Open Parzivalxx opened 5 months ago
Can you test if it makes any difference changing aes key length to KEY_LENGTH.s256
in PACE.decryptNonce:583
Also word of advice, you're logging on the finest level which might leak sensitive data. Make sure to remove this data prior posting logs to public discourse.
Hi, I have tried it already, but am getting another error:
I/flutter (25820): Button pressed
I/flutter (25820): passport FINE: 2024-06-26 09:25:54.000373: Reading EF.CardAccess
I/flutter (25820): passport FINE: 2024-06-26 09:25:54.002595: Selecting MF
I/flutter (25820): mrtd.api FINE: 2024-06-26 09:25:54.003434: Selecting root Master File
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.004851: Transceiving to ICC: C-APDU(CLA:00 INS:A4 P1:00 P2:00 Le:0 Lc:0 Data:null)
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.006936: Sending 4 byte(s) to ICC: data='00a40000'
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.023911: Received 2 byte(s) from ICC
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.024488: data='9000'
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.025355: Received response from ICC: sw=9000 data_len=0
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.025495: data=null
I/flutter (25820): mrtd.api FINE: 2024-06-26 09:25:54.026394: Reading file sfi=0x1C
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.026836: Transceiving to ICC: C-APDU(CLA:00 INS:B0 P1:9C P2:00 Le:8 Lc:0 Data:null)
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.027674: Sending 5 byte(s) to ICC: data='00b09c0008'
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.035173: Received 10 byte(s) from ICC
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.035358: data='31143012060a04009000'
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.035778: Received response from ICC: sw=9000 data_len=8
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.035872: data=31143012060a0400
I/flutter (25820): mrtd.api FINE: 2024-06-26 09:25:54.037176: _readBinary: offset=8 nRead=14 remaining=14 maxRead=112
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.038015: Transceiving to ICC: C-APDU(CLA:00 INS:B0 P1:00 P2:08 Le:14 Lc:0 Data:null)
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.038235: Sending 5 byte(s) to ICC: data='00b000080e'
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.048968: Received 16 byte(s) from ICC
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.049206: data='7f0007020204020402010202010d9000'
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.049351: Received response from ICC: sw=9000 data_len=14
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.049451: data=7f0007020204020402010202010d
I/flutter (25820): EfCardAccess FINER: 2024-06-26 09:25:54.051357: Parsing EF.CardAccess31143012060a04007f0007020204020402010202010d
I/flutter (25820): PaceInfo FINE: 2024-06-26 09:25:54.060747: PaceInfo constructor
I/flutter (25820): ASN1ObjectIdentifierType INFO: 2024-06-26 09:25:54.062306: ASN1ObjectIdentifierType constructor
I/flutter (25820): ASN1ObjectIdentifierType INFO: 2024-06-26 09:25:54.062649: OIDS from pointycastle library were added to list.
I/flutter (25820): PaceInfo INFO: 2024-06-26 09:25:54.065036: Parsing PaceInfo...
I/flutter (25820): PaceInfo FINE: 2024-06-26 09:25:54.065150: Data: Instance of 'ASN1Sequence'
I/flutter (25820): PaceInfo INFO: 2024-06-26 09:25:54.065224: ... parsing protocol ...
I/flutter (25820): ASN1ObjectIdentifierType FINER: 2024-06-26 09:25:54.065588: hasOIDWithIdentifierString: 0.4.0.127.0.7.2.2.4.2.4
I/flutter (25820): ASN1ObjectIdentifierType FINER: 2024-06-26 09:25:54.065966: getOIDByIdentifierString: 0.4.0.127.0.7.2.2.4.2.4
I/flutter (25820): OIE FINE: 2024-06-26 09:25:54.067791: OIEPaceProtocol; identifierString: 0.4.0.127.0.7.2.2.4.2.4, CipherAlgorithm: CipherAlgorithm.AES, KEY_LENGTH: KEY_LENGTH.s256, TOKEN_AGREEMENT_ALGO: TOKEN_AGREEMENT_ALGO.ECDH, MAPPING_TYPE: MAPPING_TYPE.GM
I/flutter (25820): PaceInfo INFO: 2024-06-26 09:25:54.067927: ... protocol parsed ...
I/flutter (25820): PaceInfo FINE: 2024-06-26 09:25:54.068010: Protocol: Instance of 'ASN1ObjectIdentifier'
I/flutter (25820): PaceInfo INFO: 2024-06-26 09:25:54.068069: ... parsing version ...
I/flutter (25820): PaceInfo INFO: 2024-06-26 09:25:54.068562: ... version parsed ...
I/flutter (25820): PaceInfo FINE: 2024-06-26 09:25:54.068666: Version: Instance of 'ASN1Integer'
I/flutter (25820): PaceInfo INFO: 2024-06-26 09:25:54.068743: ... parsing parameterId ...
