npm - @vppos/react-native-nfc - Versions diffs - 1.0.0 - Mend

@vppos/react-native-nfc 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (223) hide show

package/vendor/ios-passport-reader/Sources/NFCPassportReader/AES_3DES_DESEncryption.swift ADDED Viewed

@@ -0,0 +1,377 @@
+//
+//  3DES_DESEncryption.swift
+//  NFCTest
+//
+//  Created by Andy Qua on 07/06/2019.
+//  Copyright © 2019 Andy Qua. All rights reserved.
+//
+import Foundation
+import OSLog
+import CommonCrypto
+/// Encrypts a message using AES/CBC/NOPADDING with a specified key and initialisation vector
+/// - Parameter key: Key use to encrypt
+/// - Parameter message: Message to encrypt
+/// - Parameter iv: Initialisation vector
+@available(iOS 13, macOS 10.15, *)
+public func AESEncrypt(key:[UInt8], message:[UInt8], iv:[UInt8]) -> [UInt8] {
+    let dataLength = message.count
+    let cryptLen = message.count + kCCBlockSizeAES128
+    var cryptData = Data(count: cryptLen)
+    let keyLength              = size_t(key.count)
+    let operation: CCOperation = CCOperation(kCCEncrypt)
+    let algorithm:  CCAlgorithm = CCAlgorithm(kCCAlgorithmAES)
+    let options:   CCOptions   = CCOptions(0)
+    var numBytesEncrypted = 0
+    var cryptStatus: CCCryptorStatus = CCCryptorStatus(kCCSuccess)
+    key.withUnsafeBytes {keyBytes in
+        message.withUnsafeBytes{ dataBytes in
+            iv.withUnsafeBytes{ ivBytes in
+                cryptData.withUnsafeMutableBytes{ cryptBytes in
+                    cryptStatus = CCCrypt(operation,
+                            algorithm,
+                            options,
+                            keyBytes.baseAddress,
+                            keyLength,
+                            ivBytes.baseAddress,
+                            dataBytes.baseAddress,
+                            dataLength,
+                            cryptBytes.bindMemory(to: UInt8.self).baseAddress,
+                            cryptLen,
+                            &numBytesEncrypted)
+                }
+            }
+        }
+    }
+    if cryptStatus == kCCSuccess {
+        cryptData.count = Int(numBytesEncrypted)
+        return [UInt8](cryptData)
+    } else {
+        Logger.passportReader.error("AES Encrypt Error: \(cryptStatus)")
+    }
+    return []
+}
+/// Decrypts a message using AES/CBC/NOPADDING with a specified key and initialisation vector
+/// - Parameter key: Key use to decrypt
+/// - Parameter message: Message to decrypt
+/// - Parameter iv: Initialisation vector
+@available(iOS 13, macOS 10.15, *)
+public func AESDecrypt(key:[UInt8], message:[UInt8], iv:[UInt8]) -> [UInt8] {
+    var fixedKey = key
+    if key.count == 16 {
+        fixedKey += key[0..<8]
+    }
+    let data = Data(message)
+    let dataLength = message.count
+    let cryptLen = data.count + kCCBlockSizeAES128
+    var cryptData = Data(count: cryptLen)
+    let keyLength              = size_t(key.count)
+    let operation: CCOperation = UInt32(kCCDecrypt)
+    let algorithm:  CCAlgorithm = UInt32(kCCAlgorithmAES)
+    let options:   CCOptions   = UInt32(0)
+    var numBytesEncrypted = 0
+    let cryptStatus = fixedKey.withUnsafeBytes {keyBytes in
+        message.withUnsafeBytes{ dataBytes in
+            cryptData.withUnsafeMutableBytes{ cryptBytes in
+                CCCrypt(operation,
+                        algorithm,
+                        options,
+                        keyBytes.baseAddress,
+                        keyLength,
+                        iv,
+                        dataBytes.baseAddress,
+                        dataLength,
+                        cryptBytes.bindMemory(to: UInt8.self).baseAddress,
+                        cryptLen,
+                        &numBytesEncrypted)
+            }
+        }
+    }
+    if cryptStatus == kCCSuccess {
+        cryptData.count = Int(numBytesEncrypted)
+        return [UInt8](cryptData)
+    } else {
+        Logger.passportReader.error("AES Decrypt Error: \(cryptStatus)")
+    }
+    return []
+}
+/// Decrypts a message using AES/ECB/NOPADDING with a specified key and initialisation vector
+/// - Parameter key: Key use to decrypt
+/// - Parameter message: Message to decrypt
+/// - Parameter iv: Initialisation vector
+@available(iOS 13, macOS 10.15, *)
+public func AESECBEncrypt(key:[UInt8], message:[UInt8]) -> [UInt8] {
