Thales card support

IB-8171

Signed-off-by: Raul Metsma <[email protected]>

Author: metsma

lib/libpcsc-cpp/CMakeLists.txt

@@ -14,7 +14,6 @@ add_library(${PROJECT_NAME}
   src/SCardCall.hpp
   src/SmartCard.cpp
   src/listReaders.cpp
-  src/utils.cpp
 )
 
 target_include_directories(${PROJECT_NAME}

lib/libpcsc-cpp/include/pcsc-cpp/pcsc-cpp-utils.hpp

@@ -29,6 +29,23 @@
 namespace pcsc_cpp
 {
 
+/** Convert bytes to hex string. */
+inline std::ostream& operator<<(std::ostream& os, const byte_vector& data)
+{
+    os << std::setfill('0') << std::hex;
+    for (const auto byte : data)
+        os << std::setw(2) << short(byte);
+    return os << std::setfill(' ') << std::dec;
+}
+
+inline std::string operator+(std::string lhs, const byte_vector& rhs)
+{
+    lhs.reserve(lhs.size() + rhs.size() * 2);
+    std::ostringstream hexStringBuilder(std::move(lhs), std::ios::ate);
+    hexStringBuilder << rhs;
+    return hexStringBuilder.str();
+}
+
 /** Convert the given integer to a hex string. */
 template <typename T>
 inline std::string int2hexstr(const T value)

lib/libpcsc-cpp/include/pcsc-cpp/pcsc-cpp.hpp

@@ -85,8 +85,6 @@ constexpr uint16_t toSW(byte_type sw1, byte_type sw2) noexcept
 }
 
 /** Convert bytes to hex string. */
-std::ostream& operator<<(std::ostream& os, const pcsc_cpp::byte_vector& data);
-
 std::string operator+(std::string lhs, const byte_vector& rhs);
 
 /** Struct that wraps response APDUs. */
@@ -303,16 +301,6 @@ struct Reader
  */
 std::vector<Reader> listReaders();
 
-// Utility functions.
-
-/** Transmit APDU command and verify that expected response is received. */
-void transmitApduWithExpectedResponse(const SmartCard::Session& session,
-                                      const CommandApdu& command);
-
-/** Read lenght bytes from currently selected binary file in blockLength-sized chunks. */
-byte_vector readBinary(const SmartCard::Session& session, const uint16_t length,
-                       byte_type blockLength = 0x00);
-
 // Errors.
 
 /** Base class for all pcsc-cpp errors. */

lib/libpcsc-cpp/src/SmartCard.cpp

@@ -140,6 +140,9 @@ class CardImpl
 
         auto response = toResponse(std::move(responseBytes), responseLength);
 
+        if (response.sw1 == ResponseApdu::WRONG_LE_LENGTH) {
+            getResponseWithLE(response, commandBytes);
+        }
         if (response.sw1 == ResponseApdu::MORE_DATA_AVAILABLE) {
             getMoreResponseData(response);
         }
@@ -224,26 +227,21 @@ class CardImpl
 
         // Let expected errors through for handling in upper layers or in if blocks below.
         switch (response.sw1) {
-        case ResponseApdu::OK:
-        case ResponseApdu::MORE_DATA_AVAILABLE: // See the if block after next.
-        case ResponseApdu::VERIFICATION_FAILED:
-        case ResponseApdu::VERIFICATION_CANCELLED:
-        case ResponseApdu::WRONG_LENGTH:
-        case ResponseApdu::COMMAND_NOT_ALLOWED:
-        case ResponseApdu::WRONG_PARAMETERS:
-        case ResponseApdu::WRONG_LE_LENGTH: // See next if block.
-            break;
+            using enum ResponseApdu::Status;
+        case OK:
+        case MORE_DATA_AVAILABLE:
+        case WRONG_LE_LENGTH:
+        case VERIFICATION_FAILED:
+        case VERIFICATION_CANCELLED:
+        case WRONG_LENGTH:
+        case COMMAND_NOT_ALLOWED:
+        case WRONG_PARAMETERS:
+            return response;
         default:
             THROW(Error,
                   "Error response: '" + response + "', protocol "
                       + std::to_string(_protocol.dwProtocol));
         }
-
-        if (response.sw1 == ResponseApdu::WRONG_LE_LENGTH) {
-            THROW(Error, "Wrong LE length (SW1=0x6C) in response, please set LE");
-        }
-
-        return response;
     }
 
     void getMoreResponseData(ResponseApdu& response) const
@@ -262,6 +260,13 @@ class CardImpl
         response.sw1 = ResponseApdu::OK;
         response.sw2 = 0;
     }
+
+    void getResponseWithLE(ResponseApdu& response, byte_vector command) const
+    {
+        size_t pos = command.size() <= 5 ? 4 : 5 + command[4];
+        command[pos] = response.sw2;
+        response = transmitBytes(command);
+    }
 };
 
