keycard

package module
v0.0.0-...-1153de6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2023 License: MPL-2.0 Imports: 24 Imported by: 3

README

keycard-go

keycard-go is a set of Go packages built to interact with the Status Keycard.

If you only need a tool to initialize your card, check out keycard-cli.

Keycard commands

  • SELECT
  • INIT
  • OPEN SECURE CHANNEL
  • MUTUALLY AUTHENTICATE
  • PAIR
  • UNPAIR
  • GET STATUS
  • SET NDEF
  • VERIFY PIN
  • CHANGE PIN
  • UNBLOCK PIN
  • LOAD KEY
  • DERIVE KEY
  • GENERATE MNEMONIC
  • REMOVE KEY
  • GENERATE KEY
  • INIT
  • DUPLICATE KEY
  • SIGN
  • SET PINLESS PATH
  • EXPORT KEY

Documentation

Index

Constants

View Source 
const (
	InsInit                 = 0xFE
	InsOpenSecureChannel    = 0x10
	InsMutuallyAuthenticate = 0x11
	InsPair                 = 0x12
	InsUnpair               = 0x13
	InsGetStatus            = 0xF2
	InsGenerateKey          = 0xD4
	InsRemoveKey            = 0xD3
	InsVerifyPIN            = 0x20
	InsChangePIN            = 0x21
	InsDeriveKey            = 0xD1
	InsExportKey            = 0xC2
	InsExportSeed           = 0xC3
	InsSign                 = 0xC0
	InsSetPinlessPath       = 0xC1
	InsExportData           = 0xC5
	InsLoadKey              = 0xD0
	InsIdentifyCard         = 0x14
	InsExportCert           = 0x16

	P1PairingFirstStep              = 0x00
	P1PairingFinalStep              = 0x01
	P1GetStatusApplication          = 0x00
	P1GetStatusKeyPath              = 0x01
	P1DeriveKeyFromMaster           = 0x00
	P1DeriveKeyFromParent           = 0x40
	P1DeriveKeyFromCurrent          = 0x80
	P1ChangePinPIN                  = 0x00
	P1ChangePinPUK                  = 0x01
	P1ChangePinPairingSecret        = 0x02
	P1SignCurrentKey                = 0x00
	P1SignDerive                    = 0x01
	P1SignDeriveAndMakeCurrent      = 0x02
	P1SignPinless                   = 0x03
	P1ExportKeyCurrent              = 0x00
	P1ExportKeyDerive               = 0x01
	P1ExportKeyDeriveAndMakeCurrent = 0x02
	P2ExportKeyPrivateAndPublic     = 0x00
	P2ExportKeyPublicOnly           = 0x01
	P1LoadKeySeed                   = 0x03

	SwNoAvailablePairingSlots = 0x6A84
)

Variables

View Source 
var ErrCertInvalid = errors.New("pairing detected invalid certificate")
View Source 
var ErrInvalidResponseMAC = errors.New("invalid response MAC")
View Source 
var ErrNoAvailablePairingSlots = errors.New("no available pairing slots")

Functions

func NewCommandChangePIN 

func NewCommandChangePIN(pin string) *apdu.Command

func NewCommandChangePUK 

func NewCommandChangePUK(puk string) *apdu.Command

func NewCommandChangePairingSecret 

func NewCommandChangePairingSecret(secret []byte) *apdu.Command

func NewCommandDeriveKey 

func NewCommandDeriveKey(pathStr string) (*apdu.Command, error)

func NewCommandExportCert 

func NewCommandExportCert() *apdu.Command

func NewCommandExportData 

func NewCommandExportData(page uint8) *apdu.Command

func NewCommandExportKey 

func NewCommandExportKey(p1 uint8, p2 uint8, pathStr string) (*apdu.Command, error)

Export a key 

	@param {p1}
		0x00: current key - returns the key that is currently loaded and ready for signing. Does not use derivation path
		0x01: derive - returns derived key
		0x02: derive and make current - returns derived key and also sets it to the current key
 @param {p2}
		0x00: return public and private key pair
		0x01: return only the public key
 @param {pathStr}
		Derivation path of format "m/x/x/x/x/x", e.g. "m/44'/0'/0'/0/0"

func NewCommandExportSeed 

func NewCommandExportSeed() *apdu.Command

func NewCommandGenerateKey 

func NewCommandGenerateKey() *apdu.Command

func NewCommandGetStatus 

func NewCommandGetStatus(p1 uint8) *apdu.Command

func NewCommandIdentifyCard 

func NewCommandIdentifyCard(hash []byte) *apdu.Command

func NewCommandInit 

func NewCommandInit(data []byte) *apdu.Command

func NewCommandLoadSeed 

func NewCommandLoadSeed(seed []byte) *apdu.Command

func NewCommandMutuallyAuthenticate 

func NewCommandMutuallyAuthenticate(data []byte) *apdu.Command

func NewCommandOpenSecureChannel 

func NewCommandOpenSecureChannel(pairingIndex uint8, pubKey []byte) *apdu.Command

func NewCommandPairFinalStep 

func NewCommandPairFinalStep(cryptogramHash []byte) *apdu.Command

func NewCommandPairFirstStep 

func NewCommandPairFirstStep(challenge []byte) *apdu.Command

func NewCommandRemoveKey 

func NewCommandRemoveKey() *apdu.Command

func NewCommandSetPinlessPath 

func NewCommandSetPinlessPath(pathStr string) (*apdu.Command, error)

func NewCommandSign 

func NewCommandSign(data []byte, p1 uint8, pathStr string) (*apdu.Command, error)

func NewCommandUnpair 

func NewCommandUnpair(index uint8) *apdu.Command

func NewCommandVerifyPIN 

func NewCommandVerifyPIN(pin string) *apdu.Command

Types

type CashCommandSet 

type CashCommandSet struct {
	CashApplicationInfo *types.CashApplicationInfo
	// contains filtered or unexported fields
}

