chipAuthenticationStatus is set to success after doChipAuthentication() completes.
|
try await caHandler.doChipAuthentication() |
|
self.passport.chipAuthenticationStatus = .success |
However, doChipAuthentication(), does not seem to verify that the chip was able to derive the shared key. In fact, doChipAuthentication() does not seem to involve any communication with the chip.
I understand that doChipAuthentication() will reset the secure messaging layer so any upcoming communication will implicitly verify that the chip did derive the shared secret correctly. However, technically, this has not happened at the point when doChipAuthentication() returns.
Newer versions of Chip Authentication indeed account for that fact and include an additional step that asks the chip to authenticate a predefined message using the derived shared secret. (See, e.g., BSI_TR-03110_Part-2-V2_2.pdf, page 28-29.)
The main point I'm creating this issue is to make the authors of this repository (and the community) aware of this (potential) issue and I'd be happy to receive any statements / comments.
chipAuthenticationStatusis set tosuccessafterdoChipAuthentication()completes.NFCPassportReader/Sources/NFCPassportReader/PassportReader.swift
Lines 371 to 372 in c636651
However,
doChipAuthentication(), does not seem to verify that the chip was able to derive the shared key. In fact,doChipAuthentication()does not seem to involve any communication with the chip.I understand that
doChipAuthentication()will reset the secure messaging layer so any upcoming communication will implicitly verify that the chip did derive the shared secret correctly. However, technically, this has not happened at the point whendoChipAuthentication()returns.Newer versions of Chip Authentication indeed account for that fact and include an additional step that asks the chip to authenticate a predefined message using the derived shared secret. (See, e.g., BSI_TR-03110_Part-2-V2_2.pdf, page 28-29.)
The main point I'm creating this issue is to make the authors of this repository (and the community) aware of this (potential) issue and I'd be happy to receive any statements / comments.