@vppos/react-native-nfc 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +20 -0
- package/NFCSDK.podspec +40 -0
- package/android/build.gradle +85 -0
- package/android/gradle.properties +5 -0
- package/android/src/main/AndroidManifest.xml +31 -0
- package/android/src/main/AndroidManifestNew.xml +30 -0
- package/android/src/main/java/com/nfcsdk/ChipReader.kt +237 -0
- package/android/src/main/java/com/nfcsdk/NFCSDKModule.kt +78 -0
- package/android/src/main/java/com/nfcsdk/NFCSDKPackage.kt +17 -0
- package/android/src/main/java/com/nfcsdk/NFCScanActivity.kt +299 -0
- package/android/src/main/java/com/nfcsdk/utils/Dg13Parser.kt +278 -0
- package/android/src/main/java/com/nfcsdk/utils/FaceExtractor.kt +40 -0
- package/android/src/main/java/com/nfcsdk/utils/MrzUtils.kt +75 -0
- package/android/src/main/res/drawable/bg_nfc_bottom_sheet.xml +13 -0
- package/android/src/main/res/drawable/bg_nfc_sheet_handle.xml +9 -0
- package/android/src/main/res/layout/activity_nfc.xml +110 -0
- package/android/src/main/res/values/styles.xml +10 -0
- package/android/src/main/res/xml/nfc_tech_filter.xml +8 -0
- package/ios/ChipReader.swift +258 -0
- package/ios/NFCSDK-Bridging-Header.h +2 -0
- package/ios/NFCSDK.mm +9 -0
- package/ios/NFCSDK.swift +112 -0
- package/ios/NFCSDKSession.swift +5 -0
- package/ios/utils/DG13Parser.swift +302 -0
- package/ios/utils/MrzUtils.swift +49 -0
- package/lib/module/errors.js +9 -0
- package/lib/module/errors.js.map +1 -0
- package/lib/module/index.js +118 -0
- package/lib/module/index.js.map +1 -0
- package/lib/module/package.json +1 -0
- package/lib/module/types.js +2 -0
- package/lib/module/types.js.map +1 -0
- package/lib/typescript/package.json +1 -0
- package/lib/typescript/src/errors.d.ts +4 -0
- package/lib/typescript/src/errors.d.ts.map +1 -0
- package/lib/typescript/src/index.d.ts +80 -0
- package/lib/typescript/src/index.d.ts.map +1 -0
- package/lib/typescript/src/types.d.ts +45 -0
- package/lib/typescript/src/types.d.ts.map +1 -0
- package/package.json +155 -0
- package/src/errors.ts +6 -0
- package/src/index.tsx +141 -0
- package/src/types.ts +45 -0
- package/vendor/ios-passport-reader/CHANGELOG +362 -0
- package/vendor/ios-passport-reader/CODE_OF_CONDUCT.md +77 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/AppDelegate.swift +39 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/Contents.json +158 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-40.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-40@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-40@3x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-60@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-60@3x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-72.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-72@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-76.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-76@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-83.5@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-small-50.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-small-50@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-small.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-small@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-small@3x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/ios-marketing.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/notification-icon@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/notification-icon@3x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/notification-icon~ipad.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/notification-icon~ipad@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/Contents.json +6 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/background.imageset/Contents.json +21 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/background.imageset/background.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/head.imageset/Contents.json +21 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Assets.xcassets/head.imageset/head.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Base.lproj/LaunchScreen.storyboard +25 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Extensions/FileManagerExt.swift +16 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Extensions/StringExt.swift +40 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Extensions/UIApplicationExt.swift +21 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Info.plist +77 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Model/PassportUtils.swift +76 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Model/SettingsStore.swift +107 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/NFCPassportReader.entitlements +10 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/SceneDelegate.swift +57 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Views/DetailsView.swift +197 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Views/ExportPassportView.swift +164 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Views/HelperViews/CheckBoxView.swift +48 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Views/HelperViews/ViewExt.swift +20 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Views/HelperViews/ViewModifiers.swift +41 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Views/MRZEntryView.swift +125 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Views/MRZScannerViewController.swift +90 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Views/MainView.swift +214 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Views/PassportSummaryView.swift +111 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Views/PassportView.swift +73 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Views/SettingsView.swift +63 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/Views/StoredPassportView.swift +152 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/masterList.pem +32 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp/readme.md +10 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp.xcodeproj/project.pbxproj +695 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp.xcodeproj/xcshareddata/xcschemes/NFCPassportReader.xcscheme +106 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp.xcworkspace/contents.xcworkspacedata +10 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist +8 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderApp.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings +8 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderAppTests/DataGroupParsingTests.swift +189 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderAppTests/Info.plist +22 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderAppTests/NFCPassportReaderTests.swift +260 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/NFCPassportReaderAppTests/PACETests.swift +112 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/Podfile +22 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/Podfile.lock +35 -0
- package/vendor/ios-passport-reader/Examples/Example_CocoaPods/README.md +2 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/AppDelegate.swift +39 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/Contents.json +158 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-40.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-40@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-40@3x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-60@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-60@3x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-72.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-72@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-76.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-76@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-83.5@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-small-50.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-small-50@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-small.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-small@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon-small@3x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/icon@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/ios-marketing.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/notification-icon@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/notification-icon@3x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/notification-icon~ipad.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/AppIcon.appiconset/notification-icon~ipad@2x.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/Contents.json +6 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/background.imageset/Contents.json +21 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/background.imageset/background.