I/flutter (25820): DomainParameterSelectorECDH FINER: 2024-06-26 09:25:54.070399: Selected domain parameter: BrainpoolP256r1
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:54.080417: DomainParameter(id: 13, name: BrainpoolP256r1, size: 256, type: DomainParameterType.ECP, isSupported: false)
I/flutter (25820): PaceInfo INFO: 2024-06-26 09:25:54.080658: ... parameterId parsed ...
I/flutter (25820): PaceInfo FINE: 2024-06-26 09:25:54.080747: ParameterId: Instance of 'ASN1Integer'
I/flutter (25820): PaceInfo INFO: 2024-06-26 09:25:54.080830: ... paceInfo successfully parsed.
I/flutter (25820): EfCardAccess INFO: 2024-06-26 09:25:54.080919: PaceInfo parsed.
I/flutter (25820): EfCardAccess FINE: 2024-06-26 09:25:54.081814: PaceInfo: PaceInfo(protocol: OIEPaceProtocol: 0.4.0.127.0.7.2.2.4.2.4, id-PACE-ECDH-GM-AES-CBC-CMAC-256, [0, 4, 0, 127, 0, 7, 2, 2, 4, 2, 4], CipherAlgorithm: CipherAlgorithm.AES, KEY_LENGTH: KEY_LENGTH.s256, TOKEN_AGREEMENT_ALGO: TOKEN_AGREEMENT_ALGO.ECDH, MAPPING_TYPE: MAPPING_TYPE.GM, version: 2, parameterId: 13, isPaceDomainParameterSupported: true)
I/flutter (25820): EfCardAccess SEVERE: 2024-06-26 09:25:54.082035: PaceInfo substruct has been saved to efcardaccess member ( paceInfo )
I/flutter (25820): passport FINE: 2024-06-26 09:25:54.082456: Starting session
I/flutter (25820): mrtd.api FINE: 2024-06-26 09:25:54.082856: Initiating SM session using PACE protocol (only DBA for now)
I/flutter (25820): pace FINE: 2024-06-26 09:25:54.084301: Starting PACE key establishment ...
I/flutter (25820): AccessKey.DBAKeys WARNING: 2024-06-26 09:25:54.084753: DBAKeys.toString() called. This is very sensitive data. Do not use in production!
I/flutter (25820): pace FINER: 2024-06-26 09:25:54.094330: Access key: DBAKeys{mrtdNumber: K3035201H, dateOfBirth: 721214, dateOfExpiry: 320714}. Is paceMode: true, Key seed: 5c34a99f3fa84e50d11b941de0fb43748ee1d9f0, Enc key: 4f16762c13a743910491bf97046e4ad5, Mac key: f4dca28f434a3e495794082c402392b9.
I/flutter (25820): pace FINE: 2024-06-26 09:25:54.094502: Protocol: OIEPaceProtocol: 0.4.0.127.0.7.2.2.4.2.4, id-PACE-ECDH-GM-AES-CBC-CMAC-256, [0, 4, 0, 127, 0, 7, 2, 2, 4, 2, 4], CipherAlgorithm: CipherAlgorithm.AES, KEY_LENGTH: KEY_LENGTH.s256, TOKEN_AGREEMENT_ALGO: TOKEN_AGREEMENT_ALGO.ECDH, MAPPING_TYPE: MAPPING_TYPE.GM
I/flutter (25820): pace FINE: 2024-06-26 09:25:54.094822: Generating AUTHENTICATION TEMPLATE FOR MUTUAL AUTHENTICATION data ...
I/flutter (25820): pace FINE: 2024-06-26 09:25:54.095803: AUTHENTICATION TEMPLATE FOR MUTUAL AUTHENTICATION data: Instance of 'TLVSet'
I/flutter (25820): icc FINER: 2024-06-26 09:25:54.097892: Sending SET 'AUTHENTICATION TEMPLATE FOR MUTUAL AUTHENTICATION' command to ICC data='800a04007f00070202040204830101' ne=0 cla=00
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.098013: Transceiving to ICC: C-APDU(CLA:00 INS:22 P1:C1 P2:A4 Le:0 Lc:15 Data:800a04007f00070202040204830101)
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.098125: Sending 20 byte(s) to ICC: data='0022c1a40f800a04007f00070202040204830101'
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.142543: Received 2 byte(s) from ICC
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.142695: data='9000'
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.142793: Received response from ICC: sw=9000 data_len=0
I/flutter (25820): icc FINE: 2024-06-26 09:25:54.142897: data=null
I/flutter (25820): pace FINEST: 2024-06-26 09:25:54.143145: ICC response: true
I/flutter (25820): pace FINE: 2024-06-26 09:25:54.143213: Got PACE step 0 SUCCESSFUL response from ICC
I/flutter (25820): pace FINE: 2024-06-26 09:25:54.143257: PACE step 0 response from ICC is valid
I/flutter (25820): pace FINE: 2024-06-26 09:25:55.145666: Generating GENERAL AUTHENTICATE (step 1) data ...