 SmartCard::Session::Session(const CardImpl& card) : card(card)

lib/libpcsc-cpp/src/utils.cpp

@@ -60,6 +60,10 @@ const std::map<byte_vector, ElectronicIDConstructor, VectorComparator> SUPPORTED
     {{0x3b, 0xdc, 0x96, 0x00, 0x80, 0xb1, 0xfe, 0x45, 0x1f, 0x83, 0x00, 0x12,
       0x23, 0x3f, 0x54, 0x65, 0x49, 0x44, 0x32, 0x0f, 0x90, 0x00, 0xc3},
      constructor<EstEIDIDEMIAV1>},
+    // EstEID Thales v1.0
+    {{0x3b, 0xff, 0x96, 0x00, 0x00, 0x80, 0x31, 0xfe, 0x43, 0x80, 0x31, 0xb8, 0x53,
+      0x65, 0x49, 0x44, 0x64, 0xb0, 0x85, 0x05, 0x10, 0x12, 0x23, 0x3f, 0x1d},
+     constructor<EstEIDTHALES>},
     // FinEID v3.0
     {{0x3B, 0x7F, 0x96, 0x00, 0x00, 0x80, 0x31, 0xB8, 0x65, 0xB0,
       0x85, 0x03, 0x00, 0xEF, 0x12, 0x00, 0xF6, 0x82, 0x90, 0x00},

src/electronic-id.cpp

@@ -53,17 +53,17 @@ const auto SIGN_CERT = CommandApdu::selectEF(0x09, {0xAD, 0xF2, 0x34, 0x1F});
 
 void EIDIDEMIA::selectMain(const SmartCard::Session& session)
 {
-    transmitApduWithExpectedResponse(session, MAIN_AID);
+    selectFile(session, MAIN_AID);
 }
 
 void EIDIDEMIA::selectADF1(const pcsc_cpp::SmartCard::Session& session)
 {
-    transmitApduWithExpectedResponse(session, ADF1_AID);
+    selectFile(session, ADF1_AID);
 }
 
 void EIDIDEMIA::selectADF2(const pcsc_cpp::SmartCard::Session& session)
 {
-    transmitApduWithExpectedResponse(session, ADF2_AID);
+    selectFile(session, ADF2_AID);
 }
 
 byte_vector EIDIDEMIA::getCertificateImpl(const pcsc_cpp::SmartCard::Session& session,
@@ -86,8 +86,7 @@ byte_vector EIDIDEMIA::signWithAuthKeyImpl(const pcsc_cpp::SmartCard::Session& s
     auto [keyId, isECC] = authKeyRef(session);
     selectSecurityEnv(session, 0xA4, isECC ? 0x04 : 0x02, keyId, name());
 
-    verifyPin(session, AUTH_PIN_REFERENCE, std::move(pin), authPinMinMaxLength().first,
-              authPinMinMaxLength().second, PIN_PADDING_CHAR);
+    verifyPin(session, AUTH_PIN_REFERENCE, std::move(pin), authPinMinMaxLength(), PIN_PADDING_CHAR);
 
     return internalAuthenticate(session,
                                 authSignatureAlgorithm().isRSAWithPKCS1Padding()
@@ -115,8 +114,8 @@ EIDIDEMIA::signWithSigningKeyImpl(const pcsc_cpp::SmartCard::Session& session, b
     selectADF2(session);
     auto [keyRef, isECC] = signKeyRef(session);
     selectSecurityEnv(session, 0xB6, isECC ? 0x54 : 0x42, keyRef, name());
-    verifyPin(session, SIGN_PIN_REFERENCE, std::move(pin), signingPinMinMaxLength().first,
-              signingPinMinMaxLength().second, PIN_PADDING_CHAR);
+    verifyPin(session, SIGN_PIN_REFERENCE, std::move(pin), signingPinMinMaxLength(),
+              PIN_PADDING_CHAR);
     auto tmp = hash;
     if (isECC) {
         constexpr size_t ECDSA384_INPUT_LENGTH = 384 / 8;