|
|
// AccessCard.cpp: implementation of the CAccessCard class.
//
//////////////////////////////////////////////////////////////////////
#include "NoWarning.h"
#include <scuArrayP.h>
#include "AccessCard.h"
#include <stdio.h>
#include "iopExc.h"
#include "LockWrap.h"
#include "FilePath.h"
using namespace std;using namespace iop;
namespace{ BYTE AsPrivateAlgId(KeyType kt) { BYTE bAlgId = 0; switch (kt) { case ktRSA512: bAlgId = 0xC4; break; case ktRSA768: bAlgId = 0xC6; break; case ktRSA1024: bAlgId = 0xC8; break; case ktDES: bAlgId = 0x00; break; default: throw Exception(ccInvalidParameter); break; }
return bAlgId; }
} // namespace
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
CAccessCard::CAccessCard(const SCARDHANDLE hCardHandle, const char* szReaderName, const SCARDCONTEXT pContext, const DWORD dwMode) : CSmartCard(hCardHandle, szReaderName, pContext, dwMode){ if (ValidClassByte(0xF0)) m_bClassByte = 0xF0; else if (ValidClassByte(0x00)) m_bClassByte = 0x00; else // Not an access card!
throw iop::Exception(iop::ccUnknownCard); m_fSupportLogout = SupportLogout();
}
CAccessCard::~CAccessCard(){
}
voidCAccessCard::GetChallenge(const DWORD dwNumberLength, BYTE* bRandomNumber){ CLockWrap wrap(&m_IOPLock);
const BYTE bMinLen = 4, bMaxLen = 64; // Max 64 due to bug in old cards.
if(dwNumberLength < bMinLen) { BYTE bBuf[bMinLen]; SendCardAPDU(m_bClassByte, 0x84, 0x00, 0x00, 0, NULL, bMinLen, bBuf); memcpy(bRandomNumber,bBuf,dwNumberLength); } else {
DWORD dwRamainingBytes = dwNumberLength; BYTE *bpBuf = bRandomNumber;
while(dwRamainingBytes) { BYTE bNumGet = (dwRamainingBytes > bMaxLen) ? bMaxLen : dwRamainingBytes;
SendCardAPDU(m_bClassByte, 0x84, 0x00, 0x00, 0, NULL, bNumGet, bpBuf);
bpBuf += bNumGet; dwRamainingBytes -= bNumGet; } }}
voidCAccessCard::DeleteFile(const WORD wFileID){ CLockWrap wrap(&m_IOPLock); BYTE bDataIn[2]; bDataIn[0] = (BYTE)(MSB(wFileID)); bDataIn[1] = (BYTE)(LSB(wFileID)); SendCardAPDU(m_bClassByte, insDeleteFile, 0x00, 0x00, 0x02, bDataIn, 0, NULL);
}
voidCAccessCard::Directory(const BYTE bFile_Nb, FILE_HEADER* pMyfile) { CLockWrap wrap(&m_IOPLock);
RequireSelect();
BYTE bDataOut[40]; memset(bDataOut, 0, 40); SendCardAPDU(m_bClassByte, 0xA8, 0x00, bFile_Nb, 0, NULL, 40, bDataOut);
switch(bDataOut[6]) { case 0x01: // Root directory file
case 0x02: // Other directory file or Instance file
{ pMyfile->file_id = (WORD)(bDataOut[4] * 256 + bDataOut[5]); pMyfile->file_size = (WORD)(bDataOut[2] * 256 + bDataOut[3]); pMyfile->nb_file = bDataOut[15]; pMyfile->nb_sub_dir = bDataOut[14]; pMyfile->file_status = 0x01;
if (bDataOut[9] == 0) { memset((void*)(pMyfile->applicationID), 0x00, 16); pMyfile->file_type = directory; } else if (bDataOut[9] == 0x01 || bDataOut[9] == 0x02 || bDataOut[9] == 0x03) { /////////////////////////////////////////////////////////////////
// Instance files contain one "hidden" file for program data //
// that should not be shown to the users //
/////////////////////////////////////////////////////////////////
pMyfile->nb_file--;
pMyfile->file_type = Instance; pMyfile->AIDLength = bDataOut[23]; memcpy((void*)(pMyfile->applicationID), (void*)(&bDataOut[24]), pMyfile->AIDLength); /////////////////////////////////////////////////////////////////////
// Set flags in file status to discriminate applets/applications //
/////////////////////////////////////////////////////////////////////
switch(bDataOut[9]) { case 0x01: pMyfile->file_status |= (1 << 5); // Applet
break; case 0x02: pMyfile->file_status |= (1 << 4); // Application
break; case 0x03: pMyfile->file_status |= (3 << 4); // Both
break; }
////////////////////////////////////////////////
// Set flags in file status to discriminate //
// created/installed/registered instances //
////////////////////////////////////////////////
switch(bDataOut[10]) { case 0x01: pMyfile->file_status |= (1 << 1); // Created
break; case 0x02: pMyfile->file_status |= (1 << 2); // Installed
break; case 0x03: pMyfile->file_status |= (1 << 3); // Registered
break; } } ///////////////////////////////////////////////
// guard against a bad Instance file //
// created without an AID for file control //
///////////////////////////////////////////////
else { pMyfile->AIDLength = 0x00; memset((void*)(pMyfile->applicationID), 0x00, 16);
throw iop::Exception(iop::ccBadInstanceFile); }
///////////////////////////////
// Select file and get ACL //
///////////////////////////////
Select(pMyfile->file_id);
SendCardAPDU(m_bClassByte, insGetACL, 0x00, 0x00, 0, NULL, 0x08, bDataOut); memcpy((void*)(pMyfile->access_cond), (void*)(bDataOut),8); /////////////////////////////////