I/flutter (25820): pace FINE: 2024-06-26 09:25:55.147404: GENERAL AUTHENTICATE data: [124, 0]
I/flutter (25820): icc FINER: 2024-06-26 09:25:55.148876: Sending GENERAL AUTHENTICATE - step 1 command to ICC data='7c00' ne=256 cla=10
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.149458: Transceiving to ICC: C-APDU(CLA:10 INS:86 P1:00 P2:00 Le:256 Lc:2 Data:7c00)
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.150166: Sending 8 byte(s) to ICC: data='10860000027c0000'
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.192049: Received 38 byte(s) from ICC
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.192514: data='7c228020950f0cdd945d643d20d7933cac222d444630bc9e1a6c53b6d8e947d2fc40234f9000'
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.192930: Received response from ICC: sw=9000 data_len=36
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.193351: data=7c228020950f0cdd945d643d20d7933cac222d444630bc9e1a6c53b6d8e947d2fc40234f
I/flutter (25820): pace FINE: 2024-06-26 09:25:55.193660: Got PACE step 1 SUCCESSFUL response from ICC
I/flutter (25820): ResponseAPDUStep1Pace FINER: 2024-06-26 09:25:55.195807: ResponseAPDUStep1Pace data: 7c228020950f0cdd945d643d20d7933cac222d444630bc9e1a6c53b6d8e947d2fc40234f
I/flutter (25820): ResponseAPDUStep1Pace FINER: 2024-06-26 09:25:55.197679: Pace.step1; Response data contains dynamic authentication data
I/flutter (25820): ResponseAPDUStep1Pace FINER: 2024-06-26 09:25:55.198583: Nonce: 950f0cdd945d643d20d7933cac222d444630bc9e1a6c53b6d8e947d2fc40234f
I/flutter (25820): pace FINE: 2024-06-26 09:25:55.200659: PACE.decryptNonce; Decrypting nonce ...
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.201075: PACE.decryptNonce; Nonce: 950f0cdd945d643d20d7933cac222d444630bc9e1a6c53b6d8e947d2fc40234f, Pace protocol: OIEPaceProtocol: 0.4.0.127.0.7.2.2.4.2.4, id-PACE-ECDH-GM-AES-CBC-CMAC-256, [0, 4, 0, 127, 0, 7, 2, 2, 4, 2, 4], CipherAlgorithm: CipherAlgorithm.AES, KEY_LENGTH: KEY_LENGTH.s256, TOKEN_AGREEMENT_ALGO: TOKEN_AGREEMENT_ALGO.ECDH, MAPPING_TYPE: MAPPING_TYPE.GM
I/flutter (25820): AccessKey.DBAKeys WARNING: 2024-06-26 09:25:55.201347: DBAKeys.toString() called. This is very sensitive data. Do not use in production!
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.204626: PACE.decryptNonce; Access key: DBAKeys{mrtdNumber: K3035201H, dateOfBirth: 721214, dateOfExpiry: 320714}. Is paceMode: true, Key seed: 5c34a99f3fa84e50d11b941de0fb43748ee1d9f0, Enc key: 4f16762c13a743910491bf97046e4ad5, Mac key: f4dca28f434a3e495794082c402392b9.
I/flutter (25820): AccessKey.DBAKeys FINE: 2024-06-26 09:25:55.206065: Calculating K-pi key ...
I/flutter (25820): AccessKey.DBAKeys FINE: 2024-06-26 09:25:55.206248: Seed: 5c34a99f3fa84e50d11b941de0fb43748ee1d9f0, Key length: KEY_LENGTH.s256, Cipher algorithm: CipherAlgorithm.AES
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.211936: PACE.decryptNonce; K-pi: 4229176ad0f24146cf7b6281ffd475f67619840bc76df393a7291bb13764e078
I/flutter (25820): pace FINE: 2024-06-26 09:25:55.212122: PACE.decryptNonce; Cipher algorithm: AES
I/flutter (25820): AESChiperSelector FINER: 2024-06-26 09:25:55.212686: AES chiper with 256-bit key size selected.
