archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/csps/cryptoflex/slbiop/accesscard.cpp

1528 lines
43 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. // AccessCard.cpp: implementation of the CAccessCard class.
  2. //
  3. //////////////////////////////////////////////////////////////////////
  5. #include "NoWarning.h"
  7. #include <scuArrayP.h>
  8. #include <scuSecureArray.h>
  10. #include "AccessCard.h"
  11. #include <stdio.h>
  12. #include "iopExc.h"
  13. #include "LockWrap.h"
  14. #include "FilePath.h"
  16. using namespace std;
  17. using namespace iop;
  19. namespace
  20. {
  21. BYTE
  22. AsPrivateAlgId(KeyType kt)
  23. {
  24. BYTE bAlgId = 0;
  26. switch (kt)
  27. {
  28. case ktRSA512:
  29. bAlgId = 0xC4;
  30. break;
  32. case ktRSA768:
  33. bAlgId = 0xC6;
  34. break;
  36. case ktRSA1024:
  37. bAlgId = 0xC8;
  38. break;
  39. case ktDES:
  40. bAlgId = 0x00;
  41. break;
  42. default:
  43. throw Exception(ccInvalidParameter);
  44. break;
  45. }
  47. return bAlgId;
  48. }
  50. } // namespace
  52. //////////////////////////////////////////////////////////////////////
  53. // Construction/Destruction
  54. //////////////////////////////////////////////////////////////////////
  57. CAccessCard::CAccessCard(const SCARDHANDLE hCardHandle, const char* szReaderName,
  58. const SCARDCONTEXT pContext, const DWORD dwMode)
  59. : CSmartCard(hCardHandle, szReaderName, pContext, dwMode)
  60. {
  61. if (ValidClassByte(0xF0))
  62. m_bClassByte = 0xF0;
  63. else
  64. if (ValidClassByte(0x00))
  65. m_bClassByte = 0x00;
  66. else // Not an access card!
  67. throw iop::Exception(iop::ccUnknownCard);
  69. m_fSupportLogout = SupportLogout();
  71. }
  73. CAccessCard::~CAccessCard()
  74. {
  76. }
  78. void
  79. CAccessCard::GetChallenge(const DWORD dwNumberLength, BYTE* bRandomNumber)
  80. {
  81. CLockWrap wrap(&m_IOPLock);
  83. const BYTE bMinLen = 4, bMaxLen = 64; // Max 64 due to bug in old cards.
  85. if(dwNumberLength < bMinLen)
  86. {
  87. BYTE bBuf[bMinLen];
  88. SendCardAPDU(m_bClassByte, 0x84, 0x00, 0x00, 0, NULL,
  89. bMinLen, bBuf);
  90. memcpy(bRandomNumber,bBuf,dwNumberLength);
  91. }
  92. else
  93. {
  95. DWORD dwRamainingBytes = dwNumberLength;
  96. BYTE *bpBuf = bRandomNumber;
  98. while(dwRamainingBytes)
  99. {
  100. BYTE bNumGet = (dwRamainingBytes > bMaxLen) ? bMaxLen : dwRamainingBytes;
  102. SendCardAPDU(m_bClassByte, 0x84, 0x00, 0x00, 0, NULL,
  103. bNumGet, bpBuf);
  105. bpBuf += bNumGet;
  106. dwRamainingBytes -= bNumGet;
  107. }
  108. }
  109. }
  111. void
  112. CAccessCard::DeleteFile(const WORD wFileID)
  113. {
  114. CLockWrap wrap(&m_IOPLock);
  115. BYTE bDataIn[2];
  116. bDataIn[0] = (BYTE)(MSB(wFileID));
  117. bDataIn[1] = (BYTE)(LSB(wFileID));
  119. SendCardAPDU(m_bClassByte, insDeleteFile, 0x00, 0x00, 0x02, bDataIn,
  120. 0, NULL);
  122. }
  124. void
  125. CAccessCard::Directory(const BYTE bFile_Nb, FILE_HEADER* pMyfile)
  126. {
  127. CLockWrap wrap(&m_IOPLock);
  129. RequireSelect();
  131. BYTE bDataOut[40];
  132. memset(bDataOut, 0, 40);
  134. SendCardAPDU(m_bClassByte, 0xA8, 0x00, bFile_Nb, 0, NULL, 40, bDataOut);
  136. switch(bDataOut[6])
  137. {
  138. case 0x01: // Root directory file
  139. case 0x02: // Other directory file or Instance file
  140. {
  141. pMyfile->file_id = (WORD)(bDataOut[4] * 256 + bDataOut[5]);
  142. pMyfile->file_size = (WORD)(bDataOut[2] * 256 + bDataOut[3]);
  143. pMyfile->nb_file = bDataOut[15];
  144. pMyfile->nb_sub_dir = bDataOut[14];
  145. pMyfile->file_status = 0x01;
  147. if (bDataOut[9] == 0)
  148. {
  149. memset((void*)(pMyfile->applicationID), 0x00, 16);
  150. pMyfile->file_type = directory;
  151. }
  152. else
  153. if (bDataOut[9] == 0x01 || bDataOut[9] == 0x02 ||
  154. bDataOut[9] == 0x03)
  155. {
  156. /////////////////////////////////////////////////////////////////
  157. // Instance files contain one "hidden" file for program data //
  158. // that should not be shown to the users //
  159. /////////////////////////////////////////////////////////////////
  160. pMyfile->nb_file--;
  162. pMyfile->file_type = Instance;
  163. pMyfile->AIDLength = bDataOut[23];
  164. memcpy((void*)(pMyfile->applicationID), (void*)(&bDataOut[24]), pMyfile->AIDLength);
  166. /////////////////////////////////////////////////////////////////////
  167. // Set flags in file status to discriminate applets/applications //
  168. /////////////////////////////////////////////////////////////////////
  169. switch(bDataOut[9])
  170. {
  171. case 0x01: pMyfile->file_status |= (1 << 5); // Applet
  172. break;
  173. case 0x02: pMyfile->file_status |= (1 << 4); // Application
  174. break;
  175. case 0x03: pMyfile->file_status |= (3 << 4); // Both
  176. break;
  177. }
  179. ////////////////////////////////////////////////
  180. // Set flags in file status to discriminate //
  181. // created/installed/registered instances //
  182. ////////////////////////////////////////////////
  183. switch(bDataOut[10])
  184. {
  185. case 0x01: pMyfile->file_status |= (1 << 1); // Created
  186. break;
  187. case 0x02: pMyfile->file_status |= (1 << 2); // Installed
  188. break;
  189. case 0x03: pMyfile->file_status |= (1 << 3); // Registered
  190. break;
  191. }
  192. }
  193. ///////////////////////////////////////////////
  194. // guard against a bad Instance file //
  195. // created without an AID for file control //
  196. ///////////////////////////////////////////////
  197. else
  198. {
  199. pMyfile->AIDLength = 0x00;
  200. memset((void*)(pMyfile->applicationID), 0x00, 16);
  202. throw iop::Exception(iop::ccBadInstanceFile);
  203. }
  205. ///////////////////////////////
  206. // Select file and get ACL //
