@vppos/react-native-nfc 1.0.0

package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/SOD.swift

@@ -0,0 +1,240 @@
+//
+//  SOD.swift
+//
+//  Created by Andy Qua on 01/02/2021.
+//
+
+import Foundation
+import OpenSSL
+
+
+// Format of SOD: ASN1 - Signed Data  (taken from rfc5652 - https://tools.ietf.org/html/rfc5652):
+// The SOD is a CMS container of type Signed-data
+//
+// Note - ideally I'd be using a proper ASN1 parser, however currently there isn't a reliable one for Swift
+// and I haven't written on (yet?).  So for the moment, I'm relying on the output from ASN1Dump and a
+// simple parser for that
+//
+// Sequence
+//   Object ID: signedData
+//   Content: SignedData
+//       SignedData ::= SEQUENCE {
+//           INTEGER version CMSVersion,
+//           SET digestAlgorithms DigestAlgorithmIdentifiers,
+//           SEQUENCE encapContentInfo EncapsulatedContentInfo,
+//           certificates [0] IMPLICIT CertificateSet OPTIONAL,
+//           crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
+//           SET signerInfos SignerInfos }
+//
+// AlgorithmIdentifier ::= SEQUENCE {
+//     algorithm       OBJECT IDENTIFIER,
+//     parameters      ANY OPTIONAL
+// }
+//
+// EncapsulatedContentInfo ::= SEQUENCE {
+//    eContentType ContentType,
+//    eContent [0] EXPLICIT OCTET STRING OPTIONAL }
+//
+// ContentType ::= OBJECT IDENTIFIER
+//
+// SignerInfos ::= SET OF SignerInfo
+//
+// SignerInfo ::= SEQUENCE {
+//     version CMSVersion,
+//     sid SignerIdentifier,
+//     digestAlgorithm DigestAlgorithmIdentifier,
+//     signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
+//     signatureAlgorithm SignatureAlgorithmIdentifier,
+//     signature SignatureValue,
+//     unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
+//
+// SignerIdentifier ::= CHOICE {
+//     issuerAndSerialNumber IssuerAndSerialNumber,
+//     subjectKeyIdentifier [0] SubjectKeyIdentifier }
+//
+// SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+// UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+// Attribute ::= SEQUENCE {
+//     attrType OBJECT IDENTIFIER,
+//     attrValues SET OF AttributeValue }
+// AttributeValue ::= ANY
+// SignatureValue ::= OCTET STRING
+@available(iOS 13, macOS 10.15, *)
+class SOD : DataGroup {
+    
+    public private(set) var pkcs7CertificateData : [UInt8] = []
+    private var asn1 : ASN1Item!
+    private var pubKey : OpaquePointer?
+
+    override var datagroupType: DataGroupId { .SOD }
+    
+    required init( _ data : [UInt8] ) throws {
+        try super.init(data)
+        self.pkcs7CertificateData = body
+    }
+    
+    deinit {
+        if ( pubKey != nil ) {
+            EVP_PKEY_free(pubKey);
+        }
+    }
+
+    override func parse(_ data: [UInt8]) throws {
+        let p = SimpleASN1DumpParser()
+        asn1 = try p.parse(data: Data(body))
+    }
+    
+    /// Returns the public key from the embedded X509 certificate
+    /// - Returns pointer to the public key
+    func getPublicKey( ) throws -> OpaquePointer {
+        
+        if let key = pubKey {
+            return key
+        }
+        
+        let certs = try OpenSSLUtils.getX509CertificatesFromPKCS7(pkcs7Der:Data(pkcs7CertificateData))
+        if let key = X509_get_pubkey (certs[0].cert) {
+            pubKey = key
+            return key
+        }
+        
+        throw OpenSSLError.UnableToExtractSignedDataFromPKCS7("Unable to get public key")
+    }
+    
+    
+    /// Extracts the encapsulated content section from a SignedData PKCS7 container (if present)
+    /// - Returns: The encapsulated content from a PKCS7 container if we could read it
+    /// - Throws: Error if we can't find or read the encapsulated content
+    func getEncapsulatedContent() throws -> Data {
+        guard let signedData = asn1.getChild(1)?.getChild(0),
+              let encContent = signedData.getChild(2)?.getChild(1),
+              let content = encContent.getChild(0) else {
+            
+            throw OpenSSLError.UnableToExtractSignedDataFromPKCS7("Data in invalid format")
+        }
+        
+        var sigData : Data?
