Thales card support

IB-8171

Signed-off-by: Raul Metsma <[email protected]>

Author: metsma

lib/libpcsc-cpp/CMakeLists.txt

@@ -14,7 +14,6 @@ add_library(${PROJECT_NAME}
   src/SCardCall.hpp
   src/SmartCard.cpp
   src/listReaders.cpp
-  src/utils.cpp
 )
 
 target_include_directories(${PROJECT_NAME}

lib/libpcsc-cpp/include/pcsc-cpp/pcsc-cpp-utils.hpp

@@ -29,6 +29,15 @@
 namespace pcsc_cpp
 {
 
+/** Convert bytes to hex string. */
+inline std::ostream& operator<<(std::ostream& os, const byte_vector& data)
+{
+    os << std::setfill('0') << std::hex;
+    for (const auto byte : data)
+        os << std::setw(2) << short(byte);
+    return os << std::setfill(' ') << std::dec;
+}
+
 /** Convert the given integer to a hex string. */
 template <typename T>
 inline std::string int2hexstr(const T value)

lib/libpcsc-cpp/include/pcsc-cpp/pcsc-cpp.hpp

@@ -85,8 +85,6 @@ constexpr uint16_t toSW(byte_type sw1, byte_type sw2) noexcept
 }
 
 /** Convert bytes to hex string. */
-std::ostream& operator<<(std::ostream& os, const pcsc_cpp::byte_vector& data);
-
 std::string operator+(std::string lhs, const byte_vector& rhs);
 
 /** Struct that wraps response APDUs. */
@@ -111,23 +109,6 @@ struct ResponseApdu
     static constexpr size_t MAX_DATA_SIZE = 256;
     static constexpr size_t MAX_SIZE = MAX_DATA_SIZE + 2; // + sw1 and sw2
 
-    PCSC_CPP_CONSTEXPR_VECTOR static ResponseApdu fromBytes(byte_vector data)
-    {
-        if (data.size() < 2) {
-            throw std::invalid_argument("Need at least 2 bytes for creating ResponseApdu");
-        }
-
-        PCSC_CPP_WARNING_PUSH
-        PCSC_CPP_WARNING_DISABLE_GCC("-Warray-bounds") // avoid GCC 13 false positive warning
-        byte_type sw1 = data[data.size() - 2];
-        byte_type sw2 = data[data.size() - 1];
-        data.resize(data.size() - 2);
-        PCSC_CPP_WARNING_POP
-
-        // SW1 and SW2 are in the end
-        return {sw1, sw2, std::move(data)};
-    }
-
     constexpr uint16_t toSW() const noexcept { return pcsc_cpp::toSW(sw1, sw2); }
 
     constexpr bool isOK() const noexcept { return sw1 == OK && sw2 == 0x00; }
@@ -300,16 +281,6 @@ class SmartCard
  */
 std::vector<Reader> listReaders();
 
-// Utility functions.
-
-/** Transmit APDU command and verify that expected response is received. */
-void transmitApduWithExpectedResponse(const SmartCard::Session& session,
-                                      const CommandApdu& command);
-
-/** Read lenght bytes from currently selected binary file in blockLength-sized chunks. */
-byte_vector readBinary(const SmartCard::Session& session, const uint16_t length,
-                       byte_type blockLength = 0x00);
-
 // Errors.
 
 /** Base class for all pcsc-cpp errors. */

lib/libpcsc-cpp/src/SmartCard.cpp

@@ -64,6 +64,14 @@ constexpr uint32_t OMNIKEY_6121 = 0x6632;
 namespace pcsc_cpp
 {
 
+std::string operator+(std::string lhs, const byte_vector& rhs)
+{
+    lhs.reserve(lhs.size() + rhs.size() * 2);
+    std::ostringstream hexStringBuilder(std::move(lhs), std::ios::ate);
+    hexStringBuilder << rhs;
+    return hexStringBuilder.str();
+}
+
 SmartCard Reader::connectToCard() const
 {
     return {*this};
@@ -146,6 +154,9 @@ class CardImpl
 
         auto response = toResponse(std::move(responseBytes), responseLength);
 
+        if (response.sw1 == ResponseApdu::WRONG_LE_LENGTH) {
+            getResponseWithLE(response, commandBytes);
+        }
         if (response.sw1 == ResponseApdu::MORE_DATA_AVAILABLE) {
             getMoreResponseData(response);
         }
@@ -222,34 +233,38 @@ class CardImpl
         if (responseLength > responseBytes.size()) {
             THROW(Error, "SCardTransmit: received more bytes than buffer size");
         }
+        if (responseLength < 2) {
+            THROW(Error, "SCardTransmit: Need at least 2 bytes for creating ResponseApdu");
+        }
         responseBytes.resize(responseLength);
 