  207. ///////////////////////////////
  208. Select(pMyfile->file_id);
  211. SendCardAPDU(m_bClassByte, insGetACL, 0x00, 0x00, 0,
  212. NULL, 0x08, bDataOut);
  214. memcpy((void*)(pMyfile->access_cond), (void*)(bDataOut),8);
  216. /////////////////////////////////
  217. // Reselect parent directory //
  218. /////////////////////////////////
  219. Select(m_CurrentDirectory.Tail().GetShortID());
  221. break;
  223. } // end case directory or Instance file
  225. case 0x04: // all other file types
  226. {
  227. pMyfile->file_id = (WORD)(bDataOut[4] * 256 + bDataOut[5]);
  228. pMyfile->file_size = (WORD)(bDataOut[2] * 256 + bDataOut[3]);
  229. pMyfile->nb_file = 0x00;
  230. pMyfile->nb_sub_dir = 0x00;
  231. pMyfile->file_status = bDataOut[11];
  233. switch(bDataOut[13])
  234. {
  235. case 0x00: pMyfile->file_type = Binary_File;
  236. break;
  237. case 0x01: pMyfile->file_type = Fixed_Record_File;
  238. break;
  239. case 0x02: pMyfile->file_type = Variable_Record_File;
  240. break;
  241. case 0x03: pMyfile->file_type = Cyclic_File;
  242. break;
  243. case 0x04: pMyfile->file_type = Program_File;
  244. break;
  245. ///////////////////////////////////////////////////////////////////////
  246. // if GetResponse(...) is successful but bad file type is returned //
  247. ///////////////////////////////////////////////////////////////////////
  248. default: pMyfile->file_type = Unknown;
  249. throw iop::Exception(iop::ccFileTypeUnknown);
  250. }
  252. if (pMyfile->file_type == Cyclic_File ||
  253. pMyfile->file_type == Fixed_Record_File)
  254. {
  255. pMyfile->nb_sub_dir = bDataOut[14];
  256. pMyfile->nb_file = (pMyfile->nb_sub_dir)
  257. ? pMyfile->file_size / pMyfile->nb_sub_dir
  258. : 0;
  259. }
  261. ///////////////////////////////
  262. // Select file and get ACL //
  263. ///////////////////////////////
  264. if (pMyfile->file_id != 0xFFFF)
  265. {
  267. Select(pMyfile->file_id);
  269. SendCardAPDU(m_bClassByte, insGetACL, 0x00, 0x00, 0,
  270. NULL, 0x08, bDataOut);
  272. memcpy((void*)(pMyfile->access_cond), (void*)(bDataOut), 8);
  273. memset((void*)(pMyfile->applicationID), 0x00, 16);
  275. /////////////////////////////////
  276. // Reselect parent directory //
  277. /////////////////////////////////
  278. Select(m_CurrentDirectory.Tail().GetShortID());
  279. }
  280. break;
  282. } // end case non-Directory/Instance files
  284. default:
  285. ///////////////////////////////////////////////////////////////////////////
  286. // if GetResponse(...) is successful but bad file category is returned //
  287. ///////////////////////////////////////////////////////////////////////////
  288. throw iop::Exception(iop::ccBadFileCategory);
  289. } // end switch
  290. }
  292. void
  293. CAccessCard::ExternalAuth(const KeyType kt, const BYTE bKeyNb,
  294. const BYTE bDataLength, const BYTE* bData)
  295. {
  296. CLockWrap wrap(&m_IOPLock);
  298. BYTE bAlgo_ID = AsPrivateAlgId(kt);
  300. SendCardAPDU(m_bClassByte, insExternalAuth, bAlgo_ID,
  301. bKeyNb, bDataLength, bData, 0, NULL);
  303. }
  305. void
  306. CAccessCard::InternalAuth(const KeyType kt, const BYTE bKeyNb,
  307. const BYTE bDataLength, const BYTE*
  308. bDataIn, BYTE* bDataOut)
  309. {
  310. CLockWrap wrap(&m_IOPLock);
  311. ////////////////////////////////////////////////////////////////////////////
  312. // The following checks to make sure the internal Auth is not being //
  313. // used for DES, or for an RSA key operation of greater than 128 bytes. //
  314. ////////////////////////////////////////////////////////////////////////////
  315. BYTE bAlgo_ID = AsPrivateAlgId(kt);
  316. if (((bAlgo_ID != 0xC4) && (bAlgo_ID != 0xC6) &&
  317. (bAlgo_ID != 0xC8)) ||
  318. (bDataLength > 0x80))
  319. throw iop::Exception(iop::ccAlgorithmIdNotSupported);
  321. /////////////////////////////////////////////////////////////////////////
  322. // Need to reverse the byte order of the input data (big endian card) //
  323. /////////////////////////////////////////////////////////////////////////
  324. if (cMaxApduLength < bDataLength)
  325. throw iop::Exception(iop::ccInvalidParameter);
  327. BYTE bReversedData[cMaxApduLength];
  329. for (BYTE bIndex = 0; bIndex < bDataLength; bIndex++)
  330. bReversedData[bIndex] = bDataIn[bDataLength - 1 - bIndex];
  332. SendCardAPDU(m_bClassByte, insInternalAuth,
  333. bAlgo_ID, bKeyNb, bDataLength,
  334. bReversedData, 0, NULL);
  336. GetResponse(m_bClassByte, bDataLength, bReversedData);
  338. //////////////////////////////////////////////////////
  339. // Need to reverse the byte order of output data. //
  340. //////////////////////////////////////////////////////
  341. for (bIndex = 0; bIndex < bDataLength; bIndex++)
  342. bDataOut[bIndex] = bReversedData[bDataLength - 1 - bIndex];
  343. }
  345. void
  346. CAccessCard::ReadRecord(const BYTE bRecNum, const BYTE bMode,
  347. const BYTE bDataLen, BYTE *bData)
  348. {
  349. CLockWrap wrap(&m_IOPLock);
  351. SendCardAPDU(m_bClassByte, 0xB2, bRecNum, bMode, 0, NULL,
  352. bDataLen, bData);
  353. }
  355. void
  356. CAccessCard::UpdateRecord(const BYTE bRecNum, const BYTE bMode,
  357. const BYTE bDataLen, BYTE *bData)
  358. {
  359. CLockWrap wrap(&m_IOPLock);
  361. SendCardAPDU(m_bClassByte, 0xDC, bRecNum, bMode, bDataLen, bData, 0, NULL);
  362. }
  365. void
  366. CAccessCard::VerifyCHV(const BYTE bCHVNumber, const BYTE* bCHV)
  367. {
  368. CLockWrap wrap(&m_IOPLock);
  369. SendCardAPDU(m_bClassByte, insVerifyChv, 0x00, bCHVNumber, 0x08,
  370. bCHV, 0, NULL);
  371. }
  373. void
  374. CAccessCard::VerifyKey(const BYTE bKeyNumber, const BYTE bKeyLength,
  375. const BYTE* bKey)
  376. {
  377. CLockWrap wrap(&m_IOPLock);