func NewCashCommandSet 

func NewCashCommandSet(c types.Channel) *CashCommandSet

func (*CashCommandSet) Select 

func (cs *CashCommandSet) Select() error

func (*CashCommandSet) Sign 

func (cs *CashCommandSet) Sign(data []byte) (*types.Signature, error)

type CommandSet 

type CommandSet struct {
	ApplicationInfo *types.ApplicationInfo
	PairingInfo     *types.PairingInfo
	// contains filtered or unexported fields
}

func NewCommandSet 

func NewCommandSet(c types.Channel) *CommandSet

func (*CommandSet) ChangePIN 

func (cs *CommandSet) ChangePIN(pin string) error

func (*CommandSet) ChangePUK 

func (cs *CommandSet) ChangePUK(puk string) error

func (*CommandSet) ChangePairingSecret 

func (cs *CommandSet) ChangePairingSecret(password string) error

func (*CommandSet) DeriveKey 

func (cs *CommandSet) DeriveKey(path string) error

func (*CommandSet) ExportCert 

func (cs *CommandSet) ExportCert() ([]byte, error)

func (*CommandSet) ExportData 

func (cs *CommandSet) ExportData() ([]byte, error)

Supported by SafeCard applet v2.3 and above

func (*CommandSet) ExportKey 

func (cs *CommandSet) ExportKey(derive bool, makeCurrent bool, onlyPublic bool, path string) ([]byte, error)

func (*CommandSet) ExportSeed 

func (cs *CommandSet) ExportSeed() ([]byte, error)

func (*CommandSet) GenerateKey 

func (cs *CommandSet) GenerateKey() ([]byte, error)

func (*CommandSet) GetStatus 

func (cs *CommandSet) GetStatus(info uint8) (*types.ApplicationStatus, error)

func (*CommandSet) GetStatusApplication 

func (cs *CommandSet) GetStatusApplication() (*types.ApplicationStatus, error)

func (*CommandSet) GetStatusKeyPath 

func (cs *CommandSet) GetStatusKeyPath() (*types.ApplicationStatus, error)

func (*CommandSet) IdentifyCard 

func (cs *CommandSet) IdentifyCard(hash []byte) ([]byte, error)

func (*CommandSet) Init 

func (cs *CommandSet) Init(secrets *Secrets) error

func (*CommandSet) LoadSeed 

func (cs *CommandSet) LoadSeed(seed []byte) ([]byte, error)

func (*CommandSet) OpenSecureChannel 

func (cs *CommandSet) OpenSecureChannel() error

func (*CommandSet) Pair 

func (cs *CommandSet) Pair() error

func (*CommandSet) RemoveKey 

func (cs *CommandSet) RemoveKey() error

func (*CommandSet) Select 

func (cs *CommandSet) Select() error

func (*CommandSet) SetPairingInfo 

func (cs *CommandSet) SetPairingInfo(key []byte, index int)

func (*CommandSet) SetPinlessPath 

func (cs *CommandSet) SetPinlessPath(path string) error

func (*CommandSet) Sign 

func (cs *CommandSet) Sign(data []byte) (*types.Signature, error)

func (*CommandSet) SignPinless 

func (cs *CommandSet) SignPinless(data []byte) (*types.Signature, error)

func (*CommandSet) SignWithPath 

func (cs *CommandSet) SignWithPath(data []byte, path string) (*types.Signature, error)

func (*CommandSet) Unpair 

func (cs *CommandSet) Unpair(index uint8) error

func (*CommandSet) VerifyPIN 

func (cs *CommandSet) VerifyPIN(pin string) error

type Secrets 

type Secrets struct {
	// contains filtered or unexported fields
}

Secrets contains the secret data needed to pair a client with a card.

func GenerateSecrets 

func GenerateSecrets() (*Secrets, error)

GenerateSecrets generate a new Secrets with random puk and pairing password.

func NewSecrets 

func NewSecrets(pin, puk, pairingPass string) *Secrets

func (*Secrets) PairingPass 

func (s *Secrets) PairingPass() string

PairingPass returns the pairing password string.

func (*Secrets) PairingToken 

func (s *Secrets) PairingToken() []byte

PairingToken returns the pairing token generated from the random pairing password.

func (*Secrets) Pin 

func (s *Secrets) Pin() string

Pin returns the pin string.

func (*Secrets) Puk 

func (s *Secrets) Puk() string

Puk returns the puk string.

type SecureChannel 

type SecureChannel struct {
	// contains filtered or unexported fields
}

func NewSecureChannel 

func NewSecureChannel(c types.Channel) *SecureChannel

func (*SecureChannel) GenerateSecret 

func (sc *SecureChannel) GenerateSecret(cardPubKeyData []byte) error

func (*SecureChannel) Init 

func (sc *SecureChannel) Init(iv, encKey, macKey []byte)

func (*SecureChannel) OneShotEncrypt 

func (sc *SecureChannel) OneShotEncrypt(secrets *Secrets) ([]byte, error)

func (*SecureChannel) PublicKey 

func (sc *SecureChannel) PublicKey() *ecdsa.PublicKey

func (*SecureChannel) RawPublicKey 

func (sc *SecureChannel) RawPublicKey() []byte

func (*SecureChannel) Reset 

func (sc *SecureChannel) Reset()

func (*SecureChannel) Secret 

func (sc *SecureChannel) Secret() []byte

func (*SecureChannel) Send 

func (sc *SecureChannel) Send(cmd *apdu.Command) (*apdu.Response, error)

AES-GCM Symmetric encryption

Source Files

View all Source files

Directories

Path Synopsis
crypto

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.