fsbootstrap.c

一个免费的SMART CARD OS系统。

/* ============================================================================
   Project Name : jayaCard
   Module Name  : proto/bios/fs/fsbootstrap.c
   Version : $Id: fsbootstrap.c,v 1.23 2004/04/23 20:29:14 dgil Exp $

	Description: Bootstrap the File System from a blanked EEPROM

    The Original Code is jayaCard code.

    The Initial Developer of the Original Code is Gilles Dumortier.

	Portions created by the Initial Developer are Copyright (C) 2002-2004 the
    Initial Developer. All Rights Reserved.

    Contributor(s):

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; see http://www.gnu.org/licenses/gpl.html

   History Rev	Description
   041503 dgil	wrote it from scratch
   ============================================================================
*/

#include "precomp.h"

#ifdef JAYA_FILESYSTEM
/* ============================================================================
	Import from fstools.c
   ========================================================================= */

void __fs_save_DF_header(void);

/* ============================================================================
	__fs_bootstrap()

	bootstrap the filesystem from a blanket EEPROM :
		- initialize the pointers
		- create and write the MF header
		- lock the MF creation
	This function should be called from the CREATE FILE (fid=MF)

	P3 = number of pages (256 bytes/page) to reserve for optional code at the
 	end of the EEPROM.

	Some error code in lasterr if any problem.

	Security:
		- use global semaphore to protect itself against attacks
		- check CLA/INS/P1/P2/P3 against CREATE FILE with FID=MF (we should
 		  not use COS variable from BIOS layer but this security need to be
		  handled as we can ...)
		- following points need to be checked:
			- MF creation lock not set
			- current mode is pre-perso mode
			- MF header is blank
			- authentication with transportation key has been done
   ========================================================================= */

void __fs_bootstrap(jbyte npages)
{
	LOCAL(jbyte,cond);
	LOCAL(jbyte,i);
	LOCAL(jword,end);

	LOG("FS","__fs_bootstrap() - enter ");

	/* re-check CLA/INS/life */
	if (CLA != 0x80) {
		BIOS_SETERR(ERR_CLA_NOT_SUPPORTED);
		HAL_HALT();
		return;
	}
	if (INS != 0xE0) {
		BIOS_SETERR(ERR_INS_NOT_SUPPORTED);
		HAL_HALT();
		return;
	}
	if (tag_life != LIFE_INIT) {
		BIOS_SETERR(ERR_CARD_LOCKED);
		HAL_HALT();
		return;
	}
	if ((P1P2 != FID_MF) && (P3==1)) {
		BIOS_SETERR(ERR_INVALID_P1P2);
		HAL_HALT();
		return;
	}

	cond = 0x00;

	/* initialise the FS session without selecting the MF */
	FS_NEW_SESSION(jtrue,jfalse);

	/* should be done by the caller: gGlobalSem = JSEC_OK; */
	if (HAL_LOCK(LOCK_BLOCKED)==LOCK_UNSET) {
		gGlobalSem-=3;
		cond |= 0x01;
	}

	if (HAL_LOCK(LOCK_INIT)==LOCK_UNSET) {
		gGlobalSem-=3;
		cond |= 0x02;
	}

	if (FS_ISBOOTSTRAPED()==JSEC_OK) {	/* already tested by the caller but ... */
		gGlobalSem++;
		cond |= 0x10;
	}

	if (HAL_LOCK(LOCK_PERSO)==LOCK_UNSET) {
		gGlobalSem--;
		cond |= 0x40;
	}

	if (gSeqVal == SEQVAL_EXT_AUTH) {
		gGlobalSem++;
		cond-=17;
	}

	if (HAL_EEPROM_READ_WORD(FREE_HEADER_FILE_ADDR)==0x0000) {
		gGlobalSem++;
		cond |= 0x04;
	}

	if (HAL_EEPROM_READ_WORD(FREE_BODY_FILE_ADDR)==0x0000) {
		gGlobalSem++;
		cond+=22;
	}

	if (gGlobalSem == cond) {
		LOG1("FS","__fs_bootstrap() - MF selected cond=%.2X",cond);