  378. SendCardAPDU(m_bClassByte, 0x2A, 0x00, bKeyNumber, bKeyLength,
  379. bKey, 0, NULL);
  380. }
  383. void
  384. CAccessCard::SelectCardlet(const BYTE *bAID, const BYTE bAIDLen)
  385. {
  386. CLockWrap wrap(&m_IOPLock);
  387. SendCardAPDU(m_bClassByte, 0xA4, 0x04, 0x00, bAIDLen, bAID, 0, NULL);
  388. }
  390. void
  391. CAccessCard::SelectLoader()
  392. {
  393. CLockWrap wrap(&m_IOPLock);
  394. SendCardAPDU(m_bClassByte, 0xA4, 0x04, 0x00, 0x00, NULL, 0, NULL);
  395. }
  397. void
  398. CAccessCard::DeleteApplet()
  399. {
  400. CLockWrap wrap(&m_IOPLock);
  401. SendCardAPDU(m_bClassByte, 0x08, 0x02, 0x00, 0x00, NULL, 0, NULL);
  402. }
  405. void
  406. CAccessCard::ResetInstance()
  407. {
  408. CLockWrap wrap(&m_IOPLock);
  409. SendCardAPDU(m_bClassByte, 0x08, 0x03, 0x00, 0x00,
  410. NULL, 0, NULL);
  411. }
  413. void
  414. CAccessCard::SetCurrentAsLoader()
  415. {
  416. CLockWrap wrap(&m_IOPLock);
  417. SendCardAPDU(m_bClassByte, 0x08, 0x04, 0x00, 0x00, NULL, 0, NULL);
  418. }
  421. void
  422. CAccessCard::SetDefaultAsLoader()
  423. {
  424. CLockWrap wrap(&m_IOPLock);
  425. SendCardAPDU(m_bClassByte, 0x08, 0x05, 0x00, 0x00, NULL, 0, NULL);
  426. }
  429. void
  430. CAccessCard::BlockApplet()
  431. {
  432. CLockWrap wrap(&m_IOPLock);
  433. SendCardAPDU(m_bClassByte, 0x08, 0x07, 0x00, 0x00, NULL, 0, NULL);
  434. }
  436. void
  437. CAccessCard::ValidateProgram(const BYTE *bSig, const BYTE bSigLength)
  438. {
  439. CLockWrap wrap(&m_IOPLock);
  440. SendCardAPDU(m_bClassByte, 0x0A, 0x01, 0x00, bSigLength, bSig, 0, NULL);
  441. }
  443. void
  444. CAccessCard::ResetProgram()
  445. {
  446. CLockWrap wrap(&m_IOPLock);
  447. SendCardAPDU(m_bClassByte, 0x0A, 0x02, 0x00, 0x00, NULL, 0, NULL);
  448. }
  450. void
  451. CAccessCard::VerifyTransportKey(const BYTE *bKey)
  452. {
  453. VerifyKey(0, 8, bKey);
  454. }
  457. void
  458. CAccessCard::ExecuteMain()
  459. {
  460. CLockWrap wrap(&m_IOPLock);
  461. SendCardAPDU(m_bClassByte, insExecuteMethod, 0x02, 0x00, 0x00,
  462. NULL, 0, NULL);
  463. }
  465. void
  466. CAccessCard::ExecuteInstall(const BYTE *bBlock, const BYTE bLen)
  467. {
  468. CLockWrap wrap(&m_IOPLock);
  469. SendCardAPDU(m_bClassByte, insExecuteMethod, 0x13, 0x00, bLen,
  470. bBlock, 0, NULL);
  471. }
  473. void
  474. CAccessCard::SelectParent()
  475. {
  476. CLockWrap wrap(&m_IOPLock);
  477. RequireSelect();
  479. ///////////////////////////////////////////////////
  480. // If current directory is root, reselect root //
  481. ///////////////////////////////////////////////////
  482. if (m_CurrentDirectory.NumComponents() == 1)
  483. Select(0x3F00);
  484. else
  485. {
  486. SendCardAPDU(m_bClassByte, 0xA4, 0x03, 0x00, 0, NULL, 0, NULL);
  487. m_CurrentDirectory.ChopTail();
  488. m_CurrentFile = m_CurrentDirectory;
  489. }
  490. }
  492. void
  493. CAccessCard::Select(const WORD wFileID)
  494. {
  495. CLockWrap wrap(&m_IOPLock);
  496. BYTE bDataIn[2];
  497. bDataIn[0] = (BYTE)(MSB(wFileID));
  498. bDataIn[1] = (BYTE)(LSB(wFileID));
  500. SendCardAPDU(m_bClassByte, 0xA4, 0x00, 0x00, 0x02, bDataIn, 0, NULL);
  501. }
  503. void
  504. CAccessCard::LogoutAll()
  505. {
  506. if(m_fSupportLogout)
  507. {
  508. CLockWrap wrap(&m_IOPLock);
  510. SendCardAPDU(m_bClassByte, 0x22, 0x07, 0x00, 0x00, NULL, 0, NULL);
  511. }
  512. else
  513. ResetCard();
  514. }
  516. void
  517. CAccessCard::Select(const char* szFileFullPath, FILE_HEADER* pMyfile,
  518. const bool fSelectAll)
  519. {
  520. CLockWrap wrap(&m_IOPLock);
  521. BYTE bIndex = 0;
  522. char szFormattedPath[cMaxPathLength];
  523. BYTE bFileCount = FormatPath(szFormattedPath, szFileFullPath);
  524. BYTE bPathLength = strlen(szFormattedPath);
  526. auto_ptr<FilePath> apfp(new FilePath(string(szFormattedPath)));
  528. ///////////////////////////////////////////////////////////
  529. // Select all files in path regardless of current path. //
  530. // Do this on request, or if cache is empty //
  531. ///////////////////////////////////////////////////////////
  532. if (fSelectAll || (m_CurrentFile.IsEmpty()) || (m_CurrentDirectory.IsEmpty()))
  533. {
  534. bIndex = 0;
  535. }
  536. ////////////////////////////////////////////////////////
  537. // if path names match, do nothing except get file info //
  538. ////////////////////////////////////////////////////////
  539. else if (m_CurrentFile == *apfp)
  540. {
  541. bIndex = 0;
  542. if (pMyfile) // force Select to get file info
  543. {
  544. if (1 < bFileCount)
  545. {
  546. if (m_CurrentFile == m_CurrentDirectory)
  547. bIndex = bFileCount - 1; // just reselect dir
  548. else
  549. bIndex = bFileCount - 2; // select dir & file
  550. SelectParent();
  551. }
  552. }
  553. else
  554. bIndex = bFileCount;
  555. }
  556. ////////////////////////////////////////////////////////////////////
  557. // if current directory is in path, only select remaining files //
  558. ////////////////////////////////////////////////////////////////////
  559. else if(m_CurrentDirectory.NumComponents() < apfp->NumComponents())
  560. {
  561. if (apfp->GreatestCommonPrefix(m_CurrentDirectory) == m_CurrentDirectory)
  562. bIndex = m_CurrentDirectory.NumComponents();
  563. else
  564. bIndex = 0;
  565. }
  566. ////////////////////////////////////////////////////////////////////
  567. // if new path share part of current directory, step upwards //
  568. ////////////////////////////////////////////////////////////////////
  569. else if(m_CurrentDirectory.NumComponents() > apfp->NumComponents())
  570. {
  571. BYTE bSharedPathLen;
  573. bSharedPathLen = apfp->GreatestCommonPrefix(m_CurrentDirectory).NumComponents();
  575. if(bSharedPathLen>1) // Not worth while to step up to 3F00.