+        if content.type.hasPrefix("OCTET STRING" ) {
+            sigData = Data(hexRepToBin( content.value ))
+        }
+        
+        guard let ret = sigData else { throw OpenSSLError.UnableToExtractSignedDataFromPKCS7("noDataReturned") }
+        return ret
+    }
+    
+    /// Gets the digest algorithm used to hash the encapsulated content in the signed data section (if present)
+    /// - Returns: The digest algorithm used to hash the encapsulated content in the signed data section
+    /// - Throws: Error if we can't find or read the digest algorithm
+    func getEncapsulatedContentDigestAlgorithm() throws -> String {
+        guard let signedData = asn1.getChild(1)?.getChild(0),
+              let digestAlgo = signedData.getChild(1)?.getChild(0)?.getChild(0) else {
+            throw OpenSSLError.UnableToExtractSignedDataFromPKCS7("Data in invalid format")
+        }
+        
+        return String(digestAlgo.value)
+    }
+    
+    /// Gets the signed attributes section (if present)
+    /// - Returns: the signed attributes section
+    /// - Throws: Error if we can't find or read the signed attributes
+    func getSignedAttributes( ) throws -> Data {
+        
+        // Get the SignedAttributes section.
+        guard let signedData = asn1.getChild(1)?.getChild(0),
+              let signerInfo = signedData.getChild(4),
+              let signedAttrs = signerInfo.getChild(0)?.getChild(3) else {
+            
+            throw OpenSSLError.UnableToExtractSignedDataFromPKCS7("Data in invalid format")
+        }
+        
+        var bytes = [UInt8](self.pkcs7CertificateData[signedAttrs.pos ..< signedAttrs.pos + signedAttrs.headerLen + signedAttrs.length])
+        
+        // The first byte will be 0xA0 -> as its a explicit tag for a contextual item which we need to convert
+        // for the hash to calculate correctly
+        // We know that the actual tag is a SET (0x31) - See section 5.4 of https://tools.ietf.org/html/rfc5652
+        // So we need to change this from 0xA0 to 0x31
+        if bytes[0] == 0xA0 {
+            bytes[0] = 0x31
+        }
+        let signedAttribs = Data(bytes)
+        
+        return signedAttribs
+    }
+    
+/// Gets the message digest from the signed attributes section (if present)
+/// - Returns: the message digest
+/// - Throws: Error if we can't find or read the message digest
+    func getMessageDigestFromSignedAttributes( ) throws -> Data {
+        
+        // For the SOD, the SignedAttributes consists of:
+        // A Content type Object (which has the value of the attributes content type)
+        // A messageDigest Object which has the message digest as it value
+        // We want the messageDigest value
+        
+        guard let signedData = asn1.getChild(1)?.getChild(0),
+              let signerInfo = signedData.getChild(4),
+              let signedAttrs = signerInfo.getChild(0)?.getChild(3) else {
+            
+            throw OpenSSLError.UnableToExtractSignedDataFromPKCS7("Data in invalid format")
+        }
+        
+        // Find the messageDigest in the signedAttributes section
+        var sigData : Data?
+        for i in 0 ..< signedAttrs.getNumberOfChildren() {
+            let attrObj = signedAttrs.getChild(i)
+            if attrObj?.getChild(0)?.value == "messageDigest" {
+                if let set = attrObj?.getChild(1),
+                   let digestVal = set.getChild(0) {
+                    
+                    if digestVal.type.hasPrefix("OCTET STRING" ) {
+                        sigData = Data(hexRepToBin( digestVal.value ) )
+                    }
+                }
+            }
+        }
+        
+        guard let messageDigest = sigData else { throw OpenSSLError.UnableToExtractSignedDataFromPKCS7("No messageDigest Returned") }
+        
+        return messageDigest
+    }
+    
+    /// Gets the signature data (if present)
+    /// - Returns: the signature
+    /// - Throws: Error if we can't find or read the signature
+    func getSignature( ) throws -> Data {
+        
+        guard let signedData = asn1.getChild(1)?.getChild(0),
+              let signerInfo = signedData.getChild(4),
+              let signature = signerInfo.getChild(0)?.getChild(5) else {
+            
+            throw OpenSSLError.UnableToExtractSignedDataFromPKCS7("Data in invalid format")
+        }
+        
+        var sigData : Data?
