WIP: Support for Portuguese Electronic ID Cards

[jpbarraca]

Support for PTEID cards was added, while replicating the structure from official development cards.

It currently seems to work ok through PKCS11 using pkcs11-tool and objects follow the same structure as official cards. Some objects (2-3 actually) still need work as the structure needs to be understood and they need to be recreated.

Included is a generator tool able to create the cryptographic objects. Future work will focus on the PTEID specific objects (address, picture, PTEID file blob).

Features added by analyzing public documentation and some reverse engineering with actual cards... some things may be incorrectly implemented.

EDIT:
To test one needs to go to pteid and python3 generate_pteid_card.py, which will produce a set of certificates a card.json.
This file should be copied to the location of the vicc file.
Then, start vicc with vicc -t PTEID

On another terminal, to generate a signature.
pkcs11-tool --login --sign -i input_file --pin 1111 -o signature -m RSA-PKCS

Most of other methods will also work.

[frankmorgner]

This looks quite interesting.

Sorry, that you stumbled across some of the problems that were introduced when migrating to python 3.

did you think about adding some automated testcase for opensc to check if pteid still works?

[frankmorgner]

I believe you're using the first byte of a binary string here, right?

I think we need to change ALGO_MAPPING to map binary strings to names of algorithms instead of mapping a byte (integer) to algorithms (i.e. we need to change . In nPA.py, for example, you can see a mapping from an OID (binary string) to some algorithm....

diff --git a/virtualsmartcard/src/vpicc/virtualsmartcard/ConstantDefinitions.py b/virtualsmartcard/src/vpicc/virtualsmartcard/ConstantDefinitions.py
index d81e221..c2ebf90 100644
--- a/virtualsmartcard/src/vpicc/virtualsmartcard/ConstantDefinitions.py
+++ b/virtualsmartcard/src/vpicc/virtualsmartcard/ConstantDefinitions.py
@@ -215,20 +215,20 @@ CRT_TEMPLATE["CT"] = 0xB8  # Template for Confidentiality
 
 # This table maps algorithms to numbers. It is used in the security environment
 ALGO_MAPPING = {}
-ALGO_MAPPING[0x00] = "DES3-ECB"
-ALGO_MAPPING[0x01] = "DES3-CBC"
-ALGO_MAPPING[0x02] = "AES-ECB"
-ALGO_MAPPING[0x03] = "AES-CBC"
-ALGO_MAPPING[0x04] = "DES-ECB"
-ALGO_MAPPING[0x05] = "DES-CBC"
-ALGO_MAPPING[0x06] = "MD5"
-ALGO_MAPPING[0x07] = "SHA"
-ALGO_MAPPING[0x08] = "SHA256"
-ALGO_MAPPING[0x09] = "MAC"
-ALGO_MAPPING[0x0A] = "HMAC"
-ALGO_MAPPING[0x0B] = "CC"
-ALGO_MAPPING[0x0C] = "RSA"
-ALGO_MAPPING[0x0D] = "DSA"
+ALGO_MAPPING[b'\x00'] = "DES3-ECB"
+ALGO_MAPPING[b'\x01'] = "DES3-CBC"
+ALGO_MAPPING[b'\x02'] = "AES-ECB"
+ALGO_MAPPING[b'\x03'] = "AES-CBC"
+ALGO_MAPPING[b'\x04'] = "DES-ECB"
+ALGO_MAPPING[b'\x05'] = "DES-CBC"
+ALGO_MAPPING[b'\x06'] = "MD5"
+ALGO_MAPPING[b'\x07'] = "SHA"
+ALGO_MAPPING[b'\x08'] = "SHA256"
+ALGO_MAPPING[b'\x09'] = "MAC"
+ALGO_MAPPING[b'\x0A'] = "HMAC"
+ALGO_MAPPING[b'\x0B'] = "CC"
+ALGO_MAPPING[b'\x0C'] = "RSA"
+ALGO_MAPPING[b'\x0D'] = "DSA"

[jpbarraca]

Corrected as you suggested.

[frankmorgner]

why comment this out?

[frankmorgner]

technically speaking, this is an error, because the application specifically did not do the selection from MF; typically, there is no fall back directory, just the error is returned...

[jpbarraca]

Thank you for the time and comments.
I will take a look at them. Especially that deviation in the behaviour of the FS. Maybe there is something else that I am missing.

Regarding python, it now seems to work with version 3. But I agree it needs tests.

[frankmorgner]

Hi! It seems like I didn't realize that you did an update of the code. Thank you!

Did you also have a look at the other technical comments above? 1 2

[jpbarraca]

I updated the code to fix some issues found during a course where we used the vsmartcard.
I will try to address the technical issues to complete this process.