  576. {
  577. BYTE bLevelsUp = m_CurrentDirectory.NumComponents() - bSharedPathLen;
  578. bool fSelectFailed = false;
  579. try
  580. {
  581. for(int i=0; i < bLevelsUp; i++)
  582. {
  583. SelectParent();
  584. }
  585. }
  587. catch (Exception const &)
  588. {
  589. // TODO: Not sure if this is handling correctly!
  590. fSelectFailed = true;
  591. }
  593. if (fSelectFailed)
  594. bIndex = 0;
  595. else
  596. bIndex = bSharedPathLen;
  597. }
  598. else
  599. bIndex = 0;
  600. }
  602. //////////////////////////////////////////
  603. // Select the necessary files in path //
  604. //////////////////////////////////////////
  605. char sFileToSelect[5] = { 0, 0, 0, 0, 0 };
  606. bool fFileSelected = false;
  607. bool fSelectFailed = false;
  608. try
  609. {
  610. while (bIndex < bFileCount)
  611. {
  612. WORD wFileHexID = (*apfp)[bIndex].GetShortID();
  613. Select(wFileHexID);
  614. fFileSelected = true;
  615. bIndex++;
  616. }
  617. }
  619. catch (Exception const &)
  620. {
  621. fSelectFailed = true;
  622. if (fSelectAll)
  623. throw; // TODO: throw something useful, eh?
  624. }
  626. if (fSelectFailed) // assert(!fSelectAll)
  627. {
  628. Select(szFormattedPath,pMyfile,true);
  629. fFileSelected = true;
  630. }
  632. BYTE bResponseLength = 0;
  633. if (fFileSelected)
  634. bResponseLength = ResponseLengthAvailable();
  636. ////////////////////////////////////////////////////
  637. // GetResponse and fill file header information //
  638. ////////////////////////////////////////////////////
  639. switch(bResponseLength)
  640. {
  641. case 0x17:
  642. case 0x28:
  643. {
  644. ////////////////////////////////////////////////
  645. // File selected is a directory or Instance //
  646. ////////////////////////////////////////////////
  647. m_CurrentDirectory = *apfp;
  648. m_CurrentFile = *apfp;
  650. if (pMyfile)
  651. {
  652. BYTE bDataOut[0x28];
  654. GetResponse(m_bClassByte, bResponseLength, bDataOut);
  656. pMyfile->file_id = (WORD)(bDataOut[4] * 256 + bDataOut[5]);
  657. pMyfile->file_size = (WORD)(bDataOut[2] * 256 + bDataOut[3]);
  658. pMyfile->nb_file = bDataOut[15];
  659. pMyfile->nb_sub_dir = bDataOut[14];
  660. pMyfile->file_status = 0x01;
  662. if (bResponseLength == 0x17)
  663. {
  664. ////////////////////////////////////
  665. // File selected is a directory //
  666. ////////////////////////////////////
  667. pMyfile->file_type = directory;
  668. pMyfile->AIDLength = 0;
  670. memset((void*)(pMyfile->applicationID), 0x00, 16);
  671. }
  672. else
  673. {
  674. ////////////////////////////////////
  675. // File selected is an Instance //
  676. ////////////////////////////////////
  678. /////////////////////////////////////////////////////
  679. // Instance files contain one "hidden" file for //
  680. // program data that should not be shown to the //
  681. // users //
  682. /////////////////////////////////////////////////////
  683. pMyfile->nb_file--;
  685. pMyfile->file_type = Instance;
  686. pMyfile->AIDLength = bDataOut[23];
  688. memcpy((void*)(pMyfile->applicationID),
  689. (void*)(&bDataOut[24]), pMyfile->AIDLength);
  691. ////////////////////////////////////////////////////
  692. // Set flags in file status to discriminate //
  693. // applets/applications //
  694. ///////////////////////////////////////////////////
  695. switch(bDataOut[9])
  696. {
  697. case 0x01: pMyfile->file_status |= (1 << 5); // Applet
  698. break;
  699. case 0x02: pMyfile->file_status |= (1 << 4); // Application
  700. break;
  701. case 0x03: pMyfile->file_status |= (3 << 4); // Both
  702. break;
  703. }
  705. ////////////////////////////////////////////////
  706. // Set flags in file status to discriminate //
  707. // created/installed/registered instances //
  708. ////////////////////////////////////////////////
  709. switch(bDataOut[10])
  710. {
  711. case 0x01: pMyfile->file_status |= (1 << 1); // Created
  712. break;
  713. case 0x02: pMyfile->file_status |= (1 << 2); // Installed
  714. break;
  715. case 0x03: pMyfile->file_status |= (1 << 3); // Registered
  716. break;
  717. }
  718. }
  720. ////////////////////
  721. // Get file ACL //
  722. ////////////////////
  723. SendCardAPDU(m_bClassByte, 0xFE, 0x00, 0x00, 0,
  724. NULL,0x08, bDataOut);
  726. memcpy((void*)(pMyfile->access_cond), (void*)(bDataOut), 8);
  727. }
  729. break;
  731. } // end case directory or Instance file
  733. case 0x0F:
  734. {
  735. ////////////////////////////////////////////////////////
  736. // File selected is an elementary file of some type //
  737. ////////////////////////////////////////////////////////
  738. m_CurrentFile = *apfp;
  739. apfp->ChopTail();
  740. m_CurrentDirectory = *apfp;
  742. if (pMyfile)
  743. {
  744. BYTE bDataOut[0x0F];
  746. GetResponse(m_bClassByte, bResponseLength, bDataOut);