I/flutter (25820): AESCipher FINEST: 2024-06-26 09:25:55.214339: AESCipher.decrypt; data size: 32, data: 950f0cdd945d643d20d7933cac222d444630bc9e1a6c53b6d8e947d2fc40234f
I/flutter (25820): AESCipher FINER: 2024-06-26 09:25:55.214487: AESCipher.decrypt; data: 950f0cdd945d643d20d7933cac222d444630bc9e1a6c53b6d8e947d2fc40234f, key size: 32, key: 4229176ad0f24146cf7b6281ffd475f67619840bc76df393a7291bb13764e078
I/flutter (25820): AESCipher FINER: 2024-06-26 09:25:55.214724: AESCipher.decrypt; iv is null
I/flutter (25820): AESCipher FINEST: 2024-06-26 09:25:55.220275: AESCipher._processBlocks; data size: 32
I/flutter (25820): AESCipher FINER: 2024-06-26 09:25:55.220400: AESCipher._processBlocks; data: 950f0cdd945d643d20d7933cac222d444630bc9e1a6c53b6d8e947d2fc40234f
I/flutter (25820): AESCipher FINER: 2024-06-26 09:25:55.224099: AESCipher._processBlocks; output data: 4c50919f69c9dc4ce05932aaa54c15569a1b09140fbb8dcf45480c0239405116
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.224356: PACE.decryptNonce; Decrypted nonce: 4c50919f69c9dc4ce05932aaa54c15569a1b09140fbb8dcf45480c0239405116
I/flutter (25820): pace FINE: 2024-06-26 09:25:55.224450: PACE step 1 response from ICC is valid
I/flutter (25820): pace FINE: 2024-06-26 09:25:55.224535: Going to ECDH key establishment (on step 2, 3 and 4)
I/flutter (25820): pace FINE: 2024-06-26 09:25:55.255859: PACE >ECDH< key establishment (from step 2 to step 4) ...
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.256187: PACE >ECDH< key establishment (from step 2 to step 4); Decrypted nonce: 4c50919f69c9dc4ce05932aaa54c15569a1b09140fbb8dcf45480c0239405116, Pace domain parameter id(int): 13, Pace protocol: OIEPaceProtocol: 0.4.0.127.0.7.2.2.4.2.4, id-PACE-ECDH-GM-AES-CBC-CMAC-256, [0, 4, 0, 127, 0, 7, 2, 2, 4, 2, 4], CipherAlgorithm: CipherAlgorithm.AES, KEY_LENGTH: KEY_LENGTH.s256, TOKEN_AGREEMENT_ALGO: TOKEN_AGREEMENT_ALGO.ECDH, MAPPING_TYPE: MAPPING_TYPE.GM
I/flutter (25820): pace FINE: 2024-06-26 09:25:55.256288: Starting PACE step 2 ...
I/flutter (25820): DomainParameterSelectorECDH FINER: 2024-06-26 09:25:55.256365: Selected domain parameter: BrainpoolP256r1
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:55.256923: DomainParameter(id: 13, name: BrainpoolP256r1, size: 256, type: DomainParameterType.ECP, isSupported: false)
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:55.257678: Generating key pair for domain parameter BrainpoolP256r1.
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:55.257831: Seed is null. Generating random seed (32 bytes).
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:55.282497: Seed is calculated. Generating key pair (Generator - EC) ...
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:55.359679: Generated public key: X: 2754a8786d2380fae1669fffd66e1ca5bb81d9f18c12da917ab16e646851a235
I/flutter (25820): Y: 9a41e7d4e9afb2a73860f43dcfe4c7da6250eb5efdc6051a094a47f6efab899e
I/flutter (25820): ECDHPaceCurve SHOUT: 2024-06-26 09:25:55.360066: Generated private key: 27bb0b46c620f3a4e0d5a1aa8dff3aa344b3c049524757d66962f702c15adf47
I/flutter (25820): ECDHPaceCurve WARNING: 2024-06-26 09:25:55.360546: This function is only for testing purposes. It prints private keys. Do not use in production.
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.360768: Private key: ECDHPaceCurve: BrainpoolP256r1: private key: 27bb0b46c620f3a4e0d5a1aa8dff3aa344b3c049524757d66962f702c15adf47
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.361108: Public key: 2754a8786d2380fae1669fffd66e1ca5bb81d9f18c12da917ab16e646851a2359a41e7d4e9afb2a73860f43dcfe4c7da6250eb5efdc6051a094a47f6efab899e
I/flutter (25820): pace FINE: 2024-06-26 09:25:55.361893: Generating GENERAL AUTHENTICATE (step 2 (or 3)) data: Is ephemeral: false ...