+    let dataLength = message.count
+    let cryptLen = message.count + kCCBlockSizeAES128
+    var cryptData = Data(count: cryptLen)
+    let keyLength              = size_t(key.count)
+    let operation: CCOperation = CCOperation(kCCEncrypt)
+    let algorithm:  CCAlgorithm = CCAlgorithm(kCCAlgorithmAES)
+    let options:   CCOptions   = CCOptions(kCCOptionECBMode)
+    var numBytesEncrypted = 0
+    let cryptStatus = key.withUnsafeBytes {keyBytes in
+        message.withUnsafeBytes{ dataBytes in
+            cryptData.withUnsafeMutableBytes{ cryptBytes in
+                CCCrypt(operation,
+                        algorithm,
+                        options,
+                        keyBytes.baseAddress,
+                        keyLength,
+                        nil,
+                        dataBytes.baseAddress,
+                        dataLength,
+                        cryptBytes.bindMemory(to: UInt8.self).baseAddress,
+                        cryptLen,
+                        &numBytesEncrypted)
+            }
+        }
+    }
+    if cryptStatus == kCCSuccess {
+        cryptData.count = Int(numBytesEncrypted)
+        return [UInt8](cryptData)
+    } else {
+        Logger.passportReader.error("AESECBEncrypt Error: \(cryptStatus)")
+    }
+    return []
+}
+/// Encrypts a message using DES3 with a specified key and initialisation vector
+/// - Parameter key: Key use to encrypt
+/// - Parameter message: Message to encrypt
+/// - Parameter iv: Initialisation vector
+@available(iOS 13, macOS 10.15, *)
+public func tripleDESEncrypt(key:[UInt8], message:[UInt8], iv:[UInt8]) -> [UInt8] {
+    // Fix key data - if length is 16 then take the first 98 bytes and append them to the end to make 24 bytes
+    var fixedKey = key
+    if key.count == 16 {
+        fixedKey += key[0..<8]
+    }
+    let dataLength = message.count
+    let cryptLen = message.count + kCCBlockSize3DES
+    var cryptData = Data(count: cryptLen)
+    let keyLength              = size_t(kCCKeySize3DES)
+    let operation: CCOperation = UInt32(kCCEncrypt)
+    let algorithm:  CCAlgorithm = UInt32(kCCAlgorithm3DES)
+    let options:   CCOptions   = UInt32(0)
+    var numBytesEncrypted = 0
+    let cryptStatus = fixedKey.withUnsafeBytes {keyBytes in
+        message.withUnsafeBytes{ dataBytes in
+            iv.withUnsafeBytes{ ivBytes in
+                cryptData.withUnsafeMutableBytes{ cryptBytes in
+                    CCCrypt(operation,
+                            algorithm,
+                            options,
+                            keyBytes.baseAddress,
+                            keyLength,
+                            ivBytes.baseAddress,
+                            dataBytes.baseAddress,
+                            dataLength,
+                            cryptBytes.bindMemory(to: UInt8.self).baseAddress,
+                            cryptLen,
+                            &numBytesEncrypted)
+                }
+            }
+        }
+    }
+    if cryptStatus == kCCSuccess {
+        cryptData.count = Int(numBytesEncrypted)
+        return [UInt8](cryptData)
+    } else {
+        Logger.passportReader.error("Error: \(cryptStatus)")
+    }
+    return []
+}
+/// Decrypts a message using DES3 with a specified key and initialisation vector
+/// - Parameter key: Key use to decrypt
+/// - Parameter message: Message to decrypt
+/// - Parameter iv: Initialisation vector
+@available(iOS 13, macOS 10.15, *)
+public func tripleDESDecrypt(key:[UInt8], message:[UInt8], iv:[UInt8]) -> [UInt8] {
+    var fixedKey = key
+    if key.count == 16 {
+        fixedKey += key[0..<8]
+    }
+    let data = Data(message)
+    let dataLength = message.count
+    let cryptLen = data.count + kCCBlockSize3DES
+    var cryptData = Data(count: cryptLen)
+    let keyLength              = size_t(kCCKeySize3DES)
+    let operation: CCOperation = UInt32(kCCDecrypt)
+    let algorithm:  CCAlgorithm = UInt32(kCCAlgorithm3DES)
+    let options:   CCOptions   = UInt32(0)
+    var numBytesEncrypted = 0
+    let cryptStatus = fixedKey.withUnsafeBytes {keyBytes in
+        message.withUnsafeBytes{ dataBytes in
+            cryptData.withUnsafeMutableBytes{ cryptBytes in
+                CCCrypt(operation,
+                        algorithm,
+                        options,
