = (0, crypto_1.deriveSessionKey)(key, rndA, rndB);
-    cmacCmdCtr = 0;
-}
-// ===========================================================================
-// Shared memory read helpers
-// ===========================================================================
-/** FAST_READ pages 0x08–0x27 (user memory). */
-async function readUserMemory() {
-    const response = await transceive([constants_1.CMD_FAST_READ, constants_1.USER_PAGE_START, constants_1.USER_PAGE_END]);
-    if (!response || response.length < constants_1.USER_MEMORY_SIZE)
-        throw new Error('READ_FAILED');
-    return new Uint8Array(response.slice(0, constants_1.USER_MEMORY_SIZE));
-}
-// ===========================================================================
-// PIN retry-counter session helpers
-// ===========================================================================
-/**
- * Decrement the on-card retry counter by 1 (clamped to 0).
- * Must be called within an active NFC session (between requestNfcTech and releaseNfcTech).
- */
-async function decrementRetryCountInSession() {
-    const pageBlock = await transceive([constants_1.CMD_READ, constants_1.RETRY_COUNTER_PAGE]);
-    if (!pageBlock || pageBlock.length < constants_1.PAGE_SIZE)
-        return undefined;
-    const page = pageBlock.slice(0, constants_1.PAGE_SIZE);
-    const raw = page[constants_1.RETRY_COUNTER_OFFSET];
-    const current = typeof raw === 'number' ? raw & 0xff : 0;
-    if (current <= 0)
-        throw new Error('RETRY_COUNT_EXHAUSTED');
-    const next = current - 1;
-    page[constants_1.RETRY_COUNTER_OFFSET] = next & 0xff;
-    await transceive([constants_1.CMD_WRITE, constants_1.RETRY_COUNTER_PAGE, ...page]);
-    return next;
-}
-/**
- * Write a specific retry count to the on-card counter.
- * Must be called within an active NFC session.
- */
-async function writeRetryCountInSession(count) {
-    const safeCount = Math.max(0, Math.min(0xff, count | 0));
-    const pageBlock = await transceive([constants_1.CMD_READ, constants_1.RETRY_COUNTER_PAGE]);
-    if (!pageBlock || pageBlock.length < constants_1.PAGE_SIZE)
-        throw new Error('READ_FAILED');
-    const page = pageBlock.slice(0, constants_1.PAGE_SIZE);
-    page[constants_1.RETRY_COUNTER_OFFSET] = safeCount & 0xff;
-    await transceive([constants_1.CMD_WRITE, constants_1.RETRY_COUNTER_PAGE, ...page]);
-}

package/dist/reader.d.ts

@@ -1,98 +0,0 @@
-/**
- * NFC Reader Module
- *
- * Public API:
- *   - checkCard()          – detect whether a card is empty or contains data
- *   - readMnemonic()       – read mnemonic (password required)
- *   - readUserNickname()   – read user nickname (password optional)
- *   - readMnemonicRetryCount() – read the PIN retry counter
- *   - resetRetryCountTo10()    – reset the retry counter to default
- *   - cardInfoToJson()     – serialise card-info to JSON
- *
- * Based on MIFARE Ultralight AES (MF0AES(H)20) datasheet.
- */
-import { DEFAULT_PIN_RETRY_COUNT } from './constants';
-import { NfcStatusCode, type NfcResult } from './types';
-import { isNfcOperationLocked, releaseNfcOperationLock, markNfcOperationCancelledByCleanup, consumeNfcOperationCancelledByCleanup, getNfcOperationCancelledByCleanupTimestamp, clearNfcOperationCancelledByCleanup } from './nfc-core';
-export { NfcStatusCode, type NfcResult, isNfcOperationLocked, releaseNfcOperationLock, markNfcOperationCancelledByCleanup, consumeNfcOperationCancelledByCleanup, getNfcOperationCancelledByCleanupTimestamp, clearNfcOperationCancelledByCleanup, DEFAULT_PIN_RETRY_COUNT, };
-declare function parseCardInfo(data: Uint8Array): {
-    version: number;
-    cardType: number;
-    rawBytes: string;
-    infoBytes: Uint8Array<ArrayBuffer>;
-    json: {
-        pageInfo: {
-            startPage: number;
-            endPage: number;
-            totalPages: number;
-            totalBytes: number;
-        };
-        version: {
-            value: number;
-            hex: string;
-        };
-        cardType: {
-            value: number;
-            hex: string;
-            description: string;
-            known: boolean;
-        };
-        additionalInfo: {
-            hex: string;
-            bytes: number[];
-        };
-        rawData: {
-            hex: string;
-            bytes: number[];
-            length: number;
-        };
-        pageBreakdown: {
-            page: number;
-            bytes: number[];
-            hex: string;
-        }[];
-    };
-};
-/** Serialise parseCardInfo result to JSON. */
-export declare function cardInfoToJson(cardInfo: ReturnType<typeof parseCardInfo>, pretty?: boolean): string;
-/**
- * Detect whether the card is empty or already contains data.
- *
- * Without password: tries to read without auth.
- *   - Read succeeds & first byte is a valid mnemonic type → HAS_DATA
- *   - Read succeeds & first byte is other → EMPTY
- *   - Read fails (auth required) → HAS_DATA (read-protection is on, cannot determine)
- *
- * With password: authenticates first, then reads and validates with CRC16.
- *   - Valid mnemonic payload → HAS_DATA (with type info)
- *   - Empty or invalid data → EMPTY
- *   - Auth failure → AUTH_WRONG_PASSWORD
- */
-export declare function checkCard(password?: string, onCardIdentified?: () => void): Promise<NfcResult>;
-/**
- * Read the mnemonic from a password-protected card.
- *
- * Flow: connect → pre-decrement retry counter → authenticate → read →
- *       decode entropy → read nickname → reset retry counter → release
- */
-export declare function readMnemonic(password: string, onCardIdentified?: () => void): Promise<NfcResult>;
-/**
- * Read the user nickname from the card.
- * @param password – supply if the card has read-protection enabled.
- */
-export declare function readUserNickname(password?: string, onCardIdentified?: () => void): Promise<NfcResult>;
-/** Read the current PIN retry counter from the card. */
-export declare function readMnemonicRetryCount(onCardIdentified?: () => void): Promise<NfcResult>;
-/** Reset the PIN retry counter to the default value (10). */
-export declare function resetRetryCountTo10(onCardIdentified?: () => void): Promise<NfcResult>;
-/**
- * Read card product version info (GET_VERSION command).
- * No authentication required.
- */
-export declare function getCardVersion(onCardIdentified?: () => void): Promise<NfcResult>;
-/**
- * Read the ECC originality signature (READ_SIG command).
- * Verifies the card is a genuine NXP product.
- * No authentication required (unless Random ID is enabled).
- */
-export declare function readOriginality(onCardIdentified?: () => void): Promise<NfcResult>;