Add Idemia V2 ATR (#127)

IB-8370

Signed-off-by: Raul Metsma <raul@metsma.ee>

Author: metsma

.github/workflows/cmake-windows.yml

@@ -19,7 +19,7 @@ jobs:
       with:
         vcpkgArguments: gtest:x64-windows openssl:x64-windows
         vcpkgTriplet: x64-windows
-        vcpkgGitCommitId: 1f619be01b436b796dab797dd1e1721c5676f8ac
+        vcpkgGitCommitId: 0d5cae153065957df7f382de7c1549ccc88027e5
 
     - name: Configure CMake
       run: cmake -A x64 "-DCMAKE_TOOLCHAIN_FILE=${env:VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" "-DCMAKE_BUILD_TYPE=${env:BUILD_TYPE}" -S . -B build

src/electronic-id.cpp

@@ -58,6 +58,10 @@ const std::map<byte_vector, ElectronicIDConstructor> SUPPORTED_ATRS {
     {{0x3b, 0xdb, 0x96, 0x00, 0x80, 0xb1, 0xfe, 0x45, 0x1f, 0x83, 0x00,
       0x12, 0x23, 0x3f, 0x53, 0x65, 0x49, 0x44, 0x0f, 0x90, 0x00, 0xf1},
      constructor<EstEIDIDEMIAV1>},
+    // EstEID Idemia v2.0
+    {{0x3b, 0xdc, 0x96, 0x00, 0x80, 0xb1, 0xfe, 0x45, 0x1f, 0x83, 0x00, 0x12,
+      0x23, 0x3f, 0x54, 0x65, 0x49, 0x44, 0x32, 0x0f, 0x90, 0x00, 0xc3},
+     constructor<EstEIDIDEMIAV1>},
     // FinEID v3.0
     {{0x3B, 0x7F, 0x96, 0x00, 0x00, 0x80, 0x31, 0xB8, 0x65, 0xB0,
       0x85, 0x03, 0x00, 0xEF, 0x12, 0x00, 0xF6, 0x82, 0x90, 0x00},

src/electronic-ids/TLV.hpp

@@ -38,7 +38,7 @@ namespace electronic_id
 struct TLV
 {
     using byte_vector = pcsc_cpp::byte_vector;
-    uint16_t tag {};
+    uint32_t tag {};
     uint32_t length {};
     byte_vector::const_iterator begin;
     byte_vector::const_iterator end;
@@ -57,10 +57,19 @@ struct TLV
 
         tag = *begin++;
         if ((tag & 0x1F) == 0x1F) { // Multi-byte tag
-            if (!*this) {
-                THROW(std::invalid_argument, "Invalid TLV: Unexpected end of tag");
-            }
-            tag = (tag << 8) | (*begin++);
+            constexpr uint8_t MAX_TAG_BYTES = sizeof(tag);
+            uint8_t tagBytes = 1;
+            do {
+                if (tagBytes >= MAX_TAG_BYTES) {
+                    THROW(std::invalid_argument,
+                          "Invalid TLV: Tag too long or too large for uint32_t");
+                }
+                if (!*this) {
+                    THROW(std::invalid_argument, "Invalid TLV: Unexpected end of tag");
+                }
+                tag = (tag << 8) | (*begin++);
+                ++tagBytes;
+            } while ((tag & 0x80) != 0x00);
         }
 
         if (!*this) {
@@ -87,28 +96,34 @@ struct TLV
 
     PCSC_CPP_CONSTEXPR_VECTOR TLV child() const { return {begin, begin + length}; }
 
+    PCSC_CPP_CONSTEXPR_VECTOR TLV operator[](uint32_t find) const
+    {
+        TLV tlv = child();
+        for (; tlv && tlv.tag != find; ++tlv);
+        return tlv;
+    }
     PCSC_CPP_CONSTEXPR_VECTOR TLV& operator++() { return *this = {begin + length, end}; }
 
     template <typename... Tags>
-    static PCSC_CPP_CONSTEXPR_VECTOR TLV path(TLV tlv, uint16_t tag, Tags... tags)
+    static PCSC_CPP_CONSTEXPR_VECTOR TLV path(TLV tlv, uint32_t tag, Tags... tags)
     {
         for (; tlv; ++tlv) {
             if (tlv.tag == tag) {
                 if constexpr (sizeof...(tags) > 0) {
-                    return path(tlv.child(), uint16_t(tags)...);
+                    return path(tlv.child(), uint32_t(tags)...);
                 }
                 return tlv;
             }
         }
         return TLV({});
     }
     template <typename... Tags>
-    static PCSC_CPP_CONSTEXPR_VECTOR TLV path(const byte_vector& data, uint16_t tag, Tags... tags)
+    static PCSC_CPP_CONSTEXPR_VECTOR TLV path(const byte_vector& data, uint32_t tag, Tags... tags)
     {
         return path(TLV(data), tag, tags...);
     }
 