		/* fill the MF header */
		for (i=0;i<SIZE_HEADER_FILE-2;i++) {
			if (*(((jbyte idata*)&current_DF)+i)!=0x00) {
				LOG2("ATTACK","__fs_bootstrap() - header[%d]=%.2X != 0x00 !!",i,*(((jbyte idata*)&current_DF)+i));
				BIOS_SETERR(ERR_CONDITION_FAILURE);
				HAL_HALT();
				return;
			}
		}

		/* fill with more power ... */
		current_DF.fid = FID_MF;
        current_DF.u3.parent = ADDR_HEADER_MF;
        current_DF.ac[0] = 0xF2;   /* LOOKUP | CREATE FILE on auth */
        current_DF.ac[1] = 0x02;   /* can't delete MF | DELETE FILE on auth */
        current_DF.ac[2] = 0x00;   /* can't invalidate MF | can't rehabilitate MF */
		cond--;
	} else {
		LOG2("ATTACK","__fs_bootstrap() - gGlobalSem=%.2X cond=%.2X",gGlobalSem,cond);
	}

	/* reset for next usage :-) */
	gGlobalSem = JSEC_OK;

	if ((current_DF.fid==FID_MF) && (lasterr==SUCCESS) && (cond==0x5B)) {
		LOG("FS","__fs_bootstrap() - update EEPROM : FS pointers and MF area");

		/* store the MF */
		current_DF_addr = ADDR_HEADER_MF;
		__fs_save_DF_header();
		if (lasterr!=SUCCESS) {
eeprom_bad:
			BIOS_SETERR(ERR_WRITE_ERROR);
			return;
		}

		/* calculate the end size */
		end = ((jword)BASE_BODY_FILE_ADDR) - (((jword)npages)<<8);
		if (end<=(BASE_HEADER_FILE_ADDR+0x100)) {
			BIOS_SETERR(ERR_INVALID_LENGTH);
			return;
		}

		/* mark reserved area as executable (for opcode) */
		if (HAL_MEM_SET_EXEC(end+1,(((jword)npages)<<8)) != JSEC_OK) goto eeprom_bad;

		/* update the pointers */
		if (HAL_EEPROM_WRITE_WORD(FREE_HEADER_FILE_ADDR,BASE_HEADER_FILE_ADDR) != EEPROM_HAL_OK) goto eeprom_bad;
		if (HAL_EEPROM_WRITE_WORD(FREE_BODY_FILE_ADDR,end) != EEPROM_HAL_OK) goto eeprom_bad;
		if (HAL_EEPROM_READ_WORD(FREE_HEADER_FILE_ADDR) != BASE_HEADER_FILE_ADDR) goto eeprom_bad;
		if (HAL_EEPROM_READ_WORD(FREE_BODY_FILE_ADDR) != end) goto eeprom_bad;
	}

	HAL_SETLOCK(LOCK_BOOTSTRAP);
	gGlobalSem++;

	/* gGlobalSem should be JSEC_SEM here ! will be tested by the caller ... */
	LOG2("FS","__fs_bootstrap() - leave gGlobalSem=%.2X cond=%.2X",gGlobalSem,cond);
}

/* ============================================================================
	__fs_isbootstraped()

	secure: use the global semaphore

	returns JSEC_OK (bootstraped) or JSEC_FAIL (not bootstraped) BUT in case
	of internal errors/incoherency will HALT the card and return an invalid
	value.
   ========================================================================= */

jbyte __fs_isbootstraped(void)
{
	LOCAL(jbyte,phaslock);

	/* read the lock */
	phaslock = HAL_LOCK(LOCK_BOOTSTRAP);
	gGlobalSem++;

	/* check the security */
	if (gGlobalSem!=JSEC_SEM) {
		/* force an invalid value */
		phaslock = JSEC_SEM;
		LOG1("ATTACK","__fs_isbootstraped() gGlobalSem=%.2X",gGlobalSem);
		HAL_HALT();
	}
	gGlobalSem--;

	LOG1("FS","__fs_isbootstraped() - returns 0x%.2X",phaslock);
	return phaslock;
}

/* =========================================================================
	That's all folks !
   ========================================================================= */
#endif
/* JAYA_FILESYSTEM */