// Reselect parent directory //
/////////////////////////////////
Select(m_CurrentDirectory.Tail().GetShortID());
break;
} // end case directory or Instance file
case 0x04: // all other file types
{ pMyfile->file_id = (WORD)(bDataOut[4] * 256 + bDataOut[5]); pMyfile->file_size = (WORD)(bDataOut[2] * 256 + bDataOut[3]); pMyfile->nb_file = 0x00; pMyfile->nb_sub_dir = 0x00; pMyfile->file_status = bDataOut[11];
switch(bDataOut[13]) { case 0x00: pMyfile->file_type = Binary_File; break; case 0x01: pMyfile->file_type = Fixed_Record_File; break; case 0x02: pMyfile->file_type = Variable_Record_File; break; case 0x03: pMyfile->file_type = Cyclic_File; break; case 0x04: pMyfile->file_type = Program_File; break; ///////////////////////////////////////////////////////////////////////
// if GetResponse(...) is successful but bad file type is returned //
///////////////////////////////////////////////////////////////////////
default: pMyfile->file_type = Unknown; throw iop::Exception(iop::ccFileTypeUnknown); }
if (pMyfile->file_type == Cyclic_File || pMyfile->file_type == Fixed_Record_File) { pMyfile->nb_sub_dir = bDataOut[14]; pMyfile->nb_file = (pMyfile->nb_sub_dir) ? pMyfile->file_size / pMyfile->nb_sub_dir : 0; }
///////////////////////////////
// Select file and get ACL //
///////////////////////////////
if (pMyfile->file_id != 0xFFFF) { Select(pMyfile->file_id);
SendCardAPDU(m_bClassByte, insGetACL, 0x00, 0x00, 0, NULL, 0x08, bDataOut);
memcpy((void*)(pMyfile->access_cond), (void*)(bDataOut), 8); memset((void*)(pMyfile->applicationID), 0x00, 16); /////////////////////////////////
// Reselect parent directory //
/////////////////////////////////
Select(m_CurrentDirectory.Tail().GetShortID()); } break;
} // end case non-Directory/Instance files
default: ///////////////////////////////////////////////////////////////////////////
// if GetResponse(...) is successful but bad file category is returned //
///////////////////////////////////////////////////////////////////////////
throw iop::Exception(iop::ccBadFileCategory); } // end switch
}
voidCAccessCard::ExternalAuth(const KeyType kt, const BYTE bKeyNb, const BYTE bDataLength, const BYTE* bData){ CLockWrap wrap(&m_IOPLock);
BYTE bAlgo_ID = AsPrivateAlgId(kt); SendCardAPDU(m_bClassByte, insExternalAuth, bAlgo_ID, bKeyNb, bDataLength, bData, 0, NULL); }
voidCAccessCard::InternalAuth(const KeyType kt, const BYTE bKeyNb, const BYTE bDataLength, const BYTE* bDataIn, BYTE* bDataOut){ CLockWrap wrap(&m_IOPLock); ////////////////////////////////////////////////////////////////////////////
// The following checks to make sure the internal Auth is not being //
// used for DES, or for an RSA key operation of greater than 128 bytes. //
////////////////////////////////////////////////////////////////////////////
BYTE bAlgo_ID = AsPrivateAlgId(kt); if (((bAlgo_ID != 0xC4) && (bAlgo_ID != 0xC6) && (bAlgo_ID != 0xC8)) || (bDataLength > 0x80)) throw iop::Exception(iop::ccAlgorithmIdNotSupported);
/////////////////////////////////////////////////////////////////////////
// Need to reverse the byte order of the input data (big endian card) //
/////////////////////////////////////////////////////////////////////////
if (cMaxApduLength < bDataLength) throw iop::Exception(iop::ccInvalidParameter); BYTE bReversedData[cMaxApduLength];
for (BYTE bIndex = 0; bIndex < bDataLength; bIndex++) bReversedData[bIndex] = bDataIn[bDataLength - 1 - bIndex];
SendCardAPDU(m_bClassByte, insInternalAuth, bAlgo_ID, bKeyNb, bDataLength, bReversedData, 0, NULL); GetResponse(m_bClassByte, bDataLength, bReversedData);
//////////////////////////////////////////////////////
// Need to reverse the byte order of output data. //
//////////////////////////////////////////////////////
for (bIndex = 0; bIndex < bDataLength; bIndex++) bDataOut[bIndex] = bReversedData[bDataLength - 1 - bIndex];}
voidCAccessCard::ReadRecord(const BYTE bRecNum, const BYTE bMode, const BYTE bDataLen, BYTE *bData){ CLockWrap wrap(&m_IOPLock);
SendCardAPDU(m_bClassByte, 0xB2, bRecNum, bMode, 0, NULL, bDataLen, bData);}
voidCAccessCard::UpdateRecord(const BYTE bRecNum, const BYTE bMode, const BYTE bDataLen, BYTE *bData){ CLockWrap wrap(&m_IOPLock);
SendCardAPDU(m_bClassByte, 0xDC, bRecNum, bMode, bDataLen, bData, 0, NULL);}
voidCAccessCard::VerifyCHV(const BYTE bCHVNumber, const BYTE* bCHV){ CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, insVerifyChv, 0x00, bCHVNumber, 0x08, bCHV, 0, NULL);}
voidCAccessCard::VerifyKey(const BYTE bKeyNumber, const BYTE bKeyLength, const BYTE* bKey){ CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, 0x2A, 0x00, bKeyNumber, bKeyLength, bKey, 0, NULL);}