  748. pMyfile->file_id = (WORD)(bDataOut[4] * 256 + bDataOut[5]);
  749. pMyfile->file_size = (WORD)(bDataOut[2] * 256 + bDataOut[3]);
  750. pMyfile->nb_file = 0x00;
  751. pMyfile->nb_sub_dir = 0x00;
  752. pMyfile->AIDLength = 0x00;
  753. pMyfile->file_status = bDataOut[11];
  755. memset((void*)pMyfile->applicationID, 0, 16);
  757. switch(bDataOut[13])
  758. {
  759. case 0x00: pMyfile->file_type = Binary_File;
  760. break;
  762. case 0x01: pMyfile->file_type = Fixed_Record_File;
  763. pMyfile->nb_sub_dir = bDataOut[14];
  764. pMyfile->nb_file = pMyfile->file_size /
  765. pMyfile->nb_sub_dir;
  766. break;
  768. case 0x02: pMyfile->file_type = Variable_Record_File;
  769. break;
  771. case 0x03: pMyfile->file_type = Cyclic_File;
  772. pMyfile->nb_sub_dir = bDataOut[14];
  773. pMyfile->nb_file = pMyfile->file_size /
  774. pMyfile->nb_sub_dir;
  775. break;
  777. case 0x04: pMyfile->file_type = Program_File;
  778. break;
  779. //////////////////////////////////////////////////////////
  780. // if GetResponse(...) is successful but bad file //
  781. // type is returned //
  782. //////////////////////////////////////////////////////////
  783. default: pMyfile->file_type = Unknown;
  784. throw iop::Exception(iop::ccFileTypeUnknown);
  785. }
  787. ////////////////////
  788. // Get file ACL //
  789. ////////////////////
  790. SendCardAPDU(m_bClassByte, 0xFE, 0x00, 0x00, 0,
  791. NULL, 0x08, bDataOut);
  793. memcpy((void*)(pMyfile->access_cond), (void*)(bDataOut), 8);
  794. }
  795. break;
  797. } // end case elementary file
  799. default:
  800. //////////////////////////////////////////////////////////////////
  801. // GetResponse was successful but returned an uninterpretable //
  802. //////////////////////////////////////////////////////////////////
  803. if (fFileSelected)
  804. throw iop::Exception(iop::ccCannotInterpretGetResponse);
  805. } // end of SWITCH
  806. }
  808. void
  809. CAccessCard::CreateFile(const FILE_HEADER* pMyfile)
  810. {
  811. CLockWrap wrap(&m_IOPLock);
  813. BYTE bDataIn[16];
  815. /////////////////////////////////////////////////////
  816. // Cyberflex cards don't allocate space for file //
  817. // headers implicity, so it's done here manually //
  818. /////////////////////////////////////////////////////
  819. WORD wFileSize;
  820. if (pMyfile->file_type == directory)
  821. wFileSize = pMyfile->file_size + 24;
  822. else
  823. wFileSize = pMyfile->file_size + 16;
  825. ////////////////////////////////////////////////////
  826. // Cyclic files need a 4 byte header per record //
  827. ////////////////////////////////////////////////////
  828. if (pMyfile->file_type == Cyclic_File)
  829. {
  830. /////////////////////////////////////////
  831. // prevent overflow error in card OS! //
  832. /////////////////////////////////////////
  833. if (pMyfile->nb_sub_dir > 251)
  834. throw iop::Exception(iop::ccCyclicRecordSizeTooLarge);
  836. bDataIn[6] = pMyfile->nb_sub_dir + 4;
  837. wFileSize += pMyfile->nb_file * 4;
  838. }
  839. else
  840. bDataIn[6] = pMyfile->nb_sub_dir;
  842. bDataIn[0] = MSB(wFileSize);
  843. bDataIn[1] = LSB(wFileSize);
  844. bDataIn[2] = MSB(pMyfile->file_id);
  845. bDataIn[3] = LSB(pMyfile->file_id);
  846. bDataIn[5] = pMyfile->file_status & 1;
  847. bDataIn[7] = pMyfile->nb_file;
  849. switch(pMyfile->file_type)
  850. {
  851. case Binary_File: bDataIn[4] = 0x02;
  852. break;
  853. case directory: bDataIn[4] = 0x20;
  854. break;
  855. case Cyclic_File: bDataIn[4] = 0x1D;
  856. break;
  857. case Variable_Record_File: bDataIn[4] = 0x19;
  858. break;
  859. case Fixed_Record_File: bDataIn[4] = 0x0C;
  860. break;
  861. case Instance: bDataIn[4] = 0x21;
  862. break;
  863. case Program_File: bDataIn[4] = 0x03;
  864. break;
  866. //////////////////////////////////
  867. // Requested file type is bad //
  868. //////////////////////////////////
  869. default:
  870. // TO DO: Why not let the card return the
  871. // error?
  872. throw iop::Exception(iop::ccFileTypeInvalid);
  874. }
  876. memcpy((void*)&bDataIn[8], (void*)(pMyfile->access_cond), 8);
  878. SendCardAPDU(m_bClassByte, insCreateFile, 0x00, 0x00, 0x10,
  879. bDataIn, 0, NULL);
  881. Dirty(true);
  883. }
  885. void
  886. CAccessCard::WritePublicKey(const CPublicKeyBlob aKey, const BYTE bKeyNum)
  887. {
  889. CLockWrap wrap(&m_IOPLock);
  891. BYTE bAlgoID;
  893. switch(aKey.bModulusLength)
  894. {
  895. case 0x40:
  896. bAlgoID = 0xC5;
  897. break;
  899. case 0x60:
  900. bAlgoID = 0xC7;
  901. break;
  903. case 0x80:
  904. bAlgoID = 0xC9;
  905. break;
  907. default:
  908. throw iop::Exception(iop::ccAlgorithmIdNotSupported);
  909. }
  911. Select(0x1012);
  914. DWORD dwKeyBlockLen = 4 + 9 + aKey.bModulusLength + 4;
  916. BYTE bKeyBlob[256];
