6300 and 6A80 errors on PACE Step 4 when reading Slovak passports/national IDs

[MartinRobomaze]

Hi, I am trying to read DG1 and DG2 data from a Slovakian passport and national ID. However, with PACE, I am getting either 6A80 error (with the passport) or 6300 error (with the national ID). Before I got to this point, I had to change the code in afew pieces:

1. In order to support AES256 nonce decryption in pace.dart around line 584:

AESCipher aesCipher128 = AESChiperSelector.getChiper(size: keyLength);
Uint8List decryptedNonce = aesCipher128.decrypt(data: nonce, key: k_pi);

2. To make CMAC not throw exceptions I had to modify the pointycastle library(cmac.dart around line 185) like this:

final zeroIV = Uint8List(_cipher.blockSize);
_params = ParametersWithIV(keyParams, zeroIV);

3. The auth token returned from CMAC was only 4 bytes long, modifying the calculateCmac function like this made it 8 bytes long:

Uint8List calculateCMAC({required Uint8List data, required Uint8List key}) {
  // AES has no padding for CMAC
  final cmac = CMac(AESEngine(), 64)..init(KeyParameter(key)); //cmac mac size is fixed 64 bits
  return cmac.process(data);
}

The dmrtd logs are following for the ID card returning 6300:

I/flutter (27545): ASN1ObjectIdentifierType INFO: 2024-11-14 01:07:31.995029: OIDS from pointycastle library were added to list.
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:07:31.998423: Parsing PaceInfo...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:07:31.998796: ... parsing protocol ...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:07:32.003562: ... protocol parsed ...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:07:32.003881: ... parsing version ...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:07:32.004671: ... version parsed ...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:07:32.004992: ... parsing parameterId ...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:07:32.021207: ... parameterId parsed ...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:07:32.021501: ... paceInfo successfully parsed.
I/flutter (27545): EfCardAccess INFO: 2024-11-14 01:07:32.021615: PaceInfo parsed.
I/flutter (27545): EfCardAccess SEVERE: 2024-11-14 01:07:32.023313: PaceInfo substruct has been saved to efcardaccess member ( paceInfo )
I/flutter (27545): AccessKey.DBAKeys WARNING: 2024-11-14 01:07:32.027332: DBAKeys.toString() called. This is very sensitive data. Do not use in production!
I/flutter (27545): AccessKey.DBAKeys WARNING: 2024-11-14 01:07:33.136112: DBAKeys.toString() called. This is very sensitive data. Do not use in production!
I/flutter (27545): ECDHPaceCurve WARNING: 2024-11-14 01:07:33.352226: This function is only for testing purposes. It prints private keys. Do not use in production.
I/flutter (27545): ECDHPaceCurve WARNING: 2024-11-14 01:07:33.794610: This function is only for testing purposes. It prints private keys. Do not use in production.
I/flutter (27545): pace SEVERE: 2024-11-14 01:07:35.187472: PACE <ECDH> (4); Failed: ICC Error: General authentication template (step 4) failed sw=6A80
I/flutter (27545): pace SEVERE: 2024-11-14 01:07:35.190702: PACE <ECDH> key establishment failed: PACE <ECDH> (4); Failed: ICC Error: General authentication template (step 4) failed sw=6A80
I/flutter (27545): pace SEVERE: 2024-11-14 01:07:35.191748: PACE key establishment failed: PACE <ECDH> key establishment failed: PACE <ECDH> (4); Failed: ICC Error: General authentication template (step 4) failed sw=6A80

And here are logs for the ID card returning 6300:

I/flutter (27545): mrtd.api WARNING: 2024-11-14 01:09:58.424866: Couldn't select MF by P1: 0, P2: 0 sw=sw=6A86, re-trying to select MF with FileID=3F00
I/flutter (27545): mrtd.api WARNING: 2024-11-14 01:09:58.466829: Couldn't select MF by P1=0, P2=0, FileID=3F00 sw=sw=6A86, re-trying to select MF with P2=0x0C and FileID=3F00
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:09:58.578793: Parsing PaceInfo...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:09:58.579602: ... parsing protocol ...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:09:58.581305: ... protocol parsed ...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:09:58.581888: ... parsing version ...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:09:58.582623: ... version parsed ...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:09:58.583114: ... parsing parameterId ...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:09:58.588339: ... parameterId parsed ...
I/flutter (27545): PaceInfo INFO: 2024-11-14 01:09:58.589254: ... paceInfo successfully parsed.
I/flutter (27545): EfCardAccess INFO: 2024-11-14 01:09:58.589717: PaceInfo parsed.
I/flutter (27545): EfCardAccess SEVERE: 2024-11-14 01:09:58.591406: PaceInfo substruct has been saved to efcardaccess member ( paceInfo )
I/flutter (27545): AccessKey.DBAKeys WARNING: 2024-11-14 01:09:58.592841: DBAKeys.toString() called. This is very sensitive data. Do not use in production!
I/flutter (27545): AccessKey.DBAKeys WARNING: 2024-11-14 01:09:59.760766: DBAKeys.toString() called. This is very sensitive data. Do not use in production!
I/flutter (27545): ECDHPaceCurve WARNING: 2024-11-14 01:09:59.877314: This function is only for testing purposes. It prints private keys. Do not use in production.
I/flutter (27545): ECDHPaceCurve WARNING: 2024-11-14 01:10:00.385099: This function is only for testing purposes. It prints private keys. Do not use in production.
I/flutter (27545): pace SEVERE: 2024-11-14 01:10:00.765254: PACE <ECDH> (4); Failed: ICC Error: General authentication template (step 4) failed sw=6300
I/flutter (27545): pace SEVERE: 2024-11-14 01:10:00.765650: PACE <ECDH> key establishment failed: PACE <ECDH> (4); Failed: ICC Error: General authentication template (step 4) failed sw=6300
I/flutter (27545): pace SEVERE: 2024-11-14 01:10:00.765965: PACE key establishment failed: PACE <ECDH> key establishment failed: PACE <ECDH> (4); Failed: ICC Error: General authentication template (step 4) failed sw=6300

Any help would be appreciated