private static async Task TestSecureChannel(DaplugAPI api, DaplugKeySet keyset, DaplugSecurityLevel secLevel) { WriteTitle(); await api.OpenSecureChannelAsync(keyset, secLevel); WriteSuccess("Success!"); api.CloseSecureChannel(); }
public async Task OpenSecureChannelAsync(DaplugKeySet keyset, DaplugSecurityLevel securityLevel, byte[] diversifier = null, byte[] hostChallenge = null) { if (keyset.EncKey == null || keyset.MacKey == null || keyset.DeKey == null) { throw new DaplugAPIException("Invalid keyset."); } if (hostChallenge == null) { Random rnd = new Random(); hostChallenge = new byte[8]; rnd.NextBytes(hostChallenge); } var authCommandHeader = new byte[] { 0x80, 0x50, keyset.Version, 0x00, 0x00 }; var authCommand = new APDUCommand(authCommandHeader, hostChallenge); var response = await ExchangeAPDUAsync(authCommand); if (response.IsSuccessfulResponse == false) { throw new DaplugAPIException("INITIALIZE UPDATE failed.", response.SW1, response.SW2); } byte[] counter = new byte[2]; byte[] cardChallenge = new byte[8]; byte[] cardCryptogram = new byte[8]; Array.Copy(response.ResponseData, 12, counter, 0, 2); Array.Copy(response.ResponseData, 12, cardChallenge, 0, 8); Array.Copy(response.ResponseData, 20, cardCryptogram, 0, 8); var tempSessionKeys = DaplugCrypto.ComputeSessionKeys(keyset, counter); var computedCardCryptogram = DaplugCrypto.CalculateCryptogram(tempSessionKeys, hostChallenge, cardChallenge); if (computedCardCryptogram.SequenceEqual(cardCryptogram) == false) { throw new DaplugAPIException("Invalid card cryptogram."); } var hostCryptogram = DaplugCrypto.CalculateCryptogram(tempSessionKeys, cardChallenge, hostChallenge); if (securityLevel.HasFlag(DaplugSecurityLevel.COMMAND_MAC) == false) { securityLevel |= DaplugSecurityLevel.COMMAND_MAC; } tempSessionKeys.SecurityLevel = securityLevel; SessionKeys = tempSessionKeys; var extAuthCommandHeader = new byte[] { 0x80, 0x82, (byte)SessionKeys.SecurityLevel, 0x00, 0x00 }; var extAuthCommand = new APDUCommand(extAuthCommandHeader, hostCryptogram); var extAuthResponse = await ExchangeAPDUAsync(extAuthCommand); if (extAuthResponse.IsSuccessfulResponse == false) { SessionKeys = null; throw new DaplugAPIException("EXTERNAL AUTHENTICATE failed.", response.SW1, response.SW2); } Array.Copy(SessionKeys.CMac, SessionKeys.RMac, 8); }