  918. bKeyBlob[0] = (BYTE) ((dwKeyBlockLen >> 8) & 0xFF);
  919. bKeyBlob[1] = (BYTE) (dwKeyBlockLen & 0xFF);
  920. bKeyBlob[2] = bKeyNum;
  921. bKeyBlob[3] = bAlgoID;
  922. bKeyBlob[4] = 0xC1;
  923. bKeyBlob[5] = 0x01;
  924. bKeyBlob[6] = 0x02;
  925. bKeyBlob[7] = 0xC0;
  926. bKeyBlob[8] = (BYTE)aKey.bModulusLength + 1;
  927. bKeyBlob[9] = 0x00;
  929. //////////////////////////////////////////////////
  930. // Convert modulus to big endian for the card //
  931. //////////////////////////////////////////////////
  932. for (int i = 0; i < aKey.bModulusLength; i++)
  933. bKeyBlob[10 + i] = aKey.bModulus[aKey.bModulusLength - 1 - i];
  935. bKeyBlob[10 + aKey.bModulusLength] = 0xC0;
  936. bKeyBlob[11 + aKey.bModulusLength] = 0x04;
  938. ///////////////////////////////////////////////////
  939. // Convert exponent to big endian for the card //
  940. ///////////////////////////////////////////////////
  941. for (i = 0; i < 4; i++)
  942. bKeyBlob[12 + aKey.bModulusLength + i] = aKey.bExponent[3 - i];
  944. WORD wOffset = (WORD) (dwKeyBlockLen * bKeyNum);
  946. WriteBinary(wOffset, (WORD) dwKeyBlockLen, bKeyBlob);
  947. }
  949. void
  950. CAccessCard::GetSerial(BYTE* bSerial, size_t &SerialLength)
  951. {
  952. if (bSerial == NULL)
  953. {
  954. SerialLength = 22;
  955. return;
  956. }
  958. if (SerialLength < 22)
  959. {
  960. throw iop::Exception(ccBufferTooSmall);
  961. }
  963. SerialLength = 22;
  965. SendCardAPDU(m_bClassByte, 0xCA, 0x00, 0x01, 0,
  966. NULL, 22, bSerial);
  967. }
  970. void
  971. CAccessCard::ReadPublicKey(CPublicKeyBlob *aKey, const BYTE bKeyNum)
  972. {
  973. CLockWrap wrap(&m_IOPLock);
  974. BYTE bKeyLength[2];
  976. Select(0x1012);
  977. ReadBinary(0,2,bKeyLength);
  980. WORD wKeyBlockLength = bKeyLength[0] * 256 + bKeyLength[1];
  981. WORD wOffset = (WORD)(wKeyBlockLength * bKeyNum);
  982. BYTE bBuffer[512];
  984. ReadBinary(wOffset, wKeyBlockLength, bBuffer);
  986. aKey->bModulusLength = bBuffer[8] - 1;
  988. scu::AutoArrayPtr<BYTE> aabModule(new BYTE[aKey->bModulusLength]);
  989. BYTE aExponent[4];
  991. memcpy((void*)aabModule.Get(), (void*)&bBuffer[10], aKey->bModulusLength);
  992. memcpy((void*)aExponent, (void*)&bBuffer[10 + aKey->bModulusLength + 2], 4);
  994. /////////////////////////////////////////////////////////////////////////
  995. // Change from big endian on the card to little endian in the struct //
  996. /////////////////////////////////////////////////////////////////////////
  997. for (WORD i = 0; i < aKey->bModulusLength; i++)
  998. aKey->bModulus[i] = aabModule[aKey->bModulusLength - 1 - i];
  999. for (i = 0; i < 4; i++)
  1000. aKey->bExponent[i] = aExponent[3 - i];
  1001. }
  1003. // There are some slightly arbitrary constants used here...tighten down later.
  1005. void
  1006. CAccessCard::WritePrivateKey(const CPrivateKeyBlob aKey, const BYTE bKeyNum)
  1007. {
  1009. CLockWrap wrap(&m_IOPLock);
  1011. BYTE bAlgoID;
  1013. switch(aKey.bPLen)
  1014. {
  1015. case 0x20:
  1016. bAlgoID = 0xC4;
  1017. break;
  1019. case 0x30:
  1020. bAlgoID = 0xC6;
  1021. break;
  1023. case 0x40:
  1024. bAlgoID = 0xC8;
  1025. break;
  1027. default:
  1028. throw iop::Exception(iop::ccAlgorithmIdNotSupported);
  1029. }
  1031. Select(0x0012);
  1033. CPrivateKeyBlob anotherKey;
  1035. WORD wKeyBlockLength = 22 + 5 * aKey.bPLen;
  1036. WORD wOffset = (WORD)(bKeyNum * wKeyBlockLength);
  1038. scu::SecureArray<BYTE> bKeyBlob(1024);
  1039. bKeyBlob[0] = (BYTE)((wKeyBlockLength >> 8) & 0xFF);
  1040. bKeyBlob[1] = (BYTE)(wKeyBlockLength & 0xFF);
  1041. bKeyBlob[2] = bKeyNum;
  1042. bKeyBlob[3] = bAlgoID;
  1043. bKeyBlob[4] = 0xC2;
  1044. bKeyBlob[5] = 0x01;
  1045. bKeyBlob[6] = 0x05;
  1047. ////////////////////////////////////////////////////////////////////////
  1048. // Need to convert from little endian (struct) to big endian (card) //
  1049. ////////////////////////////////////////////////////////////////////////
  1050. scu::SecureArray<BYTE> bP(256);
  1051. scu::SecureArray<BYTE> bQ(256);
  1052. scu::SecureArray<BYTE> bQInv(256);
  1053. scu::SecureArray<BYTE> bKmodP(256);
  1054. scu::SecureArray<BYTE> bKmodQ(256);
  1056. for (WORD i = 0; i < aKey.bPLen; i++)
  1057. {
  1058. bP[i] = aKey.bP[aKey.bQLen - 1 - i];
  1059. bQ[i] = aKey.bQ[aKey.bPLen - 1 - i];
  1060. bQInv[i] = aKey.bInvQ[aKey.bInvQLen - 1 - i];
  1061. bKmodP[i] = aKey.bKsecModP[aKey.bKsecModQLen - 1 - i];
  1062. bKmodQ[i] = aKey.bKsecModQ[aKey.bKsecModPLen - 1 - i];
  1063. }
  1065. //////////////////////////////////////////////////////
  1066. // Now we need to left align the bytes of P and Q //
  1067. //////////////////////////////////////////////////////
  1068. BYTE pShift = 0, qShift = 0, qIShift = 0;
  1069. /* Punting on bad keys!
  1070. if ((bP[0] < 8) || (bQ[0] < 8)) {
  1071. // Bad key?