+        if signature.type.hasPrefix("OCTET STRING" ) {
+            sigData = Data(hexRepToBin( signature.value ))
+        }
+        
+        guard let ret = sigData else { throw OpenSSLError.UnableToExtractSignedDataFromPKCS7("noDataReturned") }
+        return ret
+    }
+    
+    /// Gets the signature algorithm used (if present)
+    /// - Returns: the signature algorithm used
+    /// - Throws: Error if we can't find or read the signature algorithm
+    func getSignatureAlgorithm( ) throws -> String {
+        
+        guard let signedData = asn1.getChild(1)?.getChild(0),
+              let signerInfo = signedData.getChild(4),
+              let signatureAlgo = signerInfo.getChild(0)?.getChild(4)?.getChild(0) else {
+            
+            throw OpenSSLError.UnableToExtractSignedDataFromPKCS7("Data in invalid format")
+        }
+        
+        // Vals I've seen are:
+        // sha1WithRSAEncryption => default pkcs1
+        // sha256WithRSAEncryption => default pkcs1
+        // rsassaPss => pss        
+        return signatureAlgo.value
+    }
+}

package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/SecurityInfo.swift

@@ -0,0 +1,136 @@
+//
+//  SecurityInfo.swift
+//  NFCPassportReader
+//
+//  Created by Andy Qua on 25/02/2021.
+//
+
+import Foundation
+import OpenSSL
+
+@available(iOS 13, macOS 10.15,*)
+public class SecurityInfo {
+    // Active Authentication OID
+    static let ID_AA_OID = "2.23.136.1.1.5"
+
+    // Active Authentication Signature Algorithm OIDS
+    // Specified in BSI TR 03111 Section 5.2.1.
+    static let ECDSA_PLAIN_SIGNATURES = "0.4.0.127.0.7.1.1.4.1";
+    static let ECDSA_PLAIN_SHA1_OID = ECDSA_PLAIN_SIGNATURES + ".1"; // 0.4.0.127.0.7.1.1.4.1.1, ecdsa-plain-SHA1
+    static let ECDSA_PLAIN_SHA224_OID = ECDSA_PLAIN_SIGNATURES + ".2"; // 0.4.0.127.0.7.1.1.4.1.2, ecdsa-plain-SHA224
+    static let ECDSA_PLAIN_SHA256_OID = ECDSA_PLAIN_SIGNATURES + ".3"; // 0.4.0.127.0.7.1.1.4.1.3, ecdsa-plain-SHA256
+    static let ECDSA_PLAIN_SHA384_OID = ECDSA_PLAIN_SIGNATURES + ".4"; // 0.4.0.127.0.7.1.1.4.1.4, ecdsa-plain-SHA384
+    static let ECDSA_PLAIN_SHA512_OID = ECDSA_PLAIN_SIGNATURES + ".5"; // 0.4.0.127.0.7.1.1.4.1.5, ecdsa-plain-SHA512
+    static let ECDSA_PLAIN_RIPEMD160_OID = ECDSA_PLAIN_SIGNATURES + ".6"; // 0.4.0.127.0.7.1.1.4.1.6, ecdsa-plain-RIPEMD160
+    
+    // Chip Authentication Public Key OIDS
+    static let ID_PK_DH_OID = "0.4.0.127.0.7.2.2.1.1"
+    static let ID_PK_ECDH_OID = "0.4.0.127.0.7.2.2.1.2"
+    
+    // Chip Authentication OIDS
+    static let ID_CA_DH_3DES_CBC_CBC_OID = "0.4.0.127.0.7.2.2.3.1.1"
+    static let ID_CA_ECDH_3DES_CBC_CBC_OID = "0.4.0.127.0.7.2.2.3.2.1"
+    static let ID_CA_DH_AES_CBC_CMAC_128_OID = "0.4.0.127.0.7.2.2.3.1.2"
+    static let ID_CA_DH_AES_CBC_CMAC_192_OID = "0.4.0.127.0.7.2.2.3.1.3"
+    static let ID_CA_DH_AES_CBC_CMAC_256_OID = "0.4.0.127.0.7.2.2.3.1.4"
+    static let ID_CA_ECDH_AES_CBC_CMAC_128_OID = "0.4.0.127.0.7.2.2.3.2.2"
+    static let ID_CA_ECDH_AES_CBC_CMAC_192_OID = "0.4.0.127.0.7.2.2.3.2.3"