voidCAccessCard::SelectCardlet(const BYTE *bAID, const BYTE bAIDLen){ CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, 0xA4, 0x04, 0x00, bAIDLen, bAID, 0, NULL);}
voidCAccessCard::SelectLoader(){ CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, 0xA4, 0x04, 0x00, 0x00, NULL, 0, NULL);}
voidCAccessCard::DeleteApplet(){ CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, 0x08, 0x02, 0x00, 0x00, NULL, 0, NULL);}
voidCAccessCard::ResetInstance(){ CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, 0x08, 0x03, 0x00, 0x00, NULL, 0, NULL);}
voidCAccessCard::SetCurrentAsLoader(){ CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, 0x08, 0x04, 0x00, 0x00, NULL, 0, NULL);}
voidCAccessCard::SetDefaultAsLoader(){ CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, 0x08, 0x05, 0x00, 0x00, NULL, 0, NULL);}
voidCAccessCard::BlockApplet(){ CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, 0x08, 0x07, 0x00, 0x00, NULL, 0, NULL);}
voidCAccessCard::ValidateProgram(const BYTE *bSig, const BYTE bSigLength){ CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, 0x0A, 0x01, 0x00, bSigLength, bSig, 0, NULL);}
voidCAccessCard::ResetProgram(){ CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, 0x0A, 0x02, 0x00, 0x00, NULL, 0, NULL);}
voidCAccessCard::VerifyTransportKey(const BYTE *bKey){ VerifyKey(0, 8, bKey);}
voidCAccessCard::ExecuteMain(){ CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, insExecuteMethod, 0x02, 0x00, 0x00, NULL, 0, NULL);}
voidCAccessCard::ExecuteInstall(const BYTE *bBlock, const BYTE bLen){ CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, insExecuteMethod, 0x13, 0x00, bLen, bBlock, 0, NULL);}
voidCAccessCard::SelectParent() { CLockWrap wrap(&m_IOPLock); RequireSelect();
///////////////////////////////////////////////////
// If current directory is root, reselect root //
///////////////////////////////////////////////////
if (m_CurrentDirectory.NumComponents() == 1) Select(0x3F00); else { SendCardAPDU(m_bClassByte, 0xA4, 0x03, 0x00, 0, NULL, 0, NULL); m_CurrentDirectory.ChopTail(); m_CurrentFile = m_CurrentDirectory; }}
voidCAccessCard::Select(const WORD wFileID){ CLockWrap wrap(&m_IOPLock); BYTE bDataIn[2]; bDataIn[0] = (BYTE)(MSB(wFileID)); bDataIn[1] = (BYTE)(LSB(wFileID));
SendCardAPDU(m_bClassByte, 0xA4, 0x00, 0x00, 0x02, bDataIn, 0, NULL);}
voidCAccessCard::LogoutAll(){ if(m_fSupportLogout) { CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, 0x22, 0x07, 0x00, 0x00, NULL, 0, NULL); } else ResetCard();}
voidCAccessCard::Select(const char* szFileFullPath, FILE_HEADER* pMyfile, const bool fSelectAll){ CLockWrap wrap(&m_IOPLock); BYTE bIndex = 0; char szFormattedPath[cMaxPathLength]; BYTE bFileCount = FormatPath(szFormattedPath, szFileFullPath); BYTE bPathLength = strlen(szFormattedPath);
auto_ptr<FilePath> apfp(new FilePath(string(szFormattedPath)));
///////////////////////////////////////////////////////////
// Select all files in path regardless of current path. //
// Do this on request, or if cache is empty //
///////////////////////////////////////////////////////////
if (fSelectAll || (m_CurrentFile.IsEmpty()) || (m_CurrentDirectory.IsEmpty())) { bIndex = 0; } ////////////////////////////////////////////////////////
// if path names match, do nothing except get file info //
////////////////////////////////////////////////////////
else if (m_CurrentFile == *apfp) { bIndex = 0; if (pMyfile) // force Select to get file info
{ if (1 < bFileCount) { if (m_CurrentFile == m_CurrentDirectory) bIndex = bFileCount - 1; // just reselect dir
else bIndex = bFileCount - 2; // select dir & file
SelectParent(); } } else bIndex = bFileCount; } ////////////////////////////////////////////////////////////////////
// if current directory is in path, only select remaining files //
////////////////////////////////////////////////////////////////////
else if(m_CurrentDirectory.NumComponents() < apfp->NumComponents()) { if (apfp->GreatestCommonPrefix(m_CurrentDirectory) == m_CurrentDirectory) bIndex = m_CurrentDirectory.NumComponents(); else bIndex = 0; } ////////////////////////////////////////////////////////////////////
// if new path share part of current directory, step upwards //
////////////////////////////////////////////////////////////////////
else if(m_CurrentDirectory.NumComponents() > apfp->NumComponents()) { BYTE bSharedPathLen;
bSharedPathLen = apfp->GreatestCommonPrefix(m_CurrentDirectory).NumComponents();
if(bSharedPathLen>1) // Not worth while to step up to 3F00.