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/head.imageset/Contents.json +21 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Assets.xcassets/head.imageset/head.png +0 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Base.lproj/LaunchScreen.storyboard +25 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Extensions/FileManagerExt.swift +16 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Extensions/StringExt.swift +40 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Extensions/UIApplicationExt.swift +21 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Info.plist +79 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Model/PassportUtils.swift +99 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Model/SettingsStore.swift +98 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Model/SettingsStoreCAN.swift +75 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/MrzScanner/LICENSE +21 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/MrzScanner/PreviewView.swift +34 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/MrzScanner/StringUtils.swift +160 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/MrzScanner/ViewController.swift +320 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/MrzScanner/VisionViewController.swift +163 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/NFCPassportReader.entitlements +10 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/SceneDelegate.swift +58 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/CANViews/CanKeyView.swift +251 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/CANViews/MRZEntryViewCanKey.swift +65 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/CANViews/PassportViewCAN.swift +73 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/DetailsView.swift +193 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/ExportPassportView.swift +164 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/HelperViews/CheckBoxView.swift +48 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/HelperViews/ViewExt.swift +20 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/HelperViews/ViewModifiers.swift +41 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/MRZEntryView.swift +125 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/MRZScannerViewController.swift +90 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/MainView.swift +264 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/PassportSummaryView.swift +111 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/PassportView.swift +73 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/SettingsView.swift +47 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/Views/StoredPassportView.swift +149 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/masterList.pem +32 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp/readme.md +10 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp.xcodeproj/project.pbxproj +683 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp.xcodeproj/project.xcworkspace/contents.xcworkspacedata +7 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved +25 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderApp.xcodeproj/xcshareddata/xcschemes/NFCPassportReader.xcscheme +106 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderAppTests/DataGroupParsingTests.swift +190 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderAppTests/Info.plist +22 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderAppTests/NFCPassportReaderTests.swift +260 -0
- package/vendor/ios-passport-reader/Examples/Example_SPM/NFCPassportReaderAppTests/PACETests.swift +112 -0
- package/vendor/ios-passport-reader/LICENSE +21 -0
- package/vendor/ios-passport-reader/NFCPassportReader.podspec +27 -0
- package/vendor/ios-passport-reader/Package.swift +29 -0
- package/vendor/ios-passport-reader/README.md +141 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/AES_3DES_DESEncryption.swift +377 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/BACHandler.swift +194 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/ChipAuthenticationHandler.swift +224 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroupHash.swift +16 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroupParser.swift +36 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/ActiveAuthenticationInfo.swift +69 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/COM.swift +61 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/CardAccess.swift +38 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/ChipAuthenticationInfo.swift +135 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/ChipAuthenticationPublicKeyInfo.swift +53 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/DataGroup.swift +103 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/DataGroup1.swift +111 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/DataGroup11.swift +66 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/DataGroup12.swift +75 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/DataGroup14.swift +37 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/DataGroup15.swift +46 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/DataGroup2.swift +163 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/DataGroup7.swift +46 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/DataGroupId.swift +105 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/NotImplementedDG.swift +16 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/PACEInfo.swift +415 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/SOD.swift +240 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/DataGroups/SecurityInfo.swift +136 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/Errors.swift +148 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/Logging.swift +32 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/Models/FaceImageInfo.swift +161 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/NFCPassportModel.swift +540 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/NFCViewDisplayMessage.swift +60 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/OpenSSLUtils.swift +705 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/PACEHandler.swift +627 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/PassportReader.swift +387 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/Resources/PrivacyInfo.xcprivacy +14 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/ResponseAPDU.swift +25 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/SecureMessaging.swift +301 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/SecureMessagingSessionKeyGenerator.swift +156 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/SimpleASN1DumpParser.swift +173 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/TagReader.swift +374 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/Utils.swift +430 -0
- package/vendor/ios-passport-reader/Sources/NFCPassportReader/X509Wrapper.swift +168 -0
- package/vendor/ios-passport-reader/scripts/README.md +45 -0
- package/vendor/ios-passport-reader/scripts/extract.py +197 -0
|
@@ -0,0 +1,627 @@
|
|
|
1
|
+
//
|
|
2
|
+
// PACEHandler.swift
|
|
3
|
+
// NFCPassportReader
|
|
4
|
+
//
|
|
5
|
+
// Created by Andy Qua on 03/03/2021.
|
|
6
|
+
//
|
|
7
|
+
|
|
8
|
+
import Foundation
|
|
9
|
+
import OSLog
|
|
10
|
+
import OpenSSL
|
|
11
|
+
import CryptoTokenKit
|
|
12
|
+
|
|
13
|
+
#if !os(macOS)
|
|
14
|
+
import CoreNFC
|
|
15
|
+
import CryptoKit
|
|
16
|
+
|
|
17
|
+
@available(iOS 15, *)
|
|
18
|
+
private enum PACEHandlerError {
|
|
19
|
+
case DHKeyAgreementError(String)
|
|
20
|
+
case ECDHKeyAgreementError(String)
|
|
21
|
+
|
|
22
|
+
var value: String {
|
|
23
|
+
switch self {
|
|
24
|
+
case .DHKeyAgreementError(let errMsg): return errMsg
|
|
25
|
+
case .ECDHKeyAgreementError(let errMsg): return errMsg
|
|
26
|
+
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
@available(iOS 15, *)
|
|
32
|
+
extension PACEHandlerError: LocalizedError {
|
|
33
|
+
public var errorDescription: String? {
|
|
34
|
+
return NSLocalizedString(value, comment: "PACEHandlerError")
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
@available(iOS 15, *)
|
|
39
|
+
public class PACEHandler {
|
|
40
|
+
|
|
41
|
+
|
|
42
|
+
private static let MRZ_PACE_KEY_REFERENCE : UInt8 = 0x01
|
|
43
|
+
private static let CAN_PACE_KEY_REFERENCE : UInt8 = 0x02 // Not currently supported
|
|
44
|
+
private static let PIN_PACE_KEY_REFERENCE : UInt8 = 0x03 // Not currently supported
|
|
45
|
+
private static let CUK_PACE_KEY_REFERENCE : UInt8 = 0x04 // Not currently supported
|
|
46
|
+
|
|
47
|
+
var tagReader : TagReader
|
|
48
|
+
var paceInfo : PACEInfo
|
|
49
|
+
|
|
50
|
+
var isPACESupported : Bool = false
|
|
51
|
+
var paceError : String = ""
|
|
52
|
+
|
|
53
|
+
// Params used
|
|
54
|
+
private var paceKey : [UInt8] = []
|
|
55
|
+
private var paceKeyType : UInt8 = 0
|
|
56
|
+
private var paceOID : String = ""
|
|
57
|
+
private var parameterSpec : Int32 = -1
|
|
58
|
+
private var mappingType : PACEMappingType!
|
|
59
|
+
private var agreementAlg : String = ""
|
|
60
|
+
private var cipherAlg : String = ""
|
|
61
|
+
private var digestAlg : String = ""
|
|
62
|
+
private var keyLength : Int = -1
|
|
63
|
+
|
|
64
|
+
public init(cardAccess : CardAccess, tagReader: TagReader) throws {
|
|
65
|
+
self.tagReader = tagReader
|
|
66
|
+
|
|
67
|
+
guard let pi = cardAccess.paceInfo else {
|
|
68
|
+
throw NFCPassportReaderError.NotYetSupported( "PACE not supported" )
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
self.paceInfo = pi
|
|
72
|
+
isPACESupported = true
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
public func doPACE( canKey : String ) async throws {
|
|
76
|
+
guard isPACESupported else {
|
|
77
|
+
throw NFCPassportReaderError.NotYetSupported( "PACE not supported" )
|
|
78
|
+
}
|
|
79
|
+
|
|
80
|
+
Logger.pace.info( "Performing PACE with \(self.paceInfo.getProtocolOIDString())" )
|
|
81
|
+
|
|
82
|
+
paceOID = paceInfo.getObjectIdentifier()
|
|
83
|
+
parameterSpec = try paceInfo.getParameterSpec()
|
|
84
|
+
mappingType = try paceInfo.getMappingType() // Either GM, CAM, or IM.