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.362268: ECDH data: 8141042754a8786d2380fae1669fffd66e1ca5bb81d9f18c12da917ab16e646851a2359a41e7d4e9afb2a73860f43dcfe4c7da6250eb5efdc6051a094a47f6efab899e
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.362436: PACE step 2 (or 3) data: 7c438141042754a8786d2380fae1669fffd66e1ca5bb81d9f18c12da917ab16e646851a2359a41e7d4e9afb2a73860f43dcfe4c7da6250eb5efdc6051a094a47f6efab899e
I/flutter (25820): icc FINER: 2024-06-26 09:25:55.362856: Sending GENERAL AUTHENTICATE - step 2 or 3' command to ICC data='7c438141042754a8786d2380fae1669fffd66e1ca5bb81d9f18c12da917ab16e646851a2359a41e7d4e9afb2a73860f43dcfe4c7da6250eb5efdc6051a094a47f6efab899e' ne=256 cla=10
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.362974: Transceiving to ICC: C-APDU(CLA:10 INS:86 P1:00 P2:00 Le:256 Lc:69 Data:7c438141042754a8786d2380fae1669fffd66e1ca5bb81d9f18c12da917ab16e646851a2359a41e7d4e9afb2a73860f43dcfe4c7da6250eb5efdc6051a094a47f6efab899e)
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.363075: Sending 75 byte(s) to ICC: data='10860000457c438141042754a8786d2380fae1669fffd66e1ca5bb81d9f18c12da917ab16e646851a2359a41e7d4e9afb2a73860f43dcfe4c7da6250eb5efdc6051a094a47f6efab899e00'
W/BpBinder(25820): Slow Binder: BpBinder transact took 545 ms, interface=android.nfc.INfcTag, code=6 oneway=false
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.914570: Received 71 byte(s) from ICC
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.915175: data='7c43824104a8ff1d3cb20af81ae325599e31b6ba05df60ae433e0fec4c784343489698195e2aeeef4fa5eb1fbe61d2ca0e388eeebf007e479de11a6d4b4ea5d4e325e9723f9000'
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.915385: Received response from ICC: sw=9000 data_len=69
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.915571: data=7c43824104a8ff1d3cb20af81ae325599e31b6ba05df60ae433e0fec4c784343489698195e2aeeef4fa5eb1fbe61d2ca0e388eeebf007e479de11a6d4b4ea5d4e325e9723f
I/flutter (25820): ResponseAPDUStep2or3Pace FINER: 2024-06-26 09:25:55.917274: ResponseAPDUStep2and3Pace data: 7c43824104a8ff1d3cb20af81ae325599e31b6ba05df60ae433e0fec4c784343489698195e2aeeef4fa5eb1fbe61d2ca0e388eeebf007e479de11a6d4b4ea5d4e325e9723f
I/flutter (25820): ResponseAPDUStep2or3Pace FINER: 2024-06-26 09:25:55.917510: Pace.step2 or 3; Response data contains dynamic authentication data
I/flutter (25820): ResponseAPDUStep2or3Pace FINER: 2024-06-26 09:25:55.917610: ... step 2
I/flutter (25820): ResponseAPDUStep2or3Pace FINER: 2024-06-26 09:25:55.918075: Pace.step2 or 3; Mapping data contains EC public key
I/flutter (25820): ResponseAPDUStep2or3Pace FINER: 2024-06-26 09:25:55.919057: ICC public key: X: a8ff1d3cb20af81ae325599e31b6ba05df60ae433e0fec4c784343489698195e
I/flutter (25820): Y: 2aeeef4fa5eb1fbe61d2ca0e388eeebf007e479de11a6d4b4ea5d4e325e9723f
I/flutter (25820): pace FINE: 2024-06-26 09:25:55.919304: PACE step 2 response from ICC is valid
I/flutter (25820): pace FINE: 2024-06-26 09:25:55.919383: Starting PACE step 3 ...
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:55.919845: Generating key pair (from PublicKeyPACEeCDH) for domain parameter BrainpoolP256r1.
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:55.920093: Received public key: X: a8ff1d3cb20af81ae325599e31b6ba05df60ae433e0fec4c784343489698195e
I/flutter (25820): Y: 2aeeef4fa5eb1fbe61d2ca0e388eeebf007e479de11a6d4b4ea5d4e325e9723f
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:55.920672: Calculating mapped generator with domain parameter BrainpoolP256r1.
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:55.921257: Calculate shared secret with domain parameter BrainpoolP256r1.
I/flutter (25820): ECDHPaceCurve FINER: 2024-06-26 09:25:55.936745: Shared secret in mapped generator (X, Y): [72, 163, 71, 175, 248, 26, 177, 160, 13, 117, 211, 3, 63, 19, 192, 239, 202, 105, 66, 215, 28, 182, 36, 187, 59, 91, 189, 189, 179, 113, 67, 123, 45, 5, 129, 247, 204, 154, 4, 109, 67, 189, 171, 143, 180, 123, 63, 95, 147, 12, 97, 156, 203, 48, 13, 199, 51, 242, 47, 248, 33, 190, 209, 173]
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.949060: Generator point: X: 6498da4525aa091a0ea55ad5d7cf045f5e84f1bcf63d35b76b8ce93dbd792931
I/flutter (25820): Y: 78d3a7e4603be3c85c2dc23a3e2b56bcd2169a8ef424f369fa565a3a05dca128
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:55.949727: Generating custom key pair for domain parameter BrainpoolP256r1.
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:55.949864: Seed is null. Generating random seed (32 bytes).
I/flutter (25820): ECDHPaceCurve FINER: 2024-06-26 09:25:55.950353: Mapped generator: X: 6498da4525aa091a0ea55ad5d7cf045f5e84f1bcf63d35b76b8ce93dbd792931
I/flutter (25820): Y: 78d3a7e4603be3c85c2dc23a3e2b56bcd2169a8ef424f369fa565a3a05dca128
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:55.950599: Seed is calculated. Generating key pair (Generator - EC) ...