{ BYTE bLevelsUp = m_CurrentDirectory.NumComponents() - bSharedPathLen; bool fSelectFailed = false; try { for(int i=0; i < bLevelsUp; i++) { SelectParent(); } } catch (Exception const &) { // TODO: Not sure if this is handling correctly!
fSelectFailed = true; }
if (fSelectFailed) bIndex = 0; else bIndex = bSharedPathLen; } else bIndex = 0; } //////////////////////////////////////////
// Select the necessary files in path //
//////////////////////////////////////////
char sFileToSelect[5] = { 0, 0, 0, 0, 0 }; bool fFileSelected = false; bool fSelectFailed = false; try { while (bIndex < bFileCount) { WORD wFileHexID = (*apfp)[bIndex].GetShortID(); Select(wFileHexID); fFileSelected = true; bIndex++; } }
catch (Exception const &) { fSelectFailed = true; if (fSelectAll) throw; // TODO: throw something useful, eh?
}
if (fSelectFailed) // assert(!fSelectAll)
{ Select(szFormattedPath,pMyfile,true); fFileSelected = true; } BYTE bResponseLength = 0; if (fFileSelected) bResponseLength = ResponseLengthAvailable();
////////////////////////////////////////////////////
// GetResponse and fill file header information //
////////////////////////////////////////////////////
switch(bResponseLength) { case 0x17: case 0x28: { ////////////////////////////////////////////////
// File selected is a directory or Instance //
////////////////////////////////////////////////
m_CurrentDirectory = *apfp; m_CurrentFile = *apfp;
if (pMyfile) { BYTE bDataOut[0x28]; GetResponse(m_bClassByte, bResponseLength, bDataOut);
pMyfile->file_id = (WORD)(bDataOut[4] * 256 + bDataOut[5]); pMyfile->file_size = (WORD)(bDataOut[2] * 256 + bDataOut[3]); pMyfile->nb_file = bDataOut[15]; pMyfile->nb_sub_dir = bDataOut[14]; pMyfile->file_status = 0x01; if (bResponseLength == 0x17) { ////////////////////////////////////
// File selected is a directory //
////////////////////////////////////
pMyfile->file_type = directory; pMyfile->AIDLength = 0;
memset((void*)(pMyfile->applicationID), 0x00, 16); } else { ////////////////////////////////////
// File selected is an Instance //
////////////////////////////////////
/////////////////////////////////////////////////////
// Instance files contain one "hidden" file for //
// program data that should not be shown to the //
// users //
/////////////////////////////////////////////////////
pMyfile->nb_file--;
pMyfile->file_type = Instance; pMyfile->AIDLength = bDataOut[23];
memcpy((void*)(pMyfile->applicationID), (void*)(&bDataOut[24]), pMyfile->AIDLength);
////////////////////////////////////////////////////
// Set flags in file status to discriminate //
// applets/applications //
///////////////////////////////////////////////////
switch(bDataOut[9]) { case 0x01: pMyfile->file_status |= (1 << 5); // Applet
break; case 0x02: pMyfile->file_status |= (1 << 4); // Application
break; case 0x03: pMyfile->file_status |= (3 << 4); // Both
break; }
////////////////////////////////////////////////
// Set flags in file status to discriminate //
// created/installed/registered instances //
////////////////////////////////////////////////
switch(bDataOut[10]) { case 0x01: pMyfile->file_status |= (1 << 1); // Created
break; case 0x02: pMyfile->file_status |= (1 << 2); // Installed
break; case 0x03: pMyfile->file_status |= (1 << 3); // Registered
break; } }
////////////////////
// Get file ACL //
////////////////////
SendCardAPDU(m_bClassByte, 0xFE, 0x00, 0x00, 0, NULL,0x08, bDataOut); memcpy((void*)(pMyfile->access_cond), (void*)(bDataOut), 8); } break;
} // end case directory or Instance file
case 0x0F: { ////////////////////////////////////////////////////////