|
|
85
|
+
agreementAlg = try paceInfo.getKeyAgreementAlgorithm() // Either DH or ECDH.
|
|
86
|
+
cipherAlg = try paceInfo.getCipherAlgorithm() // Either DESede or AES.
|
|
87
|
+
digestAlg = try paceInfo.getDigestAlgorithm() // Either SHA-1 or SHA-256.
|
|
88
|
+
keyLength = try paceInfo.getKeyLength() // Get key length the enc cipher. Either 128, 192, or 256.
|
|
89
|
+
|
|
90
|
+
paceKeyType = PACEHandler.CAN_PACE_KEY_REFERENCE
|
|
91
|
+
paceKey = try createPaceKey( from: canKey )
|
|
92
|
+
|
|
93
|
+
// Temporary logging
|
|
94
|
+
Logger.pace.debug("doPace - inpit parameters" )
|
|
95
|
+
Logger.pace.debug("paceOID - \(self.paceOID)" )
|
|
96
|
+
Logger.pace.debug("parameterSpec - \(self.parameterSpec)" )
|
|
97
|
+
Logger.pace.debug("mappingType - \(self.mappingType!.description())" )
|
|
98
|
+
Logger.pace.debug("agreementAlg - \(self.agreementAlg)" )
|
|
99
|
+
Logger.pace.debug("cipherAlg - \(self.cipherAlg)" )
|
|
100
|
+
Logger.pace.debug("digestAlg - \(self.digestAlg)" )
|
|
101
|
+
Logger.pace.debug("keyLength - \(self.keyLength)" )
|
|
102
|
+
Logger.pace.debug("paceKey - \(binToHexRep(self.paceKey, asArray:true))" )
|
|
103
|
+
|
|
104
|
+
// First start the initial auth call
|
|
105
|
+
_ = try await tagReader.sendMSESetATMutualAuth(oid: paceOID, keyType: paceKeyType)
|
|
106
|
+
|
|
107
|
+
let decryptedNonce = try await self.doStep1()
|
|
108
|
+
let ephemeralParams = try await self.doStep2(passportNonce: decryptedNonce)
|
|
109
|
+
let (ephemeralKeyPair, passportPublicKey) = try await self.doStep3KeyExchange(ephemeralParams: ephemeralParams)
|
|
110
|
+
let (encKey, macKey) = try await self.doStep4KeyAgreement( pcdKeyPair: ephemeralKeyPair, passportPublicKey: passportPublicKey)
|
|
111
|
+
try self.paceCompleted( ksEnc: encKey, ksMac: macKey )
|
|
112
|
+
Logger.pace.debug("PACE SUCCESSFUL" )
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
/// Handles an error during the PACE process
|
|
116
|
+
/// Logs and stoes the error and returns false to the caller
|
|
117
|
+
/// - Parameters:
|
|
118
|
+
/// - stage: Where in the PACE process the error occurred
|
|
119
|
+
/// - error: The error message
|
|
120
|
+
func handleError( _ stage: String, _ error: String, needToTerminateGA: Bool = false ) {
|
|
121
|
+
Logger.pace.error( "PACEHandler: \(stage) - \(error)" )
|
|
122
|
+
Logger.pace.error( " OpenSSLError: \(OpenSSLUtils.getOpenSSLError())" )
|
|
123
|
+
self.paceError = "\(stage) - \(error)"
|
|
124
|
+
//self.completedHandler?( false )
|
|
125
|
+
|
|
126
|
+
/*
|
|
127
|
+
if needToTerminateGA {
|
|
128
|
+
// This is to fix some passports that don't automatically terminate command chaining!
|
|
129
|
+
// No idea if this is the correct way to do it but testing.....
|
|
130
|
+
let terminateGA = wrapDO(b:0x83, arr:[0x00])
|
|
131
|
+
tagReader.sendGeneralAuthenticate(data:terminateGA, isLast:true, completed: { [weak self] response, error in
|
|
132
|
+
self?.completedHandler?( false )
|
|
133
|
+
})
|
|
134
|
+
} else {
|
|
135
|
+
self.completedHandler?( false )
|
|
136
|
+
}
|
|
137
|
+
*/
|
|
138
|
+
}
|
|
139
|
+
|
|
140
|
+
/// Performs PACE Step 1- receives an encrypted nonce from the passport and decypts it with the PACE key - derived from MRZ, CAN (not yet supported)
|
|
141
|
+
func doStep1() async throws -> [UInt8] {
|
|
142
|
+
Logger.pace.debug("Doing PACE Step1...")
|
|
143
|
+
let response = try await tagReader.sendGeneralAuthenticate(data: [], isLast: false)
|
|
144
|
+
|
|
145
|
+
let data = response.data
|
|
146
|
+
let encryptedNonce = try unwrapDO(tag: 0x80, wrappedData: data)
|
|
147
|
+
Logger.pace.debug( "Encrypted nonce - \(binToHexRep(encryptedNonce, asArray:true))" )
|
|
148
|
+
|
|
149
|
+
let decryptedNonce: [UInt8]
|
|
150
|
+
if self.cipherAlg == "DESede" {
|
|
151
|
+
let iv = [UInt8](repeating:0, count: 8)
|
|
152
|
+
decryptedNonce = tripleDESDecrypt(key: self.paceKey, message: encryptedNonce, iv: iv)
|
|
153
|
+
} else if self.cipherAlg == "AES" {
|
|
154
|
+
let iv = [UInt8](repeating:0, count: 16)
|
|
155
|
+
decryptedNonce = AESDecrypt(key: self.paceKey, message: encryptedNonce, iv: iv)
|
|
156
|
+
} else {
|
|
157
|
+
throw NFCPassportReaderError.UnsupportedCipherAlgorithm
|
|
158
|
+
}
|
|
159
|
+
|
|
160
|
+
Logger.pace.debug( "Decrypted nonce - \(binToHexRep(decryptedNonce, asArray:true) )" )
|
|
161
|
+
return decryptedNonce
|
|
162
|
+
}
|
|
163
|
+
|
|
164
|
+
|
|
165
|
+
/// Performs PACE Step 2 - computes ephemeral parameters by mapping the nonce received from the passport
|
|
166
|
+
/// (and if IM used the nonce generated by us)
|
|
167
|
+
///
|
|
168
|
+
/// Using the supported
|
|
169
|
+
/// - Parameters:
|
|
170
|
+
/// - passportNonce: The decrypted nonce received from the passport
|
|
171
|
+
func doStep2( passportNonce: [UInt8]) async throws -> OpaquePointer {
|
|
172
|
+
Logger.pace.debug( "Doing PACE Step2...")
