public string GetApdu(Persistence persistence, string keyReference, string keyValue)
{
ValidateInput(keyReference, keyValue);
_keyReference = BinaryHelper.ConvertOctetStringToBytes(keyReference);
_keyValue = BinaryHelper.ConvertOctetStringToBytes(keyValue);
using (var stream = new MemoryStream())
{
using (var writer = new BinaryWriter(stream))
{
WritePrefix(writer);
writer.Write(SeProcessorCommandTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(ProcessCardAPITag);
writer.Write(GetLengthToEnd(writer));
writer.Write(CardAPILoadKeyTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(IsPersistentValLength);
writer.Write(LengthOfIsPersistentValue);
writer.Write((byte)persistence);
writer.Write(KeyReferenceTag);
writer.Write((byte)_keyReference.Length);
writer.Write(_keyReference);
writer.Write(KeyValueTag);
writer.Write((byte)_keyValue.Length);
writer.Write(_keyValue);
WritePostfix(writer);
}
return(BinaryHelper.ConvertBytesToOctetString(stream.ToArray()));
}
}
public string GetApdu()
{
byte[] data;
using (var stream = new MemoryStream())
{
using (var writer = new BinaryWriter(stream))
{
WritePrefix(writer);
writer.Write(SeProcessorCommandTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(GetContentElement2Tag);
writer.Write(GetLengthToEnd(writer));
writer.Write(ContentElementTag);
writer.Write(ContentElementValLength);
writer.Write(PhysicalAccessBits);
WritePostfix(writer);
}
data = stream.ToArray();
}
return(BinaryHelper.ConvertBytesToOctetString(data));
}
public static string GetHashTag(string macKey, string dataToMac)
{
var hash = GetHashTag(BinaryHelper.ConvertOctetStringToBytes(macKey),
BinaryHelper.ConvertOctetStringToBytes(dataToMac));
return(BinaryHelper.ConvertBytesToOctetString(hash));
}
public string GetApdu()
{
byte[] data;
using (var stream = new MemoryStream())
{
using (var writer = new BinaryWriter(stream))
{
WritePrefix(writer);
writer.Write(SeProcessorCommandTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(ProcessCardAPITag);
writer.Write(GetLengthToEnd(writer));
writer.Write(CardAPIDESFireTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(DESFireFormatTag);
writer.Write(DESFireFormatValLength);
WritePostfix(writer);
}
data = stream.ToArray();
}
return(BinaryHelper.ConvertBytesToOctetString(data));
}
public string GetApdu(string applicationNumber)
{
ValidateInput(applicationNumber);
_applicationNumber = BinaryHelper.ConvertOctetStringToBytes(applicationNumber);
byte[] data;
using (var stream = new MemoryStream())
{
using (var writer = new BinaryWriter(stream))
{
WritePrefix(writer);
writer.Write(SeProcessorCommandTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(ProcessCardAPITag);
writer.Write(GetLengthToEnd(writer));
writer.Write(CardAPIDESFireTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(DESFireSelectApplicationTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(ApplicationNumberTag);
writer.Write((byte)_applicationNumber.Length);
writer.Write(_applicationNumber);
WritePostfix(writer);
}
data = stream.ToArray();
}
return(BinaryHelper.ConvertBytesToOctetString(data));
}
private string Decrypt(string key, string data, CipherMode cMode = CipherMode.ECB, PaddingMode pMode = PaddingMode.None, string iv = "00000000000000000000000000000000")
{
byte[] derivedData;
using (var aes = new AesCryptoServiceProvider {
Mode = cMode, Padding = pMode
})
using (var ict = aes.CreateDecryptor(BinaryHelper.ConvertOctetStringToBytes(key), BinaryHelper.ConvertOctetStringToBytes(iv)))
{
byte[] dataBytes = BinaryHelper.ConvertOctetStringToBytes(data);
derivedData = ict.TransformFinalBlock(dataBytes, 0, dataBytes.Length);
}
return(BinaryHelper.ConvertBytesToOctetString(derivedData));
}
private string Pad(string data)
{
string padding = string.Empty;
data += "80";
int length = 32 - data.Length % 32;
if (length != 0 && length != 32)
{
padding = BinaryHelper.ConvertBytesToOctetString(new byte[length / 2]);
}
return(data + padding);
}
public string GetApdu(byte fileNumber, string offset, string dataToBeWritten, CommunicationMode communicationMode,
CommitFlag commitFlag)
{