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:55.962718: Ephemeral public key: X: 599af098375d2939455c5252fd02b981178128c39a189f3476e560d0dcf5b5a9
I/flutter (25820): Y: 23e02ad520ed83df7adbc28da73d3736f46143622589883ac0297c212d4eb140
I/flutter (25820): ECDHPaceCurve FINER: 2024-06-26 09:25:55.962902: Ephemeral private key(x): 90a9b006362fee627455fb32b3fb4cb882a6263991aa13f11c9263f96d413c86
I/flutter (25820): ECDHPaceCurve WARNING: 2024-06-26 09:25:55.963240: This function is only for testing purposes. It prints private keys. Do not use in production.
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.963444: Private key (ephemeral included): ECDHPaceCurve: BrainpoolP256r1: private key: 27bb0b46c620f3a4e0d5a1aa8dff3aa344b3c049524757d66962f702c15adf47 ephemeral private key: 90a9b006362fee627455fb32b3fb4cb882a6263991aa13f11c9263f96d413c86
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.963628: Public key (ephemeral): 599af098375d2939455c5252fd02b981178128c39a189f3476e560d0dcf5b5a923e02ad520ed83df7adbc28da73d3736f46143622589883ac0297c212d4eb140
I/flutter (25820): pace FINE: 2024-06-26 09:25:55.963712: Generating GENERAL AUTHENTICATE (step 2 (or 3)) data: Is ephemeral: true ...
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.963906: ECDH data: 834104599af098375d2939455c5252fd02b981178128c39a189f3476e560d0dcf5b5a923e02ad520ed83df7adbc28da73d3736f46143622589883ac0297c212d4eb140
I/flutter (25820): pace FINER: 2024-06-26 09:25:55.964342: PACE step 2 (or 3) data: 7c43834104599af098375d2939455c5252fd02b981178128c39a189f3476e560d0dcf5b5a923e02ad520ed83df7adbc28da73d3736f46143622589883ac0297c212d4eb140
I/flutter (25820): icc FINER: 2024-06-26 09:25:55.964503: Sending GENERAL AUTHENTICATE - step 2 or 3' command to ICC data='7c43834104599af098375d2939455c5252fd02b981178128c39a189f3476e560d0dcf5b5a923e02ad520ed83df7adbc28da73d3736f46143622589883ac0297c212d4eb140' ne=256 cla=10
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.964608: Transceiving to ICC: C-APDU(CLA:10 INS:86 P1:00 P2:00 Le:256 Lc:69 Data:7c43834104599af098375d2939455c5252fd02b981178128c39a189f3476e560d0dcf5b5a923e02ad520ed83df7adbc28da73d3736f46143622589883ac0297c212d4eb140)
I/flutter (25820): icc FINE: 2024-06-26 09:25:55.964796: Sending 75 byte(s) to ICC: data='10860000457c43834104599af098375d2939455c5252fd02b981178128c39a189f3476e560d0dcf5b5a923e02ad520ed83df7adbc28da73d3736f46143622589883ac0297c212d4eb14000'
W/BpBinder(25820): Slow Binder: BpBinder transact took 632 ms, interface=android.nfc.INfcTag, code=6 oneway=false
I/flutter (25820): icc FINE: 2024-06-26 09:25:56.604699: Received 71 byte(s) from ICC
I/flutter (25820): icc FINE: 2024-06-26 09:25:56.606361: data='7c4384410416006404e44a9b509a7086b74baced42fe80045219d7b32e0b0e1e1d18a9063e224e2b83b292427c75fd547fd21aef9fce66df8931b3e131f3ef16e066d5900a9000'
I/flutter (25820): icc FINE: 2024-06-26 09:25:56.607145: Received response from ICC: sw=9000 data_len=69
I/flutter (25820): icc FINE: 2024-06-26 09:25:56.607898: data=7c4384410416006404e44a9b509a7086b74baced42fe80045219d7b32e0b0e1e1d18a9063e224e2b83b292427c75fd547fd21aef9fce66df8931b3e131f3ef16e066d5900a
I/flutter (25820): ResponseAPDUStep2or3Pace FINER: 2024-06-26 09:25:56.608814: ResponseAPDUStep2and3Pace data: 7c4384410416006404e44a9b509a7086b74baced42fe80045219d7b32e0b0e1e1d18a9063e224e2b83b292427c75fd547fd21aef9fce66df8931b3e131f3ef16e066d5900a
I/flutter (25820): ResponseAPDUStep2or3Pace FINER: 2024-06-26 09:25:56.609425: Pace.step2 or 3; Response data contains dynamic authentication data
I/flutter (25820): ResponseAPDUStep2or3Pace FINER: 2024-06-26 09:25:56.610136: ... step 3
I/flutter (25820): ResponseAPDUStep2or3Pace FINER: 2024-06-26 09:25:56.610624: Pace.step2 or 3; Mapping data contains EC public key
I/flutter (25820): ResponseAPDUStep2or3Pace FINER: 2024-06-26 09:25:56.612275: ICC public key: X: 16006404e44a9b509a7086b74baced42fe80045219d7b32e0b0e1e1d18a9063e
I/flutter (25820): Y: 224e2b83b292427c75fd547fd21aef9fce66df8931b3e131f3ef16e066d5900a
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.612623: PACE step 3 response from ICC is valid
I/flutter (25820): pace FINER: 2024-06-26 09:25:56.613082: Ephemeral public ICC key: X: 16006404e44a9b509a7086b74baced42fe80045219d7b32e0b0e1e1d18a9063e
I/flutter (25820): Y: 224e2b83b292427c75fd547fd21aef9fce66df8931b3e131f3ef16e066d5900a
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.613320: Starting PACE step 4 ...