// File selected is an elementary file of some type //
////////////////////////////////////////////////////////
m_CurrentFile = *apfp; apfp->ChopTail(); m_CurrentDirectory = *apfp;
if (pMyfile) { BYTE bDataOut[0x0F];
GetResponse(m_bClassByte, bResponseLength, bDataOut);
pMyfile->file_id = (WORD)(bDataOut[4] * 256 + bDataOut[5]); pMyfile->file_size = (WORD)(bDataOut[2] * 256 + bDataOut[3]); pMyfile->nb_file = 0x00; pMyfile->nb_sub_dir = 0x00; pMyfile->AIDLength = 0x00; pMyfile->file_status = bDataOut[11];
memset((void*)pMyfile->applicationID, 0, 16);
switch(bDataOut[13]) { case 0x00: pMyfile->file_type = Binary_File; break;
case 0x01: pMyfile->file_type = Fixed_Record_File; pMyfile->nb_sub_dir = bDataOut[14]; pMyfile->nb_file = pMyfile->file_size / pMyfile->nb_sub_dir; break;
case 0x02: pMyfile->file_type = Variable_Record_File; break;
case 0x03: pMyfile->file_type = Cyclic_File; pMyfile->nb_sub_dir = bDataOut[14]; pMyfile->nb_file = pMyfile->file_size / pMyfile->nb_sub_dir; break;
case 0x04: pMyfile->file_type = Program_File; break; //////////////////////////////////////////////////////////
// if GetResponse(...) is successful but bad file //
// type is returned //
//////////////////////////////////////////////////////////
default: pMyfile->file_type = Unknown; throw iop::Exception(iop::ccFileTypeUnknown); }
////////////////////
// Get file ACL //
////////////////////
SendCardAPDU(m_bClassByte, 0xFE, 0x00, 0x00, 0, NULL, 0x08, bDataOut);
memcpy((void*)(pMyfile->access_cond), (void*)(bDataOut), 8); } break;
} // end case elementary file
default: //////////////////////////////////////////////////////////////////
// GetResponse was successful but returned an uninterpretable //
//////////////////////////////////////////////////////////////////
if (fFileSelected) throw iop::Exception(iop::ccCannotInterpretGetResponse); } // end of SWITCH
}
voidCAccessCard::CreateFile(const FILE_HEADER* pMyfile){ CLockWrap wrap(&m_IOPLock);
BYTE bDataIn[16]; /////////////////////////////////////////////////////
// Cyberflex cards don't allocate space for file //
// headers implicity, so it's done here manually //
/////////////////////////////////////////////////////
WORD wFileSize; if (pMyfile->file_type == directory) wFileSize = pMyfile->file_size + 24; else wFileSize = pMyfile->file_size + 16; ////////////////////////////////////////////////////
// Cyclic files need a 4 byte header per record //
////////////////////////////////////////////////////
if (pMyfile->file_type == Cyclic_File) { /////////////////////////////////////////
// prevent overflow error in card OS! //
/////////////////////////////////////////
if (pMyfile->nb_sub_dir > 251) throw iop::Exception(iop::ccCyclicRecordSizeTooLarge); bDataIn[6] = pMyfile->nb_sub_dir + 4; wFileSize += pMyfile->nb_file * 4; } else bDataIn[6] = pMyfile->nb_sub_dir;
bDataIn[0] = MSB(wFileSize); bDataIn[1] = LSB(wFileSize); bDataIn[2] = MSB(pMyfile->file_id); bDataIn[3] = LSB(pMyfile->file_id); bDataIn[5] = pMyfile->file_status & 1; bDataIn[7] = pMyfile->nb_file;
switch(pMyfile->file_type) { case Binary_File: bDataIn[4] = 0x02; break; case directory: bDataIn[4] = 0x20; break; case Cyclic_File: bDataIn[4] = 0x1D; break; case Variable_Record_File: bDataIn[4] = 0x19; break; case Fixed_Record_File: bDataIn[4] = 0x0C; break; case Instance: bDataIn[4] = 0x21; break; case Program_File: bDataIn[4] = 0x03; break;
//////////////////////////////////
// Requested file type is bad //
//////////////////////////////////
default: // TO DO: Why not let the card return the
// error?