ValidateInput(offset, dataToBeWritten);
_offset = BinaryHelper.ConvertOctetStringToBytes(offset);
_dataToBeWritten = BinaryHelper.ConvertOctetStringToBytes(dataToBeWritten);
byte[] data;
using (var stream = new MemoryStream())
{
using (var writer = new BinaryWriter(stream))
{
WritePrefix(writer);
writer.Write(SeProcessorCommandTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(ProcessCardAPITag);
writer.Write(GetLengthToEnd(writer));
writer.Write(CardAPIDESFireTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(DESFireWriteDataTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(FileNumberTag);
writer.Write(FileNumberValLength);
writer.Write(fileNumber);
writer.Write(OffsetTag);
writer.Write((byte)_offset.Length);
writer.Write(_offset);
writer.Write(DataTag);
writer.Write((byte)_dataToBeWritten.Length);
writer.Write(_dataToBeWritten);
writer.Write(ModeTag);
writer.Write(ModeValLength);
writer.Write((byte)communicationMode);
writer.Write(CommitTag);
writer.Write(CommitValLength);
writer.Write((byte)commitFlag);
WritePostfix(writer);
}
data = stream.ToArray();
}
return(BinaryHelper.ConvertBytesToOctetString(data));
}
public string GetApdu(byte fileNumber, CommunicationMode communicationMode, string accessRights,
string fileSize)
{
ValidateInput(accessRights, fileSize);
_accessRights = BinaryHelper.ConvertOctetStringToBytes(accessRights);
_fileSize = BinaryHelper.ConvertOctetStringToBytes(fileSize);
byte[] data;
using (var stream = new MemoryStream())
{
using (var writer = new BinaryWriter(stream))
{
WritePrefix(writer);
writer.Write(SeProcessorCommandTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(ProcessCardAPITag);
writer.Write(GetLengthToEnd(writer));
writer.Write(CardAPIDESFireTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(DESFireCreateStandardDataFileTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(FileNumberTag);
writer.Write(FileNumberValLength);
writer.Write(fileNumber);
writer.Write(CommunicationSettingsTag);
writer.Write(CommunicationSettingsValLength);
writer.Write((byte)communicationMode);
writer.Write(AccessRightsTag);
writer.Write((byte)_accessRights.Length);
writer.Write(_accessRights);
writer.Write(FileSizeTag);
writer.Write((byte)_fileSize.Length);
writer.Write(_fileSize);
WritePostfix(writer);
}
data = stream.ToArray();
}
return(BinaryHelper.ConvertBytesToOctetString(data));
}
private void ReaderAuthentication(string hostAuthResponse)
{
if (_sessionStatus != SessionStatus.MutualAuthenticationPhase)
{
_sessionStatus = SessionStatus.NotEstablished;
return;
}
var data = BinaryHelper.ConvertOctetStringToBytes(hostAuthResponse.Substring(0, hostAuthResponse.Length - 4));
var mac2 = data.Skip(NonceLength + NonceLength + KeyLength).Take(MacLength).ToArray();
var plain2 = AesSivCtr(BinaryHelper.ConvertOctetStringToBytes(_sessionEncryptionKey), mac2, data.Take(NonceLength + NonceLength + KeyLength).ToArray());
var mac3 = AesSivMac(BinaryHelper.ConvertOctetStringToBytes(_sessionMacKey), new byte[] { _keySlot }, plain2);
if (!mac2.SequenceEqual(mac3))
{
_sessionStatus = SessionStatus.NotEstablished;
throw new Exception("Mac mismatch. Session Terminated.");
}
if (!plain2.Take(NonceLength).ToArray().SequenceEqual(BinaryHelper.ConvertOctetStringToBytes(_readerNonce)))
{
_sessionStatus = SessionStatus.NotEstablished;
throw new Exception("Reader nonce mismatch. Session Terminated.");
}
if (!plain2.Skip(NonceLength).Take(NonceLength).ToArray().SequenceEqual(BinaryHelper.ConvertOctetStringToBytes(_hostNonce)))
{
_sessionStatus = SessionStatus.NotEstablished;
throw new Exception("Host nonce mismatch. Session Terminated.");
}
_readerKey = BinaryHelper.ConvertBytesToOctetString(plain2.Skip(NonceLength + NonceLength)
.Take(KeyLength)
.ToArray());
var sessionkeys = AesSp800108(BinaryHelper.ConvertOctetStringToBytes(_hostKey + _readerKey),
BinaryHelper.ConvertOctetStringToBytes(_sessionMacKey));
_sessionEncryptionKey = BinaryHelper.ConvertBytesToOctetString(sessionkeys.Take(KeyLength).ToArray());
_sessionMacKey = BinaryHelper.ConvertBytesToOctetString(sessionkeys.Skip(KeyLength).Take(KeyLength).ToArray());