|
|
173
|
+
switch(mappingType) {
|
|
174
|
+
case .CAM, .GM:
|
|
175
|
+
Logger.pace.debug( " Using General Mapping (GM)...")
|
|
176
|
+
return try await doPACEStep2GM(passportNonce: passportNonce)
|
|
177
|
+
case .IM:
|
|
178
|
+
Logger.pace.debug( " Using Integrated Mapping (IM)...")
|
|
179
|
+
return try await doPACEStep2IM(passportNonce: passportNonce)
|
|
180
|
+
default:
|
|
181
|
+
throw NFCPassportReaderError.PACEError( "Step2GM", "Unsupported Mapping Type" )
|
|
182
|
+
}
|
|
183
|
+
|
|
184
|
+
}
|
|
185
|
+
|
|
186
|
+
/// Performs PACEStep 2 using Generic Mapping
|
|
187
|
+
///
|
|
188
|
+
/// Using the supported
|
|
189
|
+
/// - Parameters:
|
|
190
|
+
/// - passportNonce: The decrypted nonce received from the passport
|
|
191
|
+
func doPACEStep2GM(passportNonce : [UInt8]) async throws -> OpaquePointer {
|
|
192
|
+
|
|
193
|
+
let mappingKey : OpaquePointer
|
|
194
|
+
mappingKey = try self.paceInfo.createMappingKey( )
|
|
195
|
+
|
|
196
|
+
guard let pcdMappingEncodedPublicKey = OpenSSLUtils.getPublicKeyData(from: mappingKey) else {
|
|
197
|
+
throw NFCPassportReaderError.PACEError( "Step2GM", "Unable to get public key from mapping key")
|
|
198
|
+
}
|
|
199
|
+
Logger.pace.debug( "public mapping key - \(binToHexRep(pcdMappingEncodedPublicKey, asArray:true))")
|
|
200
|
+
|
|
201
|
+
Logger.pace.debug( "Sending public mapping key to passport..")
|
|
202
|
+
let step2Data = wrapDO(b:0x81, arr:pcdMappingEncodedPublicKey)
|
|
203
|
+
let response = try await tagReader.sendGeneralAuthenticate(data:step2Data, isLast:false)
|
|
204
|
+
|
|
205
|
+
let piccMappingEncodedPublicKey = try unwrapDO(tag: 0x82, wrappedData: response.data)
|
|
206
|
+
|
|
207
|
+
Logger.pace.debug( "Received passports public mapping key")
|
|
208
|
+
Logger.pace.debug( " public mapping key - \(binToHexRep(piccMappingEncodedPublicKey, asArray: true))")
|
|
209
|
+
|
|
210
|
+
// Do mapping agreement
|
|
211
|
+
|
|
212
|
+
// First, Convert nonce to BIGNUM
|
|
213
|
+
guard let bn_nonce = BN_bin2bn(passportNonce, Int32(passportNonce.count), nil) else {
|
|
214
|
+
throw NFCPassportReaderError.PACEError( "Step2GM", "Unable to convert picc nonce to bignum" )
|
|
215
|
+
}
|
|
216
|
+
defer { BN_free(bn_nonce) }
|
|
217
|
+
|
|
218
|
+
// ephmeralParams are free'd in stage 3
|
|
219
|
+
let ephemeralParams : OpaquePointer
|
|
220
|
+
if self.agreementAlg == "DH" {
|
|
221
|
+
Logger.pace.debug( "Doing DH Mapping agreement")
|
|
222
|
+
ephemeralParams = try self.doDHMappingAgreement(mappingKey: mappingKey, passportPublicKeyData: piccMappingEncodedPublicKey, nonce: bn_nonce )
|
|
223
|
+
} else if self.agreementAlg == "ECDH" {
|
|
224
|
+
Logger.pace.debug( "Doing ECDH Mapping agreement")
|
|
225
|
+
ephemeralParams = try self.doECDHMappingAgreement(mappingKey: mappingKey, passportPublicKeyData: piccMappingEncodedPublicKey, nonce: bn_nonce )
|
|
226
|
+
} else {
|
|
227
|
+
throw NFCPassportReaderError.PACEError( "Step2GM", "Unsupported agreement algorithm" )
|
|
228
|
+
}
|
|
229
|
+
|
|
230
|
+
// Need to free the mapping key we created now
|
|
231
|
+
EVP_PKEY_free(mappingKey)
|
|
232
|
+
return ephemeralParams
|
|
233
|
+
}
|
|
234
|
+
|
|
235
|
+
func doPACEStep2IM( passportNonce: [UInt8] ) async throws -> OpaquePointer {
|
|
236
|
+
// Not implemented yet
|
|
237
|
+
throw NFCPassportReaderError.PACEError( "Step2IM", "IM not yet implemented" )
|
|
238
|
+
}
|
|
239
|
+
|
|
240
|
+
/// Generates an ephemeral public/private key pair based on mapping parameters from step 2, and then sends
|
|
241
|
+
/// the public key to the passport and receives its ephmeral public key in exchange
|
|
242
|
+
/// - Parameters:
|
|
243
|
+
/// - ephemeralParams: The ehpemeral mapping keys generated by step2
|
|
244
|
+
/// - Returns:
|
|
245
|
+
/// - Tuple of Generated Ephemeral KeyPair and the Passport's public key
|
|
246
|
+
func doStep3KeyExchange(ephemeralParams: OpaquePointer) async throws -> (OpaquePointer, OpaquePointer) {
|
|
247
|
+
Logger.pace.debug( "Doing PACE Step3 - Key Exchange")
|
|
248
|
+
|
|
249
|
+
// Generate ephemeral keypair from ephemeralParams
|
|
250
|
+
var ephKeyPair : OpaquePointer? = nil
|
|
251
|
+
let pctx = EVP_PKEY_CTX_new(ephemeralParams, nil)
|
|
252
|
+
EVP_PKEY_keygen_init(pctx)
|
|
253
|
+
EVP_PKEY_keygen(pctx, &ephKeyPair)
|
|
254
|
+
EVP_PKEY_CTX_free(pctx)
|
|
255
|
+
|
|
256
|
+
guard let ephemeralKeyPair = ephKeyPair else {
|
|
257
|
+
throw NFCPassportReaderError.PACEError( "Step3 KeyEx", "Unable to get create ephermeral key pair" )
|
|
258
|
+
}
|
|
259
|
+
|
|
260
|
+
Logger.pace.debug( "Generated Ephemeral key pair")
|
|
261
|
+
|
|
262
|
+
// We've finished with the ephemeralParams now - we can now free it
|
|
263
|
+
EVP_PKEY_free( ephemeralParams )
|
|
264
|
+
|
|
265
|
+
guard let publicKey = OpenSSLUtils.getPublicKeyData( from: ephemeralKeyPair ) else {
|
|
266
|
+
throw NFCPassportReaderError.PACEError( "Step3 KeyEx", "Unable to get public key from ephermeral key pair" )
|
|
267
|
+
}
|
|
268
|
+
Logger.pace.debug( "Ephemeral public key - \(binToHexRep(publicKey, asArray: true))")
|
|
269
|
+
|
|
270
|
+
// exchange public keys
|
|
271
|
+
Logger.pace.debug( "Sending ephemeral public key to passport")
|
|
272
|
+
let step3Data = wrapDO(b:0x83, arr:publicKey)
|
|
273
|
+
let response = try await tagReader.sendGeneralAuthenticate(data:step3Data, isLast:false)
|
|
274
|
+
let passportEncodedPublicKey = try? unwrapDO(tag: 0x84, wrappedData: response.data)
|
|
275
|
+
guard let passportPublicKey = OpenSSLUtils.decodePublicKeyFromBytes(pubKeyData: passportEncodedPublicKey!, params: ephemeralKeyPair) else {
|
|
276
|
+
throw NFCPassportReaderError.PACEError( "Step3 KeyEx", "Unable to decode passports ephemeral key" )
|
|
277
|
+
}
|
|
278
|
+
|
|
279
|
+
Logger.pace.debug( "Received passports ephemeral public key - \(binToHexRep(passportEncodedPublicKey!, asArray: true))" )
|
|
280
|
+
return (ephemeralKeyPair, passportPublicKey)
|
|
281
|
+
}
|
|
282
|
+
|
|
283
|
+
/// This performs PACE Step 4 - Key Agreement.
