-
Notifications
You must be signed in to change notification settings - Fork 0
/
security_commands.py
99 lines (86 loc) · 2.55 KB
/
security_commands.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
def command_aes_auth(key_id: list) -> list:
'''
AA: Authenticate (AES)
This allows you to authenticate for a specified key number using AES.
If the key is not AES you get an AE error back. The key number is the key in the current application.
If top level (AID 0) selected or no application selected yet then this is the master key for the card (key 0).
'''
apdu = [0x90, 0xAA, 0x00, 0x00]
lc = [0x01]
apdu += lc
apdu += key_id
le = [0x00]
apdu += le
return apdu
def command_des_auth(key_id: list) -> list:
'''
1A: Authenticate (3DES/ 3K3DES)
'''
apdu = [0x90, 0x1A, 0x00, 0x00]
lc = [0x01]
apdu += lc
apdu += key_id
le = [0x00]
apdu += le
return apdu
def command_legacy_auth(key_id: list) -> list:
'''
0A: Authenticate (Legacy DES)
'''
apdu = [0x90, 0x0A, 0x00, 0x00]
lc = [0x01]
apdu += lc
apdu += key_id
le = [0x00]
apdu += le
return apdu
def command_change_key_settings(key_id: list, encrypted_data: list) -> list:
apdu = [0x90, 0x54, 0x00, 0x00]
lc = [len(encrypted_data)]
apdu += lc
le = [0x00]
apdu += le
return apdu
def command_set_configuration(encrypted_data: list) -> list:
'''
5C 00: Set Configuration (card config)
This sets top level card settings.
NOTE: Details in RevK's manual, page 7.
'''
apdu = [0x90, 0x5C, 0x00, 0x00]
lc = [0x01]
apdu += lc
apdu += [0x00]
le = [0x00]
apdu += le
return apdu
def command_change_key(key_id: list, encrypted_data: list) -> list:
'''
C4: Change Key
This allows a key to be changed.
If setting the master key for the card level, the key no has bit 7 set to indicate AES.
If changing a different key to the current key, the new key data is the new XOR'd with the old
key. A CRC of the new key is included at the end of the message.
This message format is slightly different if not using AES.
'''
apdu = [0x90, 0xC4, 0x00, 0x00]
lc = [len(encrypted_data) + 1]
apdu += lc
apdu += key_id
apdu += encrypted_data
le = [0x00]
apdu += le
return apdu
def command_get_key_version(key_id: list) -> list:
'''
64: Get Key Version
This gets the version of the key, for AES this is a version byte which can be set when setting the
key. This allows you to then know which key to use if there have been different versions of keys in use.
'''
apdu = [0x90, 0x64, 0x00, 0x00]
lc = [0x01]
apdu += lc
apdu += key_id
le = [0x00]
apdu += le
return apdu