throw iop::Exception(iop::ccFileTypeInvalid); }
memcpy((void*)&bDataIn[8], (void*)(pMyfile->access_cond), 8);
SendCardAPDU(m_bClassByte, insCreateFile, 0x00, 0x00, 0x10, bDataIn, 0, NULL);
m_apSharedMarker->UpdateMarker(CMarker::WriteMarker);
}
voidCAccessCard::WritePublicKey(const CPublicKeyBlob aKey, const BYTE bKeyNum){
CLockWrap wrap(&m_IOPLock);
BYTE bAlgoID; switch(aKey.bModulusLength) { case 0x40: bAlgoID = 0xC5; break;
case 0x60: bAlgoID = 0xC7; break;
case 0x80: bAlgoID = 0xC9; break;
default: throw iop::Exception(iop::ccAlgorithmIdNotSupported); }
Select(0x1012);
DWORD dwKeyBlockLen = 4 + 9 + aKey.bModulusLength + 4;
BYTE bKeyBlob[256];
bKeyBlob[0] = (BYTE) ((dwKeyBlockLen >> 8) & 0xFF); bKeyBlob[1] = (BYTE) (dwKeyBlockLen & 0xFF); bKeyBlob[2] = bKeyNum; bKeyBlob[3] = bAlgoID; bKeyBlob[4] = 0xC1; bKeyBlob[5] = 0x01; bKeyBlob[6] = 0x02; bKeyBlob[7] = 0xC0; bKeyBlob[8] = (BYTE)aKey.bModulusLength + 1; bKeyBlob[9] = 0x00; //////////////////////////////////////////////////
// Convert modulus to big endian for the card //
//////////////////////////////////////////////////
for (int i = 0; i < aKey.bModulusLength; i++) bKeyBlob[10 + i] = aKey.bModulus[aKey.bModulusLength - 1 - i];
bKeyBlob[10 + aKey.bModulusLength] = 0xC0; bKeyBlob[11 + aKey.bModulusLength] = 0x04;
///////////////////////////////////////////////////
// Convert exponent to big endian for the card //
///////////////////////////////////////////////////
for (i = 0; i < 4; i++) bKeyBlob[12 + aKey.bModulusLength + i] = aKey.bExponent[3 - i];
WORD wOffset = (WORD) (dwKeyBlockLen * bKeyNum);
WriteBinary(wOffset, (WORD) dwKeyBlockLen, bKeyBlob); }
void CAccessCard::GetSerial(BYTE* bSerial, size_t &SerialLength){ if (bSerial == NULL) { SerialLength = 22; return; }
if (SerialLength < 22) { throw iop::Exception(ccBufferTooSmall); }
SerialLength = 22;
SendCardAPDU(m_bClassByte, 0xCA, 0x00, 0x01, 0, NULL, 22, bSerial);}
voidCAccessCard::ReadPublicKey(CPublicKeyBlob *aKey, const BYTE bKeyNum){ CLockWrap wrap(&m_IOPLock); BYTE bKeyLength[2];
Select(0x1012); ReadBinary(0,2,bKeyLength);
WORD wKeyBlockLength = bKeyLength[0] * 256 + bKeyLength[1]; WORD wOffset = (WORD)(wKeyBlockLength * bKeyNum); BYTE bBuffer[512];
ReadBinary(wOffset, wKeyBlockLength, bBuffer);
aKey->bModulusLength = bBuffer[8] - 1;
scu::AutoArrayPtr<BYTE> aabModule(new BYTE[aKey->bModulusLength]); BYTE aExponent[4];
memcpy((void*)aabModule.Get(), (void*)&bBuffer[10], aKey->bModulusLength); memcpy((void*)aExponent, (void*)&bBuffer[10 + aKey->bModulusLength + 2], 4);
/////////////////////////////////////////////////////////////////////////
// Change from big endian on the card to little endian in the struct //
/////////////////////////////////////////////////////////////////////////
for (WORD i = 0; i < aKey->bModulusLength; i++) aKey->bModulus[i] = aabModule[aKey->bModulusLength - 1 - i]; for (i = 0; i < 4; i++) aKey->bExponent[i] = aExponent[3 - i]; }
// There are some slightly arbitrary constants used here...tighten down later.
voidCAccessCard::WritePrivateKey(const CPrivateKeyBlob aKey, const BYTE bKeyNum){
CLockWrap wrap(&m_IOPLock);
BYTE bAlgoID; switch(aKey.bPLen) { case 0x20: bAlgoID = 0xC4; break;
case 0x30: bAlgoID = 0xC6; break;
case 0x40: bAlgoID = 0xC8; break;
default: throw iop::Exception(iop::ccAlgorithmIdNotSupported); }
Select(0x0012);
CPrivateKeyBlob anotherKey;
WORD wKeyBlockLength = 22 + 5 * aKey.bPLen; WORD wOffset = (WORD)(bKeyNum * wKeyBlockLength);
BYTE bKeyBlob[1024]; bKeyBlob[0] = (BYTE)((wKeyBlockLength >> 8) & 0xFF); bKeyBlob[1] = (BYTE)(wKeyBlockLength & 0xFF); bKeyBlob[2] = bKeyNum; bKeyBlob[3] = bAlgoID; bKeyBlob[4] = 0xC2; bKeyBlob[5] = 0x01; bKeyBlob[6] = 0x05;
////////////////////////////////////////////////////////////////////////
// Need to convert from little endian (struct) to big endian (card) //
////////////////////////////////////////////////////////////////////////
BYTE bP[256]; BYTE bQ[256]; BYTE bQInv[256]; BYTE bKmodP[256]; BYTE bKmodQ[256];
for (WORD i = 0; i < aKey.bPLen; i++) { bP[i] = aKey.bP[aKey.bQLen - 1 - i]; bQ[i] = aKey.bQ[aKey.bPLen - 1 - i]; bQInv[i] = aKey.bInvQ[aKey.bInvQLen - 1 - i]; bKmodP[i] = aKey.bKsecModP[aKey.bKsecModQLen - 1 - i]; bKmodQ[i] = aKey.bKsecModQ[aKey.bKsecModPLen - 1 - i]; }
//////////////////////////////////////////////////////
// Now we need to left align the bytes of P and Q //
//////////////////////////////////////////////////////
BYTE pShift = 0, qShift = 0, qIShift = 0; /* Punting on bad keys!
if ((bP[0] < 8) || (bQ[0] < 8)) { // Bad key?