  1072. delete bP;
  1073. delete bQ;
  1074. delete bQInv;
  1075. delete bKmodP;
  1076. delete bKmodQ;
  1077. delete bKeyBlob;
  1078. return FALSE;
  1079. }
  1080. */
  1082. bKeyBlob[7] = 0xC2;
  1083. bKeyBlob[8] = (BYTE) aKey.bPLen + 1;
  1084. bKeyBlob[9] = 0x00;
  1086. memcpy((void*) &bKeyBlob[10], (void*)bQ.data(), aKey.bPLen);
  1087. bKeyBlob[10 + aKey.bPLen] = 0xC2;
  1088. bKeyBlob[11 + aKey.bPLen] = (BYTE) aKey.bQLen + 1;
  1089. bKeyBlob[12 + aKey.bPLen] = 0x00;
  1091. memcpy((void*) &bKeyBlob[13 + aKey.bPLen], (void*)bP.data(), aKey.bPLen);
  1092. bKeyBlob[13 + 2* aKey.bPLen] = 0xC2;
  1093. bKeyBlob[14 + 2* aKey.bPLen] = (BYTE) aKey.bQLen + 1;
  1094. bKeyBlob[15 + 2* aKey.bPLen] = 0x00;
  1096. memcpy((void*) &bKeyBlob[16 + 2* aKey.bPLen], (void*)bQInv.data(), aKey.bPLen);
  1097. bKeyBlob[16 + 3* aKey.bPLen] = 0xC2;
  1098. bKeyBlob[17 + 3* aKey.bPLen] = (BYTE) aKey.bQLen + 1;
  1099. bKeyBlob[18 + 3* aKey.bPLen] = 0x00;
  1101. memcpy((void*) &bKeyBlob[19 + 3* aKey.bPLen], (void*)bKmodQ.data(), aKey.bPLen);
  1102. bKeyBlob[19 + 4* aKey.bPLen] = 0xC2;
  1103. bKeyBlob[20 + 4* aKey.bPLen] = (BYTE) aKey.bQLen + 1;
  1104. bKeyBlob[21 + 4* aKey.bPLen] = 0x00;
  1106. memcpy((void*) &bKeyBlob[22 + 4 * aKey.bPLen], (void*)bKmodP.data(), aKey.bPLen);
  1108. WriteBinary(wOffset, wKeyBlockLength, bKeyBlob.data());
  1109. }
  1111. void
  1112. CAccessCard::ChangeCHV(const BYTE bKeyNumber, const BYTE *bOldCHV,
  1113. const BYTE *bNewCHV)
  1114. {
  1115. CLockWrap wrap(&m_IOPLock);
  1116. scu::SecureArray<BYTE> bDataIn(16);
  1117. memcpy((void*)bDataIn.data(), (void*)bOldCHV, 8);
  1118. memcpy((void*)(bDataIn.data() + 8), (void*)bNewCHV, 8);
  1120. SendCardAPDU(m_bClassByte, 0x24, 0x00, bKeyNumber, 16,
  1121. bDataIn.data(), 0, NULL);
  1123. Dirty(true);
  1125. }
  1127. void
  1128. CAccessCard::ChangeCHV(const BYTE bKey_nb, const BYTE *bNewCHV)
  1129. {
  1131. CLockWrap wrap(&m_IOPLock);
  1133. switch (bKey_nb)
  1134. {
  1135. case 1: Select("/3f00/0000"); // CHV1 and CHV2 are the only CHV's supported
  1136. break;
  1137. case 2: Select("/3f00/0100");
  1138. break;
  1140. default: throw iop::Exception(iop::ccInvalidChv);
  1141. break;
  1142. }
  1144. WriteBinary(3, 8, bNewCHV);
  1146. BYTE bRemaingAttempts = 3; // Minumum number + 2
  1147. WriteBinary(12, 1, &bRemaingAttempts);
  1149. Dirty(true);
  1151. VerifyCHV(bKey_nb,bNewCHV);
  1153. }
  1155. void
  1156. CAccessCard::UnblockCHV(const BYTE bKeyNumber,
  1157. const BYTE *bUnblockPIN, const BYTE *bNewPin)
  1158. {
  1159. CLockWrap wrap(&m_IOPLock);
  1161. scu::SecureArray<BYTE> bDataIn(16);
  1162. memcpy((void*)bDataIn.data(), (void*)bUnblockPIN, 8);
  1163. memcpy((void*)(bDataIn.data() + 8), (void*)bNewPin, 8);
  1165. SendCardAPDU(m_bClassByte, 0x2C, 0x00, bKeyNumber, 16,
  1166. bDataIn.data(), 0, NULL);
  1168. Dirty(true);
  1170. }
  1172. void
  1173. CAccessCard::ChangeUnblockKey(const BYTE bKeyNumber, const BYTE *bNewPIN)
  1174. {
  1175. CLockWrap wrap(&m_IOPLock);
  1177. switch (bKeyNumber)
  1178. {
  1179. case 1: Select("/3f00/0000"); // CHV1 and CHV2 are the only CHV's supported
  1180. break;
  1181. case 2: Select("/3f00/0100");
  1182. break;
  1184. default: throw iop::Exception(iop::ccInvalidChv);
  1185. break;
  1186. }
  1188. WriteBinary(13, 8, bNewPIN);
  1189. }
  1191. void
  1192. CAccessCard::ChangeTransportKey(const BYTE *bNewKey)
  1193. {
  1194. CLockWrap wrap(&m_IOPLock);
  1195. Select("/3f00/0011");
  1198. //////////////////////////////////////////
  1199. // Build byte string to write to card //
  1200. //////////////////////////////////////////
  1201. BYTE bKeyString[13] =
  1202. {
  1203. 0x00, // length of key
  1204. 0x0E, // length of key
  1205. 0x00, // Key number
  1206. 0x01, // tag to identify key as an ID PIN
  1207. 0, 0, 0, 0, 0, 0, 0, 0, // 8 bytes for key
  1208. 0x03 // # of verification attempts remaining before card is blocked + 2
  1209. };
  1210. // copy the template into a secure array for storing the sensitive
  1211. // part
  1212. const WORD wKeySize = 13;
  1213. scu::SecureArray<BYTE> newbKeyStr(bKeyString,wKeySize);
  1215. //////////////////////////////////////////////////////
  1216. // insert new key into key string to pass to card //
  1217. //////////////////////////////////////////////////////
  1218. memcpy((void*)(newbKeyStr.data() + 4), (void*)bNewKey, 8);
  1220. WriteBinary(0, wKeySize, newbKeyStr.data());
  1222. // Make a (hopefully) successfull verification to re-set attempt counter
  1224. VerifyTransportKey(bNewKey);
  1225. }
  1227. void
  1228. CAccessCard::ChangeACL(const BYTE *bACL)
  1229. {
  1230. CLockWrap wrap(&m_IOPLock);
  1232. SendCardAPDU(m_bClassByte, 0xFC, 0x00, 0x00, 0x08,
  1233. bACL, 0, NULL);
  1235. Dirty(true);
  1236. }
  1238. void
  1239. CAccessCard::DefaultDispatchError(ClassByte cb,
  1240. Instruction ins,
  1241. StatusWord sw) const
  1242. {
  1243. CauseCode cc;
  1244. bool fDoThrow = true;
  1246. switch (sw)
  1247. {
  1248. case 0x6283:
  1249. cc = ccContradictionWithInvalidationStatus;
  1250. break;
  1252. case 0x6300:
  1253. cc = ccChvVerificationFailedMoreAttempts;
  1254. break;