|
|
284
|
+
/// Here the shared secret is computed from our ephemeral private key and the passports ephemeral public key
|
|
285
|
+
/// The new secure messaging (ksEnc and ksMac) keys are computed from the shared secret
|
|
286
|
+
/// An authentication token is generated from the passports public key and the computed ksMac key
|
|
287
|
+
/// Then, the authetication token is send to the passport, it returns its own computed authentication token
|
|
288
|
+
/// We then compute an expected authentication token from the ksMac key and our ephemeral public key
|
|
289
|
+
/// Finally we compare the recieved auth token to the expected token and if they are the same then PACE has succeeded!
|
|
290
|
+
/// - Parameters:
|
|
291
|
+
/// - pcdKeyPair: our ephemeral key pair
|
|
292
|
+
/// - passportPublicKey: passports ephemeral public key
|
|
293
|
+
/// - Returns:
|
|
294
|
+
/// - Tuple of KSEnc KSMac
|
|
295
|
+
func doStep4KeyAgreement( pcdKeyPair: OpaquePointer, passportPublicKey: OpaquePointer) async throws -> ([UInt8], [UInt8]) {
|
|
296
|
+
Logger.pace.debug( "Doing PACE Step4 Key Agreement...")
|
|
297
|
+
|
|
298
|
+
Logger.pace.debug( "Computing shared secret...")
|
|
299
|
+
let sharedSecret = OpenSSLUtils.computeSharedSecret(privateKeyPair: pcdKeyPair, publicKey: passportPublicKey)
|
|
300
|
+
Logger.pace.debug( "Shared secret - \(binToHexRep(sharedSecret, asArray:true))")
|
|
301
|
+
|
|
302
|
+
Logger.pace.debug( "Deriving ksEnc and ksMac keys from shared secret")
|
|
303
|
+
let gen = SecureMessagingSessionKeyGenerator()
|
|
304
|
+
let encKey = try! gen.deriveKey(keySeed: sharedSecret, cipherAlgName: cipherAlg, keyLength: keyLength, mode: .ENC_MODE)
|
|
305
|
+
let macKey = try! gen.deriveKey(keySeed: sharedSecret, cipherAlgName: cipherAlg, keyLength: keyLength, mode: .MAC_MODE)
|
|
306
|
+
Logger.pace.debug( "encKey - \(binToHexRep(encKey, asArray:true))")
|
|
307
|
+
Logger.pace.debug( "macKey - \(binToHexRep(macKey, asArray:true))")
|
|
308
|
+
|
|
309
|
+
// Step 4 - generate authentication token
|
|
310
|
+
Logger.pace.debug( "Generating authentication token")
|
|
311
|
+
guard let pcdAuthToken = try? generateAuthenticationToken( publicKey: passportPublicKey, macKey: macKey) else {
|
|
312
|
+
throw NFCPassportReaderError.PACEError( "Step3 KeyAgreement", "Unable to generate authentication token using passports public key" )
|
|
313
|
+
}
|
|
314
|
+
Logger.pace.debug( "authentication token - \(pcdAuthToken)")
|
|
315
|
+
|
|
316
|
+
Logger.pace.debug( "Sending auth token to passport")
|
|
317
|
+
let step4Data = wrapDO(b:0x85, arr:pcdAuthToken)
|
|
318
|
+
let response = try await tagReader.sendGeneralAuthenticate(data:step4Data, isLast:true)
|
|
319
|
+
|
|
320
|
+
let tvlResp = TKBERTLVRecord.sequenceOfRecords(from: Data(response.data))!
|
|
321
|
+
if tvlResp[0].tag != 0x86 {
|
|
322
|
+
Logger.pace.warning("Was expecting tag 0x86, found: \(binToHex(UInt8(tvlResp[0].tag)))")
|
|
323
|
+
}
|
|
324
|
+
// Calculate expected authentication token
|
|
325
|
+
let expectedPICCToken = try self.generateAuthenticationToken( publicKey: pcdKeyPair, macKey: macKey)
|
|
326
|
+
|
|
327
|
+
Logger.pace.debug( "Expecting authentication token from passport - \(expectedPICCToken)")
|
|
328
|
+
|
|
329
|
+
let piccToken = [UInt8](tvlResp[0].value)
|
|
330
|
+
Logger.pace.debug( "Received authentication token from passport - \(piccToken)")
|
|
331
|
+
|
|
332
|
+
guard piccToken == expectedPICCToken else {
|
|
333
|
+
Logger.pace.error( "Error PICC Token mismatch!\npicToken - \(piccToken)\nexpectedPICCToken - \(expectedPICCToken)" )
|
|
334
|
+
throw NFCPassportReaderError.PACEError( "Step3 KeyAgreement", "Error PICC Token mismatch!\npicToken - \(piccToken)\nexpectedPICCToken - \(expectedPICCToken)" )
|
|
335
|
+
}
|
|
336
|
+
|
|
337
|
+
Logger.pace.debug( "Auth token from passport matches expected token!" )
|
|
338
|
+
|
|
339
|
+
// This will be added for CAM when supported
|
|
340
|
+
// var encryptedChipAuthenticationData : [UInt8]? = nil
|
|
341
|
+
// if (sself.mappingType == PACEMappingType.CAM) {
|
|
342
|
+
// if tvlResp[1].tag != 0x8A {
|
|
343
|
+
// Logger.pace.warning("CAM: Was expecting tag 0x86, found: \(binToHex(UInt8(tvlResp[1].tag)))")
|
|
344
|
+
// }
|
|
345
|
+
// encryptedChipAuthenticationData = [UInt8](tvlResp[1].value)
|
|
346
|
+
// }
|
|
347
|
+
|
|
348
|
+
// We're done!