+    static let ID_CA_ECDH_AES_CBC_CMAC_256_OID = "0.4.0.127.0.7.2.2.3.2.4"
+    
+
+    // PACE OIDS
+    static let ID_BSI = "0.4.0.127.0.7"
+    static let ID_PACE = ID_BSI + ".2.2.4"
+    static let ID_PACE_DH_GM = ID_PACE + ".1"
+    static let ID_PACE_DH_GM_3DES_CBC_CBC = ID_PACE_DH_GM + ".1"; // 0.4.0.127.0.7.2.2.4.1.1, id-PACE-DH-GM-3DES-CBC-CBC
+    static let ID_PACE_DH_GM_AES_CBC_CMAC_128 = ID_PACE_DH_GM + ".2"; // 0.4.0.127.0.7.2.2.4.1.2, id-PACE-DH-GM-AES-CBC-CMAC-128
+    static let ID_PACE_DH_GM_AES_CBC_CMAC_192 = ID_PACE_DH_GM + ".3"; // 0.4.0.127.0.7.2.2.4.1.3, id-PACE-DH-GM-AES-CBC-CMAC-192
+    static let ID_PACE_DH_GM_AES_CBC_CMAC_256 = ID_PACE_DH_GM + ".4"; // 0.4.0.127.0.7.2.2.4.1.4, id-PACE-DH-GM-AES-CBC-CMAC-256
+    
+    static let ID_PACE_ECDH_GM = ID_PACE + ".2"
+    static let ID_PACE_ECDH_GM_3DES_CBC_CBC = ID_PACE_ECDH_GM + ".1"; // 0.4.0.127.0.7.2.2.4.2.1, id-PACE-ECDH-GM-3DES-CBC-CBC
+    static let ID_PACE_ECDH_GM_AES_CBC_CMAC_128 = ID_PACE_ECDH_GM + ".2"; // 0.4.0.127.0.7.2.2.4.2.2, id-PACE-ECDH-GM-AES-CBC-CMAC-128
+    static let ID_PACE_ECDH_GM_AES_CBC_CMAC_192 = ID_PACE_ECDH_GM + ".3"; // 0.4.0.127.0.7.2.2.4.2.3, id-PACE-ECDH-GM-AES-CBC-CMAC-192
+    static let ID_PACE_ECDH_GM_AES_CBC_CMAC_256 = ID_PACE_ECDH_GM + ".4"; // 0.4.0.127.0.7.2.2.4.2.4, id-PACE-ECDH-GM-AES-CBC-CMAC-256
+    
+    static let ID_PACE_DH_IM = ID_PACE + ".3"
+    static let ID_PACE_DH_IM_3DES_CBC_CBC = ID_PACE_DH_IM + ".1"; // 0.4.0.127.0.7.2.2.4.3.1, id-PACE-DH-IM-3DES-CBC-CBC
+    static let ID_PACE_DH_IM_AES_CBC_CMAC_128 = ID_PACE_DH_IM + ".2"; // 0.4.0.127.0.7.2.2.4.3.2, id-PACE-DH-IM-AES-CBC-CMAC-128
+    static let ID_PACE_DH_IM_AES_CBC_CMAC_192 = ID_PACE_DH_IM + ".3"; // 0.4.0.127.0.7.2.2.4.3.3, id-PACE-DH-IM-AES-CBC-CMAC-192
+    static let ID_PACE_DH_IM_AES_CBC_CMAC_256 = ID_PACE_DH_IM + ".4"; // 0.4.0.127.0.7.2.2.4.3.4, id-PACE-DH-IM-AES-CBC-CMAC-256
+    
+    static let ID_PACE_ECDH_IM = ID_PACE + ".4"
+    static let ID_PACE_ECDH_IM_3DES_CBC_CBC = ID_PACE_ECDH_IM + ".1"; // 0.4.0.127.0.7.2.2.4.4.1, id-PACE-ECDH-IM-3DES-CBC-CBC
+    static let ID_PACE_ECDH_IM_AES_CBC_CMAC_128 = ID_PACE_ECDH_IM + ".2"; // 0.4.0.127.0.7.2.2.4.4.2, id-PACE-ECDH-IM-AES-CBC-CMAC-128
+    static let ID_PACE_ECDH_IM_AES_CBC_CMAC_192 = ID_PACE_ECDH_IM + ".3"; // 0.4.0.127.0.7.2.2.4.4.3, id-PACE-ECDH-IM-AES-CBC-CMAC-192
+    static let ID_PACE_ECDH_IM_AES_CBC_CMAC_256 = ID_PACE_ECDH_IM + ".4"; // 0.4.0.127.0.7.2.2.4.4.4, id-PACE-ECDH-IM-AES-CBC-CMAC-256
+    
+    static let ID_PACE_ECDH_CAM = ID_PACE + ".6"
+    static let ID_PACE_ECDH_CAM_AES_CBC_CMAC_128 = ID_PACE_ECDH_CAM + ".2"; // 0.4.0.127.0.7.2.2.4.6.2, id-PACE-ECDH-CAM-AES-CBC-CMAC-128
+    static let ID_PACE_ECDH_CAM_AES_CBC_CMAC_192 = ID_PACE_ECDH_CAM + ".3"; // 0.4.0.127.0.7.2.2.4.6.3, id-PACE-ECDH-CAM-AES-CBC-CMAC-192
+    static let ID_PACE_ECDH_CAM_AES_CBC_CMAC_256 = ID_PACE_ECDH_CAM + ".4"; // 0.4.0.127.0.7.2.2.4.6.4, id-PACE-ECDH-CAM-AES-CBC-CMAC-256
+
+    public func getObjectIdentifier() -> String {