delete bP; delete bQ; delete bQInv; delete bKmodP; delete bKmodQ; delete bKeyBlob; return FALSE; } */
bKeyBlob[7] = 0xC2; bKeyBlob[8] = (BYTE) aKey.bPLen + 1; bKeyBlob[9] = 0x00;
memcpy((void*) &bKeyBlob[10], (void*)bQ, aKey.bPLen); bKeyBlob[10 + aKey.bPLen] = 0xC2; bKeyBlob[11 + aKey.bPLen] = (BYTE) aKey.bQLen + 1; bKeyBlob[12 + aKey.bPLen] = 0x00;
memcpy((void*) &bKeyBlob[13 + aKey.bPLen], (void*)bP, aKey.bPLen); bKeyBlob[13 + 2* aKey.bPLen] = 0xC2; bKeyBlob[14 + 2* aKey.bPLen] = (BYTE) aKey.bQLen + 1; bKeyBlob[15 + 2* aKey.bPLen] = 0x00;
memcpy((void*) &bKeyBlob[16 + 2* aKey.bPLen], (void*)bQInv, aKey.bPLen); bKeyBlob[16 + 3* aKey.bPLen] = 0xC2; bKeyBlob[17 + 3* aKey.bPLen] = (BYTE) aKey.bQLen + 1; bKeyBlob[18 + 3* aKey.bPLen] = 0x00;
memcpy((void*) &bKeyBlob[19 + 3* aKey.bPLen], (void*)bKmodQ, aKey.bPLen); bKeyBlob[19 + 4* aKey.bPLen] = 0xC2; bKeyBlob[20 + 4* aKey.bPLen] = (BYTE) aKey.bQLen + 1; bKeyBlob[21 + 4* aKey.bPLen] = 0x00;
memcpy((void*) &bKeyBlob[22 + 4 * aKey.bPLen], (void*)bKmodP, aKey.bPLen);
WriteBinary(wOffset, wKeyBlockLength, bKeyBlob); }
voidCAccessCard::ChangeCHV(const BYTE bKeyNumber, const BYTE *bOldCHV, const BYTE *bNewCHV){ CLockWrap wrap(&m_IOPLock); BYTE bDataIn[16]; memcpy((void*)bDataIn, (void*)bOldCHV, 8); memcpy((void*)(bDataIn + 8), (void*)bNewCHV, 8); SendCardAPDU(m_bClassByte, 0x24, 0x00, bKeyNumber, 16, bDataIn, 0, NULL); m_apSharedMarker->UpdateMarker(CMarker::PinMarker);}
voidCAccessCard::ChangeCHV(const BYTE bKey_nb, const BYTE *bNewCHV){
CLockWrap wrap(&m_IOPLock);
switch (bKey_nb) { case 1: Select("/3f00/0000"); // CHV1 and CHV2 are the only CHV's supported
break; case 2: Select("/3f00/0100"); break;
default: throw iop::Exception(iop::ccInvalidChv); break; }
WriteBinary(3, 8, bNewCHV);
BYTE bRemaingAttempts = 3; // Minumum number + 2
WriteBinary(12, 1, &bRemaingAttempts); m_apSharedMarker->UpdateMarker(CMarker::PinMarker); VerifyCHV(bKey_nb,bNewCHV);
}
voidCAccessCard::UnblockCHV(const BYTE bKeyNumber, const BYTE *bUnblockPIN, const BYTE *bNewPin){ CLockWrap wrap(&m_IOPLock);
BYTE bDataIn[16]; memcpy((void*)bDataIn, (void*)bUnblockPIN, 8); memcpy((void*)(bDataIn + 8), (void*)bNewPin, 8);
SendCardAPDU(m_bClassByte, 0x2C, 0x00, bKeyNumber, 16, bDataIn, 0, NULL);
m_apSharedMarker->UpdateMarker(CMarker::PinMarker);}
voidCAccessCard::ChangeUnblockKey(const BYTE bKeyNumber, const BYTE *bNewPIN){ CLockWrap wrap(&m_IOPLock);
switch (bKeyNumber) { case 1: Select("/3f00/0000"); // CHV1 and CHV2 are the only CHV's supported
break; case 2: Select("/3f00/0100"); break;
default: throw iop::Exception(iop::ccInvalidChv); break; }
WriteBinary(13, 8, bNewPIN);}
voidCAccessCard::ChangeTransportKey(const BYTE *bNewKey){ CLockWrap wrap(&m_IOPLock); Select("/3f00/0011");
//////////////////////////////////////////
// Build byte string to write to card //
//////////////////////////////////////////
BYTE bKeyString[13] = { 0x00, // length of key
0x0E, // length of key
0x00, // Key number
0x01, // tag to identify key as an ID PIN
0, 0, 0, 0, 0, 0, 0, 0, // 8 bytes for key
0x03 // # of verification attempts remaining before card is blocked + 2
}; //////////////////////////////////////////////////////
// insert new key into key string to pass to card //
//////////////////////////////////////////////////////
memcpy((void*)(bKeyString + 4), (void*)bNewKey, 8);
WriteBinary(0, 13, bKeyString);
// Make a (hopefully) successfull verification to re-set attempt counter
VerifyTransportKey(bNewKey);}
voidCAccessCard::ChangeACL(const BYTE *bACL){ CLockWrap wrap(&m_IOPLock);
SendCardAPDU(m_bClassByte, 0xFC, 0x00, 0x00, 0x08, bACL, 0, NULL);
m_apSharedMarker->UpdateMarker(CMarker::WriteMarker);}