+                        keyBytes.baseAddress,
+                        keyLength,
+                        iv,
+                        dataBytes.baseAddress,
+                        dataLength,
+                        cryptBytes.bindMemory(to: UInt8.self).baseAddress,
+                        cryptLen,
+                        &numBytesEncrypted)
+            }
+        }
+    }
+    if cryptStatus == kCCSuccess {
+        cryptData.count = Int(numBytesEncrypted)
+        return [UInt8](cryptData)
+    } else {
+        Logger.passportReader.error("Error: \(cryptStatus)")
+    }
+    return []
+}
+/// Encrypts a message using DES with a specified key and initialisation vector
+/// - Parameter key: Key use to encrypt
+/// - Parameter message: Message to encrypt
+/// - Parameter iv: Initialisation vector
+/// - Parameter options: Encryption options to use
+@available(iOS 13, macOS 10.15, *)
+public func DESEncrypt(key:[UInt8], message:[UInt8], iv:[UInt8], options:UInt32 = 0) -> [UInt8] {
+    let dataLength = message.count
+    let cryptLen = message.count + kCCBlockSizeDES
+    var cryptData = Data(count: cryptLen)
+    let keyLength              = size_t(kCCKeySizeDES)
+    let operation: CCOperation = UInt32(kCCEncrypt)
+    let algorithm:  CCAlgorithm = UInt32(kCCAlgorithmDES)
+    let options:   CCOptions   = options
+    var numBytesEncrypted = 0
+    let cryptStatus = key.withUnsafeBytes {keyBytes in
+        message.withUnsafeBytes{ dataBytes in
+            iv.withUnsafeBytes{ ivBytes in
+                cryptData.withUnsafeMutableBytes{ cryptBytes in
+                    CCCrypt(operation,
+                            algorithm,
+                            options,
+                            keyBytes.baseAddress,
+                            keyLength,
+                            ivBytes.baseAddress,
+                            dataBytes.baseAddress,
+                            dataLength,
+                            cryptBytes.bindMemory(to: UInt8.self).baseAddress,
+                            cryptLen,
+                            &numBytesEncrypted)
+                }
+            }
+        }
+    }
+    if cryptStatus == kCCSuccess {
+        cryptData.count = Int(numBytesEncrypted)
+        return [UInt8](cryptData)
+    } else {
+        Logger.passportReader.error("Error: \(cryptStatus)")
+    }
+    return []
+}
+/// Decrypts a message using DES with a specified key and initialisation vector
+/// - Parameter key: Key use to decrypt
+/// - Parameter message: Message to decrypt
+/// - Parameter iv: Initialisation vector
+/// - Parameter options: Decryption options to use
+@available(iOS 13, macOS 10.15, *)
+public func DESDecrypt(key:[UInt8], message:[UInt8], iv:[UInt8], options:UInt32 = 0) -> [UInt8] {
+    let dataLength = message.count
+    let cryptLen = message.count + kCCBlockSizeDES
+    var cryptData = Data(count: cryptLen)
+    let keyLength              = size_t(kCCKeySizeDES)
+    let operation: CCOperation = UInt32(kCCDecrypt)
+    let algorithm:  CCAlgorithm = UInt32(kCCAlgorithmDES)
+    let options:   CCOptions   = options
+    var numBytesEncrypted = 0
+    let cryptStatus = key.withUnsafeBytes {keyBytes in
+        message.withUnsafeBytes{ dataBytes in
+            iv.withUnsafeBytes{ ivBytes in
+                cryptData.withUnsafeMutableBytes{ cryptBytes in
+                    CCCrypt(operation,
+                            algorithm,
+                            options,
+                            keyBytes.baseAddress,
+                            keyLength,
+                            nil,
+                            dataBytes.baseAddress,
+                            dataLength,
+                            cryptBytes.bindMemory(to: UInt8.self).baseAddress,
+                            cryptLen,
+                            &numBytesEncrypted)
+                }
+            }
+        }
+    }
+    if cryptStatus == kCCSuccess {
+        cryptData.count = Int(numBytesEncrypted)
+        return [UInt8](cryptData)
+    } else {
+        Logger.passportReader.error("Error: \(cryptStatus)")
+    }
+    return []
+}

package/vendor/ios-passport-reader/Sources/NFCPassportReader/BACHandler.swift ADDED Viewed

@@ -0,0 +1,194 @@
+//
+//  BACHandler.swift
+//  NFCTest
+//
+//  Created by Andy Qua on 07/06/2019.