|
|
349
|
+
return (encKey, macKey)
|
|
350
|
+
}
|
|
351
|
+
|
|
352
|
+
/// Called once PACE has completed with the newly generated ksEnc and ksMac keys for restarting secure messaging
|
|
353
|
+
/// - Parameters:
|
|
354
|
+
/// - ksEnc: the computed encryption key derived from the key agreement
|
|
355
|
+
/// - ksMac: the computed mac key derived from the key agreement
|
|
356
|
+
func paceCompleted( ksEnc: [UInt8], ksMac: [UInt8] ) throws {
|
|
357
|
+
// Restart secure messaging
|
|
358
|
+
let ssc = withUnsafeBytes(of: 0.bigEndian, Array.init)
|
|
359
|
+
if (cipherAlg.hasPrefix("DESede")) {
|
|
360
|
+
Logger.pace.info( "Restarting secure messaging using DESede encryption")
|
|
361
|
+
let sm = SecureMessaging(encryptionAlgorithm: .DES, ksenc: ksEnc, ksmac: ksMac, ssc: ssc)
|
|
362
|
+
tagReader.secureMessaging = sm
|
|
363
|
+
} else if (cipherAlg.hasPrefix("AES")) {
|
|
364
|
+
Logger.pace.info( "Restarting secure messaging using AES encryption")
|
|
365
|
+
let sm = SecureMessaging(encryptionAlgorithm: .AES, ksenc: ksEnc, ksmac: ksMac, ssc: ssc)
|
|
366
|
+
tagReader.secureMessaging = sm
|
|
367
|
+
} else {
|
|
368
|
+
throw NFCPassportReaderError.PACEError( "PACECompleted", "Not restarting secure messaging as unsupported cipher algorithm requested - \(cipherAlg)" )
|
|
369
|
+
}
|
|
370
|
+
}
|
|
371
|
+
}
|
|
372
|
+
|
|
373
|
+
// MARK - PACEHandler Utility functions
|
|
374
|
+
@available(iOS 15, *)
|
|
375
|
+
extension PACEHandler {
|
|
376
|
+
|
|
377
|
+
/// Does the DH key Mapping agreement
|
|
378
|
+
/// - Parameter mappingKey - Pointer to an EVP_PKEY structure containing the mapping key
|
|
379
|
+
/// - Parameter passportPublicKeyData - byte array containing the publick key read from the passport
|
|
380
|
+
/// - Parameter nonce - Pointer to an BIGNUM structure containing the unencrypted nonce
|
|
381
|
+
/// - Returns the EVP_PKEY containing the mapped ephemeral parameters
|
|
382
|
+
func doDHMappingAgreement( mappingKey : OpaquePointer, passportPublicKeyData: [UInt8], nonce: OpaquePointer ) throws -> OpaquePointer {
|
|
383
|
+
guard let dh_mapping_key = EVP_PKEY_get1_DH(mappingKey) else {
|
|
384
|
+
// Error
|
|
385
|
+
throw PACEHandlerError.DHKeyAgreementError( "Unable to get DH mapping key" )
|
|
386
|
+
}
|
|
387
|
+
|
|
388
|
+
// Compute the shared secret using the mapping key and the passports public mapping key
|
|
389
|
+
let bn = BN_bin2bn(passportPublicKeyData, Int32(passportPublicKeyData.count), nil)
|
|
390
|
+
defer { BN_free( bn ) }
|
|
391
|
+
|
|
392
|
+
var secret = [UInt8](repeating: 0, count: Int(DH_size(dh_mapping_key)))
|
|
393
|
+
DH_compute_key( &secret, bn, dh_mapping_key)
|
|
394
|
+
|
|
395
|
+
// Convert the secret to a bignum
|
|
396
|
+
let bn_h = BN_bin2bn(secret, Int32(secret.count), nil)
|
|
397
|
+
defer { BN_clear_free(bn_h) }
|
|
398
|
+
|
|
399
|
+
// Initialize ephemeral parameters with parameters from the mapping key
|
|
400
|
+
guard let ephemeral_key = DHparams_dup(dh_mapping_key) else {
|
|
401
|
+
// Error
|
|
402
|
+
throw PACEHandlerError.DHKeyAgreementError("Unable to get initialise ephemeral parameters from DH mapping key")
|
|
403
|
+
}
|
|
404
|
+
defer{ DH_free(ephemeral_key) }
|
|
405
|
+
|
|
406
|
+
var p : OpaquePointer? = nil
|
|
407
|
+
var q : OpaquePointer? = nil
|
|
408
|
+
var g : OpaquePointer? = nil
|
|
409
|
+
DH_get0_pqg(dh_mapping_key, &p, &q, &g)
|
|
410
|
+
|
|
411
|
+
// map to new generator
|
|
412
|
+
guard let bn_g = BN_new() else {
|
|
413
|
+
throw PACEHandlerError.DHKeyAgreementError( "Unable to create bn_g" )
|
|
414
|
+
}
|
|
415
|
+
defer{ BN_free(bn_g) }
|
|
416
|
+
guard let new_g = BN_new() else {
|
|
417
|
+
throw PACEHandlerError.DHKeyAgreementError( "Unable to create new_g" )
|
|
418
|
+
}
|
|
419
|
+
defer{ BN_free(new_g) }
|
|
420
|
+
|
|
421
|
+
// bn_g = g^nonce mod p
|
|
422
|
+
// ephemeral_key->g = bn_g mod p * h => (g^nonce mod p) * h mod p
|
|
423
|
+
let bn_ctx = BN_CTX_new()
|
|
424
|
+
guard BN_mod_exp(bn_g, g, nonce, p, bn_ctx) == 1,
|
|
425
|
+
BN_mod_mul(new_g, bn_g, bn_h, p, bn_ctx) == 1 else {
|
|
426
|
+
// Error
|
|
427
|
+
throw PACEHandlerError.DHKeyAgreementError( "Failed to generate new parameters" )
|
|
428
|
+
}
|
|
429
|
+
|
|
430
|
+
guard DH_set0_pqg(ephemeral_key, BN_dup(p), BN_dup(q), BN_dup(new_g)) == 1 else {
|
|
431
|
+
// Error
|
|
432
|
+
throw PACEHandlerError.DHKeyAgreementError( "Unable to set DH pqg paramerters" )
|
|
433
|
+
}
|
|
434
|
+
|
|
435
|
+
// Set the ephemeral params
|
|
436
|
+
guard let ephemeralParams = EVP_PKEY_new() else {
|
|
437
|
+
throw PACEHandlerError.ECDHKeyAgreementError( "Unable to create ephemeral params" )
|
|
438
|
+
}
|
|
439
|
+
|
|
440
|
+
guard EVP_PKEY_set1_DH(ephemeralParams, ephemeral_key) == 1 else {