_counter = new Counter(_hostNonce, _readerNonce);
_sessionStatus = SessionStatus.Established;
}
private void ContinueAuthentiacation(string masterKey, string clientNonce, string serverUid, string serverNonce, string serverCryptogram)
{
string secureChannelBaseKey = GetSecureChannelBaseKey(masterKey, serverUid);
GetSessionKeys(secureChannelBaseKey, serverNonce);
// Encrypt and check Server Cryptogram
string expectedServerCryptogram = Encrypt(_sessionEncKey, clientNonce + serverNonce);
if (!serverCryptogram.Equals(expectedServerCryptogram))
{
ClearFields();
throw new Exception($"Server Cryptogram mismatch, \nExpected: {expectedServerCryptogram}, Actual: {serverCryptogram}");
}
// Encrypt client Cryptogram
string clientCryptogram = Encrypt(_sessionEncKey, serverNonce + clientNonce);
string clientCryptogramCmac = ComputeMac(clientCryptogram);
string continueAuthCommand = "FF70076B28" + $"A126A1248010{clientCryptogram}" + $"8110{clientCryptogramCmac}00";
string response = _smartCardReader.Transmit(continueAuthCommand);
if (!(response.StartsWith("9D10") && response.EndsWith("9000")))
{
ClearFields();
throw new Exception($"Server answer to Continue Authentication command incorrect, answer: {response}");
}
// check response mac
string serverRmac = response.Substring(4, 32);
string rMacData = "80" + BinaryHelper.ConvertBytesToOctetString(new byte[15]);
string expectedServerRmac = ComputeMac(rMacData, clientCryptogramCmac);
if (!serverRmac.Equals(expectedServerRmac))
{
ClearFields();
throw new Exception($"Server RMAC mismatch, \nExpected: {expectedServerRmac}, Actual: {serverRmac}");
}
_rMac = serverRmac;
IsSessionActive = true;
}
/// <inheritdoc />
/// <summary>
/// Encrypts and sends given apdu command, returns decrypted response.
/// </summary>
/// <param name="apdu"></param>
/// <returns></returns>
public string SendCommand(string apdu)
{
if (_sessionStatus != SessionStatus.Established)
{
Terminate();
throw new Exception("Attempt to Send Command via secure session, while session is not established");
}
// Encrypt data
_counter.Increment();
byte[] mac = AesSivMac(BinaryHelper.ConvertOctetStringToBytes(_sessionMacKey), _counter.Value, BinaryHelper.ConvertOctetStringToBytes(apdu));
byte[] enc = AesSivCtr(BinaryHelper.ConvertOctetStringToBytes(_sessionEncryptionKey), mac, BinaryHelper.ConvertOctetStringToBytes(apdu));
byte[] data = enc.Concat(mac).ToArray();
var response = _smartCardReader.Transmit("FF720200" + data.Length.ToString("X2") + BinaryHelper.ConvertBytesToOctetString(data));
// Decrypt response
_counter.Increment();
if (response.Substring(response.Length - 4) != "9000")
{
_sessionStatus = SessionStatus.NotEstablished;
Terminate();
throw new Exception($"Error {response.Substring(response.Length - 4)}\nSession Terminated.");
}
byte[] cryptogram = BinaryHelper.ConvertOctetStringToBytes(response.Substring(0, response.Length - 4));
byte[] dataEnc = cryptogram.Take(cryptogram.Length - MacLength).ToArray();
byte[] dataMac = cryptogram.Skip(cryptogram.Length - MacLength).Take(MacLength).ToArray();
byte[] plain = AesSivCtr(BinaryHelper.ConvertOctetStringToBytes(_sessionEncryptionKey), dataMac, dataEnc);
byte[] dataMac2 = AesSivMac(BinaryHelper.ConvertOctetStringToBytes(_sessionMacKey), _counter.Value, plain);
if (!dataMac.SequenceEqual(dataMac2))
{
_sessionStatus = SessionStatus.NotEstablished;
Terminate();
throw new Exception("Mac mismatch in decrypted response.\nSession Terminated.");
}
return(BinaryHelper.ConvertBytesToOctetString(plain));
}
private string InitializeAuthentication(byte keyNumber, byte versionSecCh = 0x00)
{
string clientNonce;
using (var randomGenerator = new RNGCryptoServiceProvider())
{
var tempNonce = new byte[8];
randomGenerator.GetBytes(tempNonce);
clientNonce = BinaryHelper.ConvertBytesToOctetString(tempNonce);
}
string initAuthCommand = "FF70076B14" + $"A112A0108001{versionSecCh:X2}" + $"8101{keyNumber:X2}" + $"8208{clientNonce}00";
string response = _smartCardReader.Transmit(initAuthCommand);
if (!(response.StartsWith("9D20") && response.EndsWith("9000")))
{
ClearFields();