voidCAccessCard::DefaultDispatchError(ClassByte cb, Instruction ins, StatusWord sw) const{ CauseCode cc; bool fDoThrow = true; switch (sw) { case 0x6283: cc = ccContradictionWithInvalidationStatus; break; case 0x6300: cc = ccChvVerificationFailedMoreAttempts; break; case 0x6981: cc = ccChvNotInitialized; break;
case 0x6985: cc = ccNoFileSelected; break;
case 0x6A00: cc = ccFileExists; break;
case 0x6A84: cc = ccCannotReadOutsideFileBoundaries; break;
case 0x6A86: cc = ccLimitReached; break;
case 0x6F11: cc = ccDirectoryNotEmpty; break;
case 0x6F12: cc = ccInvalidSignature; break;
case 0x6F14: cc = ccBadState; break; default: fDoThrow = false; break; }
if (fDoThrow) throw Exception(cc, cb, ins, sw);
CSmartCard::DefaultDispatchError(cb, ins, sw);}
voidCAccessCard::DispatchError(ClassByte cb, Instruction ins, StatusWord sw) const{ CauseCode cc; bool fDoThrow = true; switch (ins) { case insCreateFile: switch (sw) { case 0x6A00: cc = ccFileExists; break;
case 0x6A84: cc = ccOutOfSpaceToCreateFile; break; case 0x6B00: cc = ccRecordInfoIncompatible; break;
default: fDoThrow = false; break; } break;
case insDeleteFile: switch (sw) { case 0x6A00: cc = ccRootDirectoryNotErasable; break;
default: fDoThrow = false; break; } break;
case insDirectory: switch (sw) { case 0x6985: cc = ccCurrentDirectoryIsNotSelected; break;
case 0x6A83: cc = ccFileIndexDoesNotExist; break;
default: fDoThrow = false; break; } break;
case insExecuteMethod: switch (sw) { case 0x6283: cc = ccProgramFileInvalidated; break;
case 0x6A00: cc = ccInstanceIdInUse; break;
case 0x6F15: cc = ccCardletNotInRegisteredState; break;
case 0x6F19: cc = ccInstallCannotRun; break;
default: if ((0x6230 <= sw) && (0x6260 <= sw)) cc = ccJava; else fDoThrow = false; } break; case insExternalAuth: switch (sw) { case 0x6300: cc = ccVerificationFailed; break;
case 0x6981: cc = ccInvalidKey; break;
case 0x6985: cc = ccAskRandomNotLastApdu; break;
case 0x6B00: cc = ccAlgorithmIdNotSupported; break;
case 0x6F15: cc = ccOperationNotActivatedForApdu; break; default: fDoThrow = false; break; } break; case insInternalAuth: switch (sw) { case 0x6300: cc = ccRequestedAlgIdMayNotMatchKeyUse; break; case 0x6981: cc = ccInvalidKey; break;
case 0x6B00: cc = ccAlgorithmIdNotSupported; break;
case 0x6F15: cc = ccOperationNotActivatedForApdu; break; default: fDoThrow = false; break; } break; case insReadBinary: // fall-through intentional
case insUpdateBinary: switch (sw) { case 0x6A84: cc = ccCannotReadOutsideFileBoundaries; break;
default: fDoThrow = false; break; } break;
default: fDoThrow = false; break; }
if (fDoThrow) throw Exception(cc, cb, ins, sw);
CSmartCard::DispatchError(cb, ins, sw);}
voidCAccessCard::DoReadBlock(WORD wOffset, BYTE *pbBuffer, BYTE bLength){ SendCardAPDU(m_bClassByte, insReadBinary, HIBYTE(wOffset), LOBYTE(wOffset), 0, 0, bLength, pbBuffer); } voidCAccessCard::DoWriteBlock(WORD wOffset, BYTE const *pbBuffer, BYTE cLength){ SendCardAPDU(m_bClassByte, insUpdateBinary, HIBYTE(wOffset), LOBYTE(wOffset), cLength, pbBuffer, 0, 0);} boolCAccessCard::ValidClassByte(BYTE bClassByte){ ////////////////////////////////////////////////////////////////
// Calling Directory on root to check for proper class byte //
////////////////////////////////////////////////////////////////
BYTE bOutput[cMaxDirInfo];
bool fValidClassByte = true; try { SendCardAPDU(bClassByte, insDirectory, 0x00, 0x00, 0, NULL, sizeof bOutput / sizeof *bOutput, bOutput); }
catch (Exception &) { fValidClassByte = false; }
return fValidClassByte;}
boolCAccessCard::SupportLogout(){ bool fSuccess = true; try { CLockWrap wrap(&m_IOPLock); SendCardAPDU(m_bClassByte, 0x22, 0x07, 0x00, 0x00, NULL, 0, NULL);
} catch(...) { fSuccess = false; }
return fSuccess;}
|