|
|
441
|
+
// Error
|
|
442
|
+
EVP_PKEY_free( ephemeralParams )
|
|
443
|
+
throw PACEHandlerError.DHKeyAgreementError( "Unable to set ephemeral parameters" )
|
|
444
|
+
}
|
|
445
|
+
return ephemeralParams
|
|
446
|
+
}
|
|
447
|
+
|
|
448
|
+
/// Does the ECDH key Mapping agreement
|
|
449
|
+
/// - Parameter mappingKey - Pointer to an EVP_PKEY structure containing the mapping key
|
|
450
|
+
/// - Parameter passportPublicKeyData - byte array containing the publick key read from the passport
|
|
451
|
+
/// - Parameter nonce - Pointer to an BIGNUM structure containing the unencrypted nonce
|
|
452
|
+
/// - Returns the EVP_PKEY containing the mapped ephemeral parameters
|
|
453
|
+
func doECDHMappingAgreement( mappingKey : OpaquePointer, passportPublicKeyData: [UInt8], nonce: OpaquePointer ) throws -> OpaquePointer {
|
|
454
|
+
|
|
455
|
+
let ec_mapping_key = EVP_PKEY_get1_EC_KEY(mappingKey)
|
|
456
|
+
|
|
457
|
+
guard let group = EC_GROUP_dup(EC_KEY_get0_group(ec_mapping_key)) else {
|
|
458
|
+
// Error
|
|
459
|
+
throw PACEHandlerError.ECDHKeyAgreementError( "Unable to get EC group" )
|
|
460
|
+
}
|
|
461
|
+
defer { EC_GROUP_free(group) }
|
|
462
|
+
|
|
463
|
+
guard let order = BN_new() else {
|
|
464
|
+
// Error
|
|
465
|
+
throw PACEHandlerError.ECDHKeyAgreementError( "Unable to create order bignum" )
|
|
466
|
+
}
|
|
467
|
+
defer { BN_free( order ) }
|
|
468
|
+
|
|
469
|
+
guard let cofactor = BN_new() else {
|
|
470
|
+
// error
|
|
471
|
+
throw PACEHandlerError.ECDHKeyAgreementError( "Unable to create cofactor bignum" )
|
|
472
|
+
}
|
|
473
|
+
defer { BN_free( cofactor ) }
|
|
474
|
+
|
|
475
|
+
guard EC_GROUP_get_order(group, order, nil) == 1 ||
|
|
476
|
+
EC_GROUP_get_cofactor(group, cofactor, nil) == 1 else {
|
|
477
|
+
// Handle error
|
|
478
|
+
throw PACEHandlerError.ECDHKeyAgreementError( "Unable to get order or cofactor from group" )
|
|
479
|
+
}
|
|
480
|
+
|
|
481
|
+
// Create the shared secret in the form of a ECPoint
|
|
482
|
+
|
|
483
|
+
// Ideally I'd use OpenSSLUtls.computeSharedSecret for this but for reasons as yet unknown, it only returns the first 32 bytes
|
|
484
|
+
// NOT the full 64 bytes (would then convert to 65 with e header of 4 for uncompressed)
|
|
485
|
+
guard let sharedSecretMappingPoint = self.computeECDHMappingKeyPoint(privateKey: mappingKey, inputKey: passportPublicKeyData) else {
|
|
486
|
+
// Error
|
|
487
|
+
throw PACEHandlerError.ECDHKeyAgreementError( "Failed to compute new shared secret mapping point from mapping key and passport public mapping key" )
|
|
488
|
+
}
|
|
489
|
+
defer { EC_POINT_free( sharedSecretMappingPoint ) }
|
|
490
|
+
|
|
491
|
+
// Map the nonce using Generic mapping to get the new parameters (inc a new generator)
|
|
492
|
+
guard let newGenerater = EC_POINT_new(group) else {
|
|
493
|
+
throw PACEHandlerError.ECDHKeyAgreementError( "Unable to create new mapping generator point" )
|
|
494
|
+
}
|
|
495
|
+
defer{ EC_POINT_free(newGenerater) }
|
|
496
|
+
|
|
497
|
+
// g = (generator * nonce) + (sharedSecretMappingPoint * 1)
|
|
498
|
+
guard EC_POINT_mul(group, newGenerater, nonce, sharedSecretMappingPoint, BN_value_one(), nil) == 1 else {
|
|
499
|
+
throw PACEHandlerError.ECDHKeyAgreementError( "Failed to map nonce to get new generator params" )
|
|
500
|
+
}
|
|
501
|
+
|
|
502
|
+
// Initialize ephemeral parameters with parameters from the mapping key
|
|
503
|
+
guard let ephemeralParams = EVP_PKEY_new() else {
|
|
504
|
+
throw PACEHandlerError.ECDHKeyAgreementError( "Unable to create ephemeral params" )
|
|
505
|
+
}
|
|
506
|
+
|
|
507
|
+
let ephemeral_key = EC_KEY_dup(ec_mapping_key)
|
|
508
|
+
defer{ EC_KEY_free(ephemeral_key) }
|
|
509
|
+
|
|
510
|
+
// configure the new EC_KEY
|
|
511
|
+
guard EVP_PKEY_set1_EC_KEY(ephemeralParams, ephemeral_key) == 1,
|
|
512
|
+
EC_GROUP_set_generator(group, newGenerater, order, cofactor) == 1,
|
|
513
|
+
EC_GROUP_check(group, nil) == 1,
|
|
514
|
+
EC_KEY_set_group(ephemeral_key, group) == 1 else {
|
|
515
|
+
// Error
|
|
516
|
+
|
|
517
|
+
EVP_PKEY_free( ephemeralParams )
|
|
518
|
+
throw PACEHandlerError.ECDHKeyAgreementError( "Unable to configure new ephemeral params" )
|
|
519
|
+
}
|
|
520
|
+
return ephemeralParams
|
|
521
|
+
}
|
|
522
|
+
|
|
523
|
+
/// Generate Authentication token from a publicKey and and a mac key
|
|
524
|
+
/// - Parameters:
|
|
525
|
+
/// - publicKey: An EVP_PKEY structure containing a public key data which will be used to generate the auth code
|
|
526
|
+
/// - macKey: The mac key derived from the key agreement
|
|
527
|
+
/// - Throws: An error if we are unable to encode the public key data
|
|
528
|
+
/// - Returns: The authentication token (8 bytes)