-        // TODO: debug("Received: " + bytes2hexstr(responseBytes))
+        PCSC_CPP_WARNING_PUSH
+        PCSC_CPP_WARNING_DISABLE_GCC("-Warray-bounds") // avoid GCC 13 false positive warning
+        // SW1 and SW2 are in the end
+        byte_type sw1 = responseBytes[responseLength - 2];
+        byte_type sw2 = responseBytes[responseLength - 1];
+        responseBytes.resize(responseLength - 2);
+        PCSC_CPP_WARNING_POP
 
-        auto response = ResponseApdu::fromBytes(std::move(responseBytes));
+        ResponseApdu response {sw1, sw2, std::move(responseBytes)};
 
         // Let expected errors through for handling in upper layers or in if blocks below.
         switch (response.sw1) {
-        case ResponseApdu::OK:
-        case ResponseApdu::MORE_DATA_AVAILABLE: // See the if block after next.
-        case ResponseApdu::VERIFICATION_FAILED:
-        case ResponseApdu::VERIFICATION_CANCELLED:
-        case ResponseApdu::WRONG_LENGTH:
-        case ResponseApdu::COMMAND_NOT_ALLOWED:
-        case ResponseApdu::WRONG_PARAMETERS:
-        case ResponseApdu::WRONG_LE_LENGTH: // See next if block.
-            break;
+            using enum ResponseApdu::Status;
+        case OK:
+        case MORE_DATA_AVAILABLE:
+        case WRONG_LE_LENGTH:
+        case VERIFICATION_FAILED:
+        case VERIFICATION_CANCELLED:
+        case WRONG_LENGTH:
+        case COMMAND_NOT_ALLOWED:
+        case WRONG_PARAMETERS:
+            return response;
         default:
             THROW(Error,
                   "Error response: '" + response + "', protocol "
                       + std::to_string(_protocol.dwProtocol));
         }
-
-        if (response.sw1 == ResponseApdu::WRONG_LE_LENGTH) {
-            THROW(Error, "Wrong LE length (SW1=0x6C) in response, please set LE");
-        }
-
-        return response;
     }
 
     void getMoreResponseData(ResponseApdu& response) const
@@ -268,6 +283,13 @@ class CardImpl
         response.sw1 = ResponseApdu::OK;
         response.sw2 = 0;
     }
+
+    void getResponseWithLE(ResponseApdu& response, byte_vector command) const
+    {
+        size_t pos = command.size() <= 5 ? 4 : 5 + command[4];
+        command[pos] = response.sw2;
+        response = transmitBytes(command);
+    }
 };
 
 SmartCard::Session::Session(const CardImpl& card) : card(card)

lib/libpcsc-cpp/src/utils.cpp

@@ -60,6 +60,10 @@ const std::map<byte_vector, ElectronicIDConstructor, VectorComparator> SUPPORTED
     {{0x3b, 0xdc, 0x96, 0x00, 0x80, 0xb1, 0xfe, 0x45, 0x1f, 0x83, 0x00, 0x12,
       0x23, 0x3f, 0x54, 0x65, 0x49, 0x44, 0x32, 0x0f, 0x90, 0x00, 0xc3},
      constructor<EstEIDIDEMIAV1>},
+    // EstEID Thales v1.0
+    {{0x3b, 0xff, 0x96, 0x00, 0x00, 0x80, 0x31, 0xfe, 0x43, 0x80, 0x31, 0xb8, 0x53,
+      0x65, 0x49, 0x44, 0x64, 0xb0, 0x85, 0x05, 0x10, 0x12, 0x23, 0x3f, 0x1d},
+     constructor<EstEIDTHALES>},
     // FinEID v3.0
     {{0x3B, 0x7F, 0x96, 0x00, 0x00, 0x80, 0x31, 0xB8, 0x65, 0xB0,
       0x85, 0x03, 0x00, 0xEF, 0x12, 0x00, 0xF6, 0x82, 0x90, 0x00},

src/electronic-id.cpp

@@ -94,28 +94,17 @@ struct TLV
         }
     }
 
-    PCSC_CPP_CONSTEXPR_VECTOR TLV child() const { return {begin, begin + length}; }
-
     PCSC_CPP_CONSTEXPR_VECTOR TLV operator[](uint32_t find) const
     {
-        TLV tlv = child();
-        for (; tlv && tlv.tag != find; ++tlv) {}
-        return tlv;
+        return TLV(begin, begin + length).find(find);
     }
     PCSC_CPP_CONSTEXPR_VECTOR TLV& operator++() { return *this = {begin + length, end}; }
 