  1256. case 0x6981:
  1257. cc = ccChvNotInitialized;
  1258. break;
  1260. case 0x6985:
  1261. cc = ccNoFileSelected;
  1262. break;
  1264. case 0x6A00:
  1265. cc = ccFileExists;
  1266. break;
  1268. case 0x6A84:
  1269. cc = ccCannotReadOutsideFileBoundaries;
  1270. break;
  1272. case 0x6A86:
  1273. cc = ccLimitReached;
  1274. break;
  1276. case 0x6F11:
  1277. cc = ccDirectoryNotEmpty;
  1278. break;
  1280. case 0x6F12:
  1281. cc = ccInvalidSignature;
  1282. break;
  1284. case 0x6F14:
  1285. cc = ccBadState;
  1286. break;
  1288. default:
  1289. fDoThrow = false;
  1290. break;
  1291. }
  1293. if (fDoThrow)
  1294. throw Exception(cc, cb, ins, sw);
  1296. CSmartCard::DefaultDispatchError(cb, ins, sw);
  1297. }
  1299. void
  1300. CAccessCard::DispatchError(ClassByte cb,
  1301. Instruction ins,
  1302. StatusWord sw) const
  1303. {
  1304. CauseCode cc;
  1305. bool fDoThrow = true;
  1307. switch (ins)
  1308. {
  1309. case insCreateFile:
  1310. switch (sw)
  1311. {
  1312. case 0x6A00:
  1313. cc = ccFileExists;
  1314. break;
  1316. case 0x6A84:
  1317. cc = ccOutOfSpaceToCreateFile;
  1318. break;
  1320. case 0x6B00:
  1321. cc = ccRecordInfoIncompatible;
  1322. break;
  1324. default:
  1325. fDoThrow = false;
  1326. break;
  1327. }
  1328. break;
  1330. case insDeleteFile:
  1331. switch (sw)
  1332. {
  1333. case 0x6A00:
  1334. cc = ccRootDirectoryNotErasable;
  1335. break;
  1337. default:
  1338. fDoThrow = false;
  1339. break;
  1340. }
  1341. break;
  1343. case insDirectory:
  1344. switch (sw)
  1345. {
  1346. case 0x6985:
  1347. cc = ccCurrentDirectoryIsNotSelected;
  1348. break;
  1350. case 0x6A83:
  1351. cc = ccFileIndexDoesNotExist;
  1352. break;
  1354. default:
  1355. fDoThrow = false;
  1356. break;
  1357. }
  1358. break;
  1360. case insExecuteMethod:
  1361. switch (sw)
  1362. {
  1363. case 0x6283:
  1364. cc = ccProgramFileInvalidated;
  1365. break;
  1367. case 0x6A00:
  1368. cc = ccInstanceIdInUse;
  1369. break;
  1371. case 0x6F15:
  1372. cc = ccCardletNotInRegisteredState;
  1373. break;
  1375. case 0x6F19:
  1376. cc = ccInstallCannotRun;
  1377. break;
  1379. default:
  1380. if ((0x6230 <= sw) && (0x6260 <= sw))
  1381. cc = ccJava;
  1382. else
  1383. fDoThrow = false;
  1384. }
  1385. break;
  1387. case insExternalAuth:
  1388. switch (sw)
  1389. {
  1390. case 0x6300:
  1391. cc = ccVerificationFailed;
  1392. break;
  1394. case 0x6981:
  1395. cc = ccInvalidKey;
  1396. break;
  1398. case 0x6985:
  1399. cc = ccAskRandomNotLastApdu;
  1400. break;
  1402. case 0x6B00:
  1403. cc = ccAlgorithmIdNotSupported;
  1404. break;
  1406. case 0x6F15:
  1407. cc = ccOperationNotActivatedForApdu;
  1408. break;
  1410. default:
  1411. fDoThrow = false;
  1412. break;
  1413. }
  1414. break;
  1416. case insInternalAuth:
  1417. switch (sw)
  1418. {
  1419. case 0x6300:
  1420. cc = ccRequestedAlgIdMayNotMatchKeyUse;
  1421. break;
  1423. case 0x6981:
  1424. cc = ccInvalidKey;
  1425. break;
  1427. case 0x6B00:
  1428. cc = ccAlgorithmIdNotSupported;
  1429. break;
  1431. case 0x6F15:
  1432. cc = ccOperationNotActivatedForApdu;
  1433. break;
  1435. default:
  1436. fDoThrow = false;
  1437. break;
  1438. }
  1439. break;
  1441. case insReadBinary:
  1442. // fall-through intentional
  1443. case insUpdateBinary:
  1444. switch (sw)
  1445. {
  1446. case 0x6A84:
  1447. cc = ccCannotReadOutsideFileBoundaries;
  1448. break;
  1450. default:
  1451. fDoThrow = false;
  1452. break;
  1453. }
  1454. break;
  1456. default:
  1457. fDoThrow = false;
  1458. break;
  1459. }
  1461. if (fDoThrow)
  1462. throw Exception(cc, cb, ins, sw);
  1464. CSmartCard::DispatchError(cb, ins, sw);
  1465. }
  1467. void
  1468. CAccessCard::DoReadBlock(WORD wOffset,
  1469. BYTE *pbBuffer,
  1470. BYTE bLength)
  1471. {
  1472. SendCardAPDU(m_bClassByte, insReadBinary, HIBYTE(wOffset),
  1473. LOBYTE(wOffset), 0, 0, bLength, pbBuffer);
  1475. }
  1477. void
  1478. CAccessCard::DoWriteBlock(WORD wOffset,
  1479. BYTE const *pbBuffer,
  1480. BYTE cLength)
  1481. {
  1482. SendCardAPDU(m_bClassByte, insUpdateBinary, HIBYTE(wOffset),
  1483. LOBYTE(wOffset), cLength, pbBuffer, 0, 0);
  1484. }
  1486. bool
  1487. CAccessCard::ValidClassByte(BYTE bClassByte)
  1488. {
  1489. ////////////////////////////////////////////////////////////////
  1490. // Calling Directory on root to check for proper class byte //
  1491. ////////////////////////////////////////////////////////////////
  1493. BYTE bOutput[cMaxDirInfo];
  1495. bool fValidClassByte = true;
  1497. try
  1498. {
  1499. SendCardAPDU(bClassByte, insDirectory, 0x00, 0x00, 0, NULL,
  1500. sizeof bOutput / sizeof *bOutput, bOutput);
  1501. }
  1503. catch (Exception &)
  1504. {
  1505. fValidClassByte = false;
  1506. }
  1508. return fValidClassByte;
  1509. }
  1511. bool
  1512. CAccessCard::SupportLogout()
  1513. {
  1514. bool fSuccess = true;
  1515. try
  1516. {
  1517. CLockWrap wrap(&m_IOPLock);
  1518. SendCardAPDU(m_bClassByte, 0x22, 0x07, 0x00, 0x00, NULL, 0, NULL);
  1520. }
  1521. catch(...)
  1522. {
  1523. fSuccess = false;
  1524. }
  1526. return fSuccess;
  1527. }