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:56.613626: Generating key pair (from PublicKeyPACEeCDH) for domain parameter BrainpoolP256r1.
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:56.614029: Received public key: X: 16006404e44a9b509a7086b74baced42fe80045219d7b32e0b0e1e1d18a9063e
I/flutter (25820): Y: 224e2b83b292427c75fd547fd21aef9fce66df8931b3e131f3ef16e066d5900a
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.614166: Epehemeral public key is successfully transformed
I/flutter (25820): pace FINER: 2024-06-26 09:25:56.614405: Ephemeral public ICC key: X: 16006404e44a9b509a7086b74baced42fe80045219d7b32e0b0e1e1d18a9063e
I/flutter (25820): Y: 224e2b83b292427c75fd547fd21aef9fce66df8931b3e131f3ef16e066d5900a
I/flutter (25820): ECDHPaceCurve FINE: 2024-06-26 09:25:56.615056: Calculate ephemeral shared secret with domain parameter BrainpoolP256r1.
I/flutter (25820): pace FINER: 2024-06-26 09:25:56.627596: Ephemeral shared secret (X, Y): 01ca84c8b4c64afaa7c88380359e6ca24a05b62cb75f581452ac5a643e161695099253f9d4371eab2d5c549872b737795ae18dabadb1d2d828065506b9e18b60
I/flutter (25820): pace FINER: 2024-06-26 09:25:56.627925: Seed: 01ca84c8b4c64afaa7c88380359e6ca24a05b62cb75f581452ac5a643e161695
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.628402: f
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.628773: Seed: 01ca84c8b4c64afaa7c88380359e6ca24a05b62cb75f581452ac5a643e161695, Key length: KEY_LENGTH.s256, Cipher algorithm: CipherAlgorithm.AES
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.629134: Cipher algorithm: AES, Key length: 256 bits
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.630384: Calculating MAC key ...
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.630504: Seed: 01ca84c8b4c64afaa7c88380359e6ca24a05b62cb75f581452ac5a643e161695, Key length: KEY_LENGTH.s256, Cipher algorithm: CipherAlgorithm.AES
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.630585: Cipher algorithm: AES, Key length: 256 bits
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.631551: ENC and Mac keys are successfully calculated
I/flutter (25820): pace FINER: 2024-06-26 09:25:56.631704: ENC key: 4d7d343ae7bbeee29a6c2e86bab3f2a1d41d07565e9a44e6ca0e9a924d5f670f MAC key: cc2238327693c5ea717b4fe73bbe334f44b0dac8342eb89b02a5a9cc3ca45a1f
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.632192: Generating ENCODING INPUT data ...
I/flutter (25820): pace FINER: 2024-06-26 09:25:56.632357: Object identifier: 060a04007f00070202040204
I/flutter (25820): pace FINER: 2024-06-26 09:25:56.632516: Ephemeral public point: X: 16006404e44a9b509a7086b74baced42fe80045219d7b32e0b0e1e1d18a9063e
I/flutter (25820): Y: 224e2b83b292427c75fd547fd21aef9fce66df8931b3e131f3ef16e066d5900a
I/flutter (25820): pace FINER: 2024-06-26 09:25:56.632765: Public key EC: 86410416006404e44a9b509a7086b74baced42fe80045219d7b32e0b0e1e1d18a9063e224e2b83b292427c75fd547fd21aef9fce66df8931b3e131f3ef16e066d5900a
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.632955: ENCODING INPUT data: 7f494f060a04007f0007020204020486410416006404e44a9b509a7086b74baced42fe80045219d7b32e0b0e1e1d18a9063e224e2b83b292427c75fd547fd21aef9fce66df8931b3e131f3ef16e066d5900a
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.633473: Calculating Auth token ...
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.633586: Seed: 7f494f060a04007f0007020204020486410416006404e44a9b509a7086b74baced42fe80045219d7b32e0b0e1e1d18a9063e224e2b83b292427c75fd547fd21aef9fce66df8931b3e131f3ef16e066d5900a, Key length: KEY_LENGTH.s256, Cipher algorithm: CipherAlgorithm.AES, Mac key length: 32Mac key: cc2238327693c5ea717b4fe73bbe334f44b0dac8342eb89b02a5a9cc3ca45a1f
I/flutter (25820): pace FINE: 2024-06-26 09:25:56.633665: Cipher algorithm: AES.