|
|
529
|
+
func generateAuthenticationToken( publicKey: OpaquePointer, macKey: [UInt8] ) throws -> [UInt8] {
|
|
530
|
+
var encodedPublicKeyData = try encodePublicKey(oid:self.paceOID, key:publicKey)
|
|
531
|
+
|
|
532
|
+
if cipherAlg == "DESede" {
|
|
533
|
+
// If DESede (3DES), we need to pad the data
|
|
534
|
+
encodedPublicKeyData = pad(encodedPublicKeyData, blockSize: 8)
|
|
535
|
+
}
|
|
536
|
+
|
|
537
|
+
Logger.pace.debug( "Generating Authentication Token" )
|
|
538
|
+
Logger.pace.debug( "EncodedPubKey = \(binToHexRep(encodedPublicKeyData, asArray: true))" )
|
|
539
|
+
Logger.pace.debug( "macKey = \(binToHexRep(macKey, asArray: true))" )
|
|
540
|
+
|
|
541
|
+
let maccedPublicKeyDataObject = mac(algoName: cipherAlg == "DESede" ? .DES : .AES, key: macKey, msg: encodedPublicKeyData)
|
|
542
|
+
|
|
543
|
+
// Take 8 bytes for auth token
|
|
544
|
+
let authToken = [UInt8](maccedPublicKeyDataObject[0..<8])
|
|
545
|
+
Logger.pace.debug( "Generated authToken = \(binToHexRep(authToken, asArray: true))" )
|
|
546
|
+
return authToken
|
|
547
|
+
}
|
|
548
|
+
|
|
549
|
+
/// Encodes a PublicKey as an TLV strucuture based on TR-SAC 1.01 4.5.1 and 4.5.2
|
|
550
|
+
/// - Parameters:
|
|
551
|
+
/// - oid: The object identifier specifying the key type
|
|
552
|
+
/// - key: The ECP_PKEY public key to encode
|
|
553
|
+
/// - Throws: Error if unable to encode
|
|
554
|
+
/// - Returns: the encoded public key in tlv format
|
|
555
|
+
func encodePublicKey( oid : String, key : OpaquePointer ) throws -> [UInt8] {
|
|
556
|
+
let encodedOid = oidToBytes(oid:oid, replaceTag: false)
|
|
557
|
+
guard let pubKeyData = OpenSSLUtils.getPublicKeyData(from: key) else {
|
|
558
|
+
Logger.pace.error( "PACEHandler: encodePublicKey() - Unable to get public key data" )
|
|
559
|
+
throw NFCPassportReaderError.InvalidDataPassed("Unable to get public key data")
|
|
560
|
+
}
|
|
561
|
+
|
|
562
|
+
let keyType = EVP_PKEY_base_id( key )
|
|
563
|
+
let tag : TKTLVTag
|
|
564
|
+
if keyType == EVP_PKEY_DH || keyType == EVP_PKEY_DHX {
|
|
565
|
+
tag = 0x84
|
|
566
|
+
} else {
|
|
567
|
+
tag = 0x86
|
|
568
|
+
}
|
|
569
|
+
|
|
570
|
+
guard let encOid = TKBERTLVRecord(from: Data(encodedOid)) else {
|
|
571
|
+
throw NFCPassportReaderError.InvalidASN1Value
|
|
572
|
+
}
|
|
573
|
+
let encPub = TKBERTLVRecord(tag:tag, value: Data(pubKeyData))
|
|
574
|
+
let record = TKBERTLVRecord(tag: 0x7F49, records:[encOid, encPub])
|
|
575
|
+
let data = record.data
|
|
576
|
+
|
|
577
|
+
return [UInt8](data)
|
|
578
|
+
}
|
|
579
|
+
|
|
580
|
+
/// Computes a key seed based on an MRZ key
|
|
581
|
+
/// - Parameter the mrz key
|
|
582
|
+
/// - Returns a encoded key based on the mrz key that can be used for PACE
|
|
583
|
+
func createPaceKey( from canKey: String ) throws -> [UInt8] {
|
|
584
|
+
var keySeed = (0..<6).map { UInt8(canKey[canKey.index(canKey.startIndex, offsetBy: $0)].asciiValue!) }
|
|
585
|
+
|
|
586
|
+
let counter: Int32 = 3 // PACE mode
|
|
587
|
+
|
|
588
|
+
// Chuyển giá trị counter thành Big-Endian (4 byte)
|
|
589
|
+
let counterBigEndian = counter.bigEndian
|
|
590
|
+
|
|
591
|
+
// Thêm giá trị counter (Int32) vào cuối preimage (4 byte, Big-Endian)
|
|
592
|
+
keySeed.append(contentsOf: withUnsafeBytes(of: counterBigEndian) { Array($0) })
|
|
593
|
+
|
|
594
|
+
let hash = calcSHA1Hash(keySeed)
|
|
595
|
+
|
|
596
|
+
return Array(hash[0..<16])
|
|
597
|
+
}
|
|
598
|
+
|
|
599
|
+
/// Performs the ECDH PACE GM key agreement protocol by multiplying a private key with a public key
|
|
600
|
+
/// - Parameters:
|
|
601
|
+
/// - key: an EVP_PKEY structure containng a ECDH private key
|
|
602
|
+
/// - inputKey: a public key
|
|
603
|
+
/// - Returns: a new EC_POINT
|
|
604
|
+
func computeECDHMappingKeyPoint( privateKey : OpaquePointer, inputKey : [UInt8] ) -> OpaquePointer? {
|
|
605
|
+
|
|
606
|
+
let ecdh = EVP_PKEY_get1_EC_KEY(privateKey)
|
|
607
|
+
defer { EC_KEY_free(ecdh) }
|
|
608
|
+
|
|
609
|
+
let privateECKey = EC_KEY_get0_private_key(ecdh) // BIGNUM
|
|
610
|
+
|
|
611
|
+
// decode public key
|
|
612
|
+
guard let group = EC_KEY_get0_group(ecdh) else{ return nil }
|
|
613
|
+
guard let ecp = EC_POINT_new(group) else { return nil }
|
|
614
|
+
defer { EC_POINT_free(ecp) }
|
|
615
|
+
guard EC_POINT_oct2point(group, ecp, inputKey, inputKey.count,nil) != 0 else { return nil }
|
|
616
|
+
|
|
617
|
+
// create our output point
|
|
618
|
+
let output = EC_POINT_new(group)
|
|
619
|
+
|
|
620
|
+
// Multiply our private key with the passports public key to get a new point
|
|
621
|
+
EC_POINT_mul(group, output, nil, ecp, privateECKey, nil)
|
|
622
|
+
|
|
623
|
+
return output
|
|
624
|
+
}
|
|
625
|
+
}
|
|
626
|
+
|
|
627
|
+
#endif
|