+        preconditionFailure("This method must be overridden")
+    }
+    
+    public func getProtocolOIDString() -> String {
+        preconditionFailure("This method must be overridden")
+    }
+    
+    static func getInstance( object : ASN1Item, body: [UInt8] ) -> SecurityInfo? {
+        let oid = object.getChild(0)?.value ?? ""
+        let requiredData = object.getChild(1)!
+        var optionalData : ASN1Item? = nil
+        if (object.getNumberOfChildren() == 3) {
+            optionalData = object.getChild(2)
+        }
+        
+        if ChipAuthenticationPublicKeyInfo.checkRequiredIdentifier(oid) {
+            
+            let keyData : [UInt8] = [UInt8](body[requiredData.pos ..< requiredData.pos+requiredData.headerLen+requiredData.length])
+            
+            var subjectPublicKeyInfo : OpaquePointer? = nil
+            let _ = keyData.withUnsafeBytes { (ptr) in
+                var newPtr = ptr.baseAddress?.assumingMemoryBound(to: UInt8.self)
+                
+                subjectPublicKeyInfo = d2i_PUBKEY(nil, &newPtr, keyData.count)
+            }
+            
+            if let subjectPublicKeyInfo = subjectPublicKeyInfo {
+                                
+                if optionalData == nil {
+                    return ChipAuthenticationPublicKeyInfo(oid:oid, pubKey:subjectPublicKeyInfo);
+                } else {
+                    let keyId = Int(optionalData!.value, radix: 16)
+                    return ChipAuthenticationPublicKeyInfo(oid:oid, pubKey:subjectPublicKeyInfo, keyId: keyId);
+                }
+                
+            }
+        } else if ChipAuthenticationInfo.checkRequiredIdentifier(oid) {
+            let version = Int(requiredData.value) ?? -1
+            if let optionalData = optionalData {
+                let keyId = Int(optionalData.value, radix: 16)
+                return ChipAuthenticationInfo(oid: oid, version: version, keyId: keyId);
+            } else {
+                return ChipAuthenticationInfo(oid: oid, version: version);
+            }
+        } else if PACEInfo.checkRequiredIdentifier(oid) {
+            let version = Int(requiredData.value) ?? -1
+            var parameterId : Int? = nil
+            
+            if let optionalData = optionalData {
+                parameterId = Int(optionalData.value, radix:16)
+            }
+            return PACEInfo(oid: oid, version: version, parameterId: parameterId);
+        } else if ActiveAuthenticationInfo.checkRequiredIdentifier(oid) {
+            let version = Int(requiredData.value) ?? -1
+            if let optionalData = optionalData {
+                return ActiveAuthenticationInfo(oid: oid, version: version, signatureAlgorithmOID: optionalData.value)
+            } else {
+                return ActiveAuthenticationInfo(oid: oid, version: version)
+            }
+        }
+        return nil
+    }
+}

package/vendor/ios-passport-reader/Sources/NFCPassportReader/Errors.swift

@@ -0,0 +1,148 @@
+//
+//  Errors.swift
+//  NFCPassportReader
+//
+//  Created by Andy Qua on 09/02/2021.
