NFCPassportReader icon indicating copy to clipboard operation
NFCPassportReader copied to clipboard
verified publisher icon AndyQ

CAN support for PACE version 2

Open visav-tietoevry opened this issue 3 years ago • 1 comments

Summary

Card Access Number can be used for PACE

This is heavily inspired by #106, which I tried to rebase onto current main branch, but eventually decided to patch it by hand, because there was conflicts that I couldn't resolve in reasonable time.

As opposed to #106, there's some changes in error handling, which in our tests can detect if CAN was invalid.

We've tested the changes successfully with a couple of Finnish passports, on iOS 16.

Changes

  • Add PACEAccessKey enum, which can either be .mrz or .can
  • Original PassportReader.readPassport() now uses PACEAccessKey when establishing PACE.
  • PassportReader.startReading() doesn't fallback to BAC when PACE fails, if CAN was used.
  • Keep old version of PassportReader.readPassport( mrzKey: ...) as deprecated overload of readPassport( accessKey: ...). Not sure if this makes sense, because of the next bullet point...
  • BREAKING: Replace NFCPassportReaderError.InvalidMRZKey with NFCPassportReaderError.AuthenticationFailed, to indicate that either CAN or MRZ was incorrect.
  • Change error handling in TagReader.send, to handle authentication error when using incorrect CAN

Caveats

  • As of writing, this is a breaking change, because NFCPassportReaderError.InvalidMRZKey is removed
  • Example apps do not demonstrate CAN functionality, as is done in #106
  • I'm not a PACE expert, nor have previous experience with developing this library, so there might be other things as well that I've overlooked.

Remarks

I checked the SPM example, and it's pinned to older version of the library. Perhaps the example should be changed so that it uses local version of NFCPassportReader package, to make it easier to develop the example along with the changes to library?

visav-tietoevry avatar Oct 05 '22 10:10 visav-tietoevry

I am trying to read the French ID card using CAN/ MRZ, but PACE failed with an invalid parameter error. Please see the log and any help is appreciated.

2022-10-26 13:57:33.1280 - tagReaderSessionDidBecomeActive 2022-10-26 13:57:41.4540 - tagReaderSession:didDetect - iso7816(<NFCISO7816Tag: 0x2815117a0>) 2022-10-26 13:57:41.4550 - tagReaderSession:connected to tag - starting authentication 2022-10-26 13:57:41.457450+0300 IDCardScan[73043:5339650] [CoreNFC] -[NFCTagReaderSession setAlertMessage:]:101 (null) 2022-10-26 13:57:41.4620 - TagReader - sending [0x00, 0xA4, 0x00, 0x0C, 0x02, 0x3F, 0x00] 2022-10-26 13:57:41.4750 - TagReader - Received response 2022-10-26 13:57:41.4760 - TagReader [unprotected] [], sw1:0x6a sw2:0x86 2022-10-26 13:57:41.4790 - Error reading tag: sw1 - 0x6A, sw2 - 0x86 2022-10-26 13:57:41.4810 - reason: Incorrect parameters P1-P2 2022-10-26 13:57:41.4810 - PACE Failed - falling back to BAC

Thanks.

febinfathah avatar Oct 26 '22 11:10 febinfathah