-    constexpr operator bool() const noexcept { return begin != end; }
+    constexpr operator bool() const noexcept { return begin < end; }
 };
 
 } // namespace electronic_id

src/electronic-ids/pcsc/EIDIDEMIA.cpp

@@ -24,6 +24,8 @@
 
 #include "pcsc-common.hpp"
 
+#include "../TLV.hpp"
+
 using namespace pcsc_cpp;
 using namespace electronic_id;
 
@@ -108,23 +110,11 @@ ElectronicID::Signature EIDIDEMIA::signWithSigningKeyImpl(byte_vector&& pin,
 {
     selectADF2();
     auto [keyRef, isECC] = signKeyRef();
-    selectSecurityEnv(*card, 0xB6, isECC ? 0x54 : 0x42, keyRef, name());
-    auto tmp = hash;
-    if (isECC) {
-        constexpr size_t ECDSA384_INPUT_LENGTH = 384 / 8;
-        if (tmp.size() < ECDSA384_INPUT_LENGTH) {
-            // Zero-pad hashes that are shorter than SHA-384.
-            tmp.insert(tmp.cbegin(), ECDSA384_INPUT_LENGTH - tmp.size(), 0x00);
-        } else if (tmp.size() > ECDSA384_INPUT_LENGTH) {
-            // Truncate hashes that are longer than SHA-384.
-            tmp.resize(ECDSA384_INPUT_LENGTH);
-        }
-    }
-
+    selectSecurityEnv(*card, 0xB6, isECC ? 0x24 + uint8_t(hashAlgo.hashByteLength()) : 0x42, keyRef, name());
     verifyPin(*card, SIGN_PIN_REFERENCE, std::move(pin), signingPinMinMaxLength().first,
               signingPinMinMaxLength().second, PIN_PADDING_CHAR);
 
-    return {computeSignature(*card, tmp, name()),
+    return {computeSignature(*card, hash, name()),
             {isECC ? SignatureAlgorithm::ES : SignatureAlgorithm::RS, hashAlgo}};
 }
 
@@ -136,22 +126,18 @@ ElectronicID::PinRetriesRemainingAndMax EIDIDEMIA::signingPinRetriesLeftImpl() c
 
 ElectronicID::PinRetriesRemainingAndMax EIDIDEMIA::pinRetriesLeft(byte_type pinReference) const
 {
+    auto ref = byte_type(pinReference & 0x0F);
     const pcsc_cpp::CommandApdu GET_DATA_ODD {
-        0x00,
-        0xCB,
-        0x3F,
-        0xFF,
-        {0x4D, 0x08, 0x70, 0x06, 0xBF, 0x81, byte_type(pinReference & 0x0F), 0x02, 0xA0, 0x80},
-        0x00};
+        0x00, 0xCB, 0x3F, 0xFF, {0x4D, 0x08, 0x70, 0x06, 0xBF, 0x81, ref, 0x02, 0xA0, 0x80}, 0x00};
     const auto response = card->transmit(GET_DATA_ODD);
     if (!response.isOK()) {
         THROW(SmartCardError, "Command GET DATA ODD failed with error " + response);
     }
-    if (response.data.size() < 14) {
-        THROW(SmartCardError,
-              "Command GET DATA ODD failed: received data size "
-                  + std::to_string(response.data.size())
-                  + " is less than the expected size of the PIN remaining retries offset 14");
+    TLV info = TLV::path(response.data, 0x70, 0xBF8100 | ref, 0xA0);
+    TLV max = info[0x9A];
+    TLV tries = info[0x9B];
+    if (max && tries) {
+        return {*tries.begin, *max.begin};
     }
-    return {uint8_t(response.data[13]), uint8_t(response.data[10])};
+    THROW(SmartCardError, "Command GET DATA ODD failed: missing expected info");
 }