+//  Copyright © 2021 Andy Qua. All rights reserved.
+//
+
+import Foundation
+
+// MARK: TagError
+@available(iOS 13, macOS 10.15, *)
+public enum NFCPassportReaderError: Error {
+    case ResponseError(String, UInt8, UInt8)
+    case InvalidResponse(dataGroupId: DataGroupId, expectedTag: Int, actualTag: Int)
+    case UnexpectedError
+    case NFCNotSupported
+    case NoConnectedTag
+    case D087Malformed
+    case InvalidResponseChecksum
+    case MissingMandatoryFields
+    case CannotDecodeASN1Length
+    case InvalidASN1Value
+    case UnableToProtectAPDU
+    case UnableToUnprotectAPDU
+    case UnsupportedDataGroup
+    case DataGroupNotRead
+    case UnknownTag
+    case UnknownImageFormat
+    case NotImplemented
+    case TagNotValid
+    case ConnectionError
+    case UserCanceled
+    case InvalidMRZKey
+    case MoreThanOneTagFound
+    case InvalidHashAlgorithmSpecified
+    case UnsupportedCipherAlgorithm
+    case UnsupportedMappingType
+    case PACEError(String,String)
+    case ChipAuthenticationFailed
+    case InvalidDataPassed(String)
+    case NotYetSupported(String)
+    case Unknown(Error)
+
+    var value: String {
+        switch self {
+            case .ResponseError(let errMsg, _, _): return errMsg
+            case .InvalidResponse(let dataGroupId, let expected, let actual):
+                return "InvalidResponse in \(dataGroupId.getName()). Expected: \(expected.hexString) Actual: \(actual.hexString)"
+            case .UnexpectedError: return "UnexpectedError"
+            case .NFCNotSupported: return "NFCNotSupported"
+            case .NoConnectedTag: return "NoConnectedTag"
+            case .D087Malformed: return "D087Malformed"
+            case .InvalidResponseChecksum: return "InvalidResponseChecksum"
+            case .MissingMandatoryFields: return "MissingMandatoryFields"
+            case .CannotDecodeASN1Length: return "CannotDecodeASN1Length"
+            case .InvalidASN1Value: return "InvalidASN1Value"
+            case .UnableToProtectAPDU: return "UnableToProtectAPDU"
+            case .UnableToUnprotectAPDU: return "UnableToUnprotectAPDU"
+            case .UnsupportedDataGroup: return "UnsupportedDataGroup"
+            case .DataGroupNotRead: return "DataGroupNotRead"
+            case .UnknownTag: return "UnknownTag"
+            case .UnknownImageFormat: return "UnknownImageFormat"
+            case .NotImplemented: return "NotImplemented"
+            case .TagNotValid: return "TagNotValid"
+            case .ConnectionError: return "ConnectionError"
+            case .UserCanceled: return "UserCanceled"
+            case .InvalidMRZKey: return "InvalidMRZKey"
+            case .MoreThanOneTagFound: return "MoreThanOneTagFound"
+            case .InvalidHashAlgorithmSpecified: return "InvalidHashAlgorithmSpecified"
+            case .UnsupportedCipherAlgorithm: return "UnsupportedCipherAlgorithm"
+            case .UnsupportedMappingType: return "UnsupportedMappingType"
+            case .PACEError(let step, let reason): return "PACEError (\(step)) - \(reason)"
+            case .ChipAuthenticationFailed: return "ChipAuthenticationFailed"
+            case .InvalidDataPassed(let reason) : return "Invalid data passed - \(reason)"
+            case .NotYetSupported(let reason) : return "Not yet supported - \(reason)"
+            case .Unknown(let error): return "Unknown error: \(error.localizedDescription)"
+        }
+    }
+}
+
+@available(iOS 13, macOS 10.15, *)
+extension NFCPassportReaderError: LocalizedError {
+    public var errorDescription: String? {
+        return NSLocalizedString(value, comment: "My error")
+    }
+}
+
+
+// MARK: OpenSSLError
+@available(iOS 13, macOS 10.15, *)
+public enum OpenSSLError: Error {
+    case UnableToGetX509CertificateFromPKCS7(String)
+    case UnableToVerifyX509CertificateForSOD(String)
+    case VerifyAndReturnSODEncapsulatedData(String)
+    case UnableToReadECPublicKey(String)