I/flutter (25820): AESChiperSelector FINER: 2024-06-26 09:25:56.633735: AES chiper with 128-bit key size selected.
I/flutter (25820): nfc.provider FINE: 2024-06-26 09:25:56.636727: Disconnecting
E/flutter (25820): [ERROR:flutter/runtime/dart_vm_initializer.cc(41)] Unhandled Exception: Invalid argument(s): Initialization vector must be the same length as block size
E/flutter (25820): #0 CBCBlockCipher.init (package:pointycastle/block/modes/cbc.dart:52:7)
E/flutter (25820): #1 CMac.init (package:pointycastle/macs/cmac.dart:189:13)
E/flutter (25820): #2 AESCipher.calculateCMAC (package:dmrtd/src/crypto/aes.dart:152:48)
E/flutter (25820): #3 PACE.cacluateAuthToken (package:dmrtd/src/proto/pace.dart:548:47)
E/flutter (25820): #4 PACE.ecdh (package:dmrtd/src/proto/pace.dart:712:37)
E/flutter (25820): <asynchronous suspension>
E/flutter (25820): #5 PACE.initSession (package:dmrtd/src/proto/pace.dart:1024:11)
E/flutter (25820): <asynchronous suspension>
E/flutter (25820): #6 MrtdApi.initSessionViaPACE (package:dmrtd/src/proto/mrtd_api.dart:79:5)
E/flutter (25820): <asynchronous suspension>
E/flutter (25820): #7 Passport._exec (package:dmrtd/src/passport.dart:428:14)
E/flutter (25820): <asynchronous suspension>
E/flutter (25820): #8 Passport.startSessionPACE (package:dmrtd/src/passport.dart:62:5)
E/flutter (25820): <asynchronous suspension>
E/flutter (25820): #9 _MrtdHomePageState._readMRTD (package:mrtdeg/main.dart:377:11)
E/flutter (25820): <asynchronous suspension>
E/flutter (25820):
ive tried hardcoding the blocksize in pointycastle to set the make params.iv.length
the same as blockSize
int get blockSize => 32;
but its weird because params.iv.length
decreased from 32 to 16 after i did that
Hi I have seemed to fix the above error by changing some parts in the pointycastle package. It seems to work on Android well. However, when I try it on iOS, the app is stuck at "Ready to Scan", and doesnt actually scan the passport. Do you have any idea why that is?
Looking at your second log, I see that AES128 was selected. This happens here: https://github.com/ZeroPass/dmrtd/blob/8ced7600fb9fd84f0824bfaddc2fcc7bff655a7f/lib/src/proto/pace.dart#L547 Did you try changing the key size to 256 (KEY_LENGTH.s256)?
However, when I try it on iOS, the app is stuck at "Ready to Scan", and doesn't actually scan the passport. Do you have any idea why that is?
Do you get any specific log entry when app gets stuck? The ISO 14443 NFC interface for iOS was modified lately. It can be related to this: https://github.com/AndyQ/NFCPassportReader/issues/219 https://github.com/AndyQ/NFCPassportReader/issues/164#issuecomment-2139300643
Hi yes, i have tried changing it to KEY_LENGTH.s256
but the result is the same.
I eventually decided to modify a part of the code in the pointycastle
package here
I changed it to
final zeroIV = Uint8List(_cipher.blockSize);
and it now manages to work.
Looking at pointycastle code that you linked it's definitively wrong IV size for block cipher modes. There is already issue for this but no response yet: https://github.com/bcgit/pc-dart/issues/200
Thanks for the info, I have fixed the ios error, it had to do with permissions for the NFC to work: https://stackoverflow.com/questions/56453525/missing-required-entitlement-for-nfctagreadersession
Just to be clear, you had to add nfc entitlement to the iso project, is that right (like the example app)?
Yes, and I also had to add the following:
<key>NFCReaderUsageDescription</key>
<string>App uses NFC to scan biometric pasports</string>
<key>UIRequiredDeviceCapabilities</key>
<array>
<string>nfc</string>
</array>
<key>com.apple.developer.nfc.readersession.iso7816.select-identifiers</key>
<array>
<string>A0000002471001</string>
<string>A0000002472001</string>
<string>00000000000000</string>
</array>
Ah yes the A0000002471001
is AID for MRTD application. What are the other 2 for?
Also can you confirm it does work on the latest iOS version?
Just browsing what this lib might be able to do and what kind of issues are encountered, and the need to specify these AIDs sounded interesting to make it work... so I searched and found https://www.eftlab.com/knowledge-base/complete-list-of-application-identifiers-aid which seems to provide descriptions for two of the AID entries mentioned; the all zeroes wasn't on there as such. Not sure if it helps in this area, complete N00b here ;-)
Hi, I am getting an error when using this package on PACE-enabled passports. The following shows the error logs:
It works fine for BAC though