throw new Exception($"Server answer to Initialize Authentication command incorrect, answer: {response}");
}
return(response.Substring(4, 64) + clientNonce);
}
public string GetApdu(byte keyNumber, string keyReference)
{
ValidateInput(keyReference);
_keyReference = BinaryHelper.ConvertOctetStringToBytes(keyReference);
byte[] data;
using (var stream = new MemoryStream())
{
using (var writer = new BinaryWriter(stream))
{
WritePrefix(writer);
writer.Write(SeProcessorCommandTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(ProcessCardAPITag);
writer.Write(GetLengthToEnd(writer));
writer.Write(CardAPIDESFireTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(DESFireAuthNativeTag);
writer.Write(GetLengthToEnd(writer));
writer.Write(KeyNumberTag);
writer.Write(KeyNumberValLength);
writer.Write(keyNumber);
writer.Write(KeyReferenceTag);
writer.Write((byte)_keyReference.Length);
writer.Write(_keyReference);
WritePostfix(writer);
}
data = stream.ToArray();
}
return(BinaryHelper.ConvertBytesToOctetString(data));
}
private string HostAuthentication()
{
if (_sessionStatus != SessionStatus.GetChallengePhase)
{
_sessionStatus = SessionStatus.NotEstablished;
return(null);
}
using (var randomGenerator = RandomNumberGenerator.Create())
{
var hostKey = new byte[KeyLength];
var hostNonce = new byte[NonceLength];
randomGenerator.GetBytes(hostKey);
randomGenerator.GetBytes(hostNonce);
_hostKey = BinaryHelper.ConvertBytesToOctetString(hostKey);
_hostNonce = BinaryHelper.ConvertBytesToOctetString(hostNonce);
}
// encrypy data
byte[] plain = BinaryHelper.ConvertOctetStringToBytes(_hostNonce + _readerNonce + _hostKey);
var mac = AesSivMac(BinaryHelper.ConvertOctetStringToBytes(_sessionMacKey), new byte[] { _keySlot }, plain);
var enc = AesSivCtr(BinaryHelper.ConvertOctetStringToBytes(_sessionEncryptionKey), mac, plain);
string mutualAuthenticationApdu = "FF72010040" + BinaryHelper.ConvertBytesToOctetString(enc.Concat(mac).ToArray());
var response = _smartCardReader.Transmit(mutualAuthenticationApdu);
if (response.Substring(response.Length - 4) != "9000")
{
_sessionStatus = SessionStatus.NotEstablished;
throw new Exception($"Establish secure session failed at HostAuthenticationPhase \nSend: {mutualAuthenticationApdu}\nRecived apdu: {response}");
}
_sessionStatus = SessionStatus.MutualAuthenticationPhase;
return(response);
}
public SEPDESFireReadDataResponse(byte[] data)
{
DataRaw = data;
DataHexString = data != null?BinaryHelper.ConvertBytesToOctetString(data) : null;
}
private string GetComplement(string data)
{
byte[] result = GetComplement(BinaryHelper.ConvertOctetStringToBytes(data));
return(BinaryHelper.ConvertBytesToOctetString(result));
}
public void Establish(byte[] masterKey, byte keyNumber)
{
string key = BinaryHelper.ConvertBytesToOctetString(masterKey);
Establish(key, keyNumber);
}
public void Establish(byte[] key, byte keySlot)
{
Establish(BinaryHelper.ConvertBytesToOctetString(key), keySlot);
}
public string Transmit(string apdu)
{
var response = Transmit(BinaryHelper.ConvertOctetStringToBytes(apdu)).ToArray();
return(BinaryHelper.ConvertBytesToOctetString(response));
}
public string Control(ReaderControlCode controlCode, string dataBytes)
{
var response = Control(controlCode, BinaryHelper.ConvertOctetStringToBytes(dataBytes)).ToArray();
return(BinaryHelper.ConvertBytesToOctetString(response));
}
/// <inheritdoc />
/// <summary>
/// Encrypts and sends given apdu command, returns decrypted response.
/// </summary>
/// <param name="apdu"></param>
/// <returns></returns>
public byte[] SendCommand(byte[] apdu)
{
return(BinaryHelper.ConvertOctetStringToBytes(SendCommand(BinaryHelper.ConvertBytesToOctetString(apdu))));
}
public string Transmit(ref IoRequest sendPci, ref IoRequest recivePci, string apdu)
{
var response = Transmit(ref sendPci, ref recivePci, BinaryHelper.ConvertOctetStringToBytes(apdu)).ToArray();
return(BinaryHelper.ConvertBytesToOctetString(response));
}
public byte[] SendCommand(byte[] command)
{
string response = SendCommand(BinaryHelper.ConvertBytesToOctetString(command));
return(BinaryHelper.ConvertOctetStringToBytes(response));
}