-    template <typename... Tags>
-    static PCSC_CPP_CONSTEXPR_VECTOR TLV path(TLV tlv, uint32_t tag, Tags... tags)
+    PCSC_CPP_CONSTEXPR_VECTOR TLV find(uint32_t find) const
     {
-        for (; tlv; ++tlv) {
-            if (tlv.tag == tag) {
-                if constexpr (sizeof...(tags) > 0) {
-                    return path(tlv.child(), uint32_t(tags)...);
-                }
-                return tlv;
-            }
-        }
-        return TLV({});
+        TLV tlv = *this;
+        for (; tlv && tlv.tag != find; ++tlv) {}
+        return tlv;
     }
 
     constexpr operator bool() const noexcept { return begin < end; }

src/electronic-ids/TLV.hpp

@@ -53,17 +53,17 @@ const auto SIGN_CERT = CommandApdu::selectEF(0x09, {0xAD, 0xF2, 0x34, 0x1F});
 
 void EIDIDEMIA::selectMain(const SmartCard::Session& session)
 {
-    transmitApduWithExpectedResponse(session, MAIN_AID);
+    selectFile(session, MAIN_AID);
 }
 
 void EIDIDEMIA::selectADF1(const pcsc_cpp::SmartCard::Session& session)
 {
-    transmitApduWithExpectedResponse(session, ADF1_AID);
+    selectFile(session, ADF1_AID);
 }
 
 void EIDIDEMIA::selectADF2(const pcsc_cpp::SmartCard::Session& session)
 {
-    transmitApduWithExpectedResponse(session, ADF2_AID);
+    selectFile(session, ADF2_AID);
 }
 
 byte_vector EIDIDEMIA::getCertificateImpl(const pcsc_cpp::SmartCard::Session& session,
@@ -86,8 +86,7 @@ byte_vector EIDIDEMIA::signWithAuthKeyImpl(const pcsc_cpp::SmartCard::Session& s
     auto [keyId, isECC] = authKeyRef(session);
     selectSecurityEnv(session, 0xA4, isECC ? 0x04 : 0x02, keyId, name());
 
-    verifyPin(session, AUTH_PIN_REFERENCE, std::move(pin), authPinMinMaxLength().first,
-              authPinMinMaxLength().second, PIN_PADDING_CHAR);
+    verifyPin(session, AUTH_PIN_REFERENCE, std::move(pin), authPinMinMaxLength(), PIN_PADDING_CHAR);
 
     return internalAuthenticate(session,
                                 authSignatureAlgorithm().isRSAWithPKCS1Padding()
@@ -115,8 +114,8 @@ EIDIDEMIA::signWithSigningKeyImpl(const pcsc_cpp::SmartCard::Session& session, b
     selectADF2(session);
     auto [keyRef, isECC] = signKeyRef(session);
     selectSecurityEnv(session, 0xB6, isECC ? 0x54 : 0x42, keyRef, name());
-    verifyPin(session, SIGN_PIN_REFERENCE, std::move(pin), signingPinMinMaxLength().first,
-              signingPinMinMaxLength().second, PIN_PADDING_CHAR);
+    verifyPin(session, SIGN_PIN_REFERENCE, std::move(pin), signingPinMinMaxLength(),
+              PIN_PADDING_CHAR);
     auto tmp = hash;
     if (isECC) {
         constexpr size_t ECDSA384_INPUT_LENGTH = 384 / 8;
@@ -149,7 +148,7 @@ ElectronicID::PinRetriesRemainingAndMax EIDIDEMIA::pinRetriesLeft(const SmartCar
     if (!response.isOK()) {
         THROW(SmartCardError, "Command GET DATA ODD failed with error " + response);
     }
-    TLV info = TLV::path(TLV(response.data), 0x70, 0xBF8100 | ref, 0xA0);
+    TLV info = TLV(response.data).find(0x70)[0xBF8100 | ref][0xA0];
     TLV max = info[0x9A];
     TLV tries = info[0x9B];
     if (max && tries) {