+    case UnableToExtractSignedDataFromPKCS7(String)
+    case VerifySignedAttributes(String)
+    case UnableToParseASN1(String)
+    case UnableToDecryptRSASignature(String)
+}
+
+@available(iOS 13, macOS 10.15, *)
+extension OpenSSLError: LocalizedError {
+    public var errorDescription: String? {
+        switch self {
+            case .UnableToGetX509CertificateFromPKCS7(let reason):
+                return NSLocalizedString("Unable to read the SOD PKCS7 Certificate. \(reason)", comment: "UnableToGetPKCS7CertificateForSOD")
+            case .UnableToVerifyX509CertificateForSOD(let reason):
+                return NSLocalizedString("Unable to verify the SOD X509 certificate. \(reason)", comment: "UnableToVerifyX509CertificateForSOD")
+            case .VerifyAndReturnSODEncapsulatedData(let reason):
+                return NSLocalizedString("Unable to verify the SOD Datagroup hashes. \(reason)", comment: "UnableToGetSignedDataFromPKCS7")
+            case .UnableToReadECPublicKey(let reason):
+                return NSLocalizedString("Unable to read ECDSA Public key  \(reason)!", comment: "UnableToReadECPublicKey")
+            case .UnableToExtractSignedDataFromPKCS7(let reason):
+                return NSLocalizedString("Unable to extract Signer data from PKCS7  \(reason)!", comment: "UnableToExtractSignedDataFromPKCS7")
+            case .VerifySignedAttributes(let reason):
+                return NSLocalizedString("Unable to Verify the SOD SignedAttributes  \(reason)!", comment: "UnableToExtractSignedDataFromPKCS7")
+            case .UnableToParseASN1(let reason):
+                return NSLocalizedString("Unable to parse ASN1  \(reason)!", comment: "UnableToParseASN1")
+            case .UnableToDecryptRSASignature(let reason):
+                return NSLocalizedString("DatUnable to decrypt RSA Signature \(reason)!", comment: "UnableToDecryptRSSignature")
+        }
+    }
+}
+
+
+// MARK: PassiveAuthenticationError
+public enum PassiveAuthenticationError: Error {
+    case UnableToParseSODHashes(String)
+    case InvalidDataGroupHash(String)
+    case SODMissing(String)
+}
+
+
+extension PassiveAuthenticationError: LocalizedError {
+    public var errorDescription: String? {
+        switch self {
+            case .UnableToParseSODHashes(let reason):
+                return NSLocalizedString("Unable to parse the SOD Datagroup hashes. \(reason)", comment: "UnableToParseSODHashes")
+            case .InvalidDataGroupHash(let reason):
+                return NSLocalizedString("DataGroup hash not present or didn't match  \(reason)!", comment: "InvalidDataGroupHash")
+            case .SODMissing(let reason):
+                return NSLocalizedString("DataGroup SOD not present or not read  \(reason)!", comment: "SODMissing")
+                
+        }
+    }
+}

package/vendor/ios-passport-reader/Sources/NFCPassportReader/Logging.swift

@@ -0,0 +1,32 @@
+//
+//  Logging.swift
+//  NFCTest
+//
+//  Created by Andy Qua on 11/06/2019.
+//  Copyright © 2019 Andy Qua. All rights reserved.
+//
+
+import Foundation
+import OSLog
+
+
+extension Logger {
+    /// Using your bundle identifier is a great way to ensure a unique identifier.
+    private static var subsystem = Bundle.main.bundleIdentifier!
+    
+    /// Tag Reader logs
+    static let passportReader = Logger(subsystem: subsystem, category: "passportReader")
+
+    /// Tag Reader logs
+    static let tagReader = Logger(subsystem: subsystem, category: "tagReader")
+
+    /// SecureMessaging logs
+    static let secureMessaging = Logger(subsystem: subsystem, category: "secureMessaging")
+
+    static let openSSL = Logger(subsystem: subsystem, category: "openSSL")
+
+    static let bac = Logger(subsystem: subsystem, category: "BAC")
+    static let chipAuth = Logger(subsystem: subsystem, category: "chipAuthentication")
+    static let pace = Logger(subsystem: subsystem, category: "PACE")
+}
+