+//  Copyright © 2019 Andy Qua. All rights reserved.
+//
+import Foundation
+import OSLog
+#if !os(macOS)
+import CoreNFC
+@available(iOS 15, *)
+public class BACHandler {
+    let KENC : [UInt8] = [0,0,0,1]
+    let KMAC : [UInt8] = [0,0,0,2]
+    public var ksenc : [UInt8] = []
+    public var ksmac : [UInt8] = []
+    var rnd_icc : [UInt8] = []
+    var rnd_ifd : [UInt8] = []
+    public var kifd : [UInt8] = []
+    var tagReader : TagReader?
+    public init() {
+        // For testing only
+    }
+    public init(tagReader: TagReader) {
+        self.tagReader = tagReader
+    }
+    public func performBACAndGetSessionKeys( mrzKey : String ) async throws {
+        guard let tagReader = self.tagReader else {
+            throw NFCPassportReaderError.NoConnectedTag
+        }
+        Logger.bac.debug( "BACHandler - deriving Document Basic Access Keys" )
+        _ = try self.deriveDocumentBasicAccessKeys(mrz: mrzKey)
+        // Make sure we clear secure messaging (could happen if we read an invalid DG or we hit a secure error
+        tagReader.secureMessaging = nil
+        // get Challenge
+        Logger.bac.debug( "BACHandler - Getting initial challenge" )
+        let response = try await tagReader.getChallenge()
+        Logger.bac.debug( "DATA - \(response.data)" )
+        Logger.bac.debug( "BACHandler - Doing mutual authentication" )
+        let cmd_data = self.authentication(rnd_icc: [UInt8](response.data))
+        let maResponse = try await tagReader.doMutualAuthentication(cmdData: Data(cmd_data))
+        Logger.bac.debug( "DATA - \(maResponse.data)" )
+        guard maResponse.data.count > 0 else {
+            throw NFCPassportReaderError.InvalidMRZKey
+        }
+        let (KSenc, KSmac, ssc) = try self.sessionKeys(data: [UInt8](maResponse.data))
+        tagReader.secureMessaging = SecureMessaging(ksenc: KSenc, ksmac: KSmac, ssc: ssc)
+        Logger.bac.debug( "BACHandler - complete" )
+    }
+    func deriveDocumentBasicAccessKeys(mrz: String) throws -> ([UInt8], [UInt8]) {
+        let kseed = generateInitialKseed(kmrz:mrz)
+        Logger.bac.debug("Calculate the Basic Access Keys (Kenc and Kmac) using TR-SAC 1.01, 4.2")
+        let smskg = SecureMessagingSessionKeyGenerator()
+        self.ksenc = try smskg.deriveKey(keySeed: kseed, mode: .ENC_MODE)
+        self.ksmac = try smskg.deriveKey(keySeed: kseed, mode: .MAC_MODE)
+        return (ksenc, ksmac)
+    }
+    ///
+    /// Calculate the kseed from the kmrz:
+    /// - Calculate a SHA-1 hash of the kmrz
+    /// - Take the most significant 16 bytes to form the Kseed.
+    /// @param kmrz: The MRZ information
+    /// @type kmrz: a string
+    /// @return: a 16 bytes string
+    ///
+    /// - Parameter kmrz: mrz key
+    /// - Returns: first 16 bytes of the mrz SHA1 hash
+    ///
+    func generateInitialKseed(kmrz : String ) -> [UInt8] {
+        Logger.bac.debug("Calculate the SHA-1 hash of MRZ_information")
+        Logger.bac.debug("\tMRZ KEY - \(kmrz)")
+        let hash = calcSHA1Hash( [UInt8](kmrz.data(using:.utf8)!) )
+        Logger.bac.debug("\tsha1(MRZ_information): \(binToHexRep(hash))")
+        let subHash = Array(hash[0..<16])
+        Logger.bac.debug("Take the most significant 16 bytes to form the Kseed")
+        Logger.bac.debug("\tKseed: \(binToHexRep(subHash))" )
+        return Array(subHash)
+    }
+    /// Construct the command data for the mutual authentication.
+    /// - Request an 8 byte random number from the MRTD's chip (rnd.icc)
+    /// - Generate an 8 byte random (rnd.ifd) and a 16 byte random (kifd)
+    /// - Concatenate rnd.ifd, rnd.icc and kifd (s = rnd.ifd + rnd.icc + kifd)
+    /// - Encrypt it with TDES and the Kenc key (eifd = TDES(s, Kenc))
+    /// - Compute the MAC over eifd with TDES and the Kmax key (mifd = mac(pad(eifd))
+    /// - Construct the APDU data for the mutualAuthenticate command (cmd_data = eifd + mifd)
+    ///
+    /// @param rnd_icc: The challenge received from the ICC.
+    /// @type rnd_icc: A 8 bytes binary string
+    /// @return: The APDU binary data for the mutual authenticate command
+    func authentication( rnd_icc : [UInt8]) -> [UInt8] {
+        self.rnd_icc = rnd_icc
+        Logger.bac.debug("Request an 8 byte random number from the MRTD's chip")
+        Logger.bac.debug("\tRND.ICC: '(binToHexRep(self.rnd_icc))")
+        self.rnd_icc = rnd_icc
+        let rnd_ifd = generateRandomUInt8Array(8)
+        let kifd = generateRandomUInt8Array(16)
+        Logger.bac.debug("Generate an 8 byte random and a 16 byte random")
+        Logger.bac.debug("\tRND.IFD: \(binToHexRep(rnd_ifd))" )
+        Logger.bac.debug("\tRND.Kifd: \(binToHexRep(kifd))")
+        let s = rnd_ifd + rnd_icc + kifd
+        Logger.bac.debug("Concatenate RND.IFD, RND.ICC and Kifd")
+        Logger.bac.debug("\tS: \(binToHexRep(s))")
+        let iv : [UInt8] = [0, 0, 0, 0, 0, 0, 0, 0]
+        let eifd = tripleDESEncrypt(key: ksenc,message: s, iv: iv)
+        Logger.bac.debug("Encrypt S with TDES key Kenc as calculated in Appendix 5.2")
+        Logger.bac.debug("\tEifd: \(binToHexRep(eifd))")
+        let mifd = mac(algoName: .DES, key: ksmac, msg: pad(eifd, blockSize:8))
+        Logger.bac.debug("Compute MAC over eifd with TDES key Kmac as calculated in-Appendix 5.2")
+        Logger.bac.debug("\tMifd: \(binToHexRep(mifd))")
+        // Construct APDU
+        let cmd_data = eifd + mifd
+        Logger.bac.debug("Construct command data for MUTUAL AUTHENTICATE")
+        Logger.bac.debug("\tcmd_data: \(binToHexRep(cmd_data))")
+        self.rnd_ifd = rnd_ifd
+        self.kifd = kifd
+        return cmd_data
+    }
+    /// Calculate the session keys (KSenc, KSmac) and the SSC from the data
+    /// received by the mutual authenticate command.
+    /// @param data: the data received from the mutual authenticate command send to the chip.
+    /// @type data: a binary string
+    /// @return: A set of two 16 bytes keys (KSenc, KSmac) and the SSC
+    public func sessionKeys(data : [UInt8] ) throws -> ([UInt8], [UInt8], [UInt8]) {
+        Logger.bac.debug("Decrypt and verify received data and compare received RND.IFD with generated RND.IFD \(binToHexRep(self.ksmac))" )
+        let response = tripleDESDecrypt(key: self.ksenc, message: [UInt8](data[0..<32]), iv: [0,0,0,0,0,0,0,0] )
+        let response_kicc = [UInt8](response[16..<32])
+        let Kseed = xor(self.kifd, response_kicc)
+        Logger.bac.debug("Calculate XOR of Kifd and Kicc")
+        Logger.bac.debug("\tKseed: \(binToHexRep(Kseed))" )
+        let smskg = SecureMessagingSessionKeyGenerator()
+        let KSenc = try smskg.deriveKey(keySeed: Kseed, mode: .ENC_MODE)
+        let KSmac = try smskg.deriveKey(keySeed: Kseed, mode: .MAC_MODE)
+//        let KSenc = self.keyDerivation(kseed: Kseed,c: KENC)
+//        let KSmac = self.keyDerivation(kseed: Kseed,c: KMAC)
+        Logger.bac.debug("Calculate Session Keys (KSenc and KSmac) using Appendix 5.1")
+        Logger.bac.debug("\tKSenc: \(binToHexRep(KSenc))" )
+        Logger.bac.debug("\tKSmac: \(binToHexRep(KSmac))" )
+        let ssc = [UInt8](self.rnd_icc.suffix(4) + self.rnd_ifd.suffix(4))
+        Logger.bac.debug("Calculate Send Sequence Counter")
+        Logger.bac.debug("\tSSC: \(binToHexRep(ssc))" )
+        return (KSenc, KSmac, ssc)